Last active
October 31, 2017 22:24
-
-
Save drfill/e06ad9ad601add176069d4c7d5478139 to your computer and use it in GitHub Desktop.
executable runner (only linux)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # @TODO cut off to variable runargs before getopts | |
| set -e | |
| host="s3.amazonaws.com" | |
| bucket="BUCKET" | |
| filepath="DIRECTORY/FILE_NAME" | |
| type="s3" | |
| directory=$(pwd) | |
| curl=`which curl` | |
| # environment vars | |
| key=${AWS_ACCESS_KEY_ID="xxxx"} | |
| secret=${AWS_SECRET_ACCESS_KEY="xxxxxx"} | |
| region=${AWS_DEFAULT_REGION="us-east-1"} | |
| HELP="\t-H <host> \t\t\t host to download executable from (default: $host) | |
| \t-f <filepath> \t\t\t executable file path (default: $filepath) | |
| \t-d <directory_path> \t\t directory where to safe downloaded file (default: $directory) | |
| \t-t <s3|basicauth> \t\t host type, available types \"s3\" and \"basicauth\" (default: $type) | |
| \t---------- s3 options ---------- | |
| \t-k <AWS_ACCESS_KEY_ID> \t\t AWS access key (default: environment variable or blank) | |
| \t-s <AWS_SECRET_ACCESS_KEY> \t AWS secret key (default: environment variable or blank) | |
| \t-r <AWS_DEFAULT_REGION> \t AWS region (default: environment variable or $region) | |
| \t-b <bucket> \t\t\t s3 bucket to download executable from (default: $bucket) | |
| \t------ Basic Auth options ------ | |
| \t-l <username> \t\t\t login/username (default: blank) | |
| \t-p <password> \t\t\t password (default: blank) | |
| " | |
| trim() { | |
| local var="$*" | |
| # remove leading whitespace characters | |
| var="${var#"${var%%[![:space:]]*}"}" | |
| # remove trailing whitespace characters | |
| var="${var%"${var##*[![:space:]]}"}" | |
| echo -n "$var" | |
| } | |
| usage() { printf >&2 "$HELP"; exit 1; } | |
| err_usage() { printf >&2 "Invalid option \"-$OPTARG\" available options:\n$HELP"; exit 1; } | |
| full_help() { printf >&2 "Download and run executable from Amazon S3 and/or BasicAuth URL and then run it\n$HELP"; exit 1; } | |
| if [ -z "$*" ]; then full_help; fi | |
| while getopts ":H:b:f:t:k:s:r:l:p:d:a:" opt; do | |
| case ${opt} in | |
| H) host=$(trim $OPTARG) | |
| ;; | |
| b) bucket=$(trim $OPTARG) | |
| ;; | |
| f) filepath=$(trim $OPTARG) | |
| ;; | |
| t) type=$(trim $OPTARG) | |
| ([ "$type" == "s3" ] || [ "$type" == "basicauth" ]) || usage | |
| ;; | |
| k) key=$(trim $OPTARG) | |
| ;; | |
| s) secret=$(trim $OPTARG) | |
| ;; | |
| r) region=$(trim $OPTARG) | |
| ;; | |
| l) login=$(trim $OPTARG) | |
| ;; | |
| p) password=$(trim $OPTARG) | |
| ;; | |
| d) directory=$(trim $OPTARG) | |
| ([ ! -d ${directory} ]) && (printf "Directory does not exists.\n"; usage; ) | |
| ;; | |
| a) runargs=$(trim $OPTARG) | |
| ;; | |
| *) err_usage | |
| ;; | |
| esac | |
| done | |
| #shift $((OPTIND-1)) | |
| filename=${filepath##*/} | |
| path="$directory/$filename" | |
| function download_s3 { | |
| hmac_sha256() { echo -n "$2" | openssl dgst -sha256 -mac HMAC -macopt "$1" | sed 's/^.* //'; } | |
| resource="/${bucket}/${filepath}" | |
| hashedPayload="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" | |
| timestamp=`TZ=GMT date +'%Y%m%dT%H%M%SZ'` | |
| date=`TZ=GMT date +'%Y%m%d'` | |
| canonicalRequest="GET\n${resource}\n\nhost:${host}\nx-amz-content-sha256:${hashedPayload}\nx-amz-date:${timestamp}\n\nhost;x-amz-content-sha256;x-amz-date\n${hashedPayload}" | |
| canonicalRequestHash=$(/bin/echo -en ${canonicalRequest} | openssl dgst -sha256 -binary | xxd -p -c256) | |
| stringToSign="AWS4-HMAC-SHA256\n${timestamp}\n${date}/${region}/$type/aws4_request\n${canonicalRequestHash}" | |
| dateKey=$(hmac_sha256 key:"AWS4$secret" ${date}) | |
| dateRegionKey=$(hmac_sha256 hexkey:${dateKey} ${region}) | |
| dateRegionServiceKey=$(hmac_sha256 hexkey:${dateRegionKey} ${type}) | |
| signingKey=$(hmac_sha256 hexkey:${dateRegionServiceKey} "aws4_request") | |
| signature=$(/bin/echo -en ${stringToSign} | openssl dgst -sha256 -mac HMAC -macopt hexkey:${signingKey} -binary | xxd -p -c256) | |
| curl \ | |
| --silent \ | |
| -H "Host: ${host}" \ | |
| -H "Authorization: AWS4-HMAC-SHA256 \ | |
| Credential=${key}/${date}/${region}/$type/aws4_request, \ | |
| SignedHeaders=host;x-amz-content-sha256;x-amz-date, \ | |
| Signature=${signature}" \ | |
| -H "X-Amz-Content-Sha256: ${hashedPayload}" \ | |
| -H "X-Amz-Date: ${timestamp}" \ | |
| -o ${path} \ | |
| "https://$host$resource" | |
| } | |
| function download_basicauth { | |
| curl \ | |
| --silent \ | |
| --basic \ | |
| -L \ | |
| -u "$login:$password" \ | |
| -o ${path} \ | |
| "https://$host/${filepath}" | |
| } | |
| exec $("download_$type") | |
| ([ ! -f ${path} ]) && (printf "File error or not found.\n"; exit 1; ) | |
| chmod +x ${path} | |
| set -- ${path} ${runargs:1:-1} | |
| exec "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment