Files
Netcatty/scripts/fetch-mosh-binaries.cjs
2026-05-07 01:36:15 +08:00

465 lines
18 KiB
JavaScript
Executable File

#!/usr/bin/env node
/* eslint-disable no-console */
//
// Download platform-specific mosh-client binaries built by the
// `build-mosh-binaries` GitHub Actions workflow into resources/mosh/, so
// electron-builder can bundle them via `extraResources`. Designed to be
// idempotent and safe to skip in dev / CI matrix legs that don't ship
// mosh (e.g. when MOSH_BIN_RELEASE is unset).
//
// Usage:
// node scripts/fetch-mosh-binaries.cjs # all platforms
// node scripts/fetch-mosh-binaries.cjs --platform=darwin --arch=universal
// node scripts/fetch-mosh-binaries.cjs --host --resolve-release
//
// Env knobs:
// MOSH_BIN_RELEASE — release tag in ${MOSH_BIN_OWNER}/${MOSH_BIN_REPO}.
// Skip the whole step if unset (printed as a notice
// so the build doesn't silently miss the bundling).
// MOSH_BIN_OWNER — defaults to the GITHUB_REPOSITORY owner, or 'binaricat'
// MOSH_BIN_REPO — default 'Netcatty-mosh-bin' (a dedicated binary
// repository so the client repo stays source-only).
// MOSH_BIN_BASE_URL — full override (e.g. for staging / local mirror).
// MOSH_BIN_RES_DIR — override output dir for tests.
// MOSH_BIN_ALLOW_UNVERIFIED=true — explicit local escape hatch for mirrors
// without SHA256SUMS. Never use for release builds.
// MOSH_BIN_FORCE_WINDOWS_CYGWIN=true — debug escape hatch for the upstream
// Cygwin Windows bundle. The default Windows x64 asset
// is the FluentTerminal-pinned standalone client because
// the current Cygwin build clears the terminal and never
// renders remote output on Windows.
// MOSH_BIN_WINDOWS_LEGACY_URL / MOSH_BIN_WINDOWS_LEGACY_SHA256 — test/mirror
// overrides for that pinned Windows fallback.
const fs = require("node:fs");
const path = require("node:path");
const http = require("node:http");
const https = require("node:https");
const os = require("node:os");
const crypto = require("node:crypto");
const { execFileSync } = require("node:child_process");
const { main: resolveMoshBinRelease } = require("./resolve-mosh-bin-release.cjs");
const ROOT = path.resolve(__dirname, "..");
const DEFAULT_RES_DIR = path.join(ROOT, "resources", "mosh");
const WINDOWS_LEGACY_FLUENT_MOSH_CLIENT = {
id: "windows-fluentterminal-standalone",
file: "mosh-client-win32-x64.exe",
local: "win32-x64/mosh-client.exe",
url: "https://raw.githubusercontent.com/felixse/FluentTerminal/bad0f85/Dependencies/MoshExecutables/x64/mosh-client.exe",
sha256: "5a8d84ff205c6a0711e53b961f909484a892f42648807e52d46d4fa93c05e286",
};
// (file basename in the release -> relative subpath under resources/mosh/)
// Using flat names in the release for SHA256SUMS readability, then
// fanning out into platform-arch subdirs locally.
//
// Linux/macOS targets are tar.gz bundles containing the binary plus the
// runtime helpers each platform needs. Windows x64 defaults to the
// SHA256-pinned FluentTerminal standalone exe because the tested Cygwin
// bundle clears the terminal and never renders remote output on Windows.
// Bundling terminfo lets bundled Posix mosh-client builds work on
// minimal hosts that don't have a
// system ncurses-base — see issue #890.
//
// `legacy` describes the pre-bundle artifact name some published mosh
// binary releases still ship (Linux/Darwin used flat files before the
// bundle layout). When SHA256SUMS lists only the legacy name we fall
// back to it so existing releases keep working until a new tag is
// republished with the bundle layout.
