diff --git a/docs/adr/0055-curl-sh-install-script.md b/docs/adr/0055-curl-sh-install-script.md new file mode 100644 index 0000000..436e3c7 --- /dev/null +++ b/docs/adr/0055-curl-sh-install-script.md @@ -0,0 +1,75 @@ +# ADR-0055: `curl | sh` install script (`scripts/install.sh`) + +## Status + +Accepted — **implemented 2026-06-17** (plan: +`docs/plans/20260616-public-availability.md`, step 2). Step 2 on the road +to public availability, building on ADR-0054 (versioned releases) and +ADR-ci-001/003 (the Gitea releases it downloads from). Tracked by the +plan + this ADR (no Gitea issue — user decision, 2026-06-17). + +## Context + +Until now, installing meant: find the releases page, work out which of +the six assets matches your machine, download it, `chmod +x`, move it +onto `PATH`, and (on macOS) wonder about Gatekeeper. That is too much +friction for a teaching tool aimed at beginners. The Gitea releases are +**publicly downloadable** (confirmed), with deterministic asset names +(`rdbms-playground--[.exe]`) and `.sha256` sidecars +(ADR-ci-003), and a `releases/latest` API — enough to script a one-liner +install. + +## Decision + +Ship **`scripts/install.sh`**, run as +`curl -fsSL /scripts/install.sh | sh`: + +- **POSIX `sh`** (no bashisms) — it runs under the `sh` of `curl | sh`; + kept **shellcheck-clean** (`-s sh`). +- **Platform detection** from `uname` → target triple: Linux → + `-unknown-linux-musl` (the fully-static build — one universal + Linux artifact, no glibc/version coupling), macOS → `-apple-darwin`; + `x86_64`/`amd64` and `aarch64`/`arm64` both map. **Windows is rejected** + with a pointer to Scoop/winget/the releases page (the binary is a `.exe`, + not a `curl|sh` target). +- **Version:** the `releases/latest` API tag by default; `RDBMS_VERSION` + pins a specific tag. +- **Integrity:** always download the `.sha256` sidecar and **verify** + (`sha256sum`/`shasum -a 256`); a mismatch aborts the install. HTTPS only. +- **Install location:** `~/.local/bin` by default (user-writable, no + sudo), overridable via `RDBMS_INSTALL_DIR`; prints a PATH hint if the + dir isn't on `PATH`. +- **macOS note:** a `curl` download is **not** Gatekeeper-quarantined, so + the binary runs as-is even while it is only ad-hoc-signed; proper + Developer-ID signing + notarization (for *browser* downloads) is a + separate, postponed task (see the plan's signing item). +- **Testing seams:** `RDBMS_OS`/`RDBMS_ARCH` force detection and + `--print-target` prints the resolved triple and exits — so the mapping + is checkable without a download. + +### Rejected / deferred +- **Hosting the script on the website domain** (Cloudflare): nicer URL, + but adds a moving part; the **Gitea repo raw URL** is simplest and the + binaries live there anyway (user decision). The website may later + *reference* the same command. +- **`install.ps1` (Windows):** deferred — Windows users go via Scoop / + winget (D3, §3). +- **Uploading `install.sh` as a release asset** for a stable link: + optional; the branch raw URL is fine for now. + +## Consequences + +- A first-time user runs one line and gets a checksum-verified binary on + `PATH`. The website's install copy (website branch, separate agent) can + point at this command. +- **Verified end-to-end** (2026-06-17) against the live public `v0.1.0`: + all four Linux/macOS platform mappings + Windows/unknown-arch rejection; + pinned and latest paths; checksum verification incl. a tamper-rejection + check; install + run on Linux x86_64. (The installed `v0.1.0` predates + `--version`, ADR-0054 — a non-issue, and the reason to cut a new + release.) +- **No automated regression guard in CI yet:** shellcheck isn't in the + flake, and there's no shell-test harness here (no bats). Recommended + follow-up: add a `shellcheck scripts/*.sh` gate (touches ADR-ci-002 — + needs shellcheck in the devShell). For now the guard is local + shellcheck + the documented end-to-end verification. diff --git a/docs/adr/README.md b/docs/adr/README.md index 3f042b3..6539a94 100644 --- a/docs/adr/README.md +++ b/docs/adr/README.md @@ -67,3 +67,4 @@ This directory contains the project's ADRs, recorded per - [ADR-0052 — Mode-tagged history for cross-mode recall](0052-mode-tagged-history-cross-mode-recall.md) — **Accepted + implemented 2026-06-13 (issue #30)**, closes Gitea **#30** — the feature (advanced history reusable in simple mode) **and** the bug in its comment (the `:` one-shot prefix lost across sessions). **Amends ADR-0034** (status field gains a `:adv` tag; **journaling moves from the worker to the dispatch layer**), **ADR-0015 §5/§6** (history.log leaves the worker transaction — `commit-db-last` now scopes yaml/csv/db only), and **ADR-0040** (a success-path journal-write failure is best-effort, not fatal); references ADR-0003. **Root cause:** history carried no mode, and the in-memory ring stored the raw `:select 1` while the worker journalled the *stripped* `select 1`, so the `:` was lost on disk. **Fix:** record the submission mode per entry as a **`:adv` suffix on the status token** (`ok`/`ok:adv`/`err`/`err:adv`) — `source` stays last + canonical so replay is unaffected; the in-memory ring (still `Vec`) stores advanced entries in their `: `-prefixed simple-mode runnable form (a leading `:` unambiguously marks advanced since simple DSL never starts with `:`); recall **strips the `:` in advanced mode** (runs as bare SQL) and keeps it in simple mode (runs via the one-shot escape); hydration reconstructs the `: `-prefix from the tag, so cross-session = in-session. **The architectural turn (user's call):** the first draft kept journaling in the worker + threaded the mode down (~30-site plumbing); on review the user asked why the journal is written deep in the worker when the *failure* path already journals at the top of the chain — it shouldn't (history.log is a journal, not state). So **success journaling moved up** to `spawn_dsl_dispatch` / `run_replay` / the app-command sites (next to the failure path), the worker's `finalize_persistence` now writes only yaml/csv, and the journal write became **best-effort** (the command is already committed — consistent with the failure path; a rare disk-full leaves a committed command unjournalled, state intact). **App commands** journal simple (dispatched outside the spawn) and `submit` excludes them from the ring's advanced flag, so `undo`/`mode advanced` recall bare. Forks user-chosen: status-tag format (vs 4th field / `:`-in-source); unified scope; **dispatch-layer best-effort journaling** (vs worker-coupled-fatal). Two `/runda` passes (the second drove the relocation + app-command exclusion). Tests: the 15 worker-level journaling tests retired (worker no longer journals — yaml/csv/operation checks kept), re-covered at the new layer (history.rs status-tag + `:`-reconstruct; app.rs recall matrix; the #30 cross-session regression in `iteration6`; replay tests cover `run_replay` journaling). **2471 pass / 0 fail / 0 skip (1 ignored), clippy clean.