From 1058630dd1773b2e2281d5e1e2370d6061d7b0cd Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 27 Jan 2026 11:29:19 +0100 Subject: [PATCH 1/9] Add uninstallation process for ultimate --- packages/safe-chain/bin/safe-chain.js | 14 ++- .../src/installation/installOnMacOS.js | 86 ++++++++++++++++++- .../src/installation/installOnWindows.js | 59 +++++++++++-- .../src/installation/installUltimate.js | 20 ++++- 4 files changed, 167 insertions(+), 12 deletions(-) diff --git a/packages/safe-chain/bin/safe-chain.js b/packages/safe-chain/bin/safe-chain.js index d048ce1..06add7e 100755 --- a/packages/safe-chain/bin/safe-chain.js +++ b/packages/safe-chain/bin/safe-chain.js @@ -16,7 +16,10 @@ import path from "path"; import { fileURLToPath } from "url"; import fs from "fs"; import { knownAikidoTools } from "../src/shell-integration/helpers.js"; -import { installUltimate } from "../src/installation/installUltimate.js"; +import { + installUltimate, + uninstallUltimate, +} from "../src/installation/installUltimate.js"; /** @type {string} */ // This checks the current file's dirname in a way that's compatible with: @@ -67,6 +70,10 @@ if (tool) { (async () => { await installUltimate(); })(); +} else if (command === "--uninstall-ultimate") { + (async () => { + await uninstallUltimate(); + })(); } else if (command === "teardown") { teardownDirectories(); teardown(); @@ -108,6 +115,11 @@ function writeHelp() { "safe-chain --ultimate", )}: This installs the ultimate version of safe-chain, enabling protection for more eco-systems (vscode).`, ); + ui.writeInformation( + `- ${chalk.cyan( + "safe-chain --uninstall-ultimate", + )}: This uninstalls the ultimate version of safe-chain.`, + ); ui.writeInformation( `- ${chalk.cyan( "safe-chain teardown", diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index 0d475b1..b2d39ce 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -1,11 +1,14 @@ import { tmpdir } from "os"; -import { unlinkSync } from "fs"; +import { unlinkSync, rmSync } from "fs"; import { join } from "path"; +import { execSync } from "child_process"; import { ui } from "../environment/userInteraction.js"; import { printVerboseAndSafeSpawn } from "../utils/safeSpawn.js"; import { downloadAgentToFile, getAgentVersion } from "./downloadAgent.js"; import chalk from "chalk"; +const MACOS_PKG_IDENTIFIER = "com.aikidosecurity.safechainultimate"; + export async function installOnMacOS() { if (!isRunningAsRoot()) { ui.writeError("Root privileges required."); @@ -52,6 +55,87 @@ export async function installOnMacOS() { } } +export async function uninstallOnMacOS() { + if (!isRunningAsRoot()) { + ui.writeError("Root privileges required."); + ui.writeInformation("Please run this command with sudo:"); + ui.writeInformation(" sudo safe-chain --uninstall-ultimate"); + return; + } + + ui.emptyLine(); + + if (!isPackageInstalled()) { + ui.writeInformation("SafeChain Ultimate is not installed."); + return; + } + + ui.writeInformation("โน๏ธ Stopping service..."); + await stopService(); + + ui.writeInformation("๐Ÿ—‘๏ธ Removing installed files..."); + removeKnownFiles(); + + ui.writeInformation("๐Ÿงน Forgetting package receipt..."); + forgetPackage(); + + ui.emptyLine(); + ui.writeInformation("โœ… SafeChain Ultimate has been uninstalled."); + ui.emptyLine(); +} + +function isPackageInstalled() { + try { + const output = execSync(`pkgutil --pkg-info ${MACOS_PKG_IDENTIFIER}`, { + encoding: "utf8", + stdio: "pipe", + }); + return output.includes(MACOS_PKG_IDENTIFIER); + } catch { + return false; + } +} + +async function stopService() { + const result = await printVerboseAndSafeSpawn( + "launchctl", + ["bootout", `system/${MACOS_PKG_IDENTIFIER}`], + { stdio: "pipe" }, + ); + + if (result.status !