orion/script
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54a4fa7e65394d5a0aa9e15c1bbc8fee511b33d3
script/homebrew/brew-upgrade-manager-bootstrap.sh
Orion 54a4fa7e65 feat(core): 新增 Homebrew 远程启动器并更新文档 
新增 `brew-upgrade-manager-bootstrap.sh` 启动器脚本。该启动器支持通过 macOS Keychain 安全存储 sudo 密码,并能自动从远程拉取最新的 Homebrew 升级主脚本执行,随后清理临时文件。

同步更新 `README.md`,提供了推荐的 `brewup` 函数配置方法、Keychain 密码管理说明以及 SHA256 校验等调试指南。

主要变更:
- 新增支持 Keychain 认证的远程启动器脚本
- 实现 sudo 凭据自动管理与安全存储
- 完善项目文档,增加详细的使用说明和配置推荐
2026-05-08 01:53:12 +08:00

67 lines
2.2 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# 目标:下载远程升级脚本、执行、销毁临时文件
set -euo pipefail
REMOTE="https://git.orionc.me/orion/script/raw/branch/main/homebrew/brew-upgrade-manager.sh"
TEMP="$(mktemp "${TMPDIR:-/tmp}/brew-upgrade-manager.XXXXXX.sh")"
KEYCHAIN_SERVICE="${BREWUP_KEYCHAIN_SERVICE:-brewup-sudo-password}"
ASKPASS_TEMP="$(mktemp "${TMPDIR:-/tmp}/brewup-askpass.XXXXXX.sh")"
cleanup() {
rm -f "$TEMP" "$ASKPASS_TEMP"
}
trap cleanup EXIT INT TERM
PATH="/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
export PATH
setup_sudo_askpass() {
cat > "$ASKPASS_TEMP" <<'EOF'
#!/usr/bin/env bash
exec /usr/bin/security find-generic-password -a "${USER:-$(id -un)}" -s "${BREWUP_KEYCHAIN_SERVICE:-brewup-sudo-password}" -w
EOF
chmod 700 "$ASKPASS_TEMP"
export SUDO_ASKPASS="$ASKPASS_TEMP"
export BREWUP_KEYCHAIN_SERVICE="$KEYCHAIN_SERVICE"
if ! /usr/bin/security find-generic-password -a "$USER" -s "$KEYCHAIN_SERVICE" -w >/dev/null 2>&1; then
printf "首次使用:请输入一次 sudo 密码,将保存到 macOS Keychain"
IFS= read -r -s BREWUP_SUDO_PASSWORD
printf "\n"
/usr/bin/security add-generic-password -U -a "$USER" -s "$KEYCHAIN_SERVICE" -w "$BREWUP_SUDO_PASSWORD" >/dev/null
unset BREWUP_SUDO_PASSWORD
fi
echo "正在通过 Keychain 准备 sudo 凭据..."
if ! sudo -A -v; then
echo "Keychain 中的 sudo 密码不可用,请删除后重新保存:" >&2
echo " security delete-generic-password -a \"$USER\" -s \"$KEYCHAIN_SERVICE\"" >&2
exit 1
fi
}
setup_sudo_askpass
echo "正在下载远程脚本..."
curl -f -sSL "$REMOTE" -o "$TEMP"
chmod 600 "$TEMP"
if [[ -n "${BREWUP_SHA256:-}" ]]; then
echo "正在校验脚本 SHA256..."
actual_sha256="$(shasum -a 256 "$TEMP")"
actual_sha256="${actual_sha256%% *}"
if [[ "$actual_sha256" != "$BREWUP_SHA256" ]]; then
echo "脚本 SHA256 不匹配,已停止执行。" >&2
echo "Expected: $BREWUP_SHA256" >&2
echo "Actual: $actual_sha256" >&2
exit 1
fi
fi
if [[ "${BREWUP_DEBUG:-}" == "1" ]]; then
echo "Downloaded script first line:"
head -n 1 "$TEMP"
fi
bash "$TEMP" "$@"
Reference in New Issue View Git Blame Copy Permalink