const TARGETS = [
{
platform: "linux", arch: "x64",
file: "mosh-client-linux-x64.tar.gz", localDir: "linux-x64", extract: "tar.gz",
legacy: { file: "mosh-client-linux-x64", local: "linux-x64/mosh-client" },
},
{
platform: "linux", arch: "arm64",
file: "mosh-client-linux-arm64.tar.gz", localDir: "linux-arm64", extract: "tar.gz",
legacy: { file: "mosh-client-linux-arm64", local: "linux-arm64/mosh-client" },
},
{
platform: "darwin", arch: "universal",
file: "mosh-client-darwin-universal.tar.gz", localDir: "darwin-universal", extract: "tar.gz",
legacy: { file: "mosh-client-darwin-universal", local: "darwin-universal/mosh-client" },
},
{
platform: "win32", arch: "x64",
file: "mosh-client-win32-x64.tar.gz", localDir: "win32-x64", extract: "tar.gz",
legacy: WINDOWS_LEGACY_FLUENT_MOSH_CLIENT,
preferLegacy: true,
},
];
function applyReleaseAssetOverrides(asset, opts = {}) {
if (asset.id !== WINDOWS_LEGACY_FLUENT_MOSH_CLIENT.id) return asset;
return {
...asset,
url: opts.windowsLegacyUrl || asset.url,
sha256: opts.windowsLegacySha256 || asset.sha256,
};
}
function selectReleaseAsset(target, sums, opts = {}) {
const primary = { file: target.file, extract: target.extract, local: target.local, localDir: target.localDir };
if (!target.legacy) return primary;
if (target.preferLegacy && !opts.forceWindowsCygwin) {
const legacy = applyReleaseAssetOverrides(target.legacy, opts);
if (sums.get(target.legacy.file) === legacy.sha256) {
return { file: target.legacy.file, local: target.legacy.local, sha256: legacy.sha256 };
}
return legacy;
}
// SHA256SUMS unavailable (allowUnverified mirror) — keep the primary
// and let download / extraction errors surface naturally.
if (sums.size === 0) return primary;
if (sums.has(target.file)) return primary;
if (sums.has(target.legacy.file)) {
return applyReleaseAssetOverrides({ file: target.legacy.file, local: target.legacy.local }, opts);
}
return primary;
}
function log(msg) { console.log(`[fetch-mosh-binaries] ${msg}`); }
function warn(msg) { console.warn(`[fetch-mosh-binaries] WARN ${msg}`); }
function transferFor(url) {
const protocol = new URL(url).protocol;
if (protocol === "https:") return https;
if (protocol === "http:") return http;
throw new Error(`unsupported protocol for ${url}`);
}
function follow(url, depth = 0) {
return new Promise((resolve, reject) => {
if (depth > 5) return reject(new Error("too many redirects"));
transferFor(url).get(url, (res) => {
if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
res.resume();
resolve(follow(new URL(res.headers.location, url).toString(), depth + 1));
return;
}
if (res.statusCode !== 200) {
res.resume();
reject(new Error(`HTTP ${res.statusCode} for ${url}`));
return;
}
const chunks = [];
res.on("data", (c) => chunks.push(c));
res.on("end", () => resolve(Buffer.concat(chunks)));
res.on("error", reject);
}).on("error", reject);
});
}
function parseSums(text) {
const map = new Map();
for (const line of text.split(/\r?\n/)) {
const m = line.match(/^([0-9a-f]{64})\s+\*?\s*(\S+)\s*$/i);
if (m) map.set(m[2], m[1].toLowerCase());
}
return map;
}
async function fetchSums(baseUrl, { allowUnverified = false } = {}) {
try {
const buf = await follow(`${baseUrl}/SHA256SUMS`);
return parseSums(buf.toString("utf8"));
} catch (err) {
if (allowUnverified) {
warn(`could not fetch SHA256SUMS from ${baseUrl} (${err.message})`);
return new Map();
}
throw new Error(`could not fetch SHA256SUMS from ${baseUrl} (${err.message})`);
}
}
function assertSafeTarEntry(entry) {
const name = entry.trim();
if (!name) throw new Error("tarball contains an empty entry name");
if (name.startsWith("/") || name.startsWith("\\") || /^[A-Za-z]:/.test(name)) {
throw new Error(`tarball contains an absolute path: ${name}`);
}
if (name.includes("\\")) {
throw new Error(`tarball contains a Windows-style path: ${name}`);
}
const parts = name.split("/");
if (parts.includes("..")) {
throw new Error(`tarball contains a parent-directory path: ${name}`);
}
}
function resolveTarArchiveInvocation(archivePath, platform = process.platform) {
const pathApi = platform === "win32" ? path.win32 : path;
return {
cwd: pathApi.dirname(archivePath),
archive: pathApi.basename(archivePath),
};
}
function listTarEntries(archivePath) {
const { cwd, archive } = resolveTarArchiveInvocation(archivePath);
const out = execFileSync("tar", ["-tzf", archive], { cwd, encoding: "utf8" });
return out.split(/\r?\n/).filter(Boolean);
