Woke as Linux packages about woke HOT 9 CLOSED

I just packaged the project in the AUR for Arch Linux: https://aur.archlinux.org/packages/woke https://aur.archlinux.org/packages/woke-bin

from woke.

Looks like someone added it to gentoo: https://packages.gentoo.org/packages/dev-util/woke

from woke.

Good idea, although I have no clue how to go about accomplishing this. I don't have much knowledge around linux package managers and how to add to their central repositories.

from woke.

Looks like goreleaser should be able to generate apk, deb, and rpms https://goreleaser.com/customization/nfpm/, so that would be a start.

from woke.

Unfortunately I'm not either, though it looks like there is GitHub Actions integration for goreleaser so it sounds promising. Hopefully someone knowledgeable can pick this up otherwise I can dig in a bit more if there are no volunteers.

https://github.com/goreleaser/goreleaser-action

from woke.

Yup! Woke already uses goreleaser (https://github.com/get-woke/woke/blob/main/.github/workflows/tag.yml#L25) so creating linux packages via goreleaser for deb, rpm, apk appears to be straightforward.

From what I've quickly researched, I should be able to upload them to gemfury, but that would require configuring new repos for apt/yum servers, so that would be something I might start with.

The part I'm not sure about is how to get these packages available on central repositories.

from woke.

Yeah, doing a little more research on it, it doesn't look quite as straightforward as I would hope. For example, below is a link about the process for deb:

https://unix.stackexchange.com/questions/620672/how-can-i-publish-a-deb-package

With just a little searching I haven't been able to find even that much information for rpm, which leads me to believe the process might be even more complex.

That said, I think just having the packages in the releases on GitHub would be a great start as they could be imported into an internal company repository directly and/or locally installed, and maybe also in a third party repository like gemfury if that isn't too tough for those that want to be able to get updates. And maybe someday Woke will get popular enough the central repositories will come to you :D )

from woke.

There is a snap available, but it has a couple of shortcomings. I tracked down the author and opened an issue: degville/woke-snap#1
Update: the snap has been updated to allow access to configs in the home directory.

from woke.

One other impediment to installation is the process. It starts with the instruction to use https://git.io/getwoke - this is a redirection service and at least in our company, git.io is blocked because it's trivially simple to "steal" that url and make it point to something malicious.

The second problem is that the "install" via a downloaded executed .sh file has "attack me" all over it. However trustworthy the author is all it takes is for a bad actor to surreptitiously or overtly insert malware into the un-checked chain of installation. At minimum it needs to be signed and have some form of sha or checksum to verify the content is as was released.

The reason that a linux based package installation is suggested by this issue is really to prevent the obvious and trivial attacks that can be made against the currently offered installation practice.

All that said, I do empathize. I used to maintain a Mac software installation process and gave up when every release of the Mac OS they tightened the screws, made me pay more fees (to Apple for THEIR signing certificate), and required me to change my installation process. In the tradeoffs between "Safety and Security" or "Ease of creation and ease of use" something always loses.

from woke.