diff --git a/install-scripts/install-endpoint-mac.sh b/install-scripts/install-endpoint-mac.sh new file mode 100644 index 0000000..e44d854 --- /dev/null +++ b/install-scripts/install-endpoint-mac.sh @@ -0,0 +1,130 @@ +#!/bin/sh + +# Downloads and installs SafeChain Ultimate endpoint on macOS +# +# Usage: curl -fsSL | sudo sh -s -- --token + +set -e # Exit on error + +# Configuration +INSTALL_URL="https://github.com/AikidoSec/safechain-internals/releases/download/v1.2.4/SafeChainUltimate.pkg" +DOWNLOAD_SHA256="9c341c479e022cc98ddaeb704681a08c8eaacdcaa59e4256ecf90362af6a5514" +TOKEN_FILE="/tmp/aikido_endpoint_token.txt" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +NC='\033[0m' # No Color + +# Helper functions +info() { + printf "${GREEN}[INFO]${NC} %s\n" "$1" +} + +error() { + printf "${RED}[ERROR]${NC} %s\n" "$1" >&2 + exit 1 +} + +# Download file +download() { + url="$1" + dest="$2" + + if command -v curl >/dev/null 2>&1; then + curl -fsSL "$url" -o "$dest" || error "Failed to download from $url" + elif command -v wget >/dev/null 2>&1; then + wget -q "$url" -O "$dest" || error "Failed to download from $url" + else + error "Neither curl nor wget found. Please install one of them." + fi +} + +# Verify SHA256 checksum +verify_checksum() { + file="$1" + expected="$2" + + actual=$(shasum -a 256 "$file" | awk '{ print $1 }') + + if [ "$actual" != "$expected" ]; then + error "Checksum verification failed. Expected: $expected, Got: $actual" + fi + + info "Checksum verified successfully." +} + +# Cleanup temporary files +cleanup() { + if [ -f "$PKG_FILE" ]; then + rm -f "$PKG_FILE" + fi + if [ -f "$TOKEN_FILE" ]; then + rm -f "$TOKEN_FILE" + fi +} + +# Parse command-line arguments +parse_arguments() { + TOKEN="" + + while [ $# -gt 0 ]; do + case "$1" in + --token) + if [ -z "${2:-}" ]; then + error "--token requires a value" + fi + TOKEN="$2" + shift 2 + ;; + *) + error "Unknown argument: $1" + ;; + esac + done +} + +# Main installation +main() { + parse_arguments "$@" + + # 1. Check if we're running on macOS + if [ "$(uname -s)" != "Darwin" ]; then + error "This script is only supported on macOS." + fi + + # Check if we're running as root + if [ "$(id -u)" -ne 0 ]; then + error "Root privileges required. Please run with sudo: sudo sh $0 --token " + fi + + # Prompt for token if not provided via CLI + if [ -z "$TOKEN" ]; then + printf "Enter your Aikido endpoint token: " + read -r TOKEN + if [ -z "$TOKEN" ]; then + error "Token is required. Pass it with --token or enter it when prompted." + fi + fi + + # 2. Download and verify checksum + PKG_FILE=$(mktemp /tmp/SafeChainUltimate.XXXXXX.pkg) + trap cleanup EXIT + + info "Downloading SafeChain Ultimate..." + download "$INSTALL_URL" "$PKG_FILE" + + info "Verifying checksum..." + verify_checksum "$PKG_FILE" "$DOWNLOAD_SHA256" + + # 3. Write token to file for the installer + printf "%s" "$TOKEN" > "$TOKEN_FILE" + + # 4. Install the package + info "Installing SafeChain Ultimate..." + installer -pkg "$PKG_FILE" -target / + + info "SafeChain Ultimate installed successfully!" +} + +main "$@"