fix to read vroot from environent variable

[musou1500]

currently, vroot is determine from working directory if default path is not exists.
it causes that std libraries can not refer thirdparty directories.
This PR fix it by use environent variable.
to operate with environemtn variables, I also added some functions to os module.

to merge thie PR, need to fix v.c too.

[medvednikov]

Thanks, but I don't like asking the user to set the path, when V already knows the path.

There must be a way to permanently set the path programmatically.

[medvednikov]

#569

[medvednikov]

I'm working on a solution without env vars:

Everything will be stored in ~/.vmodules, including builtin.

[medvednikov]

Hey

So we spent lots of time discussing how to do this. And we found a way to avoid env variables.

I just pushed a temporary solution to this particular issue, so I'm going to close this.

Please submit setenv functions via a separate PR. Thanks!

[musou1500]

@medvednikov
ok. I'll create PR for os.*env functions.

BTW, do you have a plan to publish install script to the vlang.io?
if users can install v by executing the following command, it's a quite easy way. (I know some other languages do this)
curl https://vlang.io/install.sh | sh

in this way, we can even prompt vroot for a user with a default value.

[whoizit]

@musou1500
curl https://vlang.io/install.sh | sh

This is not secure, we can provide auto-compiler archives from CI, we can simplify the installation procedure from source codes, we can add auto-update feature. It'll be enough.

[musou1500]

@whoizit
I agree that we can provide simplify it in another way.
but why this isn't secure?

[whoizit]

because the server can be hacked at any time and malicious code can be added to the script

[whoizit]

install.sh should be placed in repository and we can make short link on it

[musou1500]

I see...if the server is cracked by an attacker, the attacker will be able to edit the website.
I think there is the same risk even if the script is not on the website.

[whoizit]

No, it's different. github servers have professional admins. And if they get hacked, it will be their problem for reputation. Also git have a history of changes and it possible we can see what is changes and who did it.

[musou1500]

github servers have professional admins.

is it means that website(vlang.io) is hosted by GitHub Pages?

[whoizit]

no

[musou1500]

I see... anyway, I understand somehow about the security risk. thanks a lot.

[whoizit]

we can make copy-paste snippet like this:
curl <url to git-commited raw install.sh on github> | sh
or
curl <shorted url to git-commited raw install.sh on github> | <code to check sum and launch sh>

[musou1500]

it would be nice. I'll consider creating a separate issue about it.