mirror of https://github.com/fluxcd/flux2.git
Install script improvements #24
- add checksum verification with sha256sum fallback to shasum - add downloader fallback to wget - add os and architecture checkspull/163/head
parent
473e226883
commit
ab7ff6551f
@ -1,51 +1,183 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
DEFAULT_BIN_DIR="/usr/local/bin"
|
DEFAULT_BIN_DIR="/usr/local/bin"
|
||||||
BIN_DIR=${1:-"$DEFAULT_BIN_DIR"}
|
BIN_DIR=${1:-"${DEFAULT_BIN_DIR}"}
|
||||||
|
GITHUB_REPO="fluxcd/toolkit"
|
||||||
opsys=""
|
|
||||||
if [[ "$OSTYPE" == linux* ]]; then
|
# Helper functions for logs
|
||||||
opsys=linux
|
info() {
|
||||||
elif [[ "$OSTYPE" == darwin* ]]; then
|
echo '[INFO] ' "$@"
|
||||||
opsys=darwin
|
}
|
||||||
fi
|
|
||||||
|
warn() {
|
||||||
if [[ "$opsys" == "" ]]; then
|
echo '[WARN] ' "$@" >&2
|
||||||
echo "OS $OSTYPE not supported"
|
}
|
||||||
exit 1
|
|
||||||
fi
|
fatal() {
|
||||||
|
echo '[ERROR] ' "$@" >&2
|
||||||
if [[ ! -x "$(command -v curl)" ]]; then
|
|
||||||
echo "curl not found"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
}
|
||||||
|
|
||||||
tmpDir=`mktemp -d`
|
# Set os, fatal if operating system not supported
|
||||||
if [[ ! "$tmpDir" || ! -d "$tmpDir" ]]; then
|
setup_verify_os() {
|
||||||
echo "could not create temp dir"
|
if [[ -z "${OS}" ]]; then
|
||||||
exit 1
|
OS=$(uname)
|
||||||
fi
|
fi
|
||||||
|
case ${OS} in
|
||||||
|
Darwin)
|
||||||
|
OS=darwin
|
||||||
|
;;
|
||||||
|
Linux)
|
||||||
|
OS=linux
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal "Unsupported operating system ${OS}"
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
function cleanup {
|
# Set arch, fatal if architecture not supported
|
||||||
rm -rf "$tmpDir"
|
setup_verify_arch() {
|
||||||
|
if [[ -z "${ARCH}" ]]; then
|
||||||
|
ARCH=$(uname -m)
|
||||||
|
fi
|
||||||
|
case ${ARCH} in
|
||||||
|
amd64)
|
||||||
|
ARCH=amd64
|
||||||
|
;;
|
||||||
|
x86_64)
|
||||||
|
ARCH=amd64
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal "Unsupported architecture ${ARCH}"
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
trap cleanup EXIT
|
# Verify existence of downloader executable
|
||||||
|
verify_downloader() {
|
||||||
|
# Return failure if it doesn't exist or is no executable
|
||||||
|
[[ -x "$(which "$1")" ]] || return 1
|
||||||
|
|
||||||
pushd $tmpDir >& /dev/null
|
# Set verified executable as our downloader program and return success
|
||||||
|
DOWNLOADER=$1
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
curl -s https://api.github.com/repos/fluxcd/toolkit/releases/latest |\
|
# Create tempory directory and cleanup when done
|
||||||
grep browser_download |\
|
setup_tmp() {
|
||||||
grep $opsys |\
|
TMP_DIR=$(mktemp -d -t tk-install.XXXXXXXXXX)
|
||||||
cut -d '"' -f 4 |\
|
TMP_METADATA="${TMP_DIR}/tk.json"
|
||||||
xargs curl -sL -o tk.tar.gz
|
TMP_HASH="${TMP_DIR}/tk.hash"
|
||||||
|
TMP_BIN="${TMP_DIR}/tk.tar.gz"
|
||||||
|
cleanup() {
|
||||||
|
code=$?
