orion/script
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a60c68586345cf05d491ddfd189ab7765ec84d3
script/homebrew/brew-upgrade-manager-bootstrap.sh
Orion 4a97c1cb4a refactor(core): ♻️ 更新 PATH 环境变量并补充 brew doctor 说明 
在引导脚本的 PATH 变量中增加 Homebrew 的 sbin 路径,以解决常见的路径缺失
警告。同步更新 README 文档,增加了关于 brew doctor 警告的处理指南,包括
如何处理废弃的 Cask 以及手动配置 PATH 的详细步骤。
2026-05-08 02:03:28 +08:00

67 lines
2.2 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# 目标:下载远程升级脚本、执行、销毁临时文件
set -euo pipefail
REMOTE="https://git.orionc.me/orion/script/raw/branch/main/homebrew/brew-upgrade-manager.sh"
TEMP="$(mktemp "${TMPDIR:-/tmp}/brew-upgrade-manager.XXXXXX.sh")"
KEYCHAIN_SERVICE="${BREWUP_KEYCHAIN_SERVICE:-brewup-sudo-password}"
ASKPASS_TEMP="$(mktemp "${TMPDIR:-/tmp}/brewup-askpass.XXXXXX.sh")"
cleanup() {
rm -f "$TEMP" "$ASKPASS_TEMP"
}
trap cleanup EXIT INT TERM
PATH="/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin"
export PATH
setup_sudo_askpass() {
cat > "$ASKPASS_TEMP" <<'EOF'
#!/usr/bin/env bash
exec /usr/bin/security find-generic-password -a "${USER:-$(id -un)}" -s "${BREWUP_KEYCHAIN_SERVICE:-brewup-sudo-password}" -w
EOF
chmod 700 "$ASKPASS_TEMP"
export SUDO_ASKPASS="$ASKPASS_TEMP"
export BREWUP_KEYCHAIN_SERVICE="$KEYCHAIN_SERVICE"
if ! /usr/bin/security find-generic-password -a "$USER" -s "$KEYCHAIN_SERVICE" -w >/dev/null 2>&1; then
printf "首次使用:请输入一次 sudo 密码,将保存到 macOS Keychain"
IFS= read -r -s BREWUP_SUDO_PASSWORD
printf "\n"
/usr/bin/security add-generic-password -U -a "$USER" -s "$KEYCHAIN_SERVICE" -w "$BREWUP_SUDO_PASSWORD" >/dev/null
unset BREWUP_SUDO_PASSWORD
fi
echo "正在通过 Keychain 准备 sudo 凭据..."
if ! sudo -A -v; then
echo "Keychain 中的 sudo 密码不可用,请删除后重新保存:" >&2
echo " security delete-generic-password -a \"$USER\" -s \"$KEYCHAIN_SERVICE\"" >&2
exit 1
fi
}
setup_sudo_askpass
echo "正在下载远程脚本..."
curl -f -sSL "$REMOTE" -o "$TEMP"
chmod 600 "$TEMP"
if [[ -n "${BREWUP_SHA256:-}" ]]; then
echo "正在校验脚本 SHA256..."
actual_sha256="$(shasum -a 256 "$TEMP")"
actual_sha256="${actual_sha256%% *}"
if [[ "$actual_sha256" != "$BREWUP_SHA256" ]]; then
echo "脚本 SHA256 不匹配,已停止执行。" >&2
echo "Expected: $BREWUP_SHA256" >&2
echo "Actual: $actual_sha256" >&2
exit 1
fi
fi
if [[ "${BREWUP_DEBUG:-}" == "1" ]]; then
echo "Downloaded script first line:"
head -n 1 "$TEMP"
fi
bash "$TEMP" "$@"
Reference in New Issue View Git Blame Copy Permalink