** replay re-journaling mode-fidelity (a replayed advanced line re-journals simple — not a regression). **Follow-up done 2026-06-14:** the vestigial worker `source` plumbing was fully unwound (compiler-guided, no behaviour change) — `_source` removed from `finalize_persistence`/`do_rebuild_from_text`, the three `*_request` wrappers inlined+deleted, the dead `source` param dropped from the ~30 forwarding worker handlers, and the `source` field removed from the `DescribeTable`/`QueryData`/`RunSelect` requests + their `DatabaseHandle` methods (~164 mostly-test call sites); the only worker `source` left is the snapshot/undo label (see ADR-0052 *Consequences*) - [ADR-0053 — Contextual `hint` command and keybinding](0053-contextual-hint-command-and-keybinding.md) — **Accepted, implemented 2026-06-15** (Phases A–D; closes **A1** + requirements **H2**). Settles the `hint` slot ADR-0003 left "ADR pending"; closes the last open piece of **A1** and tracks requirements **H2**. **Two surfaces:** an **F1 keybinding** that renders a deep hint for the *live* partial input without submitting (the primary path — a submitted `hint` command can't see the buffer it would help with, since Enter empties it), and a submitted **`hint` command** that expands on the *most recent error*. **No topic argument** (contextual only — `help ` already owns explicit reference). Introduces a **tier-3 teaching layer**, deeper than the existing tier-1 (colour / error headline) and tier-2 (ambient one-liner; and the error `hint:`, which is shown **by default** since `Verbosity::Verbose` is the default — `messages short` is the opt-*out*); without it `hint` would just duplicate what's already on screen. Tier-3 content lives in the catalogue under `hint.cmd.` (per command form) and `hint.err.` (per error/diagnostic class), each a structured `what`/`example`/`concept` block rendered via a new `note_hint*` family with `OutputStyleClass::Hint`. **Keyed per-form via a new `hint_ids: &[&str]` field on `CommandNode` mirroring `usage_ids`** (revised in Phase B): a per-*node* key proved too coarse — `add`/`drop`/`show`/`create` are each one node spanning many forms, and a live-input hint for `add 1:n relationship` must be specific to relationships; `hint_key_for_input_in_mode` reuses `usage_key_for_input_in_mode`'s form-word disambiguation, and covers the advanced-SQL forms whose `usage_ids` are empty. Not keyed off `help_id` (it is `None` on the advanced-SQL nodes purely to dedup the `help` list; that parallel gap is issue **#36**). **Clause-concept hints** (`on delete` actions, constraint slots, `with pk`, cardinality) are a recorded **deferred extension** (`hint.concept.`, issue **#37**) — per-form is the right tier-3 granularity, with position-awareness owned by tier-2 + the live `Next:` line. Runtime `translate_error` classes resolve via stored `last_error_hint_key` (`hint` command / empty-F1). (The second route — pre-submit `diagnostic.*` read live from the walker on the F1 path — is **deferred**, issue **#38**: `Diagnostic` carries no class key.) Adds `AppCommand::Hint`, a `HINT` grammar node + REGISTRY entry, the `hint_ids` field, and `last_error_hint_key`; F1 is a read-only overlay (buffer + completion memo untouched). **Content is the bulk of the work** (the mechanism is ~a day): v1 scope = ~37 command forms + 9 runtime error classes (comprehensive for those, ~57 blocks), authored **exemplars-first** (voice approved in this ADR's `/runda` review, then mass-authored in batches), enforced by a **comprehensiveness coverage test**, with graceful fall-back to tier-2 if a key is ever missing. The **pre-submit-diagnostic route + ~33 `diagnostic.*` blocks were deferred** (issue **#38**) — `Diagnostic` carries no class key, so the route needs a broad change for marginal value (tier-2 already surfaces diagnostics; many duplicate runtime classes). Forks user-chosen: two-surface model; **F1** (vs `?