== 0) { + ui.writeVerbose("Service not running (will continue with uninstall)."); + } +} + +const MACOS_KNOWN_PATHS = [ + "/Library/Application Support/AikidoSecurity/SafeChainUltimate", + "/Library/Logs/AikidoSecurity/SafeChainUltimate", + `/Library/LaunchDaemons/${MACOS_PKG_IDENTIFIER}.plist`, +]; + +function removeKnownFiles() { + for (const filePath of MACOS_KNOWN_PATHS) { + try { + rmSync(filePath, { recursive: true, force: true }); + ui.writeVerbose(`Removed: ${filePath}`); + } catch { + ui.writeVerbose(`Failed to remove: ${filePath}`); + } + } +} + +function forgetPackage() { + try { + execSync(`pkgutil --forget ${MACOS_PKG_IDENTIFIER}`, { + encoding: "utf8", + stdio: "pipe", + }); + } catch { + ui.writeVerbose("Failed to forget package receipt."); + } +} + function isRunningAsRoot() { const rootUserUid = 0; return process.getuid?.() === rootUserUid; diff --git a/packages/safe-chain/src/installation/installOnWindows.js b/packages/safe-chain/src/installation/installOnWindows.js index 0741fb7..16bf2b7 100644 --- a/packages/safe-chain/src/installation/installOnWindows.js +++ b/packages/safe-chain/src/installation/installOnWindows.js @@ -9,6 +9,34 @@ import { downloadAgentToFile, getAgentVersion } from "./downloadAgent.js"; const WINDOWS_SERVICE_NAME = "SafeChainUltimate"; const WINDOWS_APP_NAME = "SafeChain Ultimate"; +export async function uninstallOnWindows() { + if (!(await isRunningAsAdmin())) { + ui.writeError("Administrator privileges required."); + ui.writeInformation( + "Please run this command in an elevated terminal (Run as Administrator).", + ); + return; + } + + ui.emptyLine(); + + const productCode = getInstalledProductCode(); + if (!productCode) { + ui.writeInformation("SafeChain Ultimate is not installed."); + return; + } + + ui.writeInformation("โน๏ธ Stopping running service..."); + await stopServiceIfRunning(); + + ui.writeInformation("๐Ÿ—‘๏ธ Uninstalling SafeChain Ultimate..."); + await uninstallByProductCode(productCode); + + ui.emptyLine(); + ui.writeInformation("โœ… SafeChain Ultimate has been uninstalled."); + ui.emptyLine(); +} + export async function installOnWindows() { if (!(await isRunningAsAdmin())) { ui.writeError("Administrator privileges required."); @@ -64,7 +92,11 @@ async function isRunningAsAdmin() { return result.status === 0 && result.stdout.trim() === "True"; } -async function uninstallIfInstalled() { +/** + * Returns the MSI product code for SafeChain Ultimate, or null if not installed. + * @returns {string | null} + */ +function getInstalledProductCode() { // Query Win32_Product via WMI to find the installed SafeChain Agent. // If found, outputs the product GUID (e.g., "{12345678-1234-...}") needed for msiexec uninstall. ui.writeVerbose(`Finding product code with PowerShell`); @@ -76,15 +108,15 @@ async function uninstallIfInstalled() { { encoding: "utf8" }, ).trim(); } catch { - ui.writeVerbose("No existing installation found (fresh install)."); - return; - } - if (!productCode) { - ui.writeVerbose("No existing installation found (fresh install)."); - return; + return null; } + return productCode || null; +} - ui.writeInformation("๐Ÿ—‘๏ธ Removing previous installation..."); +/** + * @param {string} productCode + */ +async function uninstallByProductCode(productCode) { ui.writeVerbose(`Found product code: ${productCode}`); // Use msiexec to run the msi installer quitely (https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec) @@ -103,6 +135,17 @@ async function uninstallIfInstalled() { } } +async function uninstallIfInstalled() { + const productCode = getInstalledProductCode(); + if (!productCode) { + ui.writeVerbose("No existing installation found (fresh install)."); + return; + } + + ui.writeInformation("๐Ÿ—‘๏ธ Removing previous installation..."); + await uninstallByProductCode(productCode); +} + /** * @param {string} msiPath */ diff --git a/packages/safe-chain/src/installation/installUltimate.js b/packages/safe-chain/src/installation/installUltimate.js index a79a2b1..cfcdcca 100644 --- a/packages/safe-chain/src/installation/installUltimate.js +++ b/packages/safe-chain/src/installation/installUltimate.js @@ -1,8 +1,24 @@ import { platform } from "os"; import { ui } from "../environment/userInteraction.js"; import { initializeCliArguments } from "../config/cliArguments.js"; -import { installOnWindows } from "./installOnWindows.js"; -import { installOnMacOS } from "./installOnMacOS.js"; +import { installOnWindows, uninstallOnWindows } from "./installOnWindows.js"; +import { installOnMacOS, uninstallOnMacOS } from "./installOnMacOS.js"; + +export async function uninstallUltimate() { + initializeCliArguments(process.argv); + + const operatingSystem = platform(); + + if (operatingSystem === "win32") { + await uninstallOnWindows(); + } else if (operatingSystem === "darwin") { + await uninstallOnMacOS(); + } else { + ui.writeInformation( + `Uninstall is not yet supported on ${operatingSystem}.`, + ); + } +} export async function installUltimate() { initializeCliArguments(process.argv); From af4bbb10fcd0b24d168a90680bb8522a88235235 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 27 Jan 2026 12:41:11 +0100 Subject: [PATCH 2/9] Bump safe-chain-internals version --- packages/safe-chain/src/installation/downloadAgent.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/safe-chain/src/installation/downloadAgent.js b/packages/safe-chain/src/installation/downloadAgent.js index df4a933..4d076ee 100644 --- a/packages/safe-chain/src/installation/downloadAgent.js +++ b/packages/safe-chain/src/installation/downloadAgent.js @@ -3,31 +3,31 @@ import { createHash } from "crypto"; import { pipeline } from "stream/promises"; import fetch from "make-fetch-happen"; -const ULTIMATE_VERSION = "v0.2.1"; +const ULTIMATE_VERSION = "v0.2.2"; const DOWNLOAD_URLS = { win32: { x64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-windows-amd64.msi`, checksum: - "sha256:8d86a44d314746099ba50cfae0cc1eae6232522deb348b226da92aae12754eec", + "sha256:82d6939579c23c357d0f6d368001a5ac8dc66ce13d32ee1700467555ee97e10a", }, arm64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-windows-arm64.msi`, checksum: - "sha256:ab5b8335cc257d53424f73d6681920875083cd9b3f53e52d944bf867a415e027", + "sha256:d626da40e3d0c4e02a36e6c7e309f18f0ffde64e97a4f2fefd4b25722842ac19", }, }, darwin: { x64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-darwin-amd64.pkg`, checksum: - "sha256:73f83d9352c4fd25f7693d9e53bbbb2b7ac70d16217d745495c9efb50dc4a3a6", + "sha256:d7c31914deff8b332bf3d0e18ed00660e47ace87f06f22606c7866f7e0809507", }, arm64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-darwin-arm64.pkg`, checksum: - "sha256:bd419e9c82488539b629b04c97aa1d2dc90e54ff045bd7277a6b40d26f8ebc73", + "sha256:73b092689e00c98e3c376afa50fc3477cedfd01445a113d42b36c5fcd956a6f4", }, }, }; From 12caa6d1d43c9d684bee1bcb467300861e12da85 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 27 Jan 2026 12:44:47 +0100 Subject: [PATCH 3/9] Verify download links in a test --- .../src/installation/downloadAgent.js | 4 +- .../src/installation/downloadAgent.spec.js | 45 +++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 packages/safe-chain/src/installation/downloadAgent.spec.js diff --git a/packages/safe-chain/src/installation/downloadAgent.js b/packages/safe-chain/src/installation/downloadAgent.js index 4d076ee..cb2f84b 100644 --- a/packages/safe-chain/src/installation/downloadAgent.js +++ b/packages/safe-chain/src/installation/downloadAgent.js @@ -5,7 +5,7 @@ import fetch from "make-fetch-happen"; const ULTIMATE_VERSION = "v0.2.2"; -const DOWNLOAD_URLS = { +export const DOWNLOAD_URLS = { win32: { x64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-windows-amd64.msi`, @@ -87,7 +87,7 @@ export function getDownloadInfoForCurrentPlatform() { * @param {string} expectedChecksum - Format: "algorithm:hash" (e.g., "sha256:abc123...") * @returns {Promise} */ -async function verifyChecksum(filePath, expectedChecksum) { +export async function