[SP-3605] fix: update installation scripts

Author: matiasdaloia

INSTALLATION.md

@@ -160,12 +160,14 @@ If you prefer manual installation:
 
 **Installation Options:**
 
-**Option 1: Portable Use**
+### Option 1: Portable Use
+
 - Run directly from Downloads or any location
 - No installation required
 - Ideal for USB drives or temporary usage
 
-**Option 2: Install to Program Files (Recommended)**
+### Option 2: Install to Program Files (Recommended)
+
 ```powershell
 # In PowerShell (Run as Administrator)
 New-Item -Path "C:\Program Files\SCANOSS" -ItemType Directory -Force
@@ -311,7 +313,7 @@ $env:Path -split ';' | Select-String SCANOSS
 **Issue:** Application won't start or crashes immediately
 
 **Solution:** SCANOSS Code Compare requires WebView2 runtime. It's typically pre-installed on Windows 11, but Windows 10 users may need to install it:
-- Download from: https://developer.microsoft.com/en-us/microsoft-edge/webview2/
+- Download from: [Microsoft WebView2 Runtime](https://developer.microsoft.com/en-us/microsoft-edge/webview2/)
 - Or the app will prompt to download it automatically on first launch
 
 ### Linux

scripts/install-macos.sh

@@ -24,7 +24,7 @@ else
     curl -fsSL "https://raw.githubusercontent.com/$REPO/main/scripts/lib/github-api.sh" -o "$TEMP_LIB_DIR/github-api.sh"
     source "$TEMP_LIB_DIR/common.sh"
     source "$TEMP_LIB_DIR/github-api.sh"
-    trap "rm -rf '$TEMP_LIB_DIR'" EXIT
+    trap 'rm -rf "$TEMP_LIB_DIR"' EXIT
 fi
 
 # Check if Homebrew is installed

scripts/install-windows.ps1

@@ -1,5 +1,25 @@
 # SCANOSS Code Compare - Windows Installer
 # This script installs SCANOSS Code Compare on Windows
+#
+# Parameters:
+#   -InstallPath  : Installation directory (default: C:\Program Files\SCANOSS)
+#   -NoPath       : Skip adding to system PATH
+#   -NoShortcuts  : Skip creating Start Menu shortcuts
+#   -NoVerify     : Skip SHA256 checksum verification (not recommended)
+#   -Version      : Specific version to install (default: latest)
+#
+# Examples:
+#   # Standard installation
+#   .\install-windows.ps1
+#
+#   # Install without PATH modification
+#   .\install-windows.ps1 -NoPath
+#
+#   # Install specific version
+#   .\install-windows.ps1 -Version "0.9.0"
+#
+#   # Skip checksum verification (not recommended)
+#   .\install-windows.ps1 -NoVerify
 
 #Requires -Version 5.1
 
@@ -8,6 +28,7 @@ param(
     [string]$InstallPath = "$env:ProgramFiles\SCANOSS",
     [switch]$NoPath,
     [switch]$NoShortcuts,
+    [switch]$NoVerify,
     [string]$Version
 )
 
@@ -135,6 +156,41 @@ function Get-AssetUrl {
     }
 }
 
+# Get checksum for a specific asset from SHA256SUMS file
+function Get-AssetChecksum {
+    param(
+        [string]$Version,
+        [string]$AssetName
+    )
+
+    Write-Debug-Info "Fetching checksum for: $AssetName"
+
+    $checksumsUrl = "https://github.com/$Script:Repo/releases/download/v$Version/SHA256SUMS"
+
+    try {
+        $checksums = (Invoke-WebRequest -Uri $checksumsUrl -UseBasicParsing -ErrorAction SilentlyContinue).Content
+
+        if ($checksums) {
+            # Parse the SHA256SUMS file (format: "hash  filename")
+            $lines = $checksums -split "`n"
+            foreach ($line in $lines) {
+                if ($line -match "^\s*([a-fA-F0-9]+)\s+.*$AssetName") {
+                    $checksum = $matches[1]
+                    Write-Debug-Info "Found checksum: $checksum"
+                    return $checksum
+                }
+            }
+        }
+
+        Write-Warn "No checksum file found for this release"
+        return $null
+    }
+    catch {
+        Write-Debug-Info "Failed to fetch checksums: $_"
+        return $null
+    }
+}
+
 # Check if WebView2 is installed
 function Test-WebView2 {
     $webView2Key = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"
@@ -264,10 +320,33 @@ function Install-ScanossCodeCompare {