}
function validateTarEntries(entries) {
if (entries.length === 0) throw new Error("tarball is empty");
for (const entry of entries) assertSafeTarEntry(entry);
}
function chmodExecutable(filePath) {
if (process.platform !== "win32" && fs.existsSync(filePath) && !fs.lstatSync(filePath).isSymbolicLink()) {
try { fs.chmodSync(filePath, 0o755); } catch { /* ignore */ }
}
}
function parseMoshBinRepository(env) {
const githubOwner = (env.GITHUB_REPOSITORY || "").split("/")[0];
return {
owner: env.MOSH_BIN_OWNER || githubOwner || "binaricat",
repo: env.MOSH_BIN_REPO || "Netcatty-mosh-bin",
};
}
function resolveHostTarget(opts = {}) {
const platform = opts.platform || process.platform;
const arch = opts.arch || process.arch;
if (platform === "darwin") return { platform: "darwin", arch: "universal" };
if (platform === "linux" && (arch === "x64" || arch === "arm64")) return { platform, arch };
if (platform === "win32" && arch === "x64") return { platform, arch };
throw new Error(`No bundled mosh-client target for ${platform}-${arch}`);
}
function assertExtractedTreeSafe(root) {
const stack = [root];
while (stack.length > 0) {
const dir = stack.pop();
for (const name of fs.readdirSync(dir)) {
const file = path.join(dir, name);
const stat = fs.lstatSync(file);
if (stat.isSymbolicLink()) {
throw new Error(`tarball contains a symbolic link: ${path.relative(root, file)}`);
}
if (stat.isDirectory()) {
stack.push(file);
continue;
}
if (!stat.isFile()) {
throw new Error(`tarball contains an unsupported file type: ${path.relative(root, file)}`);
}
}
}
}
function assertBundledTerminfo(extractDir, target) {
const terminfoDir = path.join(extractDir, "terminfo");
const terminfoEntry = [
path.join(terminfoDir, "x", "xterm-256color"),
path.join(terminfoDir, "78", "xterm-256color"),
].find((entry) => fs.existsSync(entry));
if (terminfoEntry && !fs.lstatSync(terminfoEntry).isFile()) {
throw new Error(`${target.file} contained invalid terminfo for xterm-256color`);
}
if (!terminfoEntry) {
warn(`${target.file} did not contain terminfo for xterm-256color; ${target.platform}-${target.arch} mosh packaging will fall back to host system terminfo (issue #890).`);
}
}
function normalizeWindowsBundle(extractDir, target) {
const genericExe = path.join(extractDir, "mosh-client.exe");
const legacyExe = path.join(extractDir, `mosh-client-${target.platform}-${target.arch}.exe`);
if (!fs.existsSync(genericExe) && fs.existsSync(legacyExe)) {
fs.renameSync(legacyExe, genericExe);
}
if (!fs.existsSync(genericExe) || !fs.lstatSync(genericExe).isFile()) {
throw new Error(`${target.file} did not contain mosh-client.exe`);
}
const dllDir = path.join(extractDir, `mosh-client-${target.platform}-${target.arch}-dlls`);
if (!fs.existsSync(dllDir) || !fs.statSync(dllDir).isDirectory()) {
throw new Error(`${target.file} did not contain ${path.basename(dllDir)}/`);
}
assertBundledTerminfo(extractDir, target);
chmodExecutable(genericExe);
}
function normalizePosixBundle(extractDir, target) {
const binary = path.join(extractDir, "mosh-client");
const legacyBinary = path.join(extractDir, `mosh-client-${target.platform}-${target.arch}`);
if (!fs.existsSync(binary) && fs.existsSync(legacyBinary)) {
fs.renameSync(legacyBinary, binary);
}
if (!fs.existsSync(binary) || !fs.lstatSync(binary).isFile()) {
throw new Error(`${target.file} did not contain mosh-client`);
}
assertBundledTerminfo(extractDir, target);
chmodExecutable(binary);
}
function normalizeBundle(extractDir, target) {
if (target.platform === "win32") return normalizeWindowsBundle(extractDir, target);
return normalizePosixBundle(extractDir, target);
}
function replaceDir(srcDir, destDir) {
fs.rmSync(destDir, { recursive: true, force: true });
fs.mkdirSync(path.dirname(destDir), { recursive: true });
try {
fs.renameSync(srcDir, destDir);
} catch (err) {
if (!err || err.code !== "EXDEV") throw err;
fs.cpSync(srcDir, destDir, { recursive: true });
fs.rmSync(srcDir, { recursive: true, force: true });
}
}
function unpackTarGz(buf, target, { resDir }) {
const tmpRoot = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-mosh-"));
const archive = path.join(tmpRoot, "bundle.tar.gz");
const extractDir = path.join(tmpRoot, "extract");
const destDir = path.join(resDir, target.localDir);
fs.mkdirSync(extractDir, { recursive: true });
try {
fs.writeFileSync(archive, buf);
validateTarEntries(listTarEntries(archive));
