orenfromberg/hashicorp.sh

## hashicorp.sh
#!/usr/bin/env bash

set -uo pipefail
set +x

FINGERPRINT="C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F"

die() {
  echo "FATAL: $1"
  exit 1
}

must_have() {
    for dep in "$@"; do
        which $dep >/dev/null || die "missing required utility: $dep"
    done
}

hashicorp_install() {

    local application="$1"
    if [[ -z "$application" ]]; then
        die "no application name supplied"
    fi

    if [[ ! "x86_64" == $(uname -m) ]]; then
        echo "WARNING: Will retrieve amd64 bianaries!"
    fi

    local os="linux"
    local shasum="sha256sum"

    if [[ "$OS" == "osx" ]]; then
        echo "INFO: Downloading MacOS binaries"
        os="darwin"
        shasum="shasum -a 256"
    fi

    tmp=$(mktemp -d)
    trap 'rm -rf $tmp' EXIT

    pushd "${tmp}" >/dev/null || exit

    # Check if we already have Hashicorp signing key
    # Public Key is published at https://www.hashicorp.com/security
    # Direct link from Keybase change - https://keybase.io/hashicorp/sigchain#7618b3483b8f23c516941d068759d4d284c8391eaaf254ffa96500794dc21d010f
    if [[ ! $(gpg -k "${FINGERPRINT}") ]]; then
        echo "INFO: Getting Hashicorp key from Keybase"
        curl -sSfLO https://keybase.io/hashicorp/key.asc
        gpg --import key.asc
    fi


    curl -sSfLO https://releases.hashicorp.com/index.json

    local versions=".${application}.versions | to_entries | map_values(.value) | .[].version"
    latest=$(jq "${versions}" index.json | sort -rV | head -n 1 | cut -f 2 -d '"')

    # Use specified version or fall back to the latest available
    local version=${2:-$latest}

    echo "INFO: Getting ${application} version ${version}"
    if [[ $version != "$latest" ]]; then
        echo "WARNING: Newer version ${latest} is available"
    fi

    local filter_base=".${application}.versions | to_entries | map_values(.value) | .[] | select(.version==\"${version}\")"
    local dl_base="https://releases.hashicorp.com/${application}/${version}/"

    # Get valid checksums
    checksums=$(jq "${filter_base} | .shasums" index.json | cut -f 2 -d '"')
    sig=$(jq "${filter_base} | .shasums_signature" index.json | cut -f 2 -d '"')

    curl -sfLO "${dl_base}${checksums}"
    curl -sfLO "${dl_base}${sig}"

    gpg --verify "${sig}" "${checksums}" 2> hashicorp_verify
    grep -q "${FINGERPRINT}" hashicorp_verify

    # Get the compressed executable
    local binary_filter="${filter_base} | .builds | map(select(.os==\"${os}\" and .arch==\"amd64\")) | .[0].url"
    remote_archive=$(jq "${binary_filter}" index.json | cut -f 2 -d '"')
    curl -sfLO "$(jq "${binary_filter}" index.json | cut -f 2 -d '"')"

    $shasum --ignore-missing --quiet --strict --check "${checksums}"

    unzip -qq "$(basename "${remote_archive}")"
    mv "${application}" /usr/bin

    popd >/dev/null || exit
}

must_have "gpg" "jq" "curl"

hashicorp_install "$@"
	#!/usr/bin/env bash

	set -uo pipefail
	set +x

	FINGERPRINT="C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F"

	die() {
	echo "FATAL: $1"
	exit 1
	}

	must_have() {
	for dep in "$@"; do
	which $dep >/dev/null \|\| die "missing required utility: $dep"
	done
	}

	hashicorp_install() {

	local application="$1"
	if [[ -z "$application" ]]; then
	die "no application name supplied"
	fi

	if [[ ! "x86_64" == $(uname -m) ]]; then
	echo "WARNING: Will retrieve amd64 bianaries!"
	fi

	local os="linux"
	local shasum="sha256sum"

	if [[ "$OS" == "osx" ]]; then
	echo "INFO: Downloading MacOS binaries"
	os="darwin"
	shasum="shasum -a 256"
	fi

	tmp=$(mktemp -d)
	trap 'rm -rf $tmp' EXIT

	pushd "${tmp}" >/dev/null \|\| exit

	# Check if we already have Hashicorp signing key
	# Public Key is published at https://www.hashicorp.com/security
	# Direct link from Keybase change - https://keybase.io/hashicorp/sigchain#7618b3483b8f23c516941d068759d4d284c8391eaaf254ffa96500794dc21d010f
	if [[ ! $(gpg -k "${FINGERPRINT}") ]]; then
	echo "INFO: Getting Hashicorp key from Keybase"
	curl -sSfLO https://keybase.io/hashicorp/key.asc
	gpg --import key.asc
	fi


	curl -sSfLO https://releases.hashicorp.com/index.json

	local versions=".${application}.versions \| to_entries \| map_values(.value) \| .[].version"
	latest=$(jq "${versions}" index.json \| sort -rV \| head -n 1 \| cut -f 2 -d '"')

	# Use specified version or fall back to the latest available
	local version=${2:-$latest}

	echo "INFO: Getting ${application} version ${version}"
	if [[ $version != "$latest" ]]; then
	echo "WARNING: Newer version ${latest} is available"
	fi

	local filter_base=".${application}.versions \| to_entries \| map_values(.value) \| .[] \| select(.version==\"${version}\")"
	local dl_base="https://releases.hashicorp.com/${application}/${version}/"

	# Get valid checksums
	checksums=$(jq "${filter_base} \| .shasums" index.json \| cut -f 2 -d '"')
	sig=$(jq "${filter_base} \| .shasums_signature" index.json \| cut -f 2 -d '"')

	curl -sfLO "${dl_base}${checksums}"
	curl -sfLO "${dl_base}${sig}"

	gpg --verify "${sig}" "${checksums}" 2> hashicorp_verify
	grep -q "${FINGERPRINT}" hashicorp_verify

	# Get the compressed executable
	local binary_filter="${filter_base} \| .builds \| map(select(.os==\"${os}\" and .arch==\"amd64\")) \| .[0].url"
	remote_archive=$(jq "${binary_filter}" index.json \| cut -f 2 -d '"')
	curl -sfLO "$(jq "${binary_filter}" index.json \| cut -f 2 -d '"')"

	$shasum --ignore-missing --quiet --strict --check "${checksums}"

	unzip -qq "$(basename "${remote_archive}")"
	mv "${application}" /usr/bin

	popd >/dev/null \|\| exit
	}

	must_have "gpg" "jq" "curl"

	hashicorp_install "$@"