1#!/bin/sh 2set -e 3# Code generated by godownloader on 2020-03-02T13:35:13Z. DO NOT EDIT. 4# 5 6usage() { 7 this=$1 8 cat <<EOF 9$this: download go binaries for securego/gosec 10 11Usage: $this [-b] bindir [-d] [tag] 12 -b sets bindir or installation directory, Defaults to ./bin 13 -d turns on debug logging 14 [tag] is a tag from 15 https://github.com/securego/gosec/releases 16 If tag is missing, then the latest will be used. 17 18 Generated by godownloader 19 https://github.com/goreleaser/godownloader 20 21EOF 22 exit 2 23} 24 25parse_args() { 26 #BINDIR is ./bin unless set be ENV 27 # over-ridden by flag below 28 29 BINDIR=${BINDIR:-./bin} 30 while getopts "b:dh?x" arg; do 31 case "$arg" in 32 b) BINDIR="$OPTARG" ;; 33 d) log_set_priority 10 ;; 34 h | \?) usage "$0" ;; 35 x) set -x ;; 36 esac 37 done 38 shift $((OPTIND - 1)) 39 TAG=$1 40} 41# this function wraps all the destructive operations 42# if a curl|bash cuts off the end of the script due to 43# network, either nothing will happen or will syntax error 44# out preventing half-done work 45execute() { 46 tmpdir=$(mktemp -d) 47 log_debug "downloading files into ${tmpdir}" 48 http_download "${tmpdir}/${TARBALL}" "${TARBALL_URL}" 49 http_download "${tmpdir}/${CHECKSUM}" "${CHECKSUM_URL}" 50 hash_sha256_verify "${tmpdir}/${TARBALL}" "${tmpdir}/${CHECKSUM}" 51 srcdir="${tmpdir}" 52 (cd "${tmpdir}" && untar "${TARBALL}") 53 test ! -d "${BINDIR}" && install -d "${BINDIR}" 54 for binexe in $BINARIES; do 55 if [ "$OS" = "windows" ]; then 56 binexe="${binexe}.exe" 57 fi 58 install "${srcdir}/${binexe}" "${BINDIR}/" 59 log_info "installed ${BINDIR}/${binexe}" 60 done 61 rm -rf "${tmpdir}" 62} 63get_binaries() { 64 case "$PLATFORM" in 65 darwin/amd64) BINARIES="gosec" ;; 66 linux/amd64) BINARIES="gosec" ;; 67 windows/amd64) BINARIES="gosec" ;; 68 *) 69 log_crit "platform $PLATFORM is not supported. Make sure this script is up-to-date and file request at https://github.com/${PREFIX}/issues/new" 70 exit 1 71 ;; 72 esac 73} 74tag_to_version() { 75 if [ -z "${TAG}" ]; then 76 log_info "checking GitHub for latest tag" 77 else 78 log_info "checking GitHub for tag '${TAG}'" 79 fi 80 REALTAG=$(github_release "$OWNER/$REPO" "${TAG}") && true 81 if test -z "$REALTAG"; then 82 log_crit "unable to find '${TAG}' - use 'latest' or see https://github.com/${PREFIX}/releases for details" 83 exit 1 84 fi 85 # if version starts with 'v', remove it 86 TAG="$REALTAG" 87 VERSION=${TAG#v} 88} 89adjust_format() { 90 # change format (tar.gz or zip) based on OS 91 true 92} 93adjust_os() { 94 # adjust archive name based on OS 95 true 96} 97adjust_arch() { 98 # adjust archive name based on ARCH 99 true 100} 101 102cat /dev/null <<EOF 103------------------------------------------------------------------------ 104https://github.com/client9/shlib - portable posix shell functions 105Public domain - http://unlicense.org 106https://github.com/client9/shlib/blob/master/LICENSE.md 107but credit (and pull requests) appreciated. 