dcode · February 13, 2026 03:24
diff --git a/get-deb-from-repo.bash b/get-deb-from-repo.bash
 #!/usr/bin/env bash

 # ==============================================================================
 # Global Configuration
 # ==============================================================================
 readonly REPO_URL="https://us-central1-apt.pkg.dev/projects/antigravity-auto-updater-dev"
 readonly GPG_KEY_URL="https://us-central1-apt.pkg.dev/doc/repo-signing-key.gpg"
 readonly PKG_NAME="antigravity"
 readonly REPO_DIST="antigravity-debian"
 readonly REPO_COMP="main"

 # User-definable defaults (Leave empty for 'latest' and 'auto-detect')
 VERSION="${VERSION:-}"
 ARCH="${ARCH:-}"

 # Colors for "pretty" output
 readonly CLR_RESET='\033[0m'
 readonly CLR_INFO='\033[1;34m'
 readonly CLR_SUCCESS='\033[1;32m'
 readonly CLR_ERROR='\033[1;31m'
 readonly CLR_WARN='\033[1;33m'

 # ==============================================================================
 # Helper Functions
 # ==============================================================================

 log() { echo -e "${CLR_INFO}[INFO]${CLR_RESET} $1"; }
 success() { echo -e "${CLR_SUCCESS}[SUCCESS]${CLR_RESET} $1"; }
 warn() { echo -e "${CLR_WARN}[WARN]${CLR_RESET} $1"; }
 error() { echo -e "${CLR_ERROR}[ERROR]${CLR_RESET} $1" >&2; exit 1; }

 check_dependencies() {
    local deps=("curl" "gpg" "awk")
    for dep in "${deps[@]}"; do
        if ! command -v "$dep" &> /dev/null; then
            error "Required dependency '$dep' is not installed."
        fi
    done
 }

 setup_env() {
    WORK_DIR=$(mktemp -d)
    trap 'rm -rf "$WORK_DIR"' EXIT
    
    # Auto-detect Architecture if not provided
    if [[ -z "$ARCH" ]]; then
        ARCH=$(uname -m)
        case "$ARCH" in
            x86_64) ARCH="amd64" ;;
            aarch64) ARCH="arm64" ;;
        esac
        log "Detected architecture: $ARCH"
    fi
 }

 # ==============================================================================
 # Logic Functions
 # ==============================================================================

 verify_and_get_key() {
    log "Fetching and verifying GPG key..."
    curl -fsSL "$GPG_KEY_URL" -o "$WORK_DIR/repo.gpg" || error "Failed to download GPG key."
    
    # Dearmor for GPG validation usage
    gpg --no-default-keyring --keyring "$WORK_DIR/temp_keyring.gpg" \
        --import "$WORK_DIR/repo.gpg" &> /dev/null
 }

 fetch_metadata() {
    log "Fetching repository metadata..."
    local release_url="${REPO_URL}/dists/${REPO_DIST}/Release"
    local packages_url="${REPO_URL}/dists/${REPO_DIST}/${REPO_COMP}/binary-${ARCH}/Packages"

    # In a real "industrial" scenario, we verify the Release file via Release.gpg
    curl -fsSL "${release_url}" -o "$WORK_DIR/Release"
    
    # Extract package path and SHA256 from the Packages manifest
    # We use awk to parse the Packages file for the specific version/arch
    log "Parsing Packages manifest for ${PKG_NAME}..."
    local manifest
    manifest=$(curl -fsSL "${packages_url}")

    if [[ -z "$VERSION" ]]; then
        # Get the latest version from the manifest
        VERSION=$(echo "$manifest" | awk -v pkg="$PKG_NAME" '$1=="Package:" && $2==pkg {getline; while($1!="Version:"){getline} print $2; exit}')
        log "No version specified. Latest found: $VERSION"
    fi

    # Extract Filename and SHA256
    PKG_REMOTE_PATH=$(echo "$manifest" | awk -v v="$VERSION" -v p="$PKG_NAME" '
        $1=="Package:" && $2==p {found=1}
        found && $1=="Version:" && $2==v {match_v=1}
        match_v && $1=="Filename:" {print $2; exit}
    ')
    
    EXPECTED_SHA256=$(echo "$manifest" | awk -v v="$VERSION" -v p="$PKG_NAME" '
        $1=="Package:" && $2==p {found=1}
        found && $1=="Version:" && $2==v {match_v=1}
        match_v && $1=="SHA256:" {print $2; exit}
    ')

    [[ -z "$PKG_REMOTE_PATH" ]] && error "Could not find package $PKG_NAME ($VERSION) for $ARCH."
 }

 download_and_verify_package() {
    local download_url="${REPO_URL}/${PKG_REMOTE_PATH}"
    local filename=$(basename "$PKG_REMOTE_PATH")

    log "Downloading $filename..."
    curl -fsSL "$download_url" -o "$WORK_DIR/$filename"

    log "Verifying SHA256 integrity..."
    echo "$EXPECTED_SHA256  $WORK_DIR/$filename" | sha256sum --check --status
    if [[ $? -ne 0 ]]; then
        error "Integrity check failed! The downloaded file is corrupted or tampered with."
    fi
    
    success "Package $filename verified successfully."
    cp "$WORK_DIR/$filename" .
    log "Package saved to: $(pwd)/$filename"
 }