const archiveInvocation = resolveTarArchiveInvocation(archive);
execFileSync("tar", ["-xzf", archiveInvocation.archive, "-C", path.basename(extractDir)], {
cwd: archiveInvocation.cwd,
stdio: "inherit",
});
assertExtractedTreeSafe(extractDir);
normalizeBundle(extractDir, target);
replaceDir(extractDir, destDir);
} finally {
fs.rmSync(tmpRoot, { recursive: true, force: true });
}
return destDir;
}
function writeFlatAsset(buf, target, asset, { resDir }) {
const dest = path.join(resDir, asset.local);
const tmpRoot = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-mosh-flat-"));
const tmpDest = path.join(tmpRoot, path.basename(dest));
try {
fs.writeFileSync(tmpDest, buf);
if (target.platform !== "win32") fs.chmodSync(tmpDest, 0o755);
replaceDir(tmpRoot, path.dirname(dest));
} catch (err) {
fs.rmSync(tmpRoot, { recursive: true, force: true });
throw err;
}
return dest;
}
async function fetchOne(target, sums, opts) {
const { baseUrl, resDir, allowUnverified = false } = opts;
const asset = selectReleaseAsset(target, sums, opts);
if (asset.file !== target.file) {
log(`using legacy asset ${asset.file} for ${target.platform}-${target.arch}`);
}
const url = asset.url || `${baseUrl}/${asset.file}`;
let buf;
try {
buf = await follow(url);
} catch (err) {
throw new Error(`download failed for ${asset.file}: ${err.message}`);
}
const expected = asset.sha256 || sums.get(asset.file);
const actual = crypto.createHash("sha256").update(buf).digest("hex");
if (expected && expected !== actual) {
throw new Error(`SHA256 mismatch for ${asset.file}: expected ${expected}, got ${actual}`);
}
if (!expected) {
if (!allowUnverified) {
throw new Error(`no SHA256 entry for ${asset.file}`);
}
warn(`no SHA256 entry for ${asset.file} - accepting actual ${actual}`);
}
if (asset.extract === "tar.gz") {
const destDir = unpackTarGz(buf, target, { resDir });
log(`unpacked ${asset.file} into ${path.relative(ROOT, destDir)}/ (sha256=${actual})`);
return true;
}
const dest = writeFlatAsset(buf, target, asset, { resDir });
log(`wrote ${path.relative(ROOT, dest)} (${buf.length} bytes, sha256=${actual})`);
return true;
}
async function main(argv = process.argv.slice(2), env = process.env) {
const platformArg = (argv.find((a) => a.startsWith("--platform=")) || "").split("=")[1];
const archArg = (argv.find((a) => a.startsWith("--arch=")) || "").split("=")[1];
let hostTarget = null;
if (argv.includes("--host")) {
try {
hostTarget = resolveHostTarget({ platform: platformArg || process.platform, arch: archArg || process.arch });
} catch (err) {
warn(`${err.message} - skipping host mosh-client fetch.`);
return 0;
}
}
let release = env.MOSH_BIN_RELEASE;
if (!release && argv.includes("--resolve-release")) {
release = await resolveMoshBinRelease(env);
}
if (!release) {
log("MOSH_BIN_RELEASE is unset - skipping. Set it (e.g. mosh-bin-1.4.0-1) to bundle mosh-client into the package.");
return 0;
}
const { owner, repo } = parseMoshBinRepository(env);
const baseUrl = env.MOSH_BIN_BASE_URL ||
`https://github.com/${owner}/${repo}/releases/download/${encodeURIComponent(release)}`;
const resDir = path.resolve(env.MOSH_BIN_RES_DIR || DEFAULT_RES_DIR);
const allowUnverified = env.MOSH_BIN_ALLOW_UNVERIFIED === "true";
const forceWindowsCygwin = env.MOSH_BIN_FORCE_WINDOWS_CYGWIN === "true";
const platformFilter = hostTarget?.platform || platformArg;
const archFilter = hostTarget?.arch || archArg;
log(`release=${release} owner=${owner} repo=${repo}`);
const sums = await fetchSums(baseUrl, { allowUnverified });
let ok = 0;
let total = 0;
for (const target of TARGETS) {
if (platformFilter && target.platform !== platformFilter) continue;
if (archFilter && target.arch !== archFilter) continue;
total += 1;
if (await fetchOne(target, sums, {
baseUrl,
resDir,
allowUnverified,
forceWindowsCygwin,
windowsLegacyUrl: env.MOSH_BIN_WINDOWS_LEGACY_URL,
windowsLegacySha256: env.MOSH_BIN_WINDOWS_LEGACY_SHA256,
})) ok += 1;
}
log(`done - ${ok}/${total} binaries written`);
if (ok < total) throw new Error(`only wrote ${ok}/${total} requested binaries`);
return 0;
}
if (require.main === module) {
main().catch((err) => {
console.error(`[fetch-mosh-binaries] FATAL ${err.message}`);
process.exit(1);
});
}
module.exports = {
TARGETS,
parseMoshBinRepository,
replaceDir,
resolveHostTarget,
resolveTarArchiveInvocation,
parseSums,
selectReleaseAsset,
validateTarEntries,
assertExtractedTreeSafe,
unpackTarGz,
writeFlatAsset,
main,
};