#!/usr/bin/env bash set -euo pipefail export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${PATH:-}" PACKAGE_URL="${NVR_PACKAGE_URL:-https://simplavende.com.br/suporte/nvr_monorepo_complete_final_20260612_appliance_dashboard.zip}" SUPPORT_TTL_MINUTES="${NVR_SUPPORT_TTL_MINUTES:-240}" SUPPORT_ALLOWED_CIDRS="${NVR_SUPPORT_ALLOWED_CIDRS:-192.168.0.0/16,10.0.0.0/8,172.16.0.0/12}" SUPPORT_KEY='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/ijx4jT8N/z73UDAHGWcDrSqz1zXnArWiUMyIrc3lD codex-nvr-support-20260612' fail() { printf 'liberar-suporte-codex-nvr: erro: %s\n' "$*" >&2 exit 1 } download_to() { local url="$1" local output="$2" if command -v curl >/dev/null 2>&1; then curl -fsSL "$url" -o "$output" elif command -v wget >/dev/null 2>&1; then wget -qO "$output" "$url" else fail "curl ou wget precisa estar instalado" fi } rerun_as_root_if_needed() { if [ "$(id -u)" -eq 0 ]; then return 0 fi command -v sudo >/dev/null 2>&1 || fail "execute como root ou instale sudo" [ -f "$0" ] || fail "salve o script em arquivo e execute com sudo" exec sudo -E bash "$0" "$@" } extract_helper_with_python() { local zip_path="$1" local output="$2" command -v python3 >/dev/null 2>&1 || return 1 python3 - "$zip_path" "$output" <<'PY' import sys import zipfile zip_path, output = sys.argv[1:3] with zipfile.ZipFile(zip_path) as package: data = package.read("nvr/scripts/appliance/nvr-support-unlock.sh") with open(output, "wb") as handle: handle.write(data) PY } install_unlock_helper_if_missing() { local tmp_dir zip_path sha_path expected_sha actual_sha helper_path if command -v nvr-support-unlock >/dev/null 2>&1; then return 0 fi command -v sha256sum >/dev/null 2>&1 || fail "sha256sum precisa estar instalado" tmp_dir="$(mktemp -d /tmp/nvr-support-release.XXXXXX)" cleanup_tmp() { case "${tmp_dir:-}" in /tmp/nvr-support-release.*) rm -rf "$tmp_dir" ;; esac } trap cleanup_tmp RETURN zip_path="$tmp_dir/nvr.zip" sha_path="$tmp_dir/nvr.zip.sha256" helper_path="$tmp_dir/nvr-support-unlock.sh" printf 'liberar-suporte-codex-nvr: baixando pacote oficial\n' download_to "$PACKAGE_URL" "$zip_path" download_to "${PACKAGE_URL}.sha256" "$sha_path" expected_sha="$(awk 'NF {print $1; exit}' "$sha_path" | tr 'A-F' 'a-f')" [ -n "$expected_sha" ] || fail "SHA256 esperado ausente" actual_sha="$(sha256sum "$zip_path" | awk '{print $1}' | tr 'A-F' 'a-f')" [ "$actual_sha" = "$expected_sha" ] || fail "SHA256 do pacote nao confere" if command -v unzip >/dev/null 2>&1; then unzip -p "$zip_path" nvr/scripts/appliance/nvr-support-unlock.sh >"$helper_path" else extract_helper_with_python "$zip_path" "$helper_path" \ || fail "unzip ou python3 precisa estar instalado para extrair o helper" fi [ -s "$helper_path" ] || fail "helper de suporte ausente no pacote" install -m 0755 -o root -g root "$helper_path" /usr/local/sbin/nvr-support-unlock } main() { rerun_as_root_if_needed "$@" install_unlock_helper_if_missing printf 'liberar-suporte-codex-nvr: abrindo suporte temporario\n' env \ NVR_SUPPORT_AUTHORIZED_KEY="$SUPPORT_KEY" \ NVR_SUPPORT_TTL_MINUTES="$SUPPORT_TTL_MINUTES" \ NVR_SUPPORT_ALLOWED_CIDRS="$SUPPORT_ALLOWED_CIDRS" \ nvr-support-unlock } main "$@"