Skip to content

installer: fix and harden the curl|sh installer, add serving Worker#4

Merged
postgresql007 merged 3 commits into
mainfrom
installer-fixes
Jun 22, 2026
Merged

installer: fix and harden the curl|sh installer, add serving Worker#4
postgresql007 merged 3 commits into
mainfrom
installer-fixes

Conversation

@cybertec-adrian

@cybertec-adrian cybertec-adrian commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

scripts/install.sh never worked against real releases:

  • it built an unversioned archive name (pg_hardstorage_.tar.gz) but goreleaser emits pg_hardstorage.tar.gz → 404;
  • it used latest as a literal download path (no such tag) → 404;
  • it read $1 directly, so --version <tag> was taken as the version string verbatim.

Resolve latest via the GitHub release redirect, build the versioned goreleaser archive name, and parse --version/--bindir/--no-verify properly. Verify downloads by SHA-256 against checksums.txt, and by cosign signature when cosign is present. Re-exec under bash (the canonical | sh entry runs dash on Debian) and fall back to ~/.local/bin when there's no TTY to prompt for sudo.

Add a Cloudflare Worker (deploy/cloudflare/) that serves the script at get.pghardstorage.org, with a wrangler.toml wired for the Cloudflare Git integration and the custom-domain route.

Verified against the live v1.0.0 release: latest resolves to v1.0.0, the built archive name matches checksums.txt, and the tarball + .sig + .pem all exist.

Summary

Make curl -sSL https://get.pghardstorage.org | sh actually work: fix three bugs in scripts/install.sh (unversioned archive name, latest as a literal path, and broken --version parsing), add SHA-256 + cosign verification, and add a Cloudflare Worker (deploy/cloudflare/) that serves the script at get.pghardstorage.org.

Type

  • Bug fix
  • New feature
  • Refactor (no behaviour change)
  • Documentation
  • Test infrastructure
  • Packaging / release

Tests

  • make check passes locally (vet + race tests)
  • New tests added for the changed behaviour, or there's a clear reason none exist
  • Integration tests pass (make test-integration) where touched

Compatibility

  • No on-disk manifest schema changes (or: schema bumped + 24-month back-read preserved)
  • No CLI / API contract changes (or: documented + bumped)
  • No new external dependencies (or: justified in the description)

Checklist

  • Maintainer-attribution authoring (Author: Hans-Jürgen Schönig <hs@cybertec.at>)
  • No AI-attribution lines anywhere
  • CHANGELOG.md updated under the unreleased section
  • Comments explain WHY (not WHAT) where the code isn't self-evident

@postgresql007
installer: fix and harden the curl|sh installer, add serving Worker
bac6e07 
scripts/install.sh never worked against real releases:
- it built an unversioned archive name (pg_hardstorage_<os>_<arch>.tar.gz)
  but goreleaser emits pg_hardstorage_<version>_<os>_<arch>.tar.gz → 404;
- it used `latest` as a literal download path (no such tag) → 404;
- it read $1 directly, so `--version <tag>` was taken as the version
  string verbatim.

Resolve `latest` via the GitHub release redirect, build the versioned
goreleaser archive name, and parse --version/--bindir/--no-verify
properly. Verify downloads by SHA-256 against checksums.txt, and by
cosign signature when cosign is present. Re-exec under bash (the
canonical `| sh` entry runs dash on Debian) and fall back to
~/.local/bin when there's no TTY to prompt for sudo.

Add a Cloudflare Worker (deploy/cloudflare/) that serves the script at
get.pghardstorage.org, with a wrangler.toml wired for the Cloudflare
Git integration and the custom-domain route.

Verified against the live v1.0.0 release: latest resolves to v1.0.0,
the built archive name matches checksums.txt, and the tarball + .sig +
.pem all exist.
@postgresql007
installer: make install.sh POSIX-sh so curl|sh actually works
dbd4a23 
The bash re-exec guard could never recover bash for the canonical
`curl -sSL ... | sh` path: a piped script has no file on disk, so $0 is
the shell binary (e.g. /usr/bin/dash) and `exec bash "$0"` becomes
`exec bash /usr/bin/dash` — "cannot execute binary file", exit 126.
That broke the very invocation the PR set out to fix.

Drop the re-exec and convert the script to strict POSIX sh (no [[ ]],
no =~, no `set -o pipefail`), so it runs unchanged under dash, busybox
ash, and bash. usage() now prints a static heredoc instead of sed-ing
$0 (which isn't a file when piped). Verified end-to-end under dash:
latest→v1.0.0, versioned archive name, SHA-256 verify, extract, install.
@postgresql007
Merge remote-tracking branch 'origin/main' into installer-fixes
959cb59 
# Conflicts:
#	CHANGELOG.md
@postgresql007 postgresql007 merged commit a0b0a4a into main Jun 22, 2026
16 checks passed
@postgresql007 postgresql007 deleted the installer-fixes branch June 22, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cybertec-adrian @postgresql007