1#!/bin/sh
2set -e
3# Code generated by godownloader on 2020-03-02T13:35:13Z. DO NOT EDIT.
4#
5
6usage() {
7  this=$1
8  cat <<EOF
9$this: download go binaries for securego/gosec
10
11Usage: $this [-b] bindir [-d] [tag]
12  -b sets bindir or installation directory, Defaults to ./bin
13  -d turns on debug logging
14   [tag] is a tag from
15   https://github.com/securego/gosec/releases
16   If tag is missing, then the latest will be used.
17
18 Generated by godownloader
19  https://github.com/goreleaser/godownloader
20
21EOF
22  exit 2
23}
24
25parse_args() {
26  #BINDIR is ./bin unless set be ENV
27  # over-ridden by flag below
28
29  BINDIR=${BINDIR:-./bin}
30  while getopts "b:dh?x" arg; do
31    case "$arg" in
32      b) BINDIR="$OPTARG" ;;
33      d) log_set_priority 10 ;;
34      h | \?) usage "$0" ;;
35      x) set -x ;;
36    esac
37  done
38  shift $((OPTIND - 1))
39  TAG=$1
40}
41# this function wraps all the destructive operations
42# if a curl|bash cuts off the end of the script due to
43# network, either nothing will happen or will syntax error
44# out preventing half-done work
45execute() {
46  tmpdir=$(mktemp -d)
47  log_debug "downloading files into ${tmpdir}"
48  http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}"
49  http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}"
50  hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}"
51  srcdir="${tmpdir}"
52  (cd "${tmpdir}" && untar "${TARBALL}")
53  test ! -d "${BINDIR}" && install -d "${BINDIR}"
54  for binexe in $BINARIES; do
55    if [ "$OS" = "windows" ]; then
56      binexe="${binexe}.exe"
57    fi
58    install "${srcdir}/${binexe}" "${BINDIR}/"
59    log_info "installed ${BINDIR}/${binexe}"
60  done
61  rm -rf "${tmpdir}"
62}
63get_binaries() {
64  case "$PLATFORM" in
65    darwin/amd64) BINARIES="gosec" ;;
66    linux/amd64) BINARIES="gosec" ;;
67    windows/amd64) BINARIES="gosec" ;;
68    *)
69      log_crit "platform $PLATFORM is not supported.  Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new"
70      exit 1
71      ;;
72  esac
73}
74tag_to_version() {
75  if [ -z "${TAG}" ]; then
76    log_info "checking GitHub for latest tag"
77  else
78    log_info "checking GitHub for tag '${TAG}'"
79  fi
80  REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true
81  if test -z "$REALTAG"; then
82    log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details"
83    exit 1
84  fi
85  # if version starts with 'v', remove it
86  TAG="$REALTAG"
87  VERSION=${TAG#v}
88}
89adjust_format() {
90  # change format (tar.gz or zip) based on OS
91  true
92}
93adjust_os() {
94  # adjust archive name based on OS
95  true
96}
97adjust_arch() {
98  # adjust archive name based on ARCH
99  true
100}
101
102cat /dev/null <<EOF
103------------------------------------------------------------------------
104https://github.com/client9/shlib - portable posix shell functions
105Public domain - http://unlicense.org
106https://github.com/client9/shlib/blob/master/LICENSE.md
107but credit (and pull requests) appreciated.
108------------------------------------------------------------------------
109EOF
110is_command() {
111  command -v "$1" >/dev/null
112}
113echoerr() {
114  echo "$@" 1>&2
115}
116log_prefix() {
117  echo "$0"
118}
119_logp=6
120log_set_priority() {
121  _logp="$1"
122}
123log_priority() {
124  if test -z "$1"; then
125    echo "$_logp"
126    return
127  fi
128  [ "$1" -le "$_logp" ]
129}
130log_tag() {
131  case $1 in
132    0) echo "emerg" ;;
133    1) echo "alert" ;;
134    2) echo "crit" ;;
135    3) echo "err" ;;
136    4) echo "warning" ;;
137    5) echo "notice" ;;
138    6) echo "info" ;;
139    7) echo "debug" ;;
140    *) echo "$1" ;;
141  esac
142}
143log_debug() {
144  log_priority 7 || return 0
145  echoerr "$(log_prefix)" "$(log_tag 7)" "$@"
146}
147log_info() {
148  log_priority 6 || return 0
149  echoerr "$(log_prefix)" "$(log_tag 6)" "$@"
150}
151log_err() {
152  log_priority 3 || return 0
153  echoerr "$(log_prefix)" "$(log_tag 3)" "$@"
154}
155log_crit() {
156  log_priority 2 || return 0
157  echoerr "$(log_prefix)" "$(log_tag 2)" "$@"
158}
159uname_os() {
160  os=$(uname -s | tr '[:upper:]' '[:lower:]')
161  case "$os" in
162    cygwin_nt*) os="windows" ;;
163    mingw*) os="windows" ;;
164    msys_nt*) os="windows" ;;
165  esac
166  echo "$os"
167}
168uname_arch() {
169  arch=$(uname -m)
170  case $arch in
171    x86_64) arch="amd64" ;;
172    x86) arch="386" ;;
173    i686) arch="386" ;;
174    i386) arch="386" ;;
175    aarch64) arch="arm64" ;;
176    armv5*) arch="armv5" ;;
177    armv6*) arch="armv6" ;;
178    armv7*) arch="armv7" ;;
179  esac
180  echo ${arch}
181}
182uname_os_check() {
183  os=$(uname_os)
184  case "$os" in
185    darwin) return 0 ;;
186    dragonfly) return 0 ;;
187    freebsd) return 0 ;;
188    linux) return 0 ;;
189    android) return 0 ;;
190    nacl) return 0 ;;
191    netbsd) return 0 ;;
192    openbsd) return 0 ;;
