From 688cb97ad5ed8fc0fc16cdffd6fb2954c43b9ae4 Mon Sep 17 00:00:00 2001 From: CJ van den Berg Date: Wed, 22 Oct 2025 13:01:59 +0200 Subject: [PATCH 1/3] install: use jq for parsing json API responses and fallback to flow-control.dev if github is limited or down --- assets/install | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/assets/install b/assets/install index 9c49adb..ce106f7 100644 --- a/assets/install +++ b/assets/install @@ -152,10 +152,13 @@ i386) arch="x86" ;; esac # get latest version tag from github releases api -version=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep '"tag_name":' | cut -d'"' -f4) +version=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | jq -r .tag_name) [ -z "$version" ] && { - echo "failed to fetch $title latest version" - exit 1 + version=$(curl -s https://git.flow-control.dev/api/v1/repos/$repo/releases/latest | jq -r .tag_name) + [ -z "$version" ] && { + echo "failed to fetch $title latest version from github or flow-control.dev" + exit 1 + } } title="$title $version" From e6a2a7aa620fdc71aa9eddd13c07f8ad394d8e8f Mon Sep 17 00:00:00 2001 From: CJ van den Berg Date: Wed, 22 Oct 2025 13:02:59 +0200 Subject: [PATCH 2/3] install: use a temporary directory for download and signatures to ensure cleanup --- assets/install | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/assets/install b/assets/install index ce106f7..a4d2b3f 100644 --- a/assets/install +++ b/assets/install @@ -2,7 +2,6 @@ set -e install_dir="${PREFIX:-/usr/local}/bin" -tmp_path="${TMPDIR:-/tmp}" add_alias=${ALIAS:-0} nightly=${NIGHTLY:-0} debug=${DEBUG:-0} @@ -205,7 +204,30 @@ if [ "$debug" -eq 1 ]; then fi url="https://github.com/$repo/releases/download/$version/$filename.$ext" -echo "downloading $title..." +tmp_path="$(mktemp -t -d "$(basename "$0").XXXXX")" + +if [ -z "$tmp_path" ] || [ "$tmp_path" == "/" ]; then + echo "failed to create a temporary download directory" + exit 1 +fi + +cleanup() { + rm -Rf "$tmp_path" + echo "removed temporary directory $tmp_path" +} + +die() { + exit 1 +} + +trap die SIGINT +trap die SIGHUP +trap die SIGTERM +trap die SIGQUIT +trap die ERR +trap cleanup EXIT + +echo "downloading $title... to $tmp_path" curl -fL "$url" -o "$tmp_path/$filename.$ext" @@ -224,9 +246,6 @@ if [ "$verify" -eq 1 ]; then if [ "$local" -eq 1 ]; then gpg --verify "$tmp_path/$filename.$ext.sig" "$tmp_path/$filename.$ext" fi - - rm "$tmp_path/flow-control-public.gpg" - rm "$tmp_path/$filename.$ext.sig" fi echo "installing $title to $install_dir/flow..." @@ -237,7 +256,6 @@ else fi $SUDOCMD chmod +x "$install_dir/flow" -rm "$tmp_path/$filename.$ext" if [ "$add_alias" -eq 1 ]; then if [ "$(readlink "$install_dir/f")" = "$install_dir/flow" ]; then From 1d8dd56e161aa41ae8a9d020de5963251234deed Mon Sep 17 00:00:00 2001 From: CJ van den Berg Date: Wed, 22 Oct 2025 13:03:44 +0200 Subject: [PATCH 3/3] install: avoid local gpg configuration for non-local verify step --- assets/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assets/install b/assets/install index a4d2b3f..0b8ad0b 100644 --- a/assets/install +++ b/assets/install @@ -241,7 +241,7 @@ fi if [ "$verify" -eq 1 ]; then curl -fL "$url.sig" -o "$tmp_path/$filename.$ext.sig" curl -fL 'https://flow-control.dev/public.gpg' -o "$tmp_path/flow-control-public.gpg" - gpg --no-default-keyring --keyring "$tmp_path/flow-control-public.gpg" --verify "$tmp_path/$filename.$ext.sig" "$tmp_path/$filename.$ext" + gpg --homedir "$tmp_path/" --no-options --no-default-keyring --keyring "$tmp_path/flow-control-public.gpg" --verify "$tmp_path/$filename.$ext.sig" "$tmp_path/$filename.$ext" if [ "$local" -eq 1 ]; then gpg --verify "$tmp_path/$filename.$ext.sig" "$tmp_path/$filename.$ext"