One line installer

From @kevinsimper on Thu Aug 18 2016 18:57:00 GMT+0000 (UTC)

I know a lot of people don’t like one-line installers because of their insecure nature of not understanding what it does, but a one-line is just nicer when trying out ipfs, when you just want to do it quickly!

Would it be an idea to make a one-line installer?

Here is for Mac:

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz && tar zxf /tmp/ipfs.tar.gz && mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs && chmod +x /usr/local/bin/ipfs && ipfs version



Copied from original issue: https://github.com/ipfs/faq/issues/164

From @RichardLitt on Tue Aug 30 2016 14:02:52 GMT+0000 (UTC)

@kevinsimper Good idea. However, our dists change so much that this would add overhead, I think.

From @dignifiedquire on Tue Aug 30 2016 16:14:54 GMT+0000 (UTC)

@RichardLitt what do you mean by “our dists change so much”? The installation process hasn’t changed since I know IPFS and the version doesn’t change that often

From @RichardLitt on Tue Aug 30 2016 17:13:03 GMT+0000 (UTC)

I meant the versions. Don’t they change every few months, in general?

From @dignifiedquire on Tue Aug 30 2016 17:15:34 GMT+0000 (UTC)

Every few months is probably right, but we could easily have a symlink pointing to the latest release if that is a concern.

From @RichardLitt on Tue Aug 30 2016 17:42:06 GMT+0000 (UTC)

Hmm. Cool.

Another concern: What is the purpose of a one-liner? Experienced devs still need to read the whole thing, or take it on trust that we have it done correctly. Inexperienced devs don’t get to learn what the install process is.

I’m not up or down on this one.

From @kevinsimper on Tue Aug 30 2016 17:47:58 GMT+0000 (UTC)

Beginners will find a way to install it the easiest way and better provide a command that does it all in one command, instead of now where each command is on its own line :+1:

From @jbenet on Tue Aug 30 2016 18:26:17 GMT+0000 (UTC)

Strongly against this. one line commands like that are terrible security practice. they teach users not to think about what they are doing, and to copy paste things from the internet into their command line. we take security seriously. If we list commands to run, they must be clear.

I do think a single one-line install is useful. but do it securely.

  • ideally use something like hashpipe, but it’s 99% unlikely to be pre-existing, so this makes the problem worse.
  • use brew, apt, or whatever is standard in various distros. but now you have another problem-- making sure they have a pkg mgr and doing it for their system.
  • i really like how mosh does it: https://mosh.org/#getting i think it’s one of the easiest and clearest install procedures i’ve ever seen. they deal with the complexity of platform by just having something for every install path.

From @RichardLitt on Tue Aug 30 2016 18:37:42 GMT+0000 (UTC)

Thank you, @jbenet. That’s great feedback. I agree with teaching users not to think; that’s what I was getting at with the experienced // inexperienced comment above.

We could try to implement Mosh’s install.

From @kevinsimper on Wed Aug 31 2016 07:33:11 GMT+0000 (UTC)

@jbenet Hashpipe looks awesome, but wouldn’t it be a dependency that you have to install first?

Strongly against this. one line commands like that are terrible security practice.

I agree, but somebody will write it on stackoverflow and then people will write “how to install ipfs 1 line”. But what is the problem of stringing the commands that are on the installation page now? It is not like you curl a bash script!

It can even be written like this and still be a easy way to install.

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz && \
  tar zxf /tmp/ipfs.tar.gz && \
  mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs && \
  chmod +x /usr/local/bin/ipfs && \
  ipfs version

From @jbenet on Wed Aug 31 2016 20:07:02 GMT+0000 (UTC)

I think stringing commands into and &&-expression is strictly worse, it
obfuscates and confuses. They can copy paste a bunch of lines just the same.

Try installing Dropbox, one of the easiest things out there to install. It
takes a number of steps. Many intuitive to the users.

Let’s go for a mosh style install page
On Wed, Aug 31, 2016 at 3:33 AM Kevin Simper notifications@github.com
wrote:

@jbenet https://github.com/jbenet Hashpipe looks awesome, but wouldn’t
it be a dependency that you have to install first?

Strongly against this. one line commands like that are terrible security
practice.

I agree, but somebody will write it on stackoverflow and then people will
write “how to install ipfs 1 line”. But what is the problem of stringing
the commands that are on the installation page now? It is not like you
curl a bash script!

It can even be written like this and still be a easy way to install.

curl https://dist.ipfs.io/go-ipfs/v0.4.2/go-ipfs_v0.4.2_darwin-amd64.tar.gz >> /tmp/ipfs.tar.gz &&
tar zxf /tmp/ipfs.tar.gz &&
mv /tmp/go-ipfs/ipfs /usr/local/bin/ipfs &&
chmod +x /usr/local/bin/ipfs &&
ipfs version


You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub
https://github.com/ipfs/faq/issues/164#issuecomment-243682422, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AAIcobXQNHkonQSK46XTflcdw2-QrLSwks5qlS44gaJpZM4Jnzb0
.

From @kevinsimper on Wed Aug 31 2016 20:25:32 GMT+0000 (UTC)

mosh style is even better if you guys find the time to setup the necessary steps to setup those packages to the different platforms :+1:

From @RichardLitt on Thu Sep 01 2016 16:09:56 GMT+0000 (UTC)

@kevinsimper Going to keep this open so it is more easily searchable. Thanks!

Here is a one-line installer that is secure for Ubuntu:

sudo snap install ipfs

:smiley: