Comments (9)
I just packaged the project in the AUR for Arch Linux: https://aur.archlinux.org/packages/woke https://aur.archlinux.org/packages/woke-bin
from woke.
Looks like someone added it to gentoo: https://packages.gentoo.org/packages/dev-util/woke
from woke.
Good idea, although I have no clue how to go about accomplishing this. I don't have much knowledge around linux package managers and how to add to their central repositories.
from woke.
Looks like goreleaser should be able to generate apk, deb, and rpms https://goreleaser.com/customization/nfpm/, so that would be a start.
from woke.
Unfortunately I'm not either, though it looks like there is GitHub Actions integration for goreleaser so it sounds promising. Hopefully someone knowledgeable can pick this up otherwise I can dig in a bit more if there are no volunteers.
https://github.com/goreleaser/goreleaser-action
from woke.
Yup! Woke already uses goreleaser (https://github.com/get-woke/woke/blob/main/.github/workflows/tag.yml#L25) so creating linux packages via goreleaser for deb, rpm, apk appears to be straightforward.
From what I've quickly researched, I should be able to upload them to gemfury, but that would require configuring new repos for apt/yum servers, so that would be something I might start with.
The part I'm not sure about is how to get these packages available on central repositories.
from woke.
Yeah, doing a little more research on it, it doesn't look quite as straightforward as I would hope. For example, below is a link about the process for deb:
https://unix.stackexchange.com/questions/620672/how-can-i-publish-a-deb-package
With just a little searching I haven't been able to find even that much information for rpm, which leads me to believe the process might be even more complex.
That said, I think just having the packages in the releases on GitHub would be a great start as they could be imported into an internal company repository directly and/or locally installed, and maybe also in a third party repository like gemfury if that isn't too tough for those that want to be able to get updates. And maybe someday Woke will get popular enough the central repositories will come to you :D )
from woke.
There is a snap available, but it has a couple of shortcomings. I tracked down the author and opened an issue: degville/woke-snap#1
Update: the snap has been updated to allow access to configs in the home directory.
from woke.
One other impediment to installation is the process. It starts with the instruction to use https://git.io/getwoke - this is a redirection service and at least in our company, git.io is blocked because it's trivially simple to "steal" that url and make it point to something malicious.
The second problem is that the "install" via a downloaded executed .sh file has "attack me" all over it. However trustworthy the author is all it takes is for a bad actor to surreptitiously or overtly insert malware into the un-checked chain of installation. At minimum it needs to be signed and have some form of sha or checksum to verify the content is as was released.
The reason that a linux based package installation is suggested by this issue is really to prevent the obvious and trivial attacks that can be made against the currently offered installation practice.
All that said, I do empathize. I used to maintain a Mac software installation process and gave up when every release of the Mac OS they tightened the screws, made me pay more fees (to Apple for THEIR signing certificate), and required me to change my installation process. In the tradeoffs between "Safety and Security" or "Ease of creation and ease of use" something always loses.
from woke.
Related Issues (20)
- New release HOT 2
- SonarQube output format startColumn needs to be zero based HOT 4
- Tests fail with local ~/.woke.yaml file
- Add "--fix" feature
- Woke v0.18.0 fails to install from source due to replace directive HOT 6
- woke check fails for git submodules HOT 7
- Package dependencies can bypass our ignore rules HOT 1
- Installer script doesn't understand `linux/arm64` HOT 8
- del HOT 1
- Suggestion to improve "glob" expansion in documentation HOT 2
- Nested .wokeignore doesn't work in a git repo. HOT 2
- Add multiarch support to container image HOT 3
- Question: Is there a way to allow "ansible-test sanity" but disallow "sanity"? HOT 4
- Performance issues when compiling ignores and .wokeignore not being applied HOT 5
- Exclude `.wokeignore` file in scans HOT 1
- Add a TODO mechanism / file
- Allow exclusion of terms in `.woke.yml` HOT 6
- False-positive for URLs, even with `word_boundary: true` HOT 1
- Pinpoint the location of 'findings' when you report there are 'findings'. HOT 1
- Is the use of "whitelist" and "blacklist" inclusive language HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from woke.