` / a chord); no-arg; comprehensive-for-commands-and-errors scope; exemplars-first; diagnostics deferred. OOS: per-topic `hint ` (rejected — overlaps `help`); always-on tier-3 (rejected — keeps ambient terse); non-`en-US` locales + success-command teaching (deferred); clause-concept hints (issue #37); the diagnostic route (issue #38); the `help`-side advanced-SQL gap (issue #36) - [ADR-0054 — Release versioning policy + version surfaces (`--version` / `version`)](0054-release-versioning-and-version-surfaces.md) — **Accepted + implemented 2026-06-16** (plan: `docs/plans/20260616-public-availability.md`, step 1 on the road to public availability; no prior issue/`requirements.md` item — an untracked gap). Fixes the **tag↔crate-version decoupling**: `Cargo.toml` built `0.1.0` while `release.yaml` named assets from the git tag, so a binary could report a version different from the asset it shipped in. **Decision:** `Cargo.toml` `version` is the **single source of truth** (read via `env!("CARGO_PKG_VERSION")`, no tag-injection); two surfaces report it through one `cli::version_text()` → catalog `cli.version_line` — a **`--version` / `-V`** CLI flag (mirrors `--help`, prints+exits in `main.rs`) and an in-app **`version`** command (REGISTRY node `app::VERSION`, `AppCommand::Version`, emits via `note_system`); and a **release-CI version guard** (`release.yaml` `test` job parses `cargo metadata` and **fails the release** unless the `v*` tag equals `v`). Release ritual: bump `Cargo.toml` → commit → tag → push. New keys `cli.version_line` + `help.app.version` + `parse.usage.version` + `hint.cmd.version.{what,example}` (the new REGISTRY command pulls in the comprehensiveness coverage gate). Rejected: tag-as-source (makes Cargo.toml lie). Deferred: git-hash/build-date enrichment (behind the same `version_text()` seam); UI placement beyond the command. Tested test-first: CLI parse (`--version`/`-V`/default-off), `version_text()` carries `CARGO_PKG_VERSION`, the in-app command parses + emits. Also corrected a stale `release.yaml` header comment ("macOS is deferred" → built by the dispatched `release-macos.yaml`). +- [ADR-0055 — `curl | sh` install script (`scripts/install.sh`)](0055-curl-sh-install-script.md) — **Accepted + implemented 2026-06-17** (plan: `docs/plans/20260616-public-availability.md`, step 2; tracked by plan + ADR, no Gitea issue — user decision). A one-line installer (`curl -fsSL /scripts/install.sh | sh`) so beginners don't hand-pick an asset + `chmod +x`. **POSIX `sh`** (shellcheck-clean), detects `uname` OS/arch → target triple (**Linux → the fully-static `*-musl`** build, macOS → `*-apple-darwin`; `amd64`/`arm64` aliased; **Windows rejected** → Scoop/winget/releases page), resolves the version from the **`releases/latest`** API (or `RDBMS_VERSION` to pin), downloads the asset **and its `.sha256` and verifies it** (mismatch aborts), installs to `~/.local/bin` (`RDBMS_INSTALL_DIR` override) with a PATH hint. Testing seams: `RDBMS_OS`/`RDBMS_ARCH` + `--print-target`. macOS note: `curl` downloads aren't Gatekeeper-quarantined so the ad-hoc binary runs as-is (Developer-ID + notarization is the postponed signing task). **Verified end-to-end against the live public `v0.1.0`** (all platform mappings, pinned + latest, checksum incl. tamper-rejection, install + run). Rejected: website-domain hosting (extra moving part; Gitea raw is simplest); deferred: `install.ps1`, uploading the script as a release asset, and a **shellcheck CI gate** (shellcheck isn't in the flake — touches ADR-ci-002). diff --git a/docs/plans/20260616-public-availability.md b/docs/plans/20260616-public-availability.md index c9e6dbb..704d0c7 100644 --- a/docs/plans/20260616-public-availability.md +++ b/docs/plans/20260616-public-availability.md @@ -32,7 +32,20 @@ anything user-facing (taps, buckets). --- -## 2. `install.sh` (curl | sh) — DECIDED shape +## 2. `install.sh` (curl | sh) — DONE 2026-06-17 (ADR-0055) + +**Shipped** `scripts/install.sh` (POSIX sh, shellcheck-clean). Verified +end-to-end against the live public `v0.1.0` release: platform mappings +(Linux/macOS × x86_64/aarch64; Windows + unknown arch error cleanly), +pinned (`RDBMS_VERSION`) and latest (`releases/latest`) paths, SHA-256 +verification (incl. a tamper-rejection check), install to +`~/.local/bin`, PATH hint. **`install.ps1` (Windows) deferred** — Windows +users go via Scoop/winget (§3). The website copy that references the +`curl` command is the **website branch's** job (separate agent), later. +A **shellcheck CI gate** for `scripts/` is a recommended follow-up (not +added — shellcheck isn't in the flake yet; touches ADR-ci-002). + +Original decided shape (for reference): - **Hosted from the Gitea repo URL** on `git.lazyeval.net` (simplest): `curl -fsSL https://git.lazyeval.net/oli/rdbms-playground/raw/branch/main/scripts/install.sh | sh` @@ -72,11 +85,13 @@ per-release step to bump it. Ordered cheapest → most gatekept. `cargo install cargo-binstall`). **Our instructions must say this.** - Add `[package.metadata.binstall]` to `Cargo.toml` (pkg-url template → our Gitea release assets; our naming already fits). -- **OPEN:** the frictionless `cargo binstall rdbms-playground` resolves - the crate via **crates.io**. Decision needed: **publish to crates.io?** - If not, document the `cargo binstall --git ` form instead. - *(Verify current cargo-binstall non-crates.io behaviour before - committing wording.)* +- **DECIDED (2026-06-17): publish to crates.io** — so the frictionless + `cargo binstall rdbms-playground` resolves the crate, and the project + is discoverable there. (A crates.io publish is its own small task: + metadata completeness — description/license/repository/keywords/readme + — and `cargo publish`; the `[package.metadata.binstall]` URL template + points binstall at our Gitea release assets.) *(Verify current + cargo-binstall behaviour when wiring.)* ### 3b. Scoop (Windows) - A **bucket** repo under `lazyeval` on Gitea with a JSON manifest @@ -113,29 +128,49 @@ per-release step to bump it. Ordered cheapest → most gatekept. --- -## Open decisions (need the user) +## Open decisions -1. **crates.io:** publish the crate? (changes the `cargo binstall` + - discoverability story). -2. **macOS signing — CONFIRMED BUG (2026-06-16).** `release-macos.yaml` - line 52 runs `codesign --force --sign -` (the `-` = **ad-hoc**), so a - downloaded binary is *not* properly signed — user-verified. The Apple - **Developer ID** identity was provisioned in the runner VM's keychain - (the CI agent asked for it) but the workflow never references it, so - it sits **unused**. Fix = a `release-macos.yaml` change: sign with - `codesign --sign "Developer ID Application: "` - against the keychain identity, **after** the `install_name_tool` - de-nix (which invalidates any signature), then ideally **notarize + - staple** (needs Apple notarytool creds — Apple ID + app-specific - password, or an App Store Connect API key — as runner secrets). A - distinct task from the version work; corrects the docs once landed. -3. **Issue tracking:** file Gitea issues for these (version; install.sh; - D3), or track via this plan + ADR only? +1. **crates.io:** **RESOLVED 2026-06-17 — yes, publish.** (See §3a.) +2. **Tracking:** **RESOLVED 2026-06-17 — doc + ADR only, no Gitea + issues.