Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions public/install.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
#!/usr/bin/env sh
. install/000_header.sh
. install/010_manifest.sh
. install/020_flags.sh
. install/100_log.sh
. install/110_assert.sh
. install/200_downloader.sh
. install/300_license.sh
. install/999_footer.sh
56 changes: 56 additions & 0 deletions public/install/020_flags.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
## 020_flags.sh

# A newline separated list of boolean flags. See the read_flags function to see how it's parsed.
DFX_BOOL_FLAGS=""

# Make a BOOLEAN flag and its description.
#
# Arguments:
# $1 - The long name of the boolean. This will be used on the command line. The name of the
# environment variable will be `flag_NAME` where NAME is this argument, capitalized.
# The value of this argument is empty string if not specified, and "1" if it is.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So if I am reading this right we have to call flag_INSECURE ./install.sh?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite. That will not work as the value of flag_INSECURE is reset to "", but ./install.sh --insecure will set up the internal var flag_INSECURE. So in the shell script you need to use $flag_INSECURE.

# $2 - A description of the flag. This is not currently used but will be when we have enough
# flags to implement help.
define_flag_BOOL() {
local VARNAME="flag_$(echo $1 | tr /a-z/ /A-Z)"
eval $VARNAME=""
DFX_BOOL_FLAGS="${DFX_BOOL_FLAGS}--${1} $VARNAME $2"
}

# Get the flag name of a line in the flag description.
get_flag_name() {
echo $1
}

# Get the variable name of a line in the flag description.
get_var_name() {
echo $2
}

# Read all the command line flags and set the flag_XXXX environment variables.
#
# Arguments:
# $* - Flags to parse.
# Side Effects:
# Environment variables are set according to flags defined and flags.
read_flags() {
# Set values from command line.
while [[ "$@" ]]; do
local ARG=$1
shift

OLD_IFS="$IFS"
IFS=$'\n'
for line in ${DFX_BOOL_FLAGS}; do
[ "$line" ] || break

IFS="$OLD_IFS"
FLAG=$(get_flag_name $line)
VARNAME=$(get_var_name $line)

if [ "$ARG" == "$FLAG" ]; then
eval $VARNAME="1"
fi
done
done
}
8 changes: 8 additions & 0 deletions public/install/100_log.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ say() {
printf 'dfinity-sdk: %s\n' "$1"
}

warn() {
if $_ansi_escapes_are_valid; then
printf "\33[1mwarn:\33[0m %s\n" "$1" 1>&2
else
printf '%s\n' "$1" 1>&2
fi
}

err() {
say "$1" >&2
exit 1
Expand Down
69 changes: 69 additions & 0 deletions public/install/200_downloader.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
## 200_downloader.sh

define_flag_BOOL "insecure" "Allows downloading from insecure URLs, either using HTTP or TLS 1.2 or less."

check_help_for() {
local _cmd
local _arg
local _ok
_cmd="$1"
_ok="y"
shift

# If we're running on OS-X, older than 10.13, then we always
# fail to find these options to force fallback
if check_cmd sw_vers; then
if [ "$(sw_vers -productVersion | cut -d. -f2)" -lt 13 ]; then
# Older than 10.13
echo "Warning: Detected OS X platform older than 10.13"
_ok="n"
fi
fi

for _arg in "$@"; do
if ! "$_cmd" --help | grep -q -- "$_arg"; then
_ok="n"
fi
done

test "$_ok" = "y"
}

# This wraps curl or wget. Try curl first, if not installed, use wget instead.
# Arguments:
# $1 - URL to download.
# $2 - Path to output the download. Use - to output to stdout.
downloader() {
local _dld
if check_cmd curl; then
_dld=curl
elif check_cmd wget; then
_dld=wget
else
_dld='curl or wget' # to be used in error message of need_cmd
fi

if [ "$1" = --check ]; then
need_cmd "$_dld"
elif [ "$_dld" = curl ]; then
if check_help_for curl --proto --tlsv1.3; then
curl --proto '=https' --tls-max=1.3 --silent --show-error --fail --location "$1" --output "$2"
elif ! [ "$_flag_INSECURE" ]; then
warn "Not forcing TLS v1.3, this is potentially less secure"
curl --silent --show-error --fail --location "$1" --output "$2"
else
err "TLS 1.3 is not supported on this platform. To force using it, use the --insecure flag."
fi
elif [ "$_dld" = wget ]; then
if check_help_for wget --https-only --secure-protocol; then
wget --https-only --secure-protocol=TLSv1_3 "$1" -O "$2"
elif ! [ "$_flag_INSECURE" ]; then
warn "Not forcing TLS v1.3, this is potentially less secure"
wget "$1" -O "$2"
else
err "TLS 1.3 is not supported on this platform. To force using it, use the --insecure flag."
fi
else
err "Unknown downloader" # should not reach here
fi
}
67 changes: 4 additions & 63 deletions public/install/999_footer.sh
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ main() {
esac
fi
fi

# Read flags.
read_flags "$@"

log "Executing DFINITY SDK install script, commit: $SCRIPT_COMMIT_DESC"

downloader --check
Expand Down Expand Up @@ -188,42 +192,6 @@ get_architecture() {
RETVAL="$_arch"
}

# This wraps curl or wget. Try curl first, if not installed,
# use wget instead.
# Arguments:
# $1 - URL to download.
# $2 - Path to output the download. Use - to output to stdout.
downloader() {
local _dld
if check_cmd curl; then
_dld=curl
elif check_cmd wget; then
_dld=wget
else
_dld='curl or wget' # to be used in error message of need_cmd
fi

if [ "$1" = --check ]; then
need_cmd "$_dld"
elif [ "$_dld" = curl ]; then
if ! check_help_for curl --proto --tlsv1.2; then
echo "Warning: Not forcing TLS v1.2, this is potentially less secure"
curl --silent --show-error --fail --location "$1" --output "$2"
else
curl --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2"
fi
elif [ "$_dld" = wget ]; then
if ! check_help_for wget --https-only --secure-protocol; then
echo "Warning: Not forcing TLS v1.2, this is potentially less secure"
wget "$1" -O "$2"
else
wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2"
fi
else
err "Unknown downloader" # should not reach here
fi
}

install_uninstall_script() {
set +u
local uninstall_file_path
Expand Down Expand Up @@ -272,31 +240,4 @@ EOF
ensure chmod u+x "${uninstall_file_path}"
}

check_help_for() {
local _cmd
local _arg
local _ok
_cmd="$1"
_ok="y"
shift

# If we're running on OS-X, older than 10.13, then we always
# fail to find these options to force fallback
if check_cmd sw_vers; then
if [ "$(sw_vers -productVersion | cut -d. -f2)" -lt 13 ]; then
# Older than 10.13
echo "Warning: Detected OS X platform older than 10.13"
_ok="n"
fi
fi

for _arg in "$@"; do
if ! "$_cmd" --help | grep -q -- "$_arg"; then
_ok="n"
fi
done

test "$_ok" = "y"
}

main "$@" || exit $?