193    plan9) return 0 ;;
194    solaris) return 0 ;;
195    windows) return 0 ;;
196  esac
197  log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib"
198  return 1
199}
200uname_arch_check() {
201  arch=$(uname_arch)
202  case "$arch" in
203    386) return 0 ;;
204    amd64) return 0 ;;
205    arm64) return 0 ;;
206    armv5) return 0 ;;
207    armv6) return 0 ;;
208    armv7) return 0 ;;
209    ppc64) return 0 ;;
210    ppc64le) return 0 ;;
211    mips) return 0 ;;
212    mipsle) return 0 ;;
213    mips64) return 0 ;;
214    mips64le) return 0 ;;
215    s390x) return 0 ;;
216    amd64p32) return 0 ;;
217  esac
218  log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value.  Please file bug report at https://github.com/client9/shlib"
219  return 1
220}
221untar() {
222  tarball=$1
223  case "${tarball}" in
224    *.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;;
225    *.tar) tar --no-same-owner -xf "${tarball}" ;;
226    *.zip) unzip "${tarball}" ;;
227    *)
228      log_err "untar unknown archive format for ${tarball}"
229      return 1
230      ;;
231  esac
232}
233http_download_curl() {
234  local_file=$1
235  source_url=$2
236  header=$3
237  if [ -z "$header" ]; then
238    code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url")
239  else
240    code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url")
241  fi
242  if [ "$code" != "200" ]; then
243    log_debug "http_download_curl received HTTP status $code"
244    return 1
245  fi
246  return 0
247}
248http_download_wget() {
249  local_file=$1
250  source_url=$2
251  header=$3
252  if [ -z "$header" ]; then
253    wget -q -O "$local_file" "$source_url"
254  else
255    wget -q --header "$header" -O "$local_file" "$source_url"
256  fi
257}
258http_download() {
259  log_debug "http_download $2"
260  if is_command curl; then
261    http_download_curl "$@"
262    return
263  elif is_command wget; then
264    http_download_wget "$@"
265    return
266  fi
267  log_crit "http_download unable to find wget or curl"
268  return 1
269}
270http_copy() {
271  tmp=$(mktemp)
272  http_download "${tmp}" "$1" "$2" || return 1
273  body=$(cat "$tmp")
274  rm -f "${tmp}"
275  echo "$body"
276}
277github_release() {
278  owner_repo=$1
279  version=$2
280  test -z "$version" && version="latest"
281  giturl="https://github.com/${owner_repo}/releases/${version}"
282  json=$(http_copy "$giturl" "Accept:application/json")
283  test -z "$json" && return 1
284  version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//')
285  test -z "$version" && return 1
286  echo "$version"
287}
288hash_sha256() {
289  TARGET=${1:-/dev/stdin}
290  if is_command gsha256sum; then
291    hash=$(gsha256sum "$TARGET") || return 1
292    echo "$hash" | cut -d ' ' -f 1
293  elif is_command sha256sum; then
294    hash=$(sha256sum "$TARGET") || return 1
295    echo "$hash" | cut -d ' ' -f 1
296  elif is_command shasum; then
297    hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1
298    echo "$hash" | cut -d ' ' -f 1
299  elif is_command openssl; then
300    hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1
301    echo "$hash" | cut -d ' ' -f a
302  else
303    log_crit "hash_sha256 unable to find command to compute sha-256 hash"
304    return 1
305  fi
306}
307hash_sha256_verify() {
308  TARGET=$1
309  checksums=$2
310  if [ -z "$checksums" ]; then
311    log_err "hash_sha256_verify checksum file not specified in arg2"
312    return 1
313  fi
314  BASENAME=${TARGET##*/}
315  want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1)
316  if [ -z "$want" ]; then
317    log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'"
318    return 1
319  fi
320  got=$(hash_sha256 "$TARGET")
321  if [ "$want" != "$got" ]; then
322    log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got"
323    return 1
324  fi
325}
326cat /dev/null <<EOF
327------------------------------------------------------------------------
328End of functions from https://github.com/client9/shlib
329------------------------------------------------------------------------
330EOF
331
332PROJECT_NAME="gosec"
333OWNER=securego
334REPO="gosec"
335BINARY=gosec
336FORMAT=tar.gz
337OS=$(uname_os)
338ARCH=$(uname_arch)
339PREFIX="$OWNER/$REPO"
340
341# use in logging routines
342log_prefix() {
343	echo "$PREFIX"
344}
345PLATFORM="${OS}/${ARCH}"
346GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download
347
348uname_os_check "$OS"
349uname_arch_check "$ARCH"
350
351parse_args "$@"
352
353get_binaries
354
355tag_to_version
356
357adjust_format
358
359adjust_os
360
361adjust_arch
362
363log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}"
364
365NAME=${PROJECT_NAME}_${VERSION}_${OS}_${ARCH}
366TARBALL=${NAME}.${FORMAT}
367TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL}
368CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt
369CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM}
370
371
372execute
373