aibot777/unlimitedcoding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8924b75e9161bb38a7ba993ae71a6ebe6ccf3216
unlimitedcoding/gemini/ugemini_install.sh
delta-cloud-208e 8924b75e91 SECURITY: redact api_key from public repo (Variant B) 
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding
repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone
on the internet could read it via curl with no auth (HTTP 200 raw access).

This commit:
1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing
   users to private config repo for production credentials.
2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts
   (claude/codex/gemini/qwen × install/update). Each script now has a
   sanitized block at top that fetches api_key from private
   unlimitedcoding-config repo at runtime via Authorization token.
3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE
   unlimitedcoding-config base URL for *_config.json downloads.
4. Removes stale .patcher.config.cache.json (will regen on next install).

Production configs MOVED to private repo (separate commit e839102 on
unlimitedcoding-config/main).

KNOWN UNCHANGED:
- releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm
  package distribution; clients need it locally; sensey serves same).
- Read-only gitea token (cadffcb0...) remains in installers — needed
  for token-auth fetch from private repo. Scoped read-only.

RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was
publicly exposed for an unknown period. Existing client installs would
need re-install or env override.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 16:43:08 +00:00

350 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Gemini CLI — One-line installer (Linux + macOS)
# Uses wrapper script so env vars work immediately in any shell.
#
# Usage:
# curl -fsSL -H "Authorization: token TOKEN" \
# https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/gemini/ugemini_install.sh \
# -o /tmp/ugemini.sh && sudo bash /tmp/ugemini.sh
set -euo pipefail
GITEA_TOKEN="${GITEA_TOKEN:-cadffcb0a6a3be728ac1ff619bb40c86588f6837}"
REPO_RAW="https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/gemini"
REGISTRY_URL="https://npm.sensey24.ru/"
NPM_SCOPE="@google"
NPM_PACKAGE="@google/gemini-cli"
IS_MACOS=false
[ "$(uname -s)" = "Darwin" ] && IS_MACOS=true
GREEN="\033[92m"
RED="\033[91m"
CYAN="\033[96m"
YELLOW="\033[93m"
BOLD="\033[1m"
RESET="\033[0m"
log() { echo -e "${GREEN}[+]${RESET} $*"; }
err() { echo -e "${RED}[!]${RESET} $*" >&2; }
info() { echo -e "${CYAN}[i]${RESET} $*"; }
warn() { echo -e "${YELLOW}[~]${RESET} $*"; }
# Portable readlink -f (works on macOS too)
resolve_path() {
if command -v realpath &>/dev/null; then
realpath "$1" 2>/dev/null || echo "$1"
elif readlink -f "$1" &>/dev/null 2>&1; then
readlink -f "$1"
else
# Manual resolution for macOS without coreutils
local target="$1"
while [ -L "$target" ]; do
local link
link=$(readlink "$target")
if [[ "$link" = /* ]]; then
target="$link"
else
target="$(dirname "$target")/$link"
fi
done
echo "$target"
fi
}
# Portable sed -i (BSD vs GNU)
sed_i() {
if $IS_MACOS; then
sed -i '' "$@"
else
sed -i "$@"
fi
}
create_wrapper() {
local wrapper_path="$1"
local env_file="$2"
# Find real entry point
local real_bin
real_bin=$(resolve_path "$wrapper_path")
if [ "$real_bin" = "$wrapper_path" ] || [ ! -f "$real_bin" ]; then
local npm_root
npm_root=$(npm root -g 2>/dev/null || echo "/usr/lib/node_modules")
real_bin="$npm_root/@google/gemini-cli/dist/index.js"
fi
if [ ! -f "$real_bin" ]; then
warn "Could not find gemini entry point at $real_bin"
return 1
fi
rm -f "$wrapper_path"
cat > "$wrapper_path" << WEOF
#!/usr/bin/env bash
[ -f "$env_file" ] && . "$env_file"
exec node "$real_bin" "\$@"
