This repository has been archived by the owner on Jul 12, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
index.txt
executable file
·254 lines (228 loc) · 7.46 KB
/
index.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#!/usr/bin/env bash
#
# Caddy Installer Script
#
# Homepage: https://caddyserver.com
# Issues: https://github.com/caddyserver/getcaddy.com/issues
# Requires: bash, mv, rm, tr, type, curl/wget, base64, sudo (if not root)
# tar (or unzip on OSX and Windows), gpg (optional verification)
#
# This script safely installs Caddy into your PATH (which may require
# password authorization). Assuming a non-commercial license, use it
# like this:
#
# $ curl https://getcaddy.com | bash -s personal
# or
# $ wget -qO- https://getcaddy.com | bash -s personal
#
# The syntax is:
#
# bash -s [personal|commercial] [plugin1,plugin2,...] [accessCode1,accessCode2...]
#
# So if you want to get Caddy with extra plugins, the second
# argument is a comma-separated list of plugin names, like this:
#
# $ curl https://getcaddy.com | bash -s personal http.git,dns
#
# If you are downloading Caddy with unlisted plugins and need to
# provide access codes: list them, separated by commas, in the third
# argument, like this:
#
# $ curl https://getcaddy.com | bash -s personal unlisted accessCode
#
# If you purchased a commercial license, you must set your account
# ID and API key in environment variables:
#
# $ export CADDY_ACCOUNT_ID=...
# $ export CADDY_API_KEY=...
#
# Then you can request a commercially-licensed download:
#
# $ curl https://getcaddy.com | bash -s commercial
#
# And the same argument syntax applies.
#
# In automated environments, you may want to run as root.
# If using curl, we recommend using the -fsSL flags.
#
# This should work on Mac, Linux, and BSD systems, and
# hopefully Windows with Cygwin. Please open an issue if
# you notice any bugs.
#
[[ $- = *i* ]] && echo "Don't source this script!" && return 10
install_caddy()
{
trap 'echo -e "Aborted, error $? in command: $BASH_COMMAND"; trap ERR; exit 1' ERR
caddy_license="$1"
caddy_plugins="$2"
caddy_access_codes="$3"
install_path="/usr/local/bin"
caddy_os="unsupported"
caddy_arch="unknown"
caddy_arm=""
# Valid license declaration is required
if [[ "$caddy_license" != "personal" && "$caddy_license" != "commercial" ]]; then
echo "You must specify a personal or commercial license; see getcaddy.com for instructions."
return 9
fi
# Termux on Android has $PREFIX set which already ends with /usr
if [[ -n "$ANDROID_ROOT" && -n "$PREFIX" ]]; then
install_path="$PREFIX/bin"
fi
# Fall back to /usr/bin if necessary
if [[ ! -d $install_path ]]; then
install_path="/usr/bin"
fi
# Not every platform has or needs sudo (https://termux.com/linux.html)
((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo"
#########################
# Which OS and version? #
#########################
caddy_bin="caddy"
caddy_dl_ext=".tar.gz"
# NOTE: `uname -m` is more accurate and universal than `arch`
# See https://en.wikipedia.org/wiki/Uname
unamem="$(uname -m)"
if [[ $unamem == *aarch64* ]]; then
caddy_arch="arm64"
elif [[ $unamem == *64* ]]; then
caddy_arch="amd64"
elif [[ $unamem == *86* ]]; then
caddy_arch="386"
elif [[ $unamem == *armv5* ]]; then
caddy_arch="arm"
caddy_arm="5"
elif [[ $unamem == *armv6l* ]]; then
caddy_arch="arm"
caddy_arm="6"
elif [[ $unamem == *armv7l* ]]; then
caddy_arch="arm"
caddy_arm="7"
else
echo "Aborted, unsupported or unknown architecture: $unamem"
return 2
fi
unameu="$(tr '[:lower:]' '[:upper:]' <<<$(uname))"
if [[ $unameu == *DARWIN* ]]; then
caddy_os="darwin"
caddy_dl_ext=".zip"
vers=$(sw_vers)
version=${vers##*ProductVersion:}
IFS='.' read OSX_MAJOR OSX_MINOR _ <<<"$version"
# Major
if ((OSX_MAJOR < 10)); then
echo "Aborted, unsupported OS X version (9-)"
return 3
fi
if ((OSX_MAJOR > 10)); then
echo "Aborted, unsupported OS X version (11+)"
return 4
fi
# Minor
if ((OSX_MINOR < 5)); then
echo "Aborted, unsupported OS X version (10.5-)"
return 5
fi
elif [[ $unameu == *LINUX* ]]; then
caddy_os="linux"
elif [[ $unameu == *FREEBSD* ]]; then
caddy_os="freebsd"
elif [[ $unameu == *OPENBSD* ]]; then
caddy_os="openbsd"
elif [[ $unameu == *WIN* || $unameu == MSYS* ]]; then
# Should catch cygwin
sudo_cmd=""
caddy_os="windows"
caddy_dl_ext=".zip"
caddy_bin=$caddy_bin.exe
else
echo "Aborted, unsupported or unknown os: $uname"
return 6
fi
########################
# Download and extract #
########################
echo "Downloading Caddy for ${caddy_os}/${caddy_arch}${caddy_arm} (${caddy_license} license)..."
