mirror of
https://oauth2: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@github.com/m1ngsama/TNT.git
synced 2026-06-26 06:54:38 +08:00
install: verify release binary checksums
This commit is contained in:
parent
7da33951b0
commit
2490262332
4 changed files with 72 additions and 14 deletions
|
|
@ -21,6 +21,8 @@ A minimalist terminal chat server with Vim-style interface over SSH.
|
||||||
```sh
|
```sh
|
||||||
curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh
|
curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh
|
||||||
```
|
```
|
||||||
|
The installer verifies the downloaded release binary against `checksums.txt`
|
||||||
|
before installing it.
|
||||||
|
|
||||||
**From source:**
|
**From source:**
|
||||||
```sh
|
```sh
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,8 @@
|
||||||
- The tag-triggered release workflow now builds on native x64/arm64 runners,
|
- The tag-triggered release workflow now builds on native x64/arm64 runners,
|
||||||
verifies artifact architecture, emits one checksum file, and creates a draft
|
verifies artifact architecture, emits one checksum file, and creates a draft
|
||||||
release for manual review instead of publishing immediately.
|
release for manual review instead of publishing immediately.
|
||||||
|
- The one-line installer now downloads `checksums.txt`, verifies the selected
|
||||||
|
binary before installation, and fails fast on missing release assets.
|
||||||
|
|
||||||
## 2026-05-18 - Interactive input polish
|
## 2026-05-18 - Interactive input polish
|
||||||
|
|
||||||
|
|
|
||||||
78
install.sh
78
install.sh
|
|
@ -1,24 +1,51 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# TNT Auto-deploy script
|
# TNT installer
|
||||||
# Usage: curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh
|
# Usage: curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
VERSION=${VERSION:-latest}
|
VERSION=${VERSION:-latest}
|
||||||
INSTALL_DIR=${INSTALL_DIR:-/usr/local/bin}
|
INSTALL_DIR=${INSTALL_DIR:-/usr/local/bin}
|
||||||
|
REPO="m1ngsama/TNT"
|
||||||
|
|
||||||
|
fail() {
|
||||||
|
echo "ERROR: $*" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
need_cmd() {
|
||||||
|
command -v "$1" >/dev/null 2>&1 || fail "$1 is required"
|
||||||
|
}
|
||||||
|
|
||||||
|
sha256_of() {
|
||||||
|
if command -v sha256sum >/dev/null 2>&1; then
|
||||||
|
sha256sum "$1" | awk '{print $1}'
|
||||||
|
elif command -v shasum >/dev/null 2>&1; then
|
||||||
|
shasum -a 256 "$1" | awk '{print $1}'
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
need_cmd curl
|
||||||
|
need_cmd awk
|
||||||
|
|
||||||
# Detect OS and architecture
|
# Detect OS and architecture
|
||||||
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
|
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
|
||||||
ARCH=$(uname -m)
|
ARCH=$(uname -m)
|
||||||
|
|
||||||
|
case "$OS" in
|
||||||
|
linux|darwin) ;;
|
||||||
|
*) fail "Unsupported OS: $OS" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
case "$ARCH" in
|
case "$ARCH" in
|
||||||
x86_64) ARCH="amd64" ;;
|
x86_64) ARCH="amd64" ;;
|
||||||
aarch64|arm64) ARCH="arm64" ;;
|
aarch64|arm64) ARCH="arm64" ;;
|
||||||
*) echo "Unsupported architecture: $ARCH"; exit 1 ;;
|
*) fail "Unsupported architecture: $ARCH" ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
BINARY="tnt-${OS}-${ARCH}"
|
BINARY="tnt-${OS}-${ARCH}"
|
||||||
REPO="m1ngsama/TNT"
|
|
||||||
|
|
||||||
echo "=== TNT Installer ==="
|
echo "=== TNT Installer ==="
|
||||||
echo "OS: $OS"
|
echo "OS: $OS"
|
||||||
|
|
@ -29,34 +56,57 @@ echo ""
|
||||||
# Get latest version if not specified
|
# Get latest version if not specified
|
||||||
if [ "$VERSION" = "latest" ]; then
|
if [ "$VERSION" = "latest" ]; then
|
||||||
echo "Fetching latest version..."
|
echo "Fetching latest version..."
