aibot777/unlimitedcoding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06057f864b068b35645122e6173ffabc3a67d2e0
unlimitedcoding/codex/ucodex_update.sh
delta-cloud-208e 06057f864b fix(installers): 8 critical bugs from gpt-5.5 + glm-5.1 audit (Item 17) 
Sub-agents reviewed all 26 installer scripts. Fixed (TDD):

BLOCKERS (install fails on platform):
1. claude/uclaude_uninstall.sh: replace `sed -i` → portable `sedi()` helper
   (BSD sed on macOS requires `-i ''`, GNU uses `-i`). Same fix style as
   codex/ucodex_install.sh:sedi.
2. claude/uclaude_install.ps1: abort if $apiKey null after fetch attempt
   (was silently completing install with broken auth env vars). Guard
   added to all 8 ps1 scripts.
3. qwen/uqwen_install.ps1 + uqwen_update.ps1: build trustedFolders.json
   via [ordered]@{} | ConvertTo-Json (PowerShell single-quoted literal
   was preserving `\"` as backslash+quote, producing INVALID JSON).
4. codex/ucodex_update.ps1: check $LASTEXITCODE after Python patcher call
   (native command non-zero exit doesn't throw under
   ErrorActionPreference='Continue' — patcher failure was silent, no
   PowerShell fallback triggered).

HIGH (wrong behavior / regressions):
5. gemini/ugemini_install.ps1 + update.ps1: read $env:UGEMINI_API_KEY
   FIRST (was only checking $env:UCLAUDE_API_KEY — claude variable).
6. gemini/ugemini_update.ps1: download gemini_config.json from PRIVATE
   unlimitedcoding-config (was downloading from public — would 404 after
   Item 14 sanitization).
7. claude/uclaude_update.ps1: drop ANTHROPIC_API_KEY assignment + dynamic
   models fetch (regression — install.ps1 was fixed earlier but update.ps1
   still set both env vars, re-introducing Auth conflict warning).
8. codex/ucodex_install.sh + update.sh: GitHub API curl needs
   `-H "User-Agent: UnlimitedCoding-Installer"` and `-f` flag (default
   curl/X.Y UA gets 403 from GitHub API + silent fail on 5xx).

Bonus fixes pulled in:
- codex/ucodex_install.ps1: switch codex_config download URL to private
  repo (consistency with update.ps1 + Item 14 sanitization)
- codex/ucodex_install.ps1: add `--all` flag to patcher invocation
  (matched between install + update)

Tests: tests/test_installer_bugs_audit.py — 9 GREEN regression guards.
Total: 186 tests GREEN.

Audit transcripts: gpt-5.5 found 24 issues (claude+gemini), glm-5.1
found 11 issues (codex+qwen). Lower-priority items (heredoc unsafe
quoting, lock files, schema validation) deferred to next iteration.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 17:16:43 +00:00

