demo: tools/deps.sh annotate

changelog shortlog graph tags branches changeset files file revisions raw help

Mercurial > demo / annotate tools/deps.sh

changeset 27:	529419ac94f3
author:	ellis <ellis@rwest.io>
date:	Tue, 06 Jun 2023 18:55:17 -0400
permissions:	-rw-r--r--
description:	refactor 2 (wip)

27 529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	1	#!/usr/bin/sh
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	2	# install demo build dependencies
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	3	set -u
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	4	PKG_URL_ROOT="${PKG_URL_ROOT:-https://rwest.io/otom8/packy/bundle}"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	5	PKG_NAME="demo_build_deps"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	6	say() {printf 'babel-installer: %s\n' "$1"}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	7	err() {say "$1" >&2; exit 1}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	8	need_cmd() {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	9	if ! check_cmd "$1"; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	10	err "need '$1' (command not found)"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	11	fi}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	12	check_cmd() {command -v "$1" > /dev/null 2>&1}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	13	ensure() {if ! "$@"; then err "command failed: $*"; fi}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	14	ignore() {"$@"}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	15
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	16	main () {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	17	need_cmd chmod
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	18	need_cmd mkdir
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	19	need_cmd rm
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	20
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	21	get_architecture \|\| return 1
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	22	local _arch="$RETVAL"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	23	assert_nz "$_arch" "arch"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	24
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	25	# no extension unless on windows
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	26	local _ext=""
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	27	case "$_arch" in
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	28	windows)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	29	_ext=".exe"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	30	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	31	esac
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	32
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	33	local _url="${PKG_URL_ROOT}/bin/dist/${_arch}/${PKG_NAME}${_ext}"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	34
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	35	local _dir
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	36	_dir="$(ensure mktemp -d)"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	37	local _file="${_dir}/${PKG_NAME}${_ext}"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	38
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	39	local _ansi_escapes_are_valid=false
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	40	if [ -t 2 ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	41	if [ "${TERM+set}" = 'set' ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	42	case "$TERM" in
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	43	xterm\|rxvt\|urxvt\|linux\|vt*)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	44	_ansi_escapes_are_valid=true
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	45	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	46	esac
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	47	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	48	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	49
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	50	# check if we have to use /dev/tty to prompt the user
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	51	local need_tty=yes
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	52	for arg in "$@"; do
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	53	case "$arg" in
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	54	q)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	55	# user wants to skip the prompt --
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	56	# we don't need /dev/tty
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	57	need_tty=no
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	58	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	59	*)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	60	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	61	esac
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	62	done
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	63
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	64	if $_ansi_escapes_are_valid; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	65	printf "\33[1minfo:\33[0m downloading $PKG_NAME\n" 1>&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	66	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	67	printf '%s\n' 'info: downloading $PKG_NAME' 1>&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	68	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	69
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	70	ensure mkdir -p "$_dir"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	71	ensure downloader "$_url" "$_file" "$_arch"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	72	ensure chmod u+x "$_file"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	73	if [ ! -x "$_file" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	74	printf '%s\n' "Cannot execute $_file (likely because of mounting /tmp as noexec)." 1>&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	75	printf '%s\n' "Please copy the file to a location where you can execute binaries and run ./${PKG_NAME}${_ext}." 1>&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	76	exit 1
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	77	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	78
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	79	if [ "$need_tty" = "yes" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	80	# The installer is going to want to ask for confirmation by
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	81	# reading stdin. This script was piped into `sh` though and
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	82	# doesn't have stdin to pass to its children. Instead we're going
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	83	# to explicitly connect /dev/tty to the installer's stdin.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	84	if [ ! -t 1 ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	85	err "Unable to run interactively. Run with -y to accept defaults"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	86	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	87
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	88	ignore "$_file" "$@" < /dev/tty
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	89	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	90	ignore "$_file" "$@"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	91	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	92
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	93	local _retval=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	94
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	95	ignore rm "$_file"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	96	ignore rmdir "$_dir"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	97
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	98	return "$_retval"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	99	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	100
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	101	dl() { # curl \|\| wget
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	102	local _dld
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	103	local _ciphersuites
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	104	local _err
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	105	local _status
