-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrun.sh
More file actions
93 lines (78 loc) · 4.08 KB
/
run.sh
File metadata and controls
93 lines (78 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
# run.sh — download, verify, and run setupmac
#
# Usage (flags are forwarded to setupmac):
# curl -fsSL https://raw.githubusercontent.com/wernerstrydom/setupmac/main/run.sh \
# | sudo bash -s -- [--username USER] [--vnc-password PASS] [--skip-filevault] [--dry-run]
#
# For steps that prompt for a password (FileVault, auto-login), download and
# run directly so stdin is attached to your terminal:
# curl -fsSL https://raw.githubusercontent.com/wernerstrydom/setupmac/main/run.sh \
# -o /tmp/run.sh && sudo bash /tmp/run.sh [flags]
set -euo pipefail
REPO="wernerstrydom/setupmac"
BIN_NAME="setupmac"
INSTALL_DIR="/usr/local/bin"
# ── Pre-flight ────────────────────────────────────────────────────────────────
if [ "$(uname -s)" != "Darwin" ]; then
echo "error: setupmac only runs on macOS" >&2
exit 1
fi
if [ "$(id -u)" -ne 0 ]; then
echo "error: this script must be run as root — use: curl ... | sudo bash" >&2
exit 1
fi
if ! command -v curl &>/dev/null; then
echo "error: curl is required but not found" >&2
exit 1
fi
# ── Architecture ──────────────────────────────────────────────────────────────
case "$(uname -m)" in
arm64) ARCH="arm64" ;;
x86_64) ARCH="amd64" ;;
*)
echo "error: unsupported architecture: $(uname -m)" >&2
exit 1
;;
esac
ASSET="${BIN_NAME}-darwin-${ARCH}"
# ── Resolve latest release version ────────────────────────────────────────────
# Follow the /releases/latest redirect and extract the tag from the final URL.
VERSION="$(curl -fsSL -o /dev/null -w '%{url_effective}' \
"https://github.com/${REPO}/releases/latest" \
| grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+')"
if [ -z "$VERSION" ]; then
echo "error: could not determine latest release version" >&2
exit 1
fi
BASE_URL="https://github.com/${REPO}/releases/download/${VERSION}"
# ── Download ──────────────────────────────────────────────────────────────────
WORK_DIR="$(mktemp -d)"
trap 'rm -rf "$WORK_DIR"' EXIT
echo "==> Downloading ${BIN_NAME} ${VERSION}..."
curl -fsSL --progress-bar "${BASE_URL}/${ASSET}" -o "${WORK_DIR}/${ASSET}"
curl -fsSL "${BASE_URL}/checksums.txt" -o "${WORK_DIR}/checksums.txt"
# ── Verify checksum ───────────────────────────────────────────────────────────
echo "==> Verifying checksum..."
EXPECTED="$(grep "${ASSET}" "${WORK_DIR}/checksums.txt" | awk '{print $1}')"
if [ -z "$EXPECTED" ]; then
echo "error: ${ASSET} not found in checksums.txt" >&2
exit 1
fi
ACTUAL="$(shasum -a 256 "${WORK_DIR}/${ASSET}" | awk '{print $1}')"
if [ "$EXPECTED" != "$ACTUAL" ]; then
echo "error: checksum mismatch for ${ASSET}" >&2
echo " expected: ${EXPECTED}" >&2
echo " actual: ${ACTUAL}" >&2
exit 1
fi
# ── Install ───────────────────────────────────────────────────────────────────
mkdir -p "${INSTALL_DIR}"
chmod +x "${WORK_DIR}/${ASSET}"
mv "${WORK_DIR}/${ASSET}" "${INSTALL_DIR}/${BIN_NAME}"
echo "==> Installed ${INSTALL_DIR}/${BIN_NAME}"
# ── Run ───────────────────────────────────────────────────────────────────────
"${INSTALL_DIR}/${BIN_NAME}" version
# Redirect stdin from /dev/tty so password prompts work even when this script
# is being read from a curl pipe.
exec "${INSTALL_DIR}/${BIN_NAME}" "$@" </dev/tty