** +3. **Release downloads public:** **CONFIRMED 2026-06-17** — the Gitea + releases are publicly downloadable (no auth); `install.sh` relies on + it and was verified against the live `v0.1.0`. + +### Still open / postponed + +- **macOS signing — CONFIRMED BUG (2026-06-16), POSTPONED by the user + (2026-06-17)** pending the correct signing ID. Details: + - `release-macos.yaml` does `codesign --force --sign -` (ad-hoc) and has + **no signing scaffolding at all** (no keychain import, no secrets) — + so a downloaded binary is *not* properly signed (user-verified). + - **The credential the user has is the wrong type:** `Apple Development: + Oliver Sturm (W687M898E4)` is a *development* cert (Gatekeeper won't + trust it for distribution). Distribution needs a **`Developer ID + Application`** cert (same format, different type). Signing under the + company name *"Lazy Evaluation Ltd"* would need an **Organization** + Apple Developer account; a personal account signs as "Oliver Sturm". + - **Notarization** (required with Developer ID for non-quarantined trust + on browser downloads): after signing, `xcrun notarytool submit`. Creds + = an **App Store Connect API key** (Issuer ID + Key ID + `.p8`, + recommended for CI) *or* Apple ID + app-specific password + Team ID. + A bare CLI binary can't be *stapled* (only bundles/dmg/pkg) — Gatekeeper + does an online check instead. + - **Urgency caveat:** the `curl|sh` path doesn't need any of this (curl + downloads aren't quarantined); signing matters for browser downloads + from the releases page. Fix when the right cert + creds exist; corrects + the ad-hoc docs once landed. ## Sequencing -1. **Version discipline** (ADR-0054) — `--version`/`-V` + `version` - command + CI tag-match guard + tests. **← building now.** -2. `scripts/install.sh` + confirm public download URLs. -3. Package managers, cheapest first: `cargo binstall` + Scoop → Homebrew - → winget. +1. ✅ **Version discipline** (ADR-0054) — `--version`/`-V` + `version` + command + CI tag-match guard + tests. +2. ✅ **`scripts/install.sh`** (ADR-0055) — built + verified against the + live public release. +3. **← next:** package managers, cheapest first: `cargo binstall` + (+ crates.io publish) + Scoop → Homebrew (`lazyeval` tap) → winget + (komac / manual). Two `lazyeval` repos (tap + bucket) + CI push creds + to set up. +4. **Cut a release at a new version** — bump `Cargo.toml` (0.1.0 → + 0.1.1/0.2.0; the ADR-0054 guard checks the tag), tag, push; the four + Linux/Windows targets build immediately. (macOS leg awaits signing.) diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100755 index 0000000..5609f50 --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,166 @@ +#!/bin/sh +# install.sh — download and install a prebuilt rdbms-playground binary. +# +# Quick start (Linux / macOS): +# curl -fsSL https://git.lazyeval.net/oli/rdbms-playground/raw/branch/main/scripts/install.sh | sh +# +# What it does: detects your OS + CPU, downloads the matching release binary +# from the Gitea releases (Linux uses the fully-static musl build), verifies +# its SHA-256 checksum, and installs it to ~/.local/bin. +# +# Environment overrides: +# RDBMS_VERSION install a specific tag (e.g. v0.2.0) instead of the latest +# RDBMS_INSTALL_DIR install directory (default: $HOME/.local/bin) +# RDBMS_OS force the OS (testing): Linux | Darwin +# RDBMS_ARCH force the CPU (testing): x86_64 | aarch64 +# +# Flags: +# --print-target print the resolved target triple and exit (no download) +# -h, --help print this help and exit +# +# Notes: +# * Windows is not installable via this script (the binary is a .exe) — +# use Scoop/winget (planned) or download the .exe from the releases page. +# * macOS: a curl download is not quarantined by Gatekeeper, so the binary +# runs without extra steps. (Developer-ID signing + notarization is a +# separate, planned improvement for browser downloads.) +# +# POSIX sh — no bashisms, so it runs under the `sh` of `curl | sh`. + +set -eu + +REPO_BASE="https://git.lazyeval.net/oli/rdbms-playground" +API_BASE="https://git.lazyeval.net/api/v1/repos/oli/rdbms-playground" +BIN_NAME="rdbms-playground" +PRINT_TARGET=0 + +err() { + printf 'install: %s\n' "$1" >&2 + exit 1 +} +info() { printf '%s\n' "$1" >&2; } + +usage() { + # Lines 2..