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	106	if check_cmd curl; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	107	_dld=curl
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	108	elif check_cmd wget; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	109	_dld=wget
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	110	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	111	_dld='curl or wget' # to be used in error message of need_cmd
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	112	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	113
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	114	if [ "$1" = --check ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	115	need_cmd "$_dld"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	116	elif [ "$_dld" = curl ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	117	get_ciphersuites_for_curl
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	118	_ciphersuites="$RETVAL"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	119	if [ -n "$_ciphersuites" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	120	_err=$(curl --proto '=https' --tlsv1.2 --ciphers "$_ciphersuites" --silent --show-error --fail --location "$1" --output "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	121	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	122	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	123	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	124	if ! check_help_for "$3" curl --proto --tlsv1.2; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	125	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	126	_err=$(curl --silent --show-error --fail --location "$1" --output "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	127	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	128	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	129	_err=$(curl --proto '=https' --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	130	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	131	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	132	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	133	if [ -n "$_err" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	134	echo "$_err" >&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	135	if echo "$_err" \| grep -q 404$; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	136	err "installer for platform '$3' not found 8^C - ask ellis to support your platform"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	137	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	138	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	139	return $_status
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	140	elif [ "$_dld" = wget ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	141	get_ciphersuites_for_wget
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	142	_ciphersuites="$RETVAL"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	143	if [ -n "$_ciphersuites" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	144	_err=$(wget --https-only --secure-protocol=TLSv1_2 --ciphers "$_ciphersuites" "$1" -O "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	145	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	146	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	147	echo "Warning: Not enforcing strong cipher suites for TLS, this is potentially less secure"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	148	if ! check_help_for "$3" wget --https-only --secure-protocol; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	149	echo "Warning: Not enforcing TLS v1.2, this is potentially less secure"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	150	_err=$(wget "$1" -O "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	151	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	152	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	153	_err=$(wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2" 2>&1)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	154	_status=$?
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	155	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	156	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	157	if [ -n "$_err" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	158	echo "$_err" >&2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	159	if echo "$_err" \| grep -q ' 404 Not Found$'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	160	err "installer for platform '$3' not found!"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	161	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	162	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	163	return $_status
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	164	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	165	err "Unknown downloader" # should not reach here
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	166	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	167	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	168
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	169	check_help_for() {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	170	local _arch
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	171	local _cmd
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	172	local _arg
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	173	_arch="$1"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	174	shift
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	175	_cmd="$1"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	176	shift
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	177
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	178	local _category
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	179	if "$_cmd" --help \| grep -q 'For all options use the manual or "--help all".'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	180	_category="all"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	181	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	182	_category=""
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	183	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	184
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	185	case "$_arch" in
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	186
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	187	darwin)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	188	if check_cmd sw_vers; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	189	case $(sw_vers -productVersion) in
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	190	10.*)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	191	# If we're running on macOS, older than 10.13, then we always
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	192	# fail to find these options to force fallback
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	193	if [ "$(sw_vers -productVersion \| cut -d. -f2)" -lt 13 ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	194	# Older than 10.13
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	195	echo "Warning: Detected macOS platform older than 10.13"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	196	return 1
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	197	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	198	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	199	11.*)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	200	# We assume Big Sur will be OK for now
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	201	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	202	*)
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	203	# Unknown product version, warn and continue
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	204	echo "Warning: Detected unknown macOS major version: $(sw_vers -productVersion)"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	205	echo "Warning TLS capabilities detection may fail"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	206	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	207	esac
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	208	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	209	;;
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	210
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	211	esac
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	212
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	213	for _arg in "$@"; do