caddy_file="caddy_${caddy_os}_${caddy_arch}${caddy_arm}_custom${caddy_dl_ext}"
qs="license=${caddy_license}&plugins=${caddy_plugins}&access_codes=${caddy_access_codes}"
caddy_url="https://caddyserver.com/download/${caddy_os}/${caddy_arch}${caddy_arm}?${qs}"
caddy_asc="https://caddyserver.com/download/${caddy_os}/${caddy_arch}${caddy_arm}/signature?${qs}"
type -p gpg >/dev/null 2>&1 && gpg=1 || gpg=0
# Use $PREFIX for compatibility with Termux on Android
dl="$PREFIX/tmp/$caddy_file"
rm -rf -- "$dl"
if type -p curl >/dev/null 2>&1; then
curl -fsSL "$caddy_url" -u "$CADDY_ACCOUNT_ID:$CADDY_API_KEY" -o "$dl"
((gpg)) && curl -fsSL "$caddy_asc" -u "$CADDY_ACCOUNT_ID:$CADDY_API_KEY" -o "$dl.asc"
elif type -p wget >/dev/null 2>&1; then
wget --quiet --header "Authorization: Basic $(echo -ne "$CADDY_ACCOUNT_ID:$CADDY_API_KEY" | base64)" "$caddy_url" -O "$dl"
((gpg)) && wget --quiet --header "Authorization: Basic $(echo -ne "$CADDY_ACCOUNT_ID:$CADDY_API_KEY" | base64)" "$caddy_asc" -O "$dl.asc"
else
echo "Aborted, could not find curl or wget"
return 7
fi
# Verify download
if ((gpg)); then
keyservers=(
ha.pool.sks-keyservers.net
hkps.pool.sks-keyservers.net
pool.sks-keyservers.net
keyserver.ubuntu.com)
keyserver_ok=0 n_keyserver=${#keyservers[@]}
caddy_pgp="65760C51EDEA2017CEA2CA15155B6D79CA56EA34"
while ((!keyserver_ok && n_keyserver))
do
((n_keyserver--))
gpg --keyserver ${keyservers[$n_keyserver]} --recv-keys $caddy_pgp >/dev/null 2>&1 &&
keyserver_ok=1
done
if ((!keyserver_ok))
then
echo "No valid response from keyservers"
elif gpg_verify_signature "$caddy_pgp" "$dl.asc" "$dl" >/dev/null 2>&1; then
rm -- "$dl.asc"
echo "Download verification OK"
else
rm -- "$dl.asc" "$dl"
echo "Aborted, download verification failed"
return 8
fi
else
echo "Notice: download verification not possible because gpg is not installed"
fi
echo "Extracting..."
case "$caddy_file" in
*.zip) unzip -o "$dl" "$caddy_bin" -d "$PREFIX/tmp/" ;;
*.tar.gz) tar -xzf "$dl" -C "$PREFIX/tmp/" "$caddy_bin" ;;
esac
chmod +x "$PREFIX/tmp/$caddy_bin"
# Back up existing caddy, if any found in path
if caddy_path="$(type -p "$caddy_bin")"; then
caddy_backup="${caddy_path}_old"
echo "Backing up $caddy_path to $caddy_backup"
echo "(Password may be required.)"
$sudo_cmd mv "$caddy_path" "$caddy_backup"
fi
echo "Putting caddy in $install_path (may require password)"
$sudo_cmd mv "$PREFIX/tmp/$caddy_bin" "$install_path/$caddy_bin"
if setcap_cmd=$(PATH+=$PATH:/sbin type -p setcap); then
$sudo_cmd $setcap_cmd cap_net_bind_service=+ep "$install_path/$caddy_bin"
fi
$sudo_cmd rm -- "$dl"
# check installation
$caddy_bin -version
echo "Successfully installed"
trap ERR
return 0
}
gpg_verify_signature()
{
local fpr=${1:?fingerprint expected}
local sigpath=${2:?path expected}
local datapath=${3:-}
local tmpkeyring=$(mktemp)
trap 'rm -rf $tmpkeyring' RETURN
gpg -q --batch --export $fpr >$tmpkeyring
gpg -q --batch --verify --no-default-keyring --keyring $tmpkeyring -- $sigpath $datapath
}
install_caddy "$@"