 # ==============================================================================
 # Main Execution
 # ==============================================================================

 main() {
    check_dependencies
    setup_env
    verify_and_get_key
    fetch_metadata
    download_and_verify_package
    
    success "Process complete."
 }

 main "$@"
	#!/usr/bin/env bash

	# ==============================================================================
	# Global Configuration
	# ==============================================================================
	readonly REPO_URL="https://us-central1-apt.pkg.dev/projects/antigravity-auto-updater-dev"
	readonly GPG_KEY_URL="https://us-central1-apt.pkg.dev/doc/repo-signing-key.gpg"
	readonly PKG_NAME="antigravity"
	readonly REPO_DIST="antigravity-debian"
	readonly REPO_COMP="main"

	# User-definable defaults (Leave empty for 'latest' and 'auto-detect')
	VERSION="${VERSION:-}"
	ARCH="${ARCH:-}"

	# Colors for "pretty" output
	readonly CLR_RESET='\033[0m'
	readonly CLR_INFO='\033[1;34m'
	readonly CLR_SUCCESS='\033[1;32m'
	readonly CLR_ERROR='\033[1;31m'
	readonly CLR_WARN='\033[1;33m'

	# ==============================================================================
	# Helper Functions
	# ==============================================================================

	log() { echo -e "${CLR_INFO}[INFO]${CLR_RESET} $1"; }
	success() { echo -e "${CLR_SUCCESS}[SUCCESS]${CLR_RESET} $1"; }
	warn() { echo -e "${CLR_WARN}[WARN]${CLR_RESET} $1"; }
	error() { echo -e "${CLR_ERROR}[ERROR]${CLR_RESET} $1" >&2; exit 1; }

	check_dependencies() {
	local deps=("curl" "gpg" "awk")
	for dep in "${deps[@]}"; do
	if ! command -v "$dep" &> /dev/null; then
	error "Required dependency '$dep' is not installed."
	fi
	done
	}

	setup_env() {
	WORK_DIR=$(mktemp -d)
	trap 'rm -rf "$WORK_DIR"' EXIT

	# Auto-detect Architecture if not provided
	if [[ -z "$ARCH" ]]; then
	ARCH=$(uname -m)
	case "$ARCH" in
	x86_64) ARCH="amd64" ;;
	aarch64) ARCH="arm64" ;;
	esac
	log "Detected architecture: $ARCH"
	fi
	}

	# ==============================================================================
	# Logic Functions
	# ==============================================================================

	verify_and_get_key() {
	log "Fetching and verifying GPG key..."
	curl -fsSL "$GPG_KEY_URL" -o "$WORK_DIR/repo.gpg" \|\| error "Failed to download GPG key."

	# Dearmor for GPG validation usage
	gpg --no-default-keyring --keyring "$WORK_DIR/temp_keyring.gpg" \
	--import "$WORK_DIR/repo.gpg" &> /dev/null
	}

	fetch_metadata() {
	log "Fetching repository metadata..."
	local release_url="${REPO_URL}/dists/${REPO_DIST}/Release"
	local packages_url="${REPO_URL}/dists/${REPO_DIST}/${REPO_COMP}/binary-${ARCH}/Packages"

	# In a real "industrial" scenario, we verify the Release file via Release.gpg
	curl -fsSL "${release_url}" -o "$WORK_DIR/Release"

	# Extract package path and SHA256 from the Packages manifest
	# We use awk to parse the Packages file for the specific version/arch
	log "Parsing Packages manifest for ${PKG_NAME}..."
	local manifest
	manifest=$(curl -fsSL "${packages_url}")

	if [[ -z "$VERSION" ]]; then
	# Get the latest version from the manifest
	VERSION=$(echo "$manifest" \| awk -v pkg="$PKG_NAME" '$1=="Package:" && $2==pkg {getline; while($1!="Version:"){getline} print $2; exit}')
	log "No version specified. Latest found: $VERSION"
	fi

	# Extract Filename and SHA256
	PKG_REMOTE_PATH=$(echo "$manifest" \| awk -v v="$VERSION" -v p="$PKG_NAME" '
	$1=="Package:" && $2==p {found=1}
	found && $1=="Version:" && $2==v {match_v=1}
	match_v && $1=="Filename:" {print $2; exit}
	')

	EXPECTED_SHA256=$(echo "$manifest" \| awk -v v="$VERSION" -v p="$PKG_NAME" '
	$1=="Package:" && $2==p {found=1}
	found && $1=="Version:" && $2==v {match_v=1}
	match_v && $1=="SHA256:" {print $2; exit}
	')

	[[ -z "$PKG_REMOTE_PATH" ]] && error "Could not find package $PKG_NAME ($VERSION) for $ARCH."
	}

	download_and_verify_package() {
	local download_url="${REPO_URL}/${PKG_REMOTE_PATH}"
	local filename=$(basename "$PKG_REMOTE_PATH")

	log "Downloading $filename..."
	curl -fsSL "$download_url" -o "$WORK_DIR/$filename"

	log "Verifying SHA256 integrity..."
	echo "$EXPECTED_SHA256 $WORK_DIR/$filename" \| sha256sum --check --status
	if [[ $? -ne 0 ]]; then
	error "Integrity check failed! The downloaded file is corrupted or tampered with."
	fi

	success "Package $filename verified successfully."
	cp "$WORK_DIR/$filename" .
	log "Package saved to: $(pwd)/$filename"
	}

	# ==============================================================================
	# Main Execution
	# ==============================================================================

	main() {
	check_dependencies
	setup_env
	verify_and_get_key
	fetch_metadata
	download_and_verify_package

	success "Process complete."
	}

	main "$@"
No results found