#!/bin/sh set -eu INSTALL_BIN_DIR="${LEMANA_VPN_BIN_DIR:-$HOME/bin}" CONFIG_DIR="${LEMANA_VPN_CONFIG_DIR:-$HOME/.config/lemana-vpn}" OC_CONFIG_DIR="${OPENCONNECT_LITE_CONFIG_DIR:-$HOME/.config/openconnect-lite}" OC_VENV="${LEMANA_VPN_OC_VENV:-$HOME/.local/pipx/venvs/openconnect-lite}" DNS_CLEANUP="${LEMANA_VPN_DNS_CLEANUP:-/usr/local/sbin/lemana-vpn-dns-cleanup}" USERNAME="${LEMANA_VPN_USERNAME:-60103293}" DRY_RUN=0 KEEP_CONFIG=0 REMOVE_KEYCHAIN=0 REMOVE_TOUCHID_HELPER=0 REMOVE_OPENCONNECT_LITE=0 usage() { cat <<'USAGE' Usage: sh uninstall.sh [options] Options: --keep-config Keep ~/.config/lemana-vpn --remove-keychain Remove VPN-related Keychain entries --remove-touchid-helper Remove ~/bin/keychain-fingerprint --remove-openconnect-lite Remove pipx openconnect-lite after patch rollback --dry-run Print actions without changing files -h, --help Show this help Default uninstall restores openconnect-lite patch backup, removes Lemana VPN scripts/config/sudoers/zsh aliases, and keeps shared package dependencies. USAGE } while [ "$#" -gt 0 ]; do case "$1" in --keep-config) KEEP_CONFIG=1 ;; --remove-keychain) REMOVE_KEYCHAIN=1 ;; --remove-touchid-helper) REMOVE_TOUCHID_HELPER=1 ;; --remove-openconnect-lite) REMOVE_OPENCONNECT_LITE=1 ;; --dry-run) DRY_RUN=1 ;; -h|--help) usage exit 0 ;; *) echo "Unknown option: $1" >&2 usage >&2 exit 1 ;; esac shift done log() { printf '%s\n' "$*" } run() { if [ "$DRY_RUN" -eq 1 ]; then printf '+' for arg in "$@"; do printf ' %s' "$arg" done printf '\n' return 0 fi "$@" } find_webengine_process() { if [ -n "${LEMANA_VPN_WEBENGINE_PROCESS:-}" ]; then printf '%s\n' "$LEMANA_VPN_WEBENGINE_PROCESS" return 0 fi find "$OC_VENV/lib" -path '*/site-packages/openconnect_lite/browser/webengine_process.py' -print -quit 2>/dev/null || true } restore_openconnect_lite_patch() { backup="$CONFIG_DIR/patch-backups/webengine_process.py.before-lemana-vpn" wep="$(find_webengine_process)" if [ ! -f "$backup" ]; then log "No openconnect-lite patch backup found; patch rollback skipped." return 0 fi if [ -z "$wep" ] || [ ! -f "$wep" ]; then log "openconnect-lite source not found; patch rollback skipped." return 0 fi log "Restoring openconnect-lite source from patch backup" run cp "$backup" "$wep" } remove_zshrc_block() { zshrc="$HOME/.zshrc" [ -f "$zshrc" ] || return 0 tmp="$(mktemp)" if [ "$DRY_RUN" -eq 1 ]; then printf '+ update %s aliases\n' "$zshrc" rm -f "$tmp" return 0 fi awk ' /^# >>> lemana-vpn$/ { skip=1; next } /^# <<< lemana-vpn$/ { skip=0; next } skip != 1 { print } ' "$zshrc" > "$tmp" mv "$tmp" "$zshrc" } remove_keychain_entries() { [ "$REMOVE_KEYCHAIN" -eq 1 ] || return 0 log "Removing VPN-related Keychain entries" run security delete-generic-password -s openconnect-lite -a "$USERNAME" >/dev/null 2>&1 || true run security delete-generic-password -s openconnect-lite -a "totp/$USERNAME" >/dev/null 2>&1 || true run security delete-generic-password -s vpn-lemanapro -a bw-session >/dev/null 2>&1 || true run security delete-generic-password -s vpn-lemanapro -a bw-master >/dev/null 2>&1 || true } main() { [ "$(uname -s)" = "Darwin" ] || { echo "This uninstaller supports macOS only" >&2 exit 1 } restore_openconnect_lite_patch log "Removing installed scripts" run rm -f "$INSTALL_BIN_DIR/vpn-lemanapro.sh" run rm -f "$INSTALL_BIN_DIR/uninstall-lemana-vpn.sh" if [ "$REMOVE_TOUCHID_HELPER" -eq 1 ]; then run rm -f "$INSTALL_BIN_DIR/keychain-fingerprint" fi log "Removing sudoers and DNS cleanup wrapper" run sudo rm -f /etc/sudoers.d/lemana-vpn-openconnect /etc/sudoers.d/lemana-vpn-dns run sudo rm -f "$DNS_CLEANUP" log "Removing shell aliases" remove_zshrc_block log "Removing openconnect-lite config" run rm -f "$OC_CONFIG_DIR/config.toml" if [ "$KEEP_CONFIG" -eq 0 ]; then log "Removing Lemana VPN config" run rm -rf "$CONFIG_DIR" fi remove_keychain_entries if [ "$REMOVE_OPENCONNECT_LITE" -eq 1 ]; then if command -v pipx >/dev/null 2>&1; then log "Removing openconnect-lite from pipx" run pipx uninstall openconnect-lite fi fi log "Done." } main "$@"