|
||||||
VERSION=$(curl -sSL "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
|
VERSION=$(curl -fsSL "https://api.github.com/repos/$REPO/releases/latest" |
|
||||||
|
sed -n 's/.*"tag_name":[[:space:]]*"\([^"]*\)".*/\1/p' |
|
||||||
|
head -n 1)
|
||||||
|
[ -n "$VERSION" ] || fail "Could not determine latest release version"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Installing version: $VERSION"
|
echo "Installing version: $VERSION"
|
||||||
|
|
||||||
# Download
|
# Download
|
||||||
URL="https://github.com/$REPO/releases/download/$VERSION/$BINARY"
|
URL="https://github.com/$REPO/releases/download/$VERSION/$BINARY"
|
||||||
|
CHECKSUM_URL="https://github.com/$REPO/releases/download/$VERSION/checksums.txt"
|
||||||
echo "Downloading from: $URL"
|
echo "Downloading from: $URL"
|
||||||
|
|
||||||
TMP_FILE=$(mktemp)
|
TMP_FILE=$(mktemp "${TMPDIR:-/tmp}/tnt.XXXXXX")
|
||||||
if ! curl -sSL -o "$TMP_FILE" "$URL"; then
|
CHECKSUM_FILE=$(mktemp "${TMPDIR:-/tmp}/tnt-checksums.XXXXXX")
|
||||||
echo "ERROR: Failed to download $BINARY"
|
cleanup() {
|
||||||
rm -f "$TMP_FILE"
|
rm -f "$TMP_FILE" "$CHECKSUM_FILE"
|
||||||
exit 1
|
}
|
||||||
fi
|
trap cleanup EXIT INT TERM
|
||||||
|
|
||||||
|
curl -fsSL -o "$TMP_FILE" "$URL" || fail "Failed to download $BINARY"
|
||||||
|
|
||||||
|
echo "Downloading checksums from: $CHECKSUM_URL"
|
||||||
|
curl -fsSL -o "$CHECKSUM_FILE" "$CHECKSUM_URL" ||
|
||||||
|
fail "Failed to download checksums.txt"
|
||||||
|
|
||||||
|
EXPECTED_SHA=$(awk -v name="$BINARY" '$2 == name { print $1; exit }' "$CHECKSUM_FILE")
|
||||||
|
[ -n "$EXPECTED_SHA" ] || fail "No checksum entry found for $BINARY"
|
||||||
|
|
||||||
|
ACTUAL_SHA=$(sha256_of "$TMP_FILE") ||
|
||||||
|
fail "sha256sum or shasum is required for checksum verification"
|
||||||
|
|
||||||
|
[ "$ACTUAL_SHA" = "$EXPECTED_SHA" ] ||
|
||||||
|
fail "Checksum mismatch for $BINARY"
|
||||||
|
|
||||||
|
echo "Checksum verified: $ACTUAL_SHA"
|
||||||
|
|
||||||
# Install
|
# Install
|
||||||
chmod +x "$TMP_FILE"
|
chmod +x "$TMP_FILE"
|
||||||
|
|
||||||
if [ -w "$INSTALL_DIR" ]; then
|
if [ -d "$INSTALL_DIR" ] && [ -w "$INSTALL_DIR" ]; then
|
||||||
mv "$TMP_FILE" "$INSTALL_DIR/tnt"
|
install -m 755 "$TMP_FILE" "$INSTALL_DIR/tnt"
|
||||||
else
|
else
|
||||||
echo "Need sudo for installation to $INSTALL_DIR"
|
echo "Need sudo for installation to $INSTALL_DIR"
|
||||||
sudo mv "$TMP_FILE" "$INSTALL_DIR/tnt"
|
need_cmd sudo
|
||||||
|
sudo mkdir -p "$INSTALL_DIR"
|
||||||
|
sudo install -m 755 "$TMP_FILE" "$INSTALL_DIR/tnt"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "✓ TNT installed successfully to $INSTALL_DIR/tnt"
|
echo "TNT installed successfully to $INSTALL_DIR/tnt"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Run with:"
|
echo "Run with:"
|
||||||
echo " tnt"
|
echo " tnt"
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ Default checks:
|
||||||
- clean build
|
- clean build
|
||||||
- unit tests
|
- unit tests
|
||||||
- staged install layout with PREFIX=/usr and DESTDIR
|
- staged install layout with PREFIX=/usr and DESTDIR
|
||||||
|
- installer shell syntax
|
||||||
- Arch/Homebrew packaging syntax
|
- Arch/Homebrew packaging syntax
|
||||||
|
|
||||||
Environment:
|
Environment:
|
||||||
|
|
@ -97,6 +98,9 @@ make DESTDIR="$tmpdir" PREFIX=/usr install-systemd
|
||||||
[ -f "$tmpdir/usr/lib/systemd/system/tnt.service" ] ||
|
[ -f "$tmpdir/usr/lib/systemd/system/tnt.service" ] ||
|
||||||
fail "missing systemd unit: /usr/lib/systemd/system/tnt.service"
|
fail "missing systemd unit: /usr/lib/systemd/system/tnt.service"
|
||||||
|
|
||||||
|
step "checking installer syntax"
|
||||||
|
sh -n install.sh
|
||||||
|
|
||||||
step "checking packaging syntax"
|
step "checking packaging syntax"
|
||||||
if command -v bash >/dev/null 2>&1; then
|
if command -v bash >/dev/null 2>&1; then
|
||||||
bash -n packaging/arch/PKGBUILD
|
bash -n packaging/arch/PKGBUILD
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue