milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't set environment vars in shell script

Browse source
This commit is contained in:
Reinier Criel 2025-11-19 16:20:55 -08:00
parent a7fc215354
commit 919a12b5a6
2 changed files with 8 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
installer/scripts/darwin_postinstall.sh
View file

@ -79,17 +79,6 @@ cat > "${PLIST_PATH}" << EOF
<string>/usr/local/bin/safe-chain</string> <string>/usr/local/bin/safe-chain</string>
<string>run</string> <string>run</string>
</array> </array>
<key>EnvironmentVariables</key>
<dict>
<key>HTTPS_PROXY</key>
<string>http://localhost:8080</string>
<key>GLOBAL_AGENT_HTTP_PROXY</key>
<string>http://localhost:8080</string>
<key>NODE_EXTRA_CA_CERTS</key>
<string>${CERT_DIR}/ca-cert.pem</string>
<key>SAFE_CHAIN_CERT_DIR</key>
<string>${CERT_DIR}</string>
</dict>
<key>RunAtLoad</key> <key>RunAtLoad</key>
<true/> <true/>
<key>KeepAlive</key> <key>KeepAlive</key>
@ -105,6 +94,12 @@ EOF
# Set correct ownership for plist # Set correct ownership for plist
chown "${ACTUAL_USER}:staff" "${PLIST_PATH}" chown "${ACTUAL_USER}:staff" "${PLIST_PATH}"
# Validate plist syntax
if ! plutil -lint "${PLIST_PATH}" > /dev/null 2>&1; then
echo "⚠ Warning: Generated plist has invalid syntax"
exit 1
fi
# Load the LaunchAgent to start the service now # Load the LaunchAgent to start the service now
# Need to run as the actual user, not root # Need to run as the actual user, not root
sudo -u "${ACTUAL_USER}" launchctl load "${PLIST_PATH}" 2>/dev/null || true sudo -u "${ACTUAL_USER}" launchctl load "${PLIST_PATH}" 2>/dev/null || true
@ -118,6 +113,7 @@ echo "Setting system-wide proxy environment variables..."
sudo -u "${ACTUAL_USER}" launchctl setenv HTTPS_PROXY "http://localhost:8080" sudo -u "${ACTUAL_USER}" launchctl setenv HTTPS_PROXY "http://localhost:8080"
sudo -u "${ACTUAL_USER}" launchctl setenv GLOBAL_AGENT_HTTP_PROXY "http://localhost:8080" sudo -u "${ACTUAL_USER}" launchctl setenv GLOBAL_AGENT_HTTP_PROXY "http://localhost:8080"
sudo -u "${ACTUAL_USER}" launchctl setenv NODE_EXTRA_CA_CERTS "${CERT_DIR}/ca-cert.pem" sudo -u "${ACTUAL_USER}" launchctl setenv NODE_EXTRA_CA_CERTS "${CERT_DIR}/ca-cert.pem"
sudo -u "${ACTUAL_USER}" launchctl setenv SAFE_CHAIN_CERT_DIR "${CERT_DIR}"
echo "✓ Safe Chain installed successfully!" echo "✓ Safe Chain installed successfully!"
echo "" echo ""

1
installer/scripts/darwin_uninstall.sh
View file

@ -36,6 +36,7 @@ echo "Removing proxy environment variables..."
sudo -u "${ACTUAL_USER}" launchctl unsetenv HTTPS_PROXY 2>/dev/null || true sudo -u "${ACTUAL_USER}" launchctl unsetenv HTTPS_PROXY 2>/dev/null || true
sudo -u "${ACTUAL_USER}" launchctl unsetenv GLOBAL_AGENT_HTTP_PROXY 2>/dev/null || true sudo -u "${ACTUAL_USER}" launchctl unsetenv GLOBAL_AGENT_HTTP_PROXY 2>/dev/null || true
sudo -u "${ACTUAL_USER}" launchctl unsetenv NODE_EXTRA_CA_CERTS 2>/dev/null || true sudo -u "${ACTUAL_USER}" launchctl unsetenv NODE_EXTRA_CA_CERTS 2>/dev/null || true
sudo -u "${ACTUAL_USER}" launchctl unsetenv SAFE_CHAIN_CERT_DIR 2>/dev/null || true
# Remove binary # Remove binary
rm -f /usr/local/bin/safe-chain rm -f /usr/local/bin/safe-chain