Skip to content
This repository has been archived by the owner on Apr 29, 2020. It is now read-only.

One line installer #164

Closed
kevinsimper opened this issue Aug 18, 2016 · 13 comments
Closed

One line installer #164

kevinsimper opened this issue Aug 18, 2016 · 13 comments
Labels
answered

Comments

@kevinsimper
Copy link

I know a lot of people don't like one-line installers because of their insecure nature of not understanding what it does, but a one-line is just nicer when trying out ipfs, when you just want to do it quickly!

Would it be an idea to make a one-line installer?

Here is for Mac:

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz && tar zxf /tmp/ipfs.tar.gz && mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs && chmod +x /usr/local/bin/ipfs && ipfs version
@RichardLitt
Copy link
Contributor

@kevinsimper Good idea. However, our dists change so much that this would add overhead, I think.

@dignifiedquire
Copy link

@RichardLitt what do you mean by "our dists change so much"? The installation process hasn't changed since I know IPFS and the version doesn't change that often

@RichardLitt
Copy link
Contributor

I meant the versions. Don't they change every few months, in general?

@dignifiedquire
Copy link

Every few months is probably right, but we could easily have a symlink pointing to the latest release if that is a concern.

@RichardLitt
Copy link
Contributor

Hmm. Cool.

Another concern: What is the purpose of a one-liner? Experienced devs still need to read the whole thing, or take it on trust that we have it done correctly. Inexperienced devs don't get to learn what the install process is.

I'm not up or down on this one.

@kevinsimper
Copy link
Author

Beginners will find a way to install it the easiest way and better provide a command that does it all in one command, instead of now where each command is on its own line 👍

@jbenet
Copy link
Contributor

jbenet commented Aug 30, 2016

Strongly against this. one line commands like that are terrible security practice. they teach users not to think about what they are doing, and to copy paste things from the internet into their command line. we take security seriously. If we list commands to run, they must be clear.

I do think a single one-line install is useful. but do it securely.

  • ideally use something like hashpipe, but it's 99% unlikely to be pre-existing, so this makes the problem worse.
  • use brew, apt, or whatever is standard in various distros. but now you have another problem-- making sure they have a pkg mgr and doing it for their system.
  • i really like how mosh does it: https://mosh.org/#getting i think it's one of the easiest and clearest install procedures i've ever seen. they deal with the complexity of platform by just having something for every install path.

@RichardLitt
Copy link
Contributor

Thank you, @jbenet. That's great feedback. I agree with teaching users not to think; that's what I was getting at with the experienced // inexperienced comment above.

We could try to implement Mosh's install.

@kevinsimper
Copy link
Author

@jbenet Hashpipe looks awesome, but wouldn't it be a dependency that you have to install first?

Strongly against this. one line commands like that are terrible security practice.

I agree, but somebody will write it on stackoverflow and then people will write "how to install ipfs 1 line". But what is the problem of stringing the commands that are on the installation page now? It is not like you curl a bash script!

It can even be written like this and still be a easy way to install.

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz && \
  tar zxf /tmp/ipfs.tar.gz && \
  mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs && \
  chmod +x /usr/local/bin/ipfs && \
  ipfs version

@jbenet
Copy link
Contributor

jbenet commented Aug 31, 2016

I think stringing commands into and &&-expression is strictly worse, it
obfuscates and confuses. They can copy paste a bunch of lines just the same.

Try installing Dropbox, one of the easiest things out there to install. It
takes a number of steps. Many intuitive to the users.

Let's go for a mosh style install page
On Wed, Aug 31, 2016 at 3:33 AM Kevin Simper notifications@github.com
wrote:

@jbenet https://github.com/jbenet Hashpipe looks awesome, but wouldn't
it be a dependency that you have to install first?

Strongly against this. one line commands like that are terrible security
practice.

I agree, but somebody will write it on stackoverflow and then people will
write "how to install ipfs 1 line". But what is the problem of stringing
the commands that are on the installation page now? It is not like you
curl a bash script!

It can even be written like this and still be a easy way to install.

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz &&
tar zxf /tmp/ipfs.tar.gz &&
mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs &&
chmod +x /usr/local/bin/ipfs &&
ipfs version


You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
#164 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAIcobXQNHkonQSK46XTflcdw2-QrLSwks5qlS44gaJpZM4Jnzb0
.

@kevinsimper
Copy link
Author

kevinsimper commented Aug 31, 2016
edited

mosh style is even better if you guys find the time to setup the necessary steps to setup those packages to the different platforms 👍

@RichardLitt
Copy link
Contributor

@kevinsimper Going to keep this open so it is more easily searchable. Thanks!

@RichardLitt RichardLitt reopened this Sep 1, 2016
@madavieb
Copy link

This issue has been moved to https://discuss.ipfs.io/t/one-line-installer/463.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
answered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jbenet @dignifiedquire @RichardLitt @kevinsimper @madavieb