WEOF
chmod +x "$wrapper_path"
log "Wrapper: $wrapper_path -> $real_bin"
}
echo -e "${BOLD}"
echo " +--------------------------------------+"
echo " | Gemini CLI — Installer |"
echo " +--------------------------------------+"
echo -e "${RESET}"
# ---- Auto-install prerequisites ----
install_pkg() {
if command -v apt-get >/dev/null 2>&1; then
apt-get update -qq && apt-get install -y -qq "$@"
elif command -v dnf >/dev/null 2>&1; then
dnf install -y -q "$@"
elif command -v yum >/dev/null 2>&1; then
yum install -y -q "$@"
elif command -v brew >/dev/null 2>&1; then
brew install "$@"
else
err "No package manager found. Install $* manually."
return 1
fi
}
if ! command -v python3 &>/dev/null; then
info "python3 not found, installing..."
install_pkg python3
fi
log "Python3 $(python3 --version | awk '{print $2}')"
if ! command -v curl &>/dev/null; then
info "curl not found, installing..."
install_pkg curl
fi
# Node.js >= 20
install_node() {
info "Installing Node.js v24.x..."
if command -v apt-get >/dev/null 2>&1; then
curl -fsSL https://deb.nodesource.com/setup_24.x | bash - && apt-get install -y nodejs
elif command -v dnf >/dev/null 2>&1; then
curl -fsSL https://rpm.nodesource.com/setup_24.x | bash - && dnf install -y nodejs
elif command -v yum >/dev/null 2>&1; then
curl -fsSL https://rpm.nodesource.com/setup_24.x | bash - && yum install -y nodejs
elif command -v brew >/dev/null 2>&1; then
brew install node
else
err "Cannot auto-install Node.js. Install manually: https://nodejs.org/"
exit 1
fi
}
if ! command -v node &>/dev/null; then
install_node
fi
NODE_VER=$(node -v | sed 's/v//' | cut -d. -f1)
if [ "$NODE_VER" -lt 20 ]; then
warn "Node.js >= 20 required (found v$NODE_VER). Upgrading..."
install_node
fi
log "Node.js $(node -v)"
# ---- Configure npm registry ----
info "Configuring npm registry: ${REGISTRY_URL}"
npm config set "${NPM_SCOPE}:registry" "${REGISTRY_URL}" 2>/dev/null || true
# ---- Install Gemini CLI ----
install_gemini_npm() {
local attempt=1
local max_attempts=3
while [ $attempt -le $max_attempts ]; do
info "Installing ${NPM_PACKAGE} (attempt ${attempt}/${max_attempts})..."
if npm install -g "${NPM_PACKAGE}" 2>&1; then
return 0
fi
warn "Attempt $attempt failed."
attempt=$((attempt + 1))
[ $attempt -le $max_attempts ] && sleep 3
done
return 1
}
if ! command -v gemini &>/dev/null; then
if ! install_gemini_npm; then
err "npm install failed after retries."
err ""
err "Possible fixes:"
err " 1. Try HTTP instead of HTTPS:"
err " npm config set ${NPM_SCOPE}:registry http://npm.sensey24.ru/"
err " npm install -g ${NPM_PACKAGE}"
err ""
err " 2. Install from official npm + patch separately:"
err " npm install -g ${NPM_PACKAGE}"
err " # then re-run this script to apply patches"
exit 1
fi
log "Gemini CLI installed: $(gemini --version 2>/dev/null || echo 'OK')"
else
log "Gemini CLI found: $(gemini --version 2>/dev/null || echo 'installed')"
fi
# Detect actual binary path (npm may install to different locations)
GEMINI_BIN=$(command -v gemini 2>/dev/null || echo "/usr/local/bin/gemini")
# ---- Download and apply patcher ----
INSTALL_DIR=$(mktemp -d)
cleanup() { rm -rf "$INSTALL_DIR" 2>/dev/null || true; }
trap cleanup EXIT
info "Downloading patcher..."
curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/gemini_patcher.py" -o "$INSTALL_DIR/gemini_patcher.py"
curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "https://git.sensey24.ru/aibot777/unlimitedcoding-config/raw/branch/main/gemini_config.json" -o "$INSTALL_DIR/gemini_config.json"
log "Patcher downloaded"
info "Applying patches..."
python3 "$INSTALL_DIR/gemini_patcher.py" --apply --config "$INSTALL_DIR/gemini_config.json"
PATCH_EXIT=$?
if [ $PATCH_EXIT -ne 0 ]; then
err "Patching failed (exit code $PATCH_EXIT)."
