From d2b6e179aecb09d2d88bb72eba80502eea57ccc5 Mon Sep 17 00:00:00 2001 From: "Danilo M." Date: Wed, 1 Jul 2026 09:51:34 +0200 Subject: Verify download, validate extract, align artisan with official docs Lessons from the community upgrade gist and the official self-managed upgrade docs: - Verify the downloaded zip against the release .sha256 (when sha256sum is available) and validate the extracted tree (artisan, bootstrap, vendor, the compiled frontend bundle) before the live swap, so a truncated or corrupt download cannot replace a working install. - Exclude storage/ from extraction since the live storage is carried over. - Match the official upgrade command sequence: migrate --seed, cache:clear, view:clear, firefly-iii:upgrade-database, firefly-iii:laravel-passport-keys. Adds the previously missing view:clear and switches from the generic passport:install to Firefly's firefly-iii:laravel-passport-keys. Keeps --force and the oauth migration reconcile. Co-Authored-By: Claude Opus 4.8 --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'README.md') diff --git a/README.md b/README.md index caf5f8f..13892bf 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,14 @@ create-project`. The composer/Packagist dist ships source only and lacks the compiled frontend bundles, which leaves the UI broken (no graphs, 404s on `/v1/js/app.js`). The release zip is prebuilt. -Requires `curl`, `unzip`, `php`, and `sqlite3` on the host. +Requires `curl`, `unzip`, `php`, and `sqlite3` on the host. If `sha256sum` is +present, the download is verified against the release checksum, and the +extracted tree is validated (`artisan`, `bootstrap`, `vendor`, the compiled +frontend bundle) before the live swap. + +The upgrade commands follow the official self-managed upgrade docs +(`migrate --seed`, `cache:clear`, `view:clear`, `firefly-iii:upgrade-database`, +`firefly-iii:laravel-passport-keys`), with `--force` for non-interactive use. ## Usage -- cgit v1.2.3