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	214	if ! "$_cmd" --help $_category \| grep -q -- "$_arg"; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	215	return 1
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	216	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	217	done
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	218
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	219	true # not strictly needed
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	220	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	221
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	222	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	223	# if support by local tools is detected. Detection currently supports these curl backends:
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	224	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	225	get_ciphersuites_for_curl() {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	226	if [ -n "${BABEL_TLS_CIPHERSUITES-}" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	227	# user specified custom cipher suites, assume they know what they're doing
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	228	RETVAL="$BABEL_TLS_CIPHERSUITES"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	229	return
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	230	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	231
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	232	local _openssl_syntax="no"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	233	local _gnutls_syntax="no"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	234	local _backend_supported="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	235	if curl -V \| grep -q ' OpenSSL/'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	236	_openssl_syntax="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	237	elif curl -V \| grep -iq ' LibreSSL/'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	238	_openssl_syntax="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	239	elif curl -V \| grep -iq ' BoringSSL/'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	240	_openssl_syntax="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	241	elif curl -V \| grep -iq ' GnuTLS/'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	242	_gnutls_syntax="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	243	else
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	244	_backend_supported="no"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	245	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	246
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	247	local _args_supported="no"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	248	if [ "$_backend_supported" = "yes" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	249	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	250	if check_help_for "notspecified" "curl" "--tlsv1.2" "--ciphers" "--proto"; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	251	_args_supported="yes"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	252	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	253	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	254
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	255	local _cs=""
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	256	if [ "$_args_supported" = "yes" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	257	if [ "$_openssl_syntax" = "yes" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	258	_cs=$(get_strong_ciphersuites_for "openssl")
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	259	elif [ "$_gnutls_syntax" = "yes" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	260	_cs=$(get_strong_ciphersuites_for "gnutls")
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	261	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	262	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	263
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	264	RETVAL="$_cs"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	265	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	266
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	267	# Return cipher suite string specified by user, otherwise return strong TLS 1.2-1.3 cipher suites
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	268	# if support by local tools is detected. Detection currently supports these wget backends:
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	269	# GnuTLS and OpenSSL (possibly also LibreSSL and BoringSSL). Return value can be empty.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	270	get_ciphersuites_for_wget() {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	271	if [ -n "${BABEL_TLS_CIPHERSUITES-}" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	272	# user specified custom cipher suites, assume they know what they're doing
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	273	RETVAL="$BABEL_TLS_CIPHERSUITES"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	274	return
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	275	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	276
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	277	local _cs=""
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	278	if wget -V \| grep -q '\-DHAVE_LIBSSL'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	279	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	280	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	281	_cs=$(get_strong_ciphersuites_for "openssl")
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	282	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	283	elif wget -V \| grep -q '\-DHAVE_LIBGNUTLS'; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	284	# "unspecified" is for arch, allows for possibility old OS using macports, homebrew, etc.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	285	if check_help_for "notspecified" "wget" "TLSv1_2" "--ciphers" "--https-only" "--secure-protocol"; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	286	_cs=$(get_strong_ciphersuites_for "gnutls")
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	287	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	288	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	289
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	290	RETVAL="$_cs"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	291	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	292
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	293	# Return strong TLS 1.2-1.3 cipher suites in OpenSSL or GnuTLS syntax. TLS 1.2
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	294	# excludes non-ECDHE and non-AEAD cipher suites. DHE is excluded due to bad
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	295	# DH params often found on servers (see RFC 7919). Sequence matches or is
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	296	# similar to Firefox 68 ESR with weak cipher suites disabled via about:config.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	297	# $1 must be openssl or gnutls.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	298	get_strong_ciphersuites_for() {
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	299	if [ "$1" = "openssl" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	300	# OpenSSL is forgiving of unknown values, no problems with TLS 1.3 values on versions that don't support it yet.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	301	echo "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	302	elif [ "$1" = "gnutls" ]; then
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	303	# GnuTLS isn't forgiving of unknown values, so this may require a GnuTLS version that supports TLS 1.3 even if wget doesn't.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	304	# Begin with SECURE128 (and higher) then remove/add to build cipher suites. Produces same 9 cipher suites as OpenSSL but in slightly different order.
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	305	echo "SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS-ALL:-CIPHER-ALL:-MAC-ALL:-KX-ALL:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+AES-128-GCM:+CHACHA20-POLY1305:+AES-256-GCM"
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	306	fi
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	307	}
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	308
529419ac94f3 refactor 2 (wip) ellis <ellis@rwest.io> parents: diff changeset	309	main "$@" \|\| exit 1