[Lio]

Not sure I like the install method. I'm nervous of anything that asks me to pipe curl to shell.

[arnarbi]

Are you less nervous running a binary installer?

[beachstartup]

i'm not. all of it makes me nervous. even package managers with supposedly cryptographically secure verification make me nervous.

but, you gotta do what you gotta do to actually do stuff.

i sure as hell ain't going back to the days of compiling everything from source.

[seanwilson]

> i'm not. all of it makes me nervous. even package managers with supposedly cryptographically secure verification make me nervous.

Android and Chrome for example are really ahead of this in my opinion. Apps are sandboxed and you know uninstall clears up traces of them. Obviously it's not perfect but it's miles ahead of installation scripts and binary installers which can do anything they want with your system and might be hard to get rid of.

[yoz-y]

That is what Mac App Store is for. However, all of these sandboxed environments come with their own sets of problems and make making especially these kind of tools quite difficult if not impossible.

[pjmlp]

> Apps are sandboxed and you know uninstall clears up traces of them.

Not in all versions of Android, if they write stuff on the SD card.

[seanwilson]

They might be able to write some files that sit around but not code that runs on startup and spies on you for example.

[slrz]

So how would you go about packaging this m-cli tool into a sandboxed app?

[ghshephard]

Okay - I'm curious. What is wrong with:

  ./configure
  make
  make install

I do that a lot, and 90+% of the time, it's that simple.

[beachstartup]

uh yeah, it's the other 10% that's the problem.

not to mention the tracking of installed files and library dependencies that slowly develop into an accumulated spiderweb shitstorm of runtime conflicts.

have you tried maintaining multiple versions of a shared object libraries by hand? do you remember the 'make install' wrappers that never worked right? pepperidge farm remembers.

[auvi]

the best way to get rid off the discomfort is to first check the shell script: curl -fsSL https://raw.githubusercontent.com/rgcr/m-cli/master/install.... | pbcopy

Then you can paste it in a text editor and if it is not too long you can verify the script.

And as this one is on github you can take a look directly.

[theseoafs]

Just pipe the script to a file so you can read it without having to copy-paste. :)

curl -fsSL https://raw.githubusercontent.com/rgcr/m-cli/master/install..... > install.sh

[jlgaddis]

Or use curl's built-in options:

  curl -O ...

or

  curl -o install.sh ...

[Alphasite_]

Or pbpaste | sh

[curun1r]

Also not to like about the install method: The install.sh stores INSTALL_DIR in a variable but does not allow that variable to be overridden by the environment. So you're forced to install into /usr/local despite then being asked to add /usr/local/m-cli to your path. It would be better to allow /usr/local to be overridden so that installation doesn't require sudo. It's just as easy to add ~/.m-cli to your path.

[JadeNB]

> The install.sh stores INSTALL_DIR in a variable but does not allow that variable to be overridden by the environment.

Really? The documentation explicitly says that it does:

    INSTALL_DIR=$HOME/.m-cli sh <(curl -fsSL https://raw.githubusercontent.com/rgcr/m-cli/master/install.sh)

[javajosh]

You can always pull and build - but of course that's risky too, roughly in proportion to the size of the working copy.

[barefootcoder]

The thing is, in this case you can easily inspect the shell script that they're running with that curl command.