Last active
May 28, 2021 14:58
-
-
Save orenfromberg/4a3a8be3cecac83c8a6120348ed91804 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -uo pipefail | |
set +x | |
FINGERPRINT="C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" | |
die() { | |
echo "FATAL: $1" | |
exit 1 | |
} | |
must_have() { | |
for dep in "$@"; do | |
which $dep >/dev/null || die "missing required utility: $dep" | |
done | |
} | |
hashicorp_install() { | |
local application="$1" | |
if [[ -z "$application" ]]; then | |
die "no application name supplied" | |
fi | |
if [[ ! "x86_64" == $(uname -m) ]]; then | |
echo "WARNING: Will retrieve amd64 bianaries!" | |
fi | |
local os="linux" | |
local shasum="sha256sum" | |
if [[ "$OS" == "osx" ]]; then | |
echo "INFO: Downloading MacOS binaries" | |
os="darwin" | |
shasum="shasum -a 256" | |
fi | |
tmp=$(mktemp -d) | |
trap 'rm -rf $tmp' EXIT | |
pushd "${tmp}" >/dev/null || exit | |
# Check if we already have Hashicorp signing key | |
# Public Key is published at https://www.hashicorp.com/security | |
# Direct link from Keybase change - https://keybase.io/hashicorp/sigchain#7618b3483b8f23c516941d068759d4d284c8391eaaf254ffa96500794dc21d010f | |
if [[ ! $(gpg -k "${FINGERPRINT}") ]]; then | |
echo "INFO: Getting Hashicorp key from Keybase" | |
curl -sSfLO https://keybase.io/hashicorp/key.asc | |
gpg --import key.asc | |
fi | |
curl -sSfLO https://releases.hashicorp.com/index.json | |
local versions=".${application}.versions | to_entries | map_values(.value) | .[].version" | |
latest=$(jq "${versions}" index.json | sort -rV | head -n 1 | cut -f 2 -d '"') | |
# Use specified version or fall back to the latest available | |
local version=${2:-$latest} | |
echo "INFO: Getting ${application} version ${version}" | |
if [[ $version != "$latest" ]]; then | |
echo "WARNING: Newer version ${latest} is available" | |
fi | |
local filter_base=".${application}.versions | to_entries | map_values(.value) | .[] | select(.version==\"${version}\")" | |
local dl_base="https://releases.hashicorp.com/${application}/${version}/" | |
# Get valid checksums | |
checksums=$(jq "${filter_base} | .shasums" index.json | cut -f 2 -d '"') | |
sig=$(jq "${filter_base} | .shasums_signature" index.json | cut -f 2 -d '"') | |
curl -sfLO "${dl_base}${checksums}" | |
curl -sfLO "${dl_base}${sig}" | |
gpg --verify "${sig}" "${checksums}" 2> hashicorp_verify | |
grep -q "${FINGERPRINT}" hashicorp_verify | |
# Get the compressed executable | |
local binary_filter="${filter_base} | .builds | map(select(.os==\"${os}\" and .arch==\"amd64\")) | .[0].url" | |
remote_archive=$(jq "${binary_filter}" index.json | cut -f 2 -d '"') | |
curl -sfLO "$(jq "${binary_filter}" index.json | cut -f 2 -d '"')" | |
$shasum --ignore-missing --quiet --strict --check "${checksums}" | |
unzip -qq "$(basename "${remote_archive}")" | |
mv "${application}" /usr/bin | |
popd >/dev/null || exit | |
} | |
must_have "gpg" "jq" "curl" | |
hashicorp_install "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment