-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ngrok plan! #200
Add ngrok plan! #200
Conversation
In short, ngrok is awesome, useful, and smells pretty good too. This plan needed to dodge, dip, dive, duck, and dodge around a couple of gotchas, but no big deal: * The canonical download location does not provide any hints about the version number, nor is there any shasums to verify. Instead, we download from the published URL and ask the extracted binary for its version to update the Plan's `pkg_source`. (i.e. we'll do it live). * The zip file doesn't extract to any subdirectory (which I personally view as rude), so we need to override the default `do_unpack()` logic. * The program is designed to auto-update by **default** which is less than ideal in an immutable package. To avoid this we set up a default configuration file and add an argument to use it before the user's arguments. More often than not, this should do the right thing. Signed-off-by: Fletcher Nichol <fnichol@nichol.ca>
pkg_version=_set_from_downloaded_zip_file_ | ||
pkg_description="Expose local servers behind NATs and firewalls to the public internet over secure tunnels." | ||
pkg_upstream_url=https://ngrok.com/ | ||
pkg_license=('proprietary') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given this, are we sure redistribution is allowed by the license?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unless I'm missing something ngrok
is actually an apache2 license?
https://github.com/inconshreveable/ngrok/blob/master/LICENSE
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did some investigation about this.
ngrok has two major versions. Version 1, which is available at the Github repository that @eeyun linked, is Apache 2.0 licensed. However, it appears that the current version, 2.0, and the version downloaded via the pkg_source
in this plan is a proprietary license. Per the Terms of Service, it does not appear that we can distribute a package of ngrok 2.x+.
You are granted a limited, non-sublicensable license to access and use the Site and the ngrok Site Materials solely in connection with the Services. Such license is subject to this Agreement and does not include: (a) any resale or commercial use of the Site or the Site Materials therein; (b) the distribution, public performance or public display of any Site Materials except in connection with your authorized use of the Site and the Services; (c) modifying or otherwise making any derivative uses of the Site and/or the Site Materials, or any portion thereof
Further, it is likely that ngrok 1.x has stability issues per the README.md and should not be used in "production." As the use case seems to be primarily for exposing services running on a development system, that's probably fine. I think if we're going to create an ngrok package, it should be based on 1.x, and be clear about intent.
Yeah, that license needs to be amended. Repackaging and distributing ngrok is obviously something you should be able to do without worrying about legal issues. I'll make sure that gets cleared up. |
@inconshreveable thank you! |
@inconshreveable great to hear! personally i'm looking forward to dialing in ngrok to diagnose web hooks, etc. ideally i'd also like to support auth tokens as well for paid customers, but this was the first pass. |
@fnichol @inconshreveable I'd definitely like to find a way to get this package built even if it means having to revert to 1.0 as @jtimberman suggested. Is there any idea on whether or not theres a possibility of license change that would allow us to redistribute in the near future or does it make sense to just close the PR and create an ngrok1 package instead? |
@jtimberman @eeyun @fnichol Hi friends. Let's make a final call here. I've searched the ngrok website and it appears the license is still the same. The way I see it we can:
I vote for (1) for now even though ngrok is definitely pretty good software that I know a number of us use. |
In short, ngrok is awesome, useful, and smells pretty good too.
This plan needed to dodge, dip, dive, duck, and dodge around a couple of
gotchas, but no big deal:
version number, nor is there any shasums to verify. Instead, we
download from the published URL and ask the extracted binary for its
version to update the Plan's
pkg_source
. (i.e. we'll do it live).view as rude), so we need to override the default
do_unpack()
logic.than ideal in an immutable package. To avoid this we set up a default
configuration file and add an argument to use it before the user's
arguments. More often than not, this should do the right thing.