Add homebrew as an install method for macOS #154
Comments
|
Thank you for your work. Is there anything I can do at my end? If you like to maintain it long term, I can add a link in Sshwifty's README.md file to redirect homebrew users to your repository, after you give me the green light of course. |
|
Yeah that's what I was suggesting, I think add a section that says something along the lines of: "macOS users can install |
|
I would love to do that. However, during my peek into your repository, I noticed that it utilizes a custom prebuilt binary, but I've failed to found any information on how the binary was built? For the sake of integrity, I would suggest a more transparent build procedure to enable full user audit. Otherwise I can't really point user towards it. This repository for example, logs the SHA512 hash for every Sshwifty package it built in it's (untamperable) build log. If you downloaded a package from the Release section, say file In fact, if you inspect the build logs (as chaotic as they are due to parallelism), you can investigate the entire build process, from input to output. This allows our users to audit our integrity. Also, another thing is, please understand that, while I wish to add a link point to your repository, and I do appropriate your work, I still can't express any endorsement as I can't really provide any warranty/guarantee. I do however must add a statement to make it clear that the link points to a third-party project and request users to verify it for themselves. It's a legal thing and we cannot violate. So, to sum it up:
|
|
That’s a good point about the binary, it was created on my machine and it’s hash is checked by homebrew against the one in the formula file, though I suppose it not being built on GitHub and having the build logs accessible makes it untrustworthy. I’ll remove it and try to get GitHub actions running again. Without a binary in the repository, homebrew will build it on their machine following the steps in the Formula/sshwifty.rb file, which are the same as this repository suggests, except the prefix for the path which is checked for the config file has been changed to homebrew’s. And yeah, link to the repository however you want, I don’t expect you make an endorsement about someone else’s project on a platform (macOS) that you don’t use. |
|
Letting user build Sshwifty on their own machine, if without hassle, might be the best solution since it's basically the recommended way of installing. Also, is it possible to put the binary into a sandbox/restricted account on macOS? So it can't make any unwanted side-effect on the installed system? Anyway, I've added the link under the Install section in the README.md file, and released version Thank you again :) |
|
I don't know of any way of sandboxing binaries on macOS, no. I suppose if someone wanted, they could run the binary as a servery privilege limited user, but I don't think that's built in outside of the appstore. |
|
Understood. Thank you again for your time :) |
|
Thank you for maintaining this software! |
Homebrew is a package manager for macOS, and I've created a tap in order to allow people to install sshwifty using it: https://github.com/unbeatable-101/homebrew-sshwifty. The reason I've created the tap instead of adding to https://github.com/homebrew/homebrew-core directly is because the software is still in beta.
The text was updated successfully, but these errors were encountered: