#!/bin/sh

BLACKLIST_URL=https://raw.githubusercontent.com/oznu/dns-zone-blacklist/master/dnsmasq/dnsmasq-server.blacklist
BLACKLIST_PATH=/etc/dnsmasq.d/blacklist.conf

# Download the checksum on the remote release
CHECKSUM=$(curl -sk "$BLACKLIST_URL.checksum")

# Compare the remote checksum to the existing local file
echo "${CHECKSUM}  $BLACKLIST_PATH" | sha256sum -c -

if [[ $? != 0 ]] ; then
  echo "Blacklist is missing or out of date, downloading update..."
  # Get the blacklist of domains and fix the zone file path.
  curl -sko /tmp/dnsmasq.blacklist "$BLACKLIST_URL"

  # Test the blacklist is valid
  dnsmasq --test --conf-file=/tmp/dnsmasq.blacklist

  if [[ $? == 0 ]]; then
    # Downloaded blacklist is valid
    mv /tmp/dnsmasq.blacklist $BLACKLIST_PATH

    # Restart dnsmasq
    /etc/init.d/dnsmasq restart
  else
    # Downloaded blacklist is not valid
    rm -rf /tmp/dnsmasq.blacklist
    echo >&2 "ERROR: Upstream blacklist did not pass dnsmasq config test."
  fi

fi