(first blank) of this file are the human-readable header. + sed -n '2,/^$/p' "$0" | sed 's/^# \{0,1\}//' +} + +# Resolve the Rust target triple for the current (or forced) platform. +# Linux -> -unknown-linux-musl (the fully-static build) +# macOS -> -apple-darwin +detect_target() { + os="${RDBMS_OS:-$(uname -s)}" + arch="${RDBMS_ARCH:-$(uname -m)}" + case "$os" in + Linux | linux) os_part="unknown-linux-musl" ;; + Darwin | darwin | macos | macOS) os_part="apple-darwin" ;; + MINGW* | MSYS* | CYGWIN* | *Windows* | *windows*) + err "Windows is not supported by this installer — use Scoop/winget (planned) or download the .exe from $REPO_BASE/releases" ;; + *) err "unsupported operating system: $os" ;; + esac + case "$arch" in + x86_64 | amd64) arch_part="x86_64" ;; + aarch64 | arm64) arch_part="aarch64" ;; + *) err "unsupported CPU architecture: $arch" ;; + esac + printf '%s-%s' "$arch_part" "$os_part" +} + +# Download $1 to file $2 (curl or wget). +download() { + if command -v curl >/dev/null 2>&1; then + curl -fsSL "$1" -o "$2" + elif command -v wget >/dev/null 2>&1; then + wget -qO "$2" "$1" + else + err "need either curl or wget on PATH" + fi +} + +# Fetch $1 to stdout (curl or wget). +fetch() { + if command -v curl >/dev/null 2>&1; then + curl -fsSL "$1" + elif command -v wget >/dev/null 2>&1; then + wget -qO- "$1" + else + err "need either curl or wget on PATH" + fi +} + +# The release tag to install: $RDBMS_VERSION if set, else the latest release. +resolve_version() { + if [ -n "${RDBMS_VERSION:-}" ]; then + printf '%s' "$RDBMS_VERSION" + return + fi + json=$(fetch "$API_BASE/releases/latest") || + err "could not query the latest release from $API_BASE" + # Portable JSON scrape (no jq): the latest-release object carries exactly + # one "tag_name": "" field. + tag=$(printf '%s' "$json" | + grep -o '"tag_name"[[:space:]]*:[[:space:]]*"[^"]*"' | + head -1 | sed 's/.*"\([^"]*\)"$/\1/') + [ -n "$tag" ] || err "could not parse the latest release tag" + printf '%s' "$tag" +} + +# Verify file $1 against sha256 sidecar $2 (format: " "). +verify_checksum() { + expected=$(awk '{print $1; exit}' "$2") + if command -v sha256sum >/dev/null 2>&1; then + actual=$(sha256sum "$1" | awk '{print $1}') + elif command -v shasum >/dev/null 2>&1; then + actual=$(shasum -a 256 "$1" | awk '{print $1}') + else + info "warning: no sha256 tool found — skipping checksum verification" + return 0 + fi + [ "$expected" = "$actual" ] || + err "checksum mismatch (expected $expected, got $actual) — refusing to install" +} + +main() { + while [ $# -gt 0 ]; do + case "$1" in + --print-target) PRINT_TARGET=1 ;; + -h | --help) + usage + exit 0 + ;; + *) err "unknown argument: $1 (try --help)" ;; + esac + shift + done + + target=$(detect_target) + if [ "$PRINT_TARGET" = "1" ]; then + printf '%s\n' "$target" + exit 0 + fi + + version=$(resolve_version) + asset="$BIN_NAME-$version-$target" + url="$REPO_BASE/releases/download/$version/$asset" + dir="${RDBMS_INSTALL_DIR:-$HOME/.local/bin}" + + tmp=$(mktemp -d 2>/dev/null) || err "could not create a temporary directory" + trap 'rm -rf "$tmp"' EXIT INT TERM + + info "downloading $asset ..." + download "$url" "$tmp/$BIN_NAME" || err "download failed: $url" + download "$url.sha256" "$tmp/$BIN_NAME.sha256" || err "checksum download failed: $url.sha256" + verify_checksum "$tmp/$BIN_NAME" "$tmp/$BIN_NAME.sha256" + + mkdir -p "$dir" || err "could not create install directory: $dir" + chmod +x "$tmp/$BIN_NAME" + mv "$tmp/$BIN_NAME" "$dir/$BIN_NAME" || err "could not install to $dir" + info "installed $BIN_NAME $version -> $dir/$BIN_NAME" + + case ":${PATH:-}:" in + *":$dir:"*) ;; + *) info "note: $dir is not on your PATH. Add it, e.g.: export PATH=\"$dir:\$PATH\"" ;; + esac +} + +main "$@"