|
||||||
|
set +e
|
||||||
|
trap - EXIT
|
||||||
|
rm -rf "${TMP_DIR}"
|
||||||
|
exit ${code}
|
||||||
|
}
|
||||||
|
trap cleanup INT EXIT
|
||||||
|
}
|
||||||
|
|
||||||
tar xzf ./tk.tar.gz
|
# Find version from Github metadata
|
||||||
|
get_release_version() {
|
||||||
|
METADATA_URL="https://api.github.com/repos/${GITHUB_REPO}/releases/latest"
|
||||||
|
|
||||||
mv ./tk $BIN_DIR
|
info "Downloading metadata ${METADATA_URL}"
|
||||||
|
download "${TMP_METADATA}" "${METADATA_URL}"
|
||||||
|
|
||||||
popd >& /dev/null
|
VERSION_TK=$(grep '"tag_name":' "${TMP_METADATA}" | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
|
||||||
|
if [[ -n "${VERSION_TK}" ]]; then
|
||||||
|
info "Using ${VERSION_TK} as release"
|
||||||
|
else
|
||||||
|
fatal "Unable to determine release version"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
echo "$(tk --version) installed"
|
# Download from file from URL
|
||||||
|
download() {
|
||||||
|
[[ $# -eq 2 ]] || fatal 'download needs exactly 2 arguments'
|
||||||
|
|
||||||
|
case $DOWNLOADER in
|
||||||
|
curl)
|
||||||
|
curl -o "$1" -sfL "$2"
|
||||||
|
;;
|
||||||
|
wget)
|
||||||
|
wget -qO "$1" "$2"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal "Incorrect executable '${DOWNLOADER}'"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Abort if download command failed
|
||||||
|
[[ $? -eq 0 ]] || fatal 'Download failed'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Download hash from Github URL
|
||||||
|
download_hash() {
|
||||||
|
HASH_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_TK}/toolkit_${VERSION_TK}_checksums.txt"
|
||||||
|
info "Downloading hash ${HASH_URL}"
|
||||||
|
download "${TMP_HASH}" "${HASH_URL}"
|
||||||
|
HASH_EXPECTED=$(grep " tk_${VERSION_TK}_${OS}_${ARCH}.tar.gz$" "${TMP_HASH}")
|
||||||
|
HASH_EXPECTED=${HASH_EXPECTED%%[[:blank:]]*}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Download binary from Github URL
|
||||||
|
download_binary() {
|
||||||
|
BIN_URL="https://github.com/${GITHUB_REPO}/releases/download/v${VERSION_TK}/tk_${VERSION_TK}_${OS}_${ARCH}.tar.gz"
|
||||||
|
info "Downloading binary ${BIN_URL}"
|
||||||
|
download "${TMP_BIN}" "${BIN_URL}"
|
||||||
|
}
|
||||||
|
|
||||||
|
compute_sha256sum() {
|
||||||
|
cmd=$(which sha256sum shasum | head -n 1)
|
||||||
|
case $(basename "$cmd") in
|
||||||
|
sha256sum)
|
||||||
|
sha256sum "$1" | cut -f 1 -d ' '
|
||||||
|
;;
|
||||||
|
shasum)
|
||||||
|
shasum -a 256 "$1" | cut -f 1 -d ' '
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal "Can not find sha256sum or shasum to compute checksum"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# Verify downloaded binary hash
|
||||||
|
verify_binary() {
|
||||||
|
info "Verifying binary download"
|
||||||
|
HASH_BIN=$(compute_sha256sum "${TMP_BIN}")
|
||||||
|
HASH_BIN=${HASH_BIN%%[[:blank:]]*}
|
||||||
|
if [[ "${HASH_EXPECTED}" != "${HASH_BIN}" ]]; then
|
||||||
|
fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Setup permissions and move binary
|
||||||
|
setup_binary() {
|
||||||
|
chmod 755 "${TMP_BIN}"
|
||||||
|
info "Installing tk to ${BIN_DIR}/tk"
|
||||||
|
tar -xzf "${TMP_BIN}" -C "${TMP_DIR}"
|
||||||
|
|
||||||
|
local CMD_MOVE="mv -f \"${TMP_DIR}/tk\" \"${BIN_DIR}\""
|
||||||
|
if [[ -w "${BIN_DIR}" ]]; then
|
||||||
|
eval "${CMD_MOVE}"
|
||||||
|
else
|
||||||
|
eval "sudo ${CMD_MOVE}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Run the install process
|
||||||
|
{
|
||||||
|
setup_verify_os
|
||||||
|
setup_verify_arch
|
||||||
|
verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
|
||||||
|
setup_tmp
|
||||||
|
get_release_version
|
||||||
|
download_hash
|
||||||
|
download_binary
|
||||||
|
verify_binary
|
||||||
|
setup_binary
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue