feat: Add rollback, lock file, strict mode, and security improvements

[ricanwarfare]

Summary

This PR adds several quality-of-life improvements and security hardening to the syno.plexupdate script.

New Features

-r Flag: Rollback to Previous Version

bash syno.plexupdate.sh -r

• Finds the second-most-recent .spk file in Archive/Packages
• Stops Plex, installs previous package, restarts
• Sends DSM notification on success/failure

-b Flag: Skip Age Check

bash syno.plexupdate.sh -b

• Bypasses the minimum age requirement to install immediately

Concurrent Execution Protection

• Lock file at /tmp/syno.plexupdate.lock
• Detects stale locks (checks if PID is still running)
• Prevents multiple simultaneous runs

Security Improvements

Token Masking

• Plex tokens now masked in debug output (only last 4 characters visible)
• Prevents accidental token exposure in logs

Strict Mode

• Added set -euo pipefail for stricter error handling
• Script now fails fast on errors instead of continuing

Testing

• Syntax validated with bash -n
• Rollback logic tested (dry-run)
• Lock file mechanism tested

Changelog Entry

### v4.8.0

**New Features:**
- Added -r flag for rollback to previous installed version
- Added -b flag to skip minimum age check
- Added concurrent execution protection via lock file
- Added set -euo pipefail for stricter error handling

**Improvements:**
- Better handling of stale lock files
- Updated help text with new options
- Added fork attribution in header

**Security:**
- Plex tokens are now masked in debug output
- Lock file prevents multiple simultaneous runs

---

Maintained by @ricanwarfare as a fork of this excellent project.

[michealespinola]

These are some great additions and you've beat me to the punch on a couple of them. Kudos and thanks!

A couple of features you have added here technically already exist or are code I have not added to the public repo yet:

• Unless I have forgotten something or am mistaken, I believe that your proposed '-b' functionality can currently be accomplished with '-a 0'. I personally use this as a manually run task in the Synology DSM for whenever I need to make an immediate update. I also have another manually run task for immediately updating to the current beta with '-a 0 -c b. To be fair, these aren't publicly documented in the README, but they are present in the code and listed in the '-h' help menu
• I have secrets redaction logic already created but not merged into the public code yet. However, you can see a working public version of how the redaction works in the complimentary syno.plexinfo script

It would be more ideal if individual PRs are made per major functionality change, and not all grouped together.

These are my notes so far, and I'm still reviewing and testing your PR

[ricanwarfare]

Hey! No worries. I been a big fan of your script so i thought to try to give something back. I am gonna be honest, Im still learning the rules of how to contribute properly in a PR and you are right, it should have been better to break them down in parts for easy review and merging by you. I’ll take notes for that next time. Im still learning the courtesies of git itself. Again, I appreciate your work on this. I did miss the -a 0, I didnt read it as a way to just force an update. I have it where task scheduler runs it so I mostly followed the readme. Let me know what you are planning to use and maybe i can retract the PR and just push the functions you only need.