108------------------------------------------------------------------------ 109EOF 110is_command() { 111 command -v "$1" >/dev/null 112} 113echoerr() { 114 echo "$@" 1>&2 115} 116log_prefix() { 117 echo "$0" 118} 119_logp=6 120log_set_priority() { 121 _logp="$1" 122} 123log_priority() { 124 if test -z "$1"; then 125 echo "$_logp" 126 return 127 fi 128 [ "$1" -le "$_logp" ] 129} 130log_tag() { 131 case $1 in 132 0) echo "emerg" ;; 133 1) echo "alert" ;; 134 2) echo "crit" ;; 135 3) echo "err" ;; 136 4) echo "warning" ;; 137 5) echo "notice" ;; 138 6) echo "info" ;; 139 7) echo "debug" ;; 140 *) echo "$1" ;; 141 esac 142} 143log_debug() { 144 log_priority 7 || return 0 145 echoerr "$(log_prefix)" "$(log_tag 7)" "$@" 146} 147log_info() { 148 log_priority 6 || return 0 149 echoerr "$(log_prefix)" "$(log_tag 6)" "$@" 150} 151log_err() { 152 log_priority 3 || return 0 153 echoerr "$(log_prefix)" "$(log_tag 3)" "$@" 154} 155log_crit() { 156 log_priority 2 || return 0 157 echoerr "$(log_prefix)" "$(log_tag 2)" "$@" 158} 159uname_os() { 160 os=$(uname -s | tr '[:upper:]' '[:lower:]') 161 case "$os" in 162 cygwin_nt*) os="windows" ;; 163 mingw*) os="windows" ;; 164 msys_nt*) os="windows" ;; 165 esac 166 echo "$os" 167} 168uname_arch() { 169 arch=$(uname -m) 170 case $arch in 171 x86_64) arch="amd64" ;; 172 x86) arch="386" ;; 173 i686) arch="386" ;; 174 i386) arch="386" ;; 175 aarch64) arch="arm64" ;; 176 armv5*) arch="armv5" ;; 177 armv6*) arch="armv6" ;; 178 armv7*) arch="armv7" ;; 179 esac 180 echo ${arch} 181} 182uname_os_check() { 183 os=$(uname_os) 184 case "$os" in 185 darwin) return 0 ;; 186 dragonfly) return 0 ;; 187 freebsd) return 0 ;; 188 linux) return 0 ;; 189 android) return 0 ;; 190 nacl) return 0 ;; 191 netbsd) return 0 ;; 192 openbsd) return 0 ;; 193 plan9) return 0 ;; 194 solaris) return 0 ;; 195 windows) return 0 ;; 196 esac 197 log_crit "uname_os_check '$(uname -s)' got converted to '$os' which is not a GOOS value. Please file bug at https://github.com/client9/shlib" 198 return 1 199} 200uname_arch_check() { 201 arch=$(uname_arch) 202 case "$arch" in 203 386) return 0 ;; 204 amd64) return 0 ;; 205 arm64) return 0 ;; 206 armv5) return 0 ;; 207 armv6) return 0 ;; 208 armv7) return 0 ;; 209 ppc64) return 0 ;; 210 ppc64le) return 0 ;; 211 mips) return 0 ;; 212 mipsle) return 0 ;; 213 mips64) return 0 ;; 214 mips64le) return 0 ;; 215 s390x) return 0 ;; 216 amd64p32) return 0 ;; 217 esac 218 log_crit "uname_arch_check '$(uname -m)' got converted to '$arch' which is not a GOARCH value. Please file bug report at https://github.com/client9/shlib" 219 return 1 220} 221untar() { 222 tarball=$1 223 case "${tarball}" in 224 *.tar.gz | *.tgz) tar --no-same-owner -xzf "${tarball}" ;; 225 *.tar) tar --no-same-owner -xf "${tarball}" ;; 226 *.zip) unzip "${tarball}" ;; 227 *) 228 log_err "untar unknown archive format for ${tarball}" 229 return 1 230 ;; 231 esac 232} 233http_download_curl() { 234 local_file=$1 235 source_url=$2 236 header=$3 237 if [ -z "$header" ]; then 238 code=$(curl -w '%{http_code}' -sL -o "$local_file" "$source_url") 239 else 240 code=$(curl -w '%{http_code}' -sL -H "$header" -o "$local_file" "$source_url") 241 fi 242 if [ "$code" != "200" ]; then 243 log_debug "http_download_curl received HTTP status $code" 244 return 1 245 fi 246 return 0 247} 248http_download_wget() { 249 local_file=$1 250 source_url=$2 251 header=$3 252 if [ -z "$header" ]; then 253 wget -q -O "$local_file" "$source_url" 254 else 255 wget -q --header "$header" -O "$local_file" "$source_url" 256 fi 257} 258http_download() { 259 log_debug "http_download $2" 260 if is_command curl; then 261 http_download_curl "$@" 262 return 263 elif is_command wget; then 264 http_download_wget "$@" 265 return 266 fi 267 log_crit "http_download unable to find wget or curl" 268 return 1 269} 270http_copy() { 271 tmp=$(mktemp) 272 http_download "${tmp}" "$1" "$2" || return 1 273 body=$(cat "$tmp") 274 rm -f "${tmp}" 275 echo "$body" 276} 277github_release() { 278 owner_repo=$1 279 version=$2 280 test -z "$version" && version="latest" 281 giturl="https://github.com/${owner_repo}/releases/${version}" 282 json=$(http_copy "$giturl" "Accept:application/json") 283 test -z "$json" && return 1 284 version=$(echo "$json" | tr -s '\n' ' ' | sed 's/.*"tag_name":"//' | sed 's/".*//') 285 test -z "$version" && return 1 286 echo "$version" 287} 288hash_sha256() { 289 TARGET=${1:-/dev/stdin} 290 if is_command gsha256sum; then 291 hash=$(gsha256sum "$TARGET") || return 1 292 echo "$hash" | cut -d ' ' -f 1 293 elif is_command sha256sum; then 294 hash=$(sha256sum "$TARGET") || return 1 295 echo "$hash" | cut -d ' ' -f 1 296 elif is_command shasum; then 297 hash=$(shasum -a 256 "$TARGET" 2>/dev/null) || return 1 298 echo "$hash" | cut -d ' ' -f 1 299 elif is_command openssl; then 300 hash=$(openssl -dst openssl dgst -sha256 "$TARGET") || return 1 301 echo "$hash" | cut -d ' ' -f a 302 else 303 log_crit "hash_sha256 unable to find command to compute sha-256 hash" 304 return 1 305 fi 306} 307hash_sha256_verify() { 308 TARGET=$1 309 checksums=$2 310 if [ -z "$checksums" ]; then 311 log_err "hash_sha256_verify checksum file not specified in arg2" 312 return 1 313 fi 314 BASENAME=${TARGET##*/} 315 want=$(grep "${BASENAME}" "${checksums}" 2>/dev/null | tr '\t' ' ' | cut -d ' ' -f 1) 316 if [ -z "$want" ]; then 317 log_err "hash_sha256_verify unable to find checksum for '${TARGET}' in '${checksums}'" 318 return 1 319 fi 320 got=$(hash_sha256 "$TARGET") 321 if [ "$want" != "$got" ]; then 322 log_err "hash_sha256_verify checksum for '$TARGET' did not verify ${want} vs $got" 323 return 1 324 fi 325} 326cat /dev/null <<EOF 327------------------------------------------------------------------------ 328End of functions from https://github.com/client9/shlib 329------------------------------------------------------------------------ 330EOF 331 332PROJECT_NAME="gosec" 333OWNER=securego 334REPO="gosec" 335BINARY=gosec 336FORMAT=tar.gz 337OS=$(uname_os) 338ARCH=$(uname_arch) 339PREFIX="$OWNER/$REPO" 340 341# use in logging routines 342log_prefix() { 343 echo "$PREFIX" 344} 345PLATFORM="${OS}/${ARCH}" 346GITHUB_DOWNLOAD=https://github.com/${OWNER}/${REPO}/releases/download 347 348uname_os_check "$OS" 349uname_arch_check "$ARCH" 350 351parse_args "$@" 352 353get_binaries 354 355tag_to_version 356 357adjust_format 358 359adjust_os 360 361adjust_arch 362 363log_info "found version: ${VERSION} for ${TAG}/${OS}/${ARCH}" 364 365NAME=${PROJECT_NAME}_${VERSION}_${OS}_${ARCH} 366TARBALL=${NAME}.${FORMAT} 367TARBALL_URL=${GITHUB_DOWNLOAD}/${TAG}/${TARBALL} 368CHECKSUM=${PROJECT_NAME}_${VERSION}_checksums.txt 369CHECKSUM_URL=${GITHUB_DOWNLOAD}/${TAG}/${CHECKSUM} 370 371 372execute 373