187 lines
5.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Codex CLI — Updater
# Downloads latest binary from GitHub + re-applies config patches.
# Uses wrapper script so env vars work immediately in any shell.
#
# Usage: sudo bash ucodex_update.sh
set -euo pipefail
GITEA_TOKEN="${GITEA_TOKEN:-cadffcb0a6a3be728ac1ff619bb40c86588f6837}"
REPO_RAW="https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/codex"
PRIVATE_CONFIG_BASE="https://git.sensey24.ru/aibot777/unlimitedcoding-config/raw/branch/main"
GITHUB_API="https://api.github.com/repos/openai/codex/releases/latest"
OS="$(uname -s)"
IS_MACOS=false
[ "$OS" = "Darwin" ] && IS_MACOS=true
CODEX_BIN="/usr/local/bin/.codex-bin"
CODEX_WRAPPER="/usr/local/bin/codex"
if $IS_MACOS; then
ENV_FILE="/etc/codex-env.sh"
else
ENV_FILE="/etc/profile.d/codex-env.sh"
fi
# Cross-platform sed -i
sedi() {
if $IS_MACOS; then
sed -i '' "$@"
else
sed -i "$@"
fi
}
# Cross-platform: check if file is a native binary
is_native_binary() {
local f="$1"
[ -f "$f" ] && file "$f" | grep -qE "ELF|Mach-O"
}
GREEN="\033[92m"
CYAN="\033[96m"
YELLOW="\033[93m"
RED="\033[91m"
BOLD="\033[1m"
RESET="\033[0m"
log() { echo -e "${GREEN}[+]${RESET} $*"; }
info() { echo -e "${CYAN}[i]${RESET} $*"; }
warn() { echo -e "${YELLOW}[~]${RESET} $*"; }
err() { echo -e "${RED}[!]${RESET} $*" >&2; }
echo -e "${BOLD}"
echo " +--------------------------------------+"
echo " | Codex CLI — Updater |"
echo " +--------------------------------------+"
echo -e "${RESET}"
# ---- Migrate old direct binary if needed ----
if is_native_binary "$CODEX_WRAPPER"; then
info "Migrating old binary to $CODEX_BIN..."
mv -f "$CODEX_WRAPPER" "$CODEX_BIN"
fi
# ---- Check current version ----
OLD_VER="not installed"
if [ -f "$CODEX_BIN" ]; then
OLD_VER=$("$CODEX_BIN" --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
info "Current version: $OLD_VER"
fi
# ---- Get latest version ----
info "Checking latest version..."
LATEST_VER=$(curl -sf -H "User-Agent: UnlimitedCoding-Installer" "$GITHUB_API" | sed -n 's/.*"tag_name":[[:space:]]*"rust-v\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\)".*/\1/p' | head -1)
if [ -z "$LATEST_VER" ]; then
err "Could not fetch latest version from GitHub"
exit 1
fi
info "Latest version: $LATEST_VER"
if [ "$OLD_VER" = "$LATEST_VER" ]; then
log "Already up to date ($LATEST_VER)"
else
ARCH=$(uname -m)
if $IS_MACOS; then
case "$ARCH" in
x86_64) BINARY_SUFFIX="x86_64-apple-darwin" ;;
arm64|aarch64) BINARY_SUFFIX="aarch64-apple-darwin" ;;
*) err "Unsupported architecture: $ARCH"; exit 1 ;;
esac
else
case "$ARCH" in
x86_64) BINARY_SUFFIX="x86_64-unknown-linux-musl" ;;
aarch64|arm64) BINARY_SUFFIX="aarch64-unknown-linux-musl" ;;
*) err "Unsupported architecture: $ARCH"; exit 1 ;;
esac
fi
DOWNLOAD_URL="https://github.com/openai/codex/releases/download/rust-v${LATEST_VER}/codex-${BINARY_SUFFIX}.tar.gz"
TEMP_DIR=$(mktemp -d)
info "Downloading codex-${BINARY_SUFFIX}..."
curl -L -# -o "$TEMP_DIR/codex.tar.gz" "$DOWNLOAD_URL"
tar -xzf "$TEMP_DIR/codex.tar.gz" -C "$TEMP_DIR"
BINARY_FILE=$(find "$TEMP_DIR" -maxdepth 1 -name 'codex*' -type f ! -name '*.gz' | head -1)
if [ -z "$BINARY_FILE" ]; then
err "Binary not found in archive"
rm -rf "$TEMP_DIR"
exit 1
fi
pkill -9 -x "codex" 2>/dev/null || true
chmod +x "$BINARY_FILE"
mv -f "$BINARY_FILE" "$CODEX_BIN"
rm -rf "$TEMP_DIR"
hash -r 2>/dev/null || true
NEW_VER=$("$CODEX_BIN" --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "unknown")
log "Binary updated: $OLD_VER -> $NEW_VER"
fi
# ---- Download and apply patches ----
PATCH_DIR=$(mktemp -d)
cleanup() { rm -rf "$PATCH_DIR" 2>/dev/null || true; }
trap cleanup EXIT
info "Downloading patcher..."
curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_patcher.py" -o "$PATCH_DIR/codex_patcher.py"
curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$PRIVATE_CONFIG_BASE/codex_config.json" -o "$PATCH_DIR/codex_config.json"
info "Applying patches..."
python3 "$PATCH_DIR/codex_patcher.py" --apply --config "$PATCH_DIR/codex_config.json"
# ---- Set env vars system-wide ----
API_KEY=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['api_key'])")
BASE_URL=$(python3 -c "import json; print(json.load(open('$PATCH_DIR/codex_config.json'))['base_url'])")
if $IS_MACOS; then
launchctl setenv OPENAI_API_KEY "$API_KEY" 2>/dev/null || true
launchctl setenv OPENAI_BASE_URL "${BASE_URL}/v1" 2>/dev/null || true
cat > "$ENV_FILE" << ENVEOF
export OPENAI_API_KEY="$API_KEY"
export OPENAI_BASE_URL="${BASE_URL}/v1"
ENVEOF
chmod 644 "$ENV_FILE"
else
ETC_ENV="/etc/environment"
for kv in "OPENAI_API_KEY=\"$API_KEY\"" "OPENAI_BASE_URL=\"${BASE_URL}/v1\""; do
KEY="${kv%%=*}"
if grep -q "^${KEY}=" "$ETC_ENV" 2>/dev/null; then
sedi "s|^${KEY}=.*|${kv}|" "$ETC_ENV"
else
echo "$kv" >> "$ETC_ENV"
fi
done
mkdir -p /etc/profile.d
cat > "$ENV_FILE" << ENVEOF
export OPENAI_API_KEY="$API_KEY"
export OPENAI_BASE_URL="${BASE_URL}/v1"
ENVEOF
chmod 644 "$ENV_FILE"
fi
# ---- Create/update wrapper ----
cat > "$CODEX_WRAPPER" << WRAPPER_EOF
#!/usr/bin/env bash
[ -f ${ENV_FILE} ] && . ${ENV_FILE}
exec /usr/local/bin/.codex-bin "\$@"
WRAPPER_EOF
chmod +x "$CODEX_WRAPPER"
info "Env vars + wrapper updated"
log "Update complete!"
echo -e "Codex works immediately — no need to source anything."
echo ""
Reference in New Issue View Git Blame Copy Permalink