verifyChecksum(filePath, expectedChecksum) { const [algorithm, expected] = expectedChecksum.split(":"); const hash = createHash(algorithm); diff --git a/packages/safe-chain/src/installation/downloadAgent.spec.js b/packages/safe-chain/src/installation/downloadAgent.spec.js new file mode 100644 index 0000000..17aecb9 --- /dev/null +++ b/packages/safe-chain/src/installation/downloadAgent.spec.js @@ -0,0 +1,45 @@ +import { describe, it, after } from "node:test"; +import assert from "node:assert"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { unlinkSync } from "node:fs"; +import { + DOWNLOAD_URLS, + downloadFile, + verifyChecksum, +} from "./downloadAgent.js"; + +describe("downloadAgent checksums", { timeout: 120_000 }, () => { + const downloadedFiles = []; + + after(() => { + for (const file of downloadedFiles) { + try { + unlinkSync(file); + } catch { + // ignore cleanup errors + } + } + }); + + for (const [platform, architectures] of Object.entries(DOWNLOAD_URLS)) { + for (const [arch, { url, checksum }] of Object.entries(architectures)) { + it(`${platform}/${arch} checksum matches`, async () => { + const destPath = join( + tmpdir(), + `safe-chain-test-${platform}-${arch}-${Date.now()}` + ); + downloadedFiles.push(destPath); + + await downloadFile(url, destPath); + + const isValid = await verifyChecksum(destPath, checksum); + assert.strictEqual( + isValid, + true, + `Checksum mismatch for ${platform}/${arch} (${url})` + ); + }); + } + } +}); From a016483057a4605e094c94ace3f0f9c1d1c1ec2d Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 27 Jan 2026 12:57:40 +0100 Subject: [PATCH 4/9] Remove duplicate "Stopping running service" log --- packages/safe-chain/src/installation/installOnWindows.js | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/safe-chain/src/installation/installOnWindows.js b/packages/safe-chain/src/installation/installOnWindows.js index 16bf2b7..f20bd9b 100644 --- a/packages/safe-chain/src/installation/installOnWindows.js +++ b/packages/safe-chain/src/installation/installOnWindows.js @@ -26,7 +26,6 @@ export async function uninstallOnWindows() { return; } - ui.writeInformation("โน๏ธ Stopping running service..."); await stopServiceIfRunning(); ui.writeInformation("๐Ÿ—‘๏ธ Uninstalling SafeChain Ultimate..."); From 7218d778cfabb98ad2698c6f50fce4c3541d1da5 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Tue, 27 Jan 2026 13:06:17 +0100 Subject: [PATCH 5/9] Update commands for ultimate --- packages/safe-chain/bin/safe-chain.js | 44 +++++++++++-------- .../src/installation/installOnMacOS.js | 4 +- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/packages/safe-chain/bin/safe-chain.js b/packages/safe-chain/bin/safe-chain.js index 06add7e..9a07657 100755 --- a/packages/safe-chain/bin/safe-chain.js +++ b/packages/safe-chain/bin/safe-chain.js @@ -66,14 +66,17 @@ if (tool) { process.exit(0); } else if (command === "setup") { setup(); -} else if (command === "--ultimate") { - (async () => { - await installUltimate(); - })(); -} else if (command === "--uninstall-ultimate") { - (async () => { - await uninstallUltimate(); - })(); +} else if (command === "ultimate") { + const subCommand = process.argv[3]; + if (subCommand === "uninstall") { + (async () => { + await uninstallUltimate(); + })(); + } else { + (async () => { + await installUltimate(); + })(); + } } else if (command === "teardown") { teardownDirectories(); teardown(); @@ -100,7 +103,7 @@ function writeHelp() { ui.writeInformation( `Available commands: ${chalk.cyan("setup")}, ${chalk.cyan( "teardown", - )}, ${chalk.cyan("setup-ci")}, ${chalk.cyan("help")}, ${chalk.cyan( + )}, ${chalk.cyan("setup-ci")}, ${chalk.cyan("ultimate")}, ${chalk.cyan("help")}, ${chalk.cyan( "--version", )}`, ); @@ -110,16 +113,6 @@ function writeHelp() { "safe-chain setup", )}: This will setup your shell to wrap safe-chain around npm, npx, yarn, pnpm, pnpx, bun, bunx, pip and pip3.