exit 1
fi
log "Patches applied"
# ---- Configure settings for all users ----
info "Configuring settings..."
configure_user_settings() {
local user_home="$1"
local gemini_dir="$user_home/.gemini"
mkdir -p "$gemini_dir"
local settings_file="$gemini_dir/settings.json"
if [ ! -f "$settings_file" ] || ! python3 -c "
import json
d=json.load(open('$settings_file'))
assert d.get('security',{}).get('auth',{}).get('selectedType') == 'gemini-api-key'
" 2>/dev/null; then
cat > "$settings_file" << 'SETTINGS_EOF'
{
"security": {
"auth": { "selectedType": "gemini-api-key" },
"folderTrust": { "enabled": false }
},
"telemetry": { "enabled": false, "logPrompts": false },
"general": { "defaultApprovalMode": "yolo" }
}
SETTINGS_EOF
local trusted_file="$gemini_dir/trustedFolders.json"
python3 -c "
import json, os
t = {}
if os.path.isfile('$trusted_file'):
try: t = json.load(open('$trusted_file'))
except: pass
for p in ['$user_home', '/home', '/root', '/tmp']:
t.setdefault(p, 'TRUST_PARENT')
json.dump(t, open('$trusted_file', 'w'), indent=2)
" 2>/dev/null
# Fix ownership if running as sudo
if [ -n "${SUDO_USER:-}" ]; then
chown -R "$(id -u "$SUDO_USER"):$(id -g "$SUDO_USER")" "$gemini_dir" 2>/dev/null || true
fi
log "Settings: $settings_file"
else
log "Settings already configured: $settings_file"
fi
}
# Configure for root
configure_user_settings "$HOME"
# Configure for sudo caller if different
if [ -n "${SUDO_USER:-}" ] && [ "$SUDO_USER" != "root" ]; then
CALLER_HOME=$(eval echo "~$SUDO_USER")
if [ -d "$CALLER_HOME" ]; then
configure_user_settings "$CALLER_HOME"
fi
fi
# ---- Set environment variables ----
info "Setting environment variables..."
API_KEY=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/gemini_config.json'))['api_key'])")
BASE_URL=$(python3 -c "import json; print(json.load(open('$INSTALL_DIR/gemini_config.json'))['base_url'])")
if $IS_MACOS; then
# macOS: write to /etc/profile and shell RC files
ENV_FILE="/etc/profile.d/gemini-cli.sh"
mkdir -p /etc/profile.d
cat > "$ENV_FILE" << PROF_EOF
export GEMINI_API_KEY="$API_KEY"
export GOOGLE_GEMINI_BASE_URL="$BASE_URL"
PROF_EOF
chmod 644 "$ENV_FILE"
# Also add to /etc/profile (macOS reads this)
if ! grep -q "GEMINI_API_KEY" /etc/profile 2>/dev/null; then
echo "" >> /etc/profile
echo "# Gemini CLI env vars" >> /etc/profile
echo "[ -f $ENV_FILE ] && . $ENV_FILE" >> /etc/profile
fi
log "Env vars: $ENV_FILE (+ /etc/profile)"
else
# Linux: /etc/environment + /etc/profile.d/
ENV_FILE="/etc/profile.d/gemini-cli.sh"
ETC_ENV="/etc/environment"
for kv in "GEMINI_API_KEY=\"$API_KEY\"" "GOOGLE_GEMINI_BASE_URL=\"$BASE_URL\""; do
KEY="${kv%%=*}"
if grep -q "^${KEY}=" "$ETC_ENV" 2>/dev/null; then
sed_i "s|^${KEY}=.*|${kv}|" "$ETC_ENV"
else
echo "$kv" >> "$ETC_ENV"
fi
done
cat > "$ENV_FILE" << PROF_EOF
export GEMINI_API_KEY="$API_KEY"
export GOOGLE_GEMINI_BASE_URL="$BASE_URL"
PROF_EOF
chmod 644 "$ENV_FILE"
log "Env vars: $ETC_ENV + $ENV_FILE"
fi
# ---- Create wrapper (auto-loads env) ----
info "Creating wrapper..."
create_wrapper "$GEMINI_BIN" "$ENV_FILE"
export GEMINI_API_KEY="$API_KEY"
export GOOGLE_GEMINI_BASE_URL="$BASE_URL"
# ---- Verify ----
info "Verifying..."
if gemini --version &>/dev/null; then
VER=$(gemini --version 2>/dev/null || echo "unknown")
echo ""
echo -e "${GREEN}${BOLD} Gemini CLI v$VER installed and patched!${RESET}"
echo ""
echo " Usage:"
echo " gemini # interactive mode"
echo " gemini -p \"Your prompt\" # single prompt"
echo ""
echo " Models:"
echo " gemini-2.5-pro, gemini-2.5-flash"
echo " gemini-3-flash, gemini-3.1-pro"
echo ""
echo " Env vars auto-loaded by wrapper. Works in any shell."
echo ""
else
err "gemini wrapper not working"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink