blob: 2f70419bace1faf209ea4eca352527a3ac720c9a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/usr/bin/env bash
#
# Download, verify and install the Mullvad VPN app from the build servers.
# Pass the desired version of the app as the first and only argument.
set -eu
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
if [[ $# != 1 ]]; then
echo "!!! Please pass the app version as the first and only argument"
exit 1
fi
URL_BASE="https://releases.mullvad.net/desktop"
MULLVAD_CODE_SIGNING_KEY_PATH="$SCRIPT_DIR/../ci/keys/1.mullvad_signing.pub"
# Pass Mullvad VPN app version as first and only argument
version=$1
# Store all downloaded files in a directory dedicated to our user
cache_dir="/tmp/mullvadvpn-app.cache.$USER"
mkdir -p "$cache_dir"
cd "$cache_dir"
chmod 755 "$cache_dir"
# Find sqv (Sequoia signature verification tool)
if ! command -v sqv >/dev/null; then
echo "!!! sqv (Sequoia signature verification tool) not found. Please install it."
exit 1
fi
# Detect operating system and package manager
if [[ "$(uname -s)" == "Darwin" ]] && command -v installer; then
pkg_manager="macOS"
pkg_filename="MullvadVPN-${version}.pkg"
elif command -v apt > /dev/null 2>&1; then
pkg_manager=apt
pkg_filename="MullvadVPN-${version}_amd64.deb"
elif command -v dnf > /dev/null 2>&1; then
pkg_manager=dnf
pkg_filename="MullvadVPN-${version}_x86_64.rpm"
else
echo "!!! Unsupported distribution/package manager !!!"
exit 1
fi
echo ">>> Detected $pkg_manager as package manager"
# Compute URL to download from
if [[ $version == *"-dev-"* ]]; then
server_dir="builds"
else
server_dir="releases"
fi
installer_url="$URL_BASE/$server_dir/$version/$pkg_filename"
# Download any missing installer/signature
if [[ ! -f "$pkg_filename" ]]; then
echo ">>> Downloading installer from $installer_url"
curl -O --fail "$installer_url"
fi
if [[ ! -f "$pkg_filename.asc" ]]; then
signature_url="$installer_url.asc"
echo ">>> Downloading GPG signature from $signature_url"
curl -O --fail "$signature_url"
fi
# Verify the integrity of the files
echo ""
echo ">>> Verifying integrity of $pkg_filename"
# We prefer sqv for PGP key verification as it is a strict and easy-to-use implementation of PGP.
# gpg is also not suitable for use in scripting.
if ! sqv --keyring="$MULLVAD_CODE_SIGNING_KEY_PATH" --signature-file="$pkg_filename.asc" "$pkg_filename"; then
echo ""
echo "!!! INTEGRITY CHECKING FAILED !!!"
rm "$pkg_filename" "$pkg_filename.asc"
exit 1
fi
# Install the app
echo ""
echo ">>> Installing $pkg_filename with $pkg_manager"
if [[ "$pkg_manager" == "macOS" ]]; then
sudo /usr/sbin/installer -verbose -pkg "./$pkg_filename" -target /
else
sudo $pkg_manager install -y "./$pkg_filename"
fi
|