`, ); - ui.writeInformation( - `- ${chalk.cyan( - "safe-chain --ultimate", - )}: This installs the ultimate version of safe-chain, enabling protection for more eco-systems (vscode).`, - ); - ui.writeInformation( - `- ${chalk.cyan( - "safe-chain --uninstall-ultimate", - )}: This uninstalls the ultimate version of safe-chain.`, - ); ui.writeInformation( `- ${chalk.cyan( "safe-chain teardown", @@ -136,6 +129,19 @@ function writeHelp() { )}): Display the current version of safe-chain.`, ); ui.emptyLine(); + ui.writeInformation(chalk.bold("Ultimate commands:")); + ui.emptyLine(); + ui.writeInformation( + `- ${chalk.cyan( + "safe-chain ultimate", + )}: Install the ultimate version of safe-chain, enabling protection for more eco-systems.`, + ); + ui.writeInformation( + `- ${chalk.cyan( + "safe-chain ultimate uninstall", + )}: Uninstall the ultimate version of safe-chain.`, + ); + ui.emptyLine(); } async function getVersion() { diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index b2d39ce..018b911 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -13,7 +13,7 @@ export async function installOnMacOS() { if (!isRunningAsRoot()) { ui.writeError("Root privileges required."); ui.writeInformation("Please run this command with sudo:"); - ui.writeInformation(" sudo safe-chain --ultimate"); + ui.writeInformation(" sudo safe-chain ultimate"); return; } @@ -59,7 +59,7 @@ export async function uninstallOnMacOS() { if (!isRunningAsRoot()) { ui.writeError("Root privileges required."); ui.writeInformation("Please run this command with sudo:"); - ui.writeInformation(" sudo safe-chain --uninstall-ultimate"); + ui.writeInformation(" sudo safe-chain ultimate uninstall"); return; } From a3ab80b8b44cd232bbbeb36c849561a38ce56d59 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 28 Jan 2026 07:53:39 +0100 Subject: [PATCH 6/9] PR comment: extract requireRootPrivileges / requireAdminPrivileges into separate function --- .../src/installation/installOnMacOS.js | 36 ++++++++++++------- .../src/installation/installOnWindows.js | 28 +++++++++------ 2 files changed, 41 insertions(+), 23 deletions(-) diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index 018b911..21f8f1d 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -9,11 +9,29 @@ import chalk from "chalk"; const MACOS_PKG_IDENTIFIER = "com.aikidosecurity.safechainultimate"; +/** + * Checks if root privileges are available and displays error message if not. + * @param {string} command - The sudo command to show in the error message + * @returns {boolean} True if running as root, false otherwise. + */ +function requireRootPrivileges(command) { + if (isRunningAsRoot()) { + return true; + } + + ui.writeError("Root privileges required."); + ui.writeInformation("Please run this command with sudo:"); + ui.writeInformation(` ${command}`); + return false; +} + +function isRunningAsRoot() { + const rootUserUid = 0; + return process.getuid?.() === rootUserUid; +} + export async function installOnMacOS() { - if (!isRunningAsRoot()) { - ui.writeError("Root privileges required."); - ui.writeInformation("Please run this command with sudo:"); - ui.writeInformation(" sudo safe-chain ultimate"); + if (!requireRootPrivileges("sudo safe-chain ultimate")) { return; } @@ -56,10 +74,7 @@ export async function installOnMacOS() { } export async function uninstallOnMacOS() { - if (!isRunningAsRoot()) { - ui.writeError("Root privileges required."); - ui.writeInformation("Please run this command with sudo:"); - ui.writeInformation(" sudo safe-chain ultimate uninstall"); + if (!requireRootPrivileges("sudo safe-chain ultimate uninstall")) { return; } @@ -136,11 +151,6 @@ function forgetPackage() { } } -function isRunningAsRoot() { - const rootUserUid = 0; - return process.getuid?.