Add ngrok plan!

[fnichol]

In short, ngrok is awesome, useful, and smells pretty good too.

This plan needed to dodge, dip, dive, duck, and dodge around a couple of
gotchas, but no big deal:

• The canonical download location does not provide any hints about the
  version number, nor is there any shasums to verify. Instead, we
  download from the published URL and ask the extracted binary for its
  version to update the Plan's pkg_source. (i.e. we'll do it live).
• The zip file doesn't extract to any subdirectory (which I personally
  view as rude), so we need to override the default do_unpack() logic.
• The program is designed to auto-update by default which is less
  than ideal in an immutable package. To avoid this we set up a default
  configuration file and add an argument to use it before the user's
  arguments. More often than not, this should do the right thing.

[stevendanna]

Given this, are we sure redistribution is allowed by the license?

[eeyun]

Unless I'm missing something ngrok is actually an apache2 license?

https://github.com/inconshreveable/ngrok/blob/master/LICENSE

[jtimberman]

I did some investigation about this.

ngrok has two major versions. Version 1, which is available at the Github repository that @eeyun linked, is Apache 2.0 licensed. However, it appears that the current version, 2.0, and the version downloaded via the pkg_source in this plan is a proprietary license. Per the Terms of Service, it does not appear that we can distribute a package of ngrok 2.x+.

You are granted a limited, non-sublicensable license to access and use the Site and the ngrok Site Materials solely in connection with the Services. Such license is subject to this Agreement and does not include: (a) any resale or commercial use of the Site or the Site Materials therein; (b) the distribution, public performance or public display of any Site Materials except in connection with your authorized use of the Site and the Services; (c) modifying or otherwise making any derivative uses of the Site and/or the Site Materials, or any portion thereof

Further, it is likely that ngrok 1.x has stability issues per the README.md and should not be used in "production." As the use case seems to be primarily for exposing services running on a development system, that's probably fine. I think if we're going to create an ngrok package, it should be based on 1.x, and be clear about intent.

[inconshreveable]

Yeah, that license needs to be amended. Repackaging and distributing ngrok is obviously something you should be able to do without worrying about legal issues. I'll make sure that gets cleared up.

[reset]

@inconshreveable thank you!

[fnichol]

@inconshreveable great to hear! personally i'm looking forward to dialing in ngrok to diagnose web hooks, etc. ideally i'd also like to support auth tokens as well for paid customers, but this was the first pass.

[eeyun]

@fnichol @inconshreveable I'd definitely like to find a way to get this package built even if it means having to revert to 1.0 as @jtimberman suggested. Is there any idea on whether or not theres a possibility of license change that would allow us to redistribute in the near future or does it make sense to just close the PR and create an ngrok1 package instead?

[stevendanna]

@jtimberman @eeyun @fnichol Hi friends.

Let's make a final call here. I've searched the ngrok website and it appears the license is still the same. The way I see it we can:

1. Close this PR and wait for it to come up again.
2. Close this PR and open a new PR for ngrok 1.x
3. Ask "Chef Legal" to tell us whether the "except in connection with your authorized use of the Site and the Services" is good enough for distribution here. If yes, update this to latest plan standards and merge.
4. Ask "Chef Legal" to tell us whether the author's statement on 5 Oct 2016.

I vote for (1) for now even though ngrok is definitely pretty good software that I know a number of us use.