install-core issues

[git-sgmoore]

1. Hardcoded URLs and file paths: The script uses hardcoded URLs for downloading Bitcoin Core and its checksums. If the URLs change or the files are moved, the script will break. Similarly, the script assumes a certain directory structure. If this structure changes, the script could behave unpredictably.

2. No verification of the GPG keys: Although the script checks the GPG signatures of the downloaded files, it doesn't check the authenticity of the GPG keys used to sign the files. An attacker who can intercept the download could replace the files and the GPG keys with their own, and the script wouldn't be able to tell the difference.

3. No error handling: The script doesn't handle errors in many places. If a command fails, the script may continue running with potentially inconsistent or incorrect data.

4. Use of HTTP instead of HTTPS: The script tries to download files over HTTP before falling back to HTTPS. Downloading files over HTTP is insecure because the data is not encrypted in transit.

5. Unsecured temporary files: The script creates temporary files without using any measures to secure them. This could potentially expose sensitive data.

6. Kill command: At the end of the script, it uses a pkill command to kill the terminal, which can be seen as a risky command.