         # Download
         $downloadUrl = Get-AssetUrl -Version $Version
         $zipPath = "$tempDir\$Script:AppName.zip"
+        $assetName = "$Script:AppName-win.zip"
 
         Get-FileWithProgress -Url $downloadUrl -OutputPath $zipPath
 
+        # Verify checksum (unless -NoVerify is set)
+        if (-not $NoVerify) {
+            Write-Host ""
+            $expectedChecksum = Get-AssetChecksum -Version $Version -AssetName $assetName
+
+            if ($expectedChecksum) {
+                if (-not (Test-Checksum -FilePath $zipPath -ExpectedHash $expectedChecksum)) {
+                    # Checksum failed - clean up and abort
+                    Remove-Item -Path $zipPath -Force -ErrorAction SilentlyContinue
+                    throw "Checksum verification failed! The downloaded file may be corrupted or tampered with."
+                }
+            }
+            else {
+                Write-Warn "No checksum available for verification"
+                Write-Warn "Installation will proceed without checksum verification"
+            }
+        }
+        else {
+            Write-Warn "Checksum verification skipped (--NoVerify flag set)"
+        }
+
         # Extract
+        Write-Host ""
         Write-Info "Extracting..."
         Expand-Archive -Path $zipPath -DestinationPath $tempDir -Force
 

scripts/lib/github-api.sh

@@ -66,12 +66,18 @@ get_asset_checksum() {
     local checksums_url="https://github.com/$GITHUB_REPO/releases/download/v$version/SHA256SUMS"
     local checksum=""
 
+    # Temporarily disable errexit to handle missing checksums gracefully
+    set +e
+
     if command_exists curl; then
-        checksum=$(curl -fsSL "$checksums_url" 2>/dev/null | grep "$asset_name" | awk '{print $1}')
+        checksum=$(curl -sSL "$checksums_url" 2>/dev/null | grep "$asset_name" | awk '{print $1}')
     elif command_exists wget; then
         checksum=$(wget -qO- "$checksums_url" 2>/dev/null | grep "$asset_name" | awk '{print $1}')
     fi
 
+    # Restore errexit
+    set -e
+
     if [ -z "$checksum" ]; then
         log_warn "No checksum file found for this release"
         log_warn "Installation will proceed without checksum verification"
@@ -86,18 +92,28 @@ get_asset_checksum() {
 version_exists() {
     local version="$1"
     local release_url="$GITHUB_API_URL/releases/tags/v$version"
+    local http_code=""
+
+    # Temporarily disable errexit to handle HTTP errors gracefully
+    set +e
 
     if command_exists curl; then
-        if curl -fsSL -o /dev/null -w "%{http_code}" "$release_url" | grep -q "200"; then
-            return 0
-        fi
+        # Get HTTP status code without failing on 4xx/5xx
+        http_code=$(curl -sSL -o /dev/null -w "%{http_code}" "$release_url" 2>/dev/null)
     elif command_exists wget; then
-        if wget -q --spider "$release_url" 2>&1 | grep -q "200"; then
-            return 0
-        fi
+        # Get HTTP status code from wget
+        http_code=$(wget --spider -S "$release_url" 2>&1 | grep "HTTP/" | tail -n 1 | awk '{print $2}')
     fi
 
-    return 1
+    # Restore errexit
+    set -e
+
+    # Check if we got a 200 response
+    if [ "$http_code" = "200" ]; then
+        return 0
+    else
+        return 1
+    fi
 }
 
 # List available versions
@@ -158,8 +174,8 @@ download_and_verify_asset() {
     download_file "$download_url" "$output_path"
 
     # Try to verify checksum
-    local expected_checksum=$(get_asset_checksum "$version" "$asset_name")
-    if [ -n "$expected_checksum" ]; then
+    local expected_checksum=""
+    if expected_checksum=$(get_asset_checksum "$version" "$asset_name" 2>/dev/null); then
         if ! verify_checksum "$output_path" "$expected_checksum"; then
             abort "Checksum verification failed! The downloaded file may be corrupted or tampered with."
         fi