#!/usr/bin/env sh # install.sh — one-shot installer for macOS and Linux. # # Usage: # curl -fsSL https://freevpnapp.org/install.sh | sh # # What it does: # 1. Detects OS + arch. # 2. Resolves the latest version from https://freevpnapp.org/downloads/LATEST # (a plain-text file containing just a tag like "v0.1.0"). # 3. Downloads the matching release tarball from # https://freevpnapp.org/downloads/ . # 4. Verifies the SHA256 checksum against # https://freevpnapp.org/downloads/.sha256 . # 5. Drops `freevpn` and `freevpnd` into /usr/local/bin. # 6. Runs `sudo freevpn install` to wire up launchd/systemd. # # No GitHub, no third-party CDNs — everything flows through # freevpnapp.org, which is the only domain users ever see. # # Environment: # FREEVPN_VERSION pin to a specific tag (e.g. v0.1.0) # FREEVPN_PREFIX install prefix (default /usr/local) # FREEVPN_NO_SVC if non-empty, skip `freevpn install` at the end. # FREEVPN_NO_SHA if non-empty, skip checksum verification # (don't do this unless you're debugging). set -eu BASE_URL="https://freevpnapp.org/downloads" VERSION="${FREEVPN_VERSION:-latest}" PREFIX="${FREEVPN_PREFIX:-/usr/local}" os="$(uname -s | tr '[:upper:]' '[:lower:]')" arch="$(uname -m)" case "$os" in darwin) # macOS tarball is a universal binary (arm64 + x86_64), so # arch doesn't matter for platform selection here. plat="darwin" ;; linux) case "$arch" in x86_64|amd64) plat="linux-amd64" ;; aarch64|arm64) plat="linux-arm64" ;; *) echo "unsupported Linux arch: $arch" >&2 echo "supported: x86_64/amd64, aarch64/arm64" >&2 exit 1 ;; esac ;; *) echo "unsupported OS: $os (only macOS and Linux are supported)" >&2 exit 1 ;; esac # Resolve "latest" → concrete version tag. The LATEST file is a # single line of text, e.g. "v0.1.0\n", so we trim whitespace. if [ "$VERSION" = "latest" ]; then VERSION="$(curl -fsSL "$BASE_URL/LATEST" | tr -d '[:space:]')" fi [ -n "$VERSION" ] || { echo "could not resolve latest version from $BASE_URL/LATEST" >&2; exit 1; } tarball="freevpn-$VERSION-$plat.tar.gz" url="$BASE_URL/$tarball" tmp="$(mktemp -d)" trap 'rm -rf "$tmp"' EXIT echo "==> downloading $url" curl -fsSL "$url" -o "$tmp/$tarball" # Checksum verification. freevpnapp.org ships a sibling # .sha256 next to every tarball, containing a single # " " line (the exact format shasum/openssl dgst # emit). Skip only if explicitly told to. if [ -z "${FREEVPN_NO_SHA:-}" ]; then echo "==> verifying SHA256" curl -fsSL "$url.sha256" -o "$tmp/$tarball.sha256" # Prefer shasum (ships with macOS + most Linux); fall back to # openssl which is everywhere. if command -v shasum >/dev/null 2>&1; then (cd "$tmp" && shasum -a 256 -c "$tarball.sha256") elif command -v sha256sum >/dev/null 2>&1; then (cd "$tmp" && sha256sum -c "$tarball.sha256") else expected="$(awk '{print $1}' "$tmp/$tarball.sha256")" actual="$(openssl dgst -sha256 "$tmp/$tarball" | awk '{print $NF}')" if [ "$expected" != "$actual" ]; then echo "SHA256 mismatch: expected $expected, got $actual" >&2 exit 1 fi fi fi tar -C "$tmp" -xzf "$tmp/$tarball" echo "==> installing to $PREFIX/bin (may prompt for sudo)" sudo install -m 0755 "$tmp/freevpn" "$PREFIX/bin/freevpn" sudo install -m 0755 "$tmp/freevpnd" "$PREFIX/bin/freevpnd" if [ -z "${FREEVPN_NO_SVC:-}" ]; then echo "==> installing system service" sudo "$PREFIX/bin/freevpn" install fi cat <