jaybrown / superbackeddownloader Goto Github PK
View Code? Open in Web Editor NEWmacOS shell script and LaunchAgent to automatically download and verify Superbacked updates and auxiliary files
License: MIT License
macOS shell script and LaunchAgent to automatically download and verify Superbacked updates and auxiliary files
License: MIT License
Superbacked Downloader (sbdl) macOS shell script and LaunchAgent to automatically download and verify Superbacked updates and auxiliary files Current version: 0.7.0 SUPERBACKED INFORMATION Superbacked website: https://superbacked.com/ Superbacked on GitHub: https://github.com/superbacked/superbacked Superbacked developer on GitHub: https://github.com/sunknudsen Developer GPG public key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060 NOTES For Superbacked Downloader to work, the Superbacked application itself needs to be installed on the same Mac as Superbacked Downloader. If Superbacked is not installed, Superbacked Downloader will just download the latest release over and over again. If you are using your main instance of Superbacked on an air-gapped or factory-reset Mac, you should run this script/agent on your daily-driver Mac containing a placeholder installation of Superbacked. When a new update has been released, the shell script will download and verify the following files: * GPG .asc signature file for the checksums file (download only) * SHA256 hashes file * release notes (.txt) * main distribution file (macOS DMG or Linux AppImage) * Superbacked application (verification & macOS .app only) SECURITY NOTES DON'T TRUST, VERIFY! Superbacked Downloader is set up to automatically verify the SHA-256 hashes file using the GPG signature file and the developer's GPG public key, and then verify all downloaded files using the SHA-256 hashes. It will also verify the internal checksum of the distribution DMG as well as the code signature integrity of the macOS .app bundle. Please be mindful that all this amounts to convenience over security, so it would be wise to always manually verify the downloads yourself. SCRIPT INSTALLATION * download or clone this repository * `chmod +x ./sbdl` (if necessary) * downloaded repo: `cp ./sbdl /usr/local/bin/sbdl` (use sudo if you receive a permissions error) * cloned repo: `ln -s ./sbdl /usr/local/bin/sbdl` (use sudo if you receive a permissions error) * if you use a different path, you need to modify the agent's plist file accordingly (see below) VERIFICATION * cosign public key: https://github.com/JayBrown/JayBrown-github.com-cosign-public-key * `cosign verify-blob --signature ./sbdl.cosign.sig --key "$HOME/.cosign/[email protected]" ./sbdl` AGENT MODIFICATION * rename file: replace '$USER' with your local macOS user name, i.e. with the output of `id -un` or of `echo $USER` * open the agent's plist file in a text editor * replace all instances of '$USER' with your local macOS user name * OPTIONAL: modify the 'Program' key if you have installed the script into a different path than /usr/local/bin * OPTIONAL: modify the 'StartInterval' key to execute sbdl more often, e.g. '14400' for every 4 hours * save & close AGENT INSTALLATION * `cp ./local.$USER.sbdl.plist ~/Library/LaunchAgents/local.$USER.sbdl.plist` * `launchctl load ~/Library/LaunchAgents/local.$USER.sbdl.plist` * `launchctl start local.$USER.sbdl.plist` FILES CREATED (1) Log: ~/Library/Logs/local.$USER.sbdl.log (2a) Configuration directory: ~/Library/Application Support/SuperbackedDownloader (2b) Configuration file: ~/Library/Application Support/SuperbackedDownloader/sbdl.cfg (3) stdout & stderr created by the agent in /tmp (4) SBDL_DISCLAIMER.txt in the user's downloads directory ERROR AT FIRST RUN The initial run of the LaunchAgent will fail with an error, because the configuration file is still missing your personal software license key. You need to enter your license key manually. (The script will automatically open the configuration folder in Finder.) MANDATORY CONFIGURATION * please import the developer's public key (see above) into your GPG keyring (or the GUI-based GPG Keychain) * open the file sbdl.cfg in a text editor * License: replace '<yourLicenseKey>' with your actual Superbacked software license key which you received from the developer after purchase * save & close OPTIONAL CONFIGURATION * open the file sbdl.cfg in a text editor * DownloadPath: enter a download directory (full path) to avoid downloading to ~/Downloads * LinuxDownload: enter 'y' or 'yes' etc. to additionally download the Linux AppImage * ReleaseLabel: enter 'op' as the software label if you are not using the default 'std' release * Platform (Linux only): enter 'x64' or 'arm64' (defaults to 'x64') * save & close MANDATORY DEPENDENCIES * gpg: install e.g. with Homebrew or MacPorts etc. (gnupg), or as part of the GPG Suite: https://gpgtools.org NOTE: if you have not installed gpg, Superbacked Downloader will still work and download all related files and updates, but you will receive verification warnings. OPTIONAL DEPENDENCIES * lynx: install e.g. with Homebrew or MacPorts etc. NOTE: slightly more efficient than macOS' built-in cURL for extracting the latest version number from Superbacked's GitHub repo * 7z: install e.g. with Homebrew or MacPorts etc. (p7zip) NOTE: the 7z command is only used to coarsely verify the integrity of an already downloaded Linux AppImage DISCLAIMER SUPERBACKED DOWNLOADER ('THE SOFTWARE') IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ESPECIALLY LOST OR STOLEN SECRETS AND ASSOCIATED DATA OR VALUE, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.