bsidhom · September 27, 2024 04:56
diff --git a/update-beryl-tailscale.sh b/update-beryl-tailscale.sh
 #!/usr/bin/env bash

 set -euo pipefail

 function main() {
  if [[ $# -ne 1 ]] ; then
    echo "usage: $0 <router ip>" >&2
    exit 2
  fi
  local router_ip="$1"
  tempdir="$(mktemp -d)"
  trap "clean_up $tempdir" EXIT
  echo "using temp dir: $tempdir"
  pushd "$tempdir" >/dev/null

  verify_connection
  local metadata
  metadata="$(download_metadata)"
  local url
  url="$(echo "$metadata" | get_url)"
  local version
  version="$(echo "$metadata" | get_version)"
  local tarball='tailscale.tgz'
  curl "$url" -o "$tarball"
  tar -xvf "$tarball"
  local prefix="tailscale_${version}_arm64"
  compress_binaries "$prefix"
  copy_binaries "$prefix" "$router_ip"

  popd >/dev/null
 }

 function verify_connection() {
  # Before beginning, ensure that we can do passwordless SSH and that the
  # address is correct.
  ssh -o 'BatchMode yes' "root@${router_ip}" </dev/null >/dev/null 2>&1
 }

 function download_metadata() {
  curl 'https://pkgs.tailscale.com/stable/?mode=json'
 }

 function get_url() {
  local tarball
  tarball="$(jq -r '.Tarballs.arm64')"
  local url
  url="https://pkgs.tailscale.com/stable/${tarball}"
  echo "$url"
 }

 function get_version() {
  jq -r '.TarballsVersion'
 }

 function compress_binaries() {
  local prefix="$1"
  upx --best "$prefix/tailscale"
  upx --best "$prefix/tailscaled"
 }

 function copy_binaries() {
  local prefix="$1"
  local router_ip="$2"

  # TODO: Properly compute and verify checksums. I'm not convinced there's a
  # safe way to do this escaping in bash, so this might need to be translated
  # into Python or similar for more robust handling.

  # NOTE: This _only_ works with passwordless SSH. Make sure your SSH keys are
  # copied to /etc/dropbear/authorized_keys on the target device.
  scp -OB "$prefix/tailscale" "root@${router_ip}:/usr/sbin/tailscale"
  scp -OB "$prefix/tailscaled" "root@${router_ip}:/usr/sbin/tailscaled"
 }

 function clean_up() {
  local tempdir="$1"
  rm -rf "$tempdir"
 }

 main "$@"
	#!/usr/bin/env bash

	set -euo pipefail

	function main() {
	if [[ $# -ne 1 ]] ; then
	echo "usage: $0 <router ip>" >&2
	exit 2
	fi
	local router_ip="$1"
	tempdir="$(mktemp -d)"
	trap "clean_up $tempdir" EXIT
	echo "using temp dir: $tempdir"
	pushd "$tempdir" >/dev/null

	verify_connection
	local metadata
	metadata="$(download_metadata)"
	local url
	url="$(echo "$metadata" \| get_url)"
	local version
	version="$(echo "$metadata" \| get_version)"
	local tarball='tailscale.tgz'
	curl "$url" -o "$tarball"
	tar -xvf "$tarball"
	local prefix="tailscale_${version}_arm64"
	compress_binaries "$prefix"
	copy_binaries "$prefix" "$router_ip"

	popd >/dev/null
	}

	function verify_connection() {
	# Before beginning, ensure that we can do passwordless SSH and that the
	# address is correct.
	ssh -o 'BatchMode yes' "root@${router_ip}" </dev/null >/dev/null 2>&1
	}

	function download_metadata() {
	curl 'https://pkgs.tailscale.com/stable/?mode=json'
	}

	function get_url() {
	local tarball
	tarball="$(jq -r '.Tarballs.arm64')"
	local url
	url="https://pkgs.tailscale.com/stable/${tarball}"
	echo "$url"
	}

	function get_version() {
	jq -r '.TarballsVersion'
	}

	function compress_binaries() {
	local prefix="$1"
	upx --best "$prefix/tailscale"
	upx --best "$prefix/tailscaled"
	}

	function copy_binaries() {
	local prefix="$1"
	local router_ip="$2"

	# TODO: Properly compute and verify checksums. I'm not convinced there's a
	# safe way to do this escaping in bash, so this might need to be translated
	# into Python or similar for more robust handling.

	# NOTE: This _only_ works with passwordless SSH. Make sure your SSH keys are
	# copied to /etc/dropbear/authorized_keys on the target device.
	scp -OB "$prefix/tailscale" "root@${router_ip}:/usr/sbin/tailscale"
	scp -OB "$prefix/tailscaled" "root@${router_ip}:/usr/sbin/tailscaled"
	}

	function clean_up() {
	local tempdir="$1"
	rm -rf "$tempdir"
	}

	main "$@"