#!/bin/bash set -e # https://download-ca.odilatech.com/pg_comb/latest eh substituido no momento do deploy pelo URL da regiao do servidor. URL=https://download-ca.odilatech.com/pg_comb/latest DIR=/opt/pg_comb BIN=pg_comb # nome local (sempre pg_comb dentro de $DIR) # ── Detector de arquitetura ───────────────────────────────────────────── case "$(uname -m)" in x86_64|amd64) ARCH=amd64 ;; aarch64|arm64) ARCH=arm64 ;; *) echo "[ERRO] Arquitetura $(uname -m) nao suportada." echo " Suportadas: x86_64 (amd64) e aarch64 (arm64)." exit 1 ;; esac REMOTE_BIN=pg_comb_linux_${ARCH} # ── Detector de downloader ────────────────────────────────────────────── if command -v curl &>/dev/null; then fetch() { curl -fsSL "$1" -o "$2"; } check_url() { curl -fsSL --max-time 5 "$1" -o /dev/null 2>/dev/null; } elif command -v wget &>/dev/null; then fetch() { wget -qO "$2" "$1"; } check_url() { wget -q --spider --timeout=5 "$1" 2>/dev/null; } else echo "[ERRO] Nem curl nem wget encontrados." command -v apt-get &>/dev/null && echo " apt-get install -y curl" || true command -v yum &>/dev/null && echo " yum install -y curl" || true exit 1 fi # ── GPG obrigatorio (tenta auto-instalar se faltar) ────────────────────── ensure_gpg() { command -v gpg &>/dev/null && return 0 echo "[setup] gpg nao encontrado — tentando instalar automaticamente..." if command -v apt-get &>/dev/null; then apt-get update -qq && apt-get install -y gnupg2 >/dev/null 2>&1 elif command -v dnf &>/dev/null; then dnf install -y gnupg2 >/dev/null 2>&1 elif command -v yum &>/dev/null; then yum install -y gnupg2 >/dev/null 2>&1 elif command -v apk &>/dev/null; then apk add --no-cache gnupg >/dev/null 2>&1 elif command -v pacman &>/dev/null; then pacman -Sy --noconfirm gnupg >/dev/null 2>&1 fi if ! command -v gpg &>/dev/null; then echo "[ERRO] gpg eh OBRIGATORIO pra verificar a autenticidade do binario." echo " Instale e tente de novo:" command -v apt-get &>/dev/null && echo " apt-get install -y gnupg2" command -v dnf &>/dev/null && echo " dnf install -y gnupg2" command -v yum &>/dev/null && echo " yum install -y gnupg2" command -v apk &>/dev/null && echo " apk add --no-cache gnupg" command -v pacman &>/dev/null && echo " pacman -Sy gnupg" exit 1 fi } ensure_gpg # ── Verificar conectividade ───────────────────────────────────────────── if ! check_url "$URL/$REMOTE_BIN.asc"; then echo "[ERRO] Sem acesso a $URL/$REMOTE_BIN.asc — verifique DNS e firewall" exit 1 fi echo "[pre] OK — arch detectada: $ARCH" echo "" # ── Install ───────────────────────────────────────────────────────────── echo "[1/4] Criando diretorio $DIR..." mkdir -p $DIR cd $DIR echo "[2/4] Baixando $REMOTE_BIN (binario + assinatura)..." fetch $URL/$REMOTE_BIN $BIN.new fetch $URL/$REMOTE_BIN.asc $BIN.new.asc echo "[3/4] Verificando ASSINATURA GPG (autenticidade Odilatech)..." GNUPGHOME_TMP=$(mktemp -d) chmod 700 "$GNUPGHOME_TMP" # Public key embedded — fingerprint 6620 02B0 1150 8EC6 74CB FD2E 8CE1 742A A457 681C cat > "$GNUPGHOME_TMP/pub.asc" <<'PGP_PUBKEY_EOF' -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEaiTHxRYJKwYBBAHaRw8BAQdAhes74HRLfIkmo1QHEXTJnueK40EgPzC4u0vc SM7id0a0T09kaWxhdGVjaCBSZWxlYXNlIFNpZ25pbmcgKE1hc3RlciBrZXkg4oCU IENlcnRpZnkgb25seSkgPHJlbGVhc2VAb2RpbGF0ZWNoLmNvbT6IkAQTFgoAOBYh BGYgArARUI7GdMv9LozhdCqkV2gcBQJqJMfFAhsBBQsJCAcCBhUKCQgLAgQWAgMB Ah4BAheAAAoJEIzhdCqkV2gcpJ4BAL9us2PguWOVhwwG3bsadEaAptrbEb2ZFePS 6DSyvWXLAP9rIlDAG8MNjOrv1z3NQGuHtmrF4d+C/eGKkz/SNp7hBLgzBGokyBcW CSsGAQQB2kcPAQEHQKB7zuzKfxj7Nd753htZMSegf8zMK1CSAmTTX6YPS65NiPUE GBYKACYWIQRmIAKwEVCOxnTL/S6M4XQqpFdoHAUCaiTIFwIbAgUJAeEzgACBCRCM 4XQqpFdoHHYgBBkWCgAdFiEEDkJI5Rpd+UBUhdSS6VewMTHi9BIFAmokyBcACgkQ 6VewMTHi9BIcJgD/Se0hIBYPWCGHJObIc+csz+3YjCzvoZCfeOL48tz0P48A/iDN u7cX7eprkJt5eFyi8qXZUg+BTq9opFvH/8AIn/MLYMkBAN2JSyb97YMyV+jX5DQa dsA0lhg7s2kqqecmKxcAwxgmAP9l98SI/OVeB8cMCRXhT4mTjhyNU3sZPsp4ydkc dSkyC7g4BGokyBgSCisGAQQBl1UBBQEBB0BGrLo49iViFMrM25ww8akULgbHgL9E nuYgOf+7iKzHVgMBCAeIfgQYFgoAJhYhBGYgArARUI7GdMv9LozhdCqkV2gcBQJq JMgYAhsMBQkB4TOAAAoJEIzhdCqkV2gcuUsBAMdhDEgHnMZLNIx+jJIzJvILc0sa d/pIc1OtW+Q1WXEdAQCdXlWWit2mBjP5XUcTpCAImARFuBOUHG7FAuv9wstLDrgz BGokyBgWCSsGAQQB2kcPAQEHQPslQ+2XiR2TrkcaEJqTQPQ16EJs1ZDSgLJAJBLf UXnAiH4EGBYKACYWIQRmIAKwEVCOxnTL/S6M4XQqpFdoHAUCaiTIGAIbIAUJAeEz gAAKCRCM4XQqpFdoHL/JAP9JxEZuo7m2nuHPuD9ZW8/mdc8g+CnPDiy0pUXEbf27 FAD/YHS5iAXIeQZkg+X3pw717EwaNPR5dU0zRy5lUeKVlAE= =4EMs -----END PGP PUBLIC KEY BLOCK----- PGP_PUBKEY_EOF gpg --homedir "$GNUPGHOME_TMP" --import "$GNUPGHOME_TMP/pub.asc" 2>/dev/null if gpg --homedir "$GNUPGHOME_TMP" --verify $BIN.new.asc $BIN.new 2>&1 | grep -q "Good signature"; then echo " ✓ assinatura valida (Odilatech Release Signing)" rm -f $BIN.new.asc rm -rf "$GNUPGHOME_TMP" else echo " ✗ ASSINATURA INVALIDA — recusando instalar." echo " binario pode ter sido adulterado no servidor de download." rm -f $BIN.new $BIN.new.asc rm -rf "$GNUPGHOME_TMP" exit 1 fi mv -f $BIN.new $BIN echo "[4/4] Ajustando permissoes..." chmod +x $BIN echo "" echo "[OK] $BIN ($ARCH) instalado em $DIR" echo "" echo "Adicione ao crontab (crontab -e):" echo "* * * * * timeout 55 $DIR/$BIN > $DIR/pg_comb.log 2>&1" echo "" echo "Para reinstalar/atualizar:" echo " curl -fsSL $URL/install.sh | bash" echo " wget -qO- $URL/install.sh | bash"