From 85659161784779f1ea29bc068305f8358d612efb Mon Sep 17 00:00:00 2001
From: juanarias8 <ariasg.juandavid@gmail.com>
Date: Tue, 10 Mar 2026 14:25:52 -0500
Subject: [PATCH] feat(install): improve version tag validation and update
 download URL

- ensure valid semver tags when fetching version
- validate fallback version tag format
- switch download URL to Gitea releases
---
 install.sh | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/install.sh b/install.sh
index d0f53dd..41e7e14 100644
--- a/install.sh
+++ b/install.sh
@@ -47,12 +47,17 @@ if [ -n "$REQUESTED_VERSION" ]; then
     *)  VERSION_TAG="v$REQUESTED_VERSION" ;;
   esac
 else
-  # Try manifest first (fast, no rate limits)
-  VERSION_TAG=$(curl -sL "https://gitea.app.monadical.io/monadical/greywall/latest.txt" 2>/dev/null || echo "")
-  
-  # Fallback to GitHub API if manifest fails
+  # Try manifest first (fast, no rate limits) — only accept valid semver tags
+  VERSION_TAG=$(curl -sL "https://gitea.app.monadical.io/monadical/greywall/raw/branch/gh-pages/latest.txt" 2>/dev/null | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "")
+
+  # Fallback to Gitea API if manifest fails
   if [ -z "$VERSION_TAG" ]; then
     VERSION_TAG=$(curl -s "https://gitea.app.monadical.io/api/v1/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+    # Validate it looks like a version tag
+    case "$VERSION_TAG" in
+      v[0-9]*) ;;
+      *) VERSION_TAG="" ;;
+    esac
   fi
 fi
 
@@ -69,7 +74,7 @@ case "$OS" in
   *)      OS_TITLE="$OS" ;;
 esac
 
-DOWNLOAD_URL="https://github.com/$REPO/releases/download/${VERSION_TAG}/${BINARY_NAME}_${VERSION_NUMBER}_${OS_TITLE}_${ARCH}.tar.gz"
+DOWNLOAD_URL="https://gitea.app.monadical.io/$REPO/releases/download/${VERSION_TAG}/${BINARY_NAME}_${VERSION_NUMBER}_${OS_TITLE}_${ARCH}.tar.gz"
 
 TMP_DIR=$(mktemp -d)
 cd "$TMP_DIR"