() === rootUserUid; -} - /** * @param {string} pkgPath */ diff --git a/packages/safe-chain/src/installation/installOnWindows.js b/packages/safe-chain/src/installation/installOnWindows.js index f20bd9b..4cee911 100644 --- a/packages/safe-chain/src/installation/installOnWindows.js +++ b/packages/safe-chain/src/installation/installOnWindows.js @@ -10,11 +10,7 @@ const WINDOWS_SERVICE_NAME = "SafeChainUltimate"; const WINDOWS_APP_NAME = "SafeChain Ultimate"; export async function uninstallOnWindows() { - if (!(await isRunningAsAdmin())) { - ui.writeError("Administrator privileges required."); - ui.writeInformation( - "Please run this command in an elevated terminal (Run as Administrator).", - ); + if (!(await requireAdminPrivileges())) { return; } @@ -37,11 +33,7 @@ export async function uninstallOnWindows() { } export async function installOnWindows() { - if (!(await isRunningAsAdmin())) { - ui.writeError("Administrator privileges required."); - ui.writeInformation( - "Please run this command in an elevated terminal (Run as Administrator).", - ); + if (!(await requireAdminPrivileges())) { return; } @@ -76,6 +68,22 @@ export async function installOnWindows() { } } +/** + * Checks if admin privileges are available and displays error message if not. + * @returns {Promise} True if running as admin, false otherwise. + */ +async function requireAdminPrivileges() { + if (await isRunningAsAdmin()) { + return true; + } + + ui.writeError("Administrator privileges required."); + ui.writeInformation( + "Please run this command in an elevated terminal (Run as Administrator).", + ); + return false; +} + async function isRunningAsAdmin() { // Uses Windows Security API to check if current process has admin privileges. // Returns "True" or "False" as a string. From 57c090c3a773857480d997b4995116e2b3324981 Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 28 Jan 2026 07:54:35 +0100 Subject: [PATCH 7/9] Rename output --- packages/safe-chain/src/installation/installOnMacOS.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index 21f8f1d..ab20a8a 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -88,7 +88,7 @@ export async function uninstallOnMacOS() { ui.writeInformation("โน๏ธ Stopping service..."); await stopService(); - ui.writeInformation("๐Ÿ—‘๏ธ Removing installed files..."); + ui.writeInformation("๐Ÿ—‘๏ธ Removing files..."); removeKnownFiles(); ui.writeInformation("๐Ÿงน Forgetting package receipt..."); From aa6553716d056fe58a1a2d55fbbb33c98bc1f39f Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 28 Jan 2026 15:33:45 +0100 Subject: [PATCH 8/9] Mac: use uninstaller script --- .../src/installation/downloadAgent.js | 10 +-- .../src/installation/installOnMacOS.js | 65 +++++-------------- 2 files changed, 22 insertions(+), 53 deletions(-) diff --git a/packages/safe-chain/src/installation/downloadAgent.js b/packages/safe-chain/src/installation/downloadAgent.js index cb2f84b..a5dcb0d 100644 --- a/packages/safe-chain/src/installation/downloadAgent.js +++ b/packages/safe-chain/src/installation/downloadAgent.js @@ -3,31 +3,31 @@ import { createHash } from "crypto"; import { pipeline } from "stream/promises"; import fetch from "make-fetch-happen"; -const ULTIMATE_VERSION = "v0.2.2"; +const ULTIMATE_VERSION = "v0.2.3"; export const DOWNLOAD_URLS = { win32: { x64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-windows-amd64.msi`, checksum: - "sha256:82d6939579c23c357d0f6d368001a5ac8dc66ce13d32ee1700467555ee97e10a", + "sha256:bd196ae05b876588f828a57c4d19b3e7ad96ba40007cf2b36693dc6e792d28cc", }, arm64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-windows-arm64.msi`, checksum: - "sha256:d626da40e3d0c4e02a36e6c7e309f18f0ffde64e97a4f2fefd4b25722842ac19", + "sha256:79e046f24405e869494291e77c6d8640c8dc58d2ac1db87d3038e9eb8afbdc8b", }, }, darwin: { x64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-darwin-amd64.pkg`, checksum: - "sha256:d7c31914deff8b332bf3d0e18ed00660e47ace87f06f22606c7866f7e0809507", + "sha256:99868cb663eef44d063d995d2dcc063f55b10eb719ee945d05fe8cf5fef5e2a5", }, arm64: { url: `https://github.com/AikidoSec/safechain-internals/releases/download/${ULTIMATE_VERSION}/SafeChainUltimate-darwin-arm64.pkg`, checksum: - "sha256:73b092689e00c98e3c376afa50fc3477cedfd01445a113d42b36c5fcd956a6f4", + "sha256:000b334c2eb85d8692be5d23af73f8b9fb686c9db726992223187b341ea79306", }, }, }; diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index ab20a8a..ae4fea3 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -1,7 +1,7 @@ import { tmpdir } from "os"; -import { unlinkSync, rmSync } from "fs"; +import { unlinkSync } from "fs"; import { join } from "path"; -import { execSync } from "child_process"; +import { execSync, spawnSync } from "child_process"; import { ui } from "../environment/userInteraction.js"; import { printVerboseAndSafeSpawn } from "../utils/safeSpawn.js"; import { downloadAgentToFile, getAgentVersion } from "./downloadAgent.js"; @@ -73,6 +73,9 @@ export async function installOnMacOS() { } } +const MACOS_UNINSTALL_SCRIPT = + "/Library/Application Support/AikidoSecurity/SafeChainUltimate/scripts/uninstall"; + export async function uninstallOnMacOS() { if (!requireRootPrivileges("sudo safe-chain ultimate uninstall")) { return; @@ -85,14 +88,20 @@ export async function uninstallOnMacOS() { return; } - ui.writeInformation("โน๏ธ Stopping service..."); - await stopService(); + ui.writeInformation("๐Ÿ—‘๏ธ Uninstalling SafeChain Ultimate..."); + ui.writeVerbose(`Running: ${MACOS_UNINSTALL_SCRIPT}`); - ui.writeInformation("๐Ÿ—‘๏ธ Removing files..."); - removeKnownFiles(); + const result = spawnSync(MACOS_UNINSTALL_SCRIPT, { + stdio: "inherit", + shell: true, + }); - ui.writeInformation("๐Ÿงน Forgetting package receipt..."); - forgetPackage(); + if (result.status !== 0) { + ui.writeError( + `Uninstall script failed (exit code: ${result.status}). Please try again or remove manually.`, + ); + return; + } ui.emptyLine(); ui.writeInformation("โœ… SafeChain Ultimate has been uninstalled."); @@ -111,46 +120,6 @@ function isPackageInstalled() { } } -async function stopService() { - const result = await printVerboseAndSafeSpawn( - "launchctl", - ["bootout", `system/${MACOS_PKG_IDENTIFIER}`], - { stdio: "pipe" }, - ); - - if (result.status !== 0) { - ui.writeVerbose("Service not running (will continue with uninstall)."); - } -} - -const MACOS_KNOWN_PATHS = [ - "/Library/Application Support/AikidoSecurity/SafeChainUltimate", - "/Library/Logs/AikidoSecurity/SafeChainUltimate", - `/Library/LaunchDaemons/${MACOS_PKG_IDENTIFIER}.plist`, -]; - -function removeKnownFiles() { - for (const filePath of MACOS_KNOWN_PATHS) { - try { - rmSync(filePath, { recursive: true, force: true }); - ui.writeVerbose(`Removed: ${filePath}`); - } catch { - ui.writeVerbose(`Failed to remove: ${filePath}`); - } - } -} - -function forgetPackage() { - try { - execSync(`pkgutil --forget ${MACOS_PKG_IDENTIFIER}`, { - encoding: "utf8", - stdio: "pipe", - }); - } catch { - ui.writeVerbose("Failed to forget package receipt."); - } -} - /** * @param {string} pkgPath */ From e36b7e80b427b55d2444cb704894c7fd9dfe577c Mon Sep 17 00:00:00 2001 From: Sander Declerck Date: Wed, 28 Jan 2026 15:42:15 +0100 Subject: [PATCH 9/9] Fix uninstall script --- packages/safe-chain/src/installation/installOnMacOS.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/safe-chain/src/installation/installOnMacOS.js b/packages/safe-chain/src/installation/installOnMacOS.js index ae4fea3..22ce1a8 100644 --- a/packages/safe-chain/src/installation/installOnMacOS.js +++ b/packages/safe-chain/src/installation/installOnMacOS.js @@ -74,7 +74,7 @@ export async function installOnMacOS() { } const MACOS_UNINSTALL_SCRIPT = - "/Library/Application Support/AikidoSecurity/SafeChainUltimate/scripts/uninstall"; + "/Library/Application\\ Support/AikidoSecurity/SafeChainUltimate/scripts/uninstall"; export async function uninstallOnMacOS() { if (!requireRootPrivileges("sudo safe-chain ultimate uninstall")) {