Guide.md: Change download instructions and remove bad info #15204
Conversation
Piping `curl` directly to `| sudo sh` has very weird failure modes: If the connection is interrupted, you can end up executing part of a script. The small rant about "Trusting Rust" to not hack your computer is completely misguided as well. You're going to run binaries one way or another, so you're still trusting Rust developers. The fact that we're delivering unsigned binaries over http is still cringeworthy though.
|
I agree that the rant about "Trusting Rust" is inappropriate. I also agree that delivering unsigned binaries over http is unfortunate. However, I think the problem of executing a partially-downloaded script can be solved without changing the ergonomics of running the script (i.e. by still allowing for piping directly to Technically speaking, there are various points in the file where a termination would in fact attempt to invoke a command, e.g. in any of the function definitions, terminating before the Another suggestion might be to get rid of the |
|
Perhaps piping is actually the wrong approach. It could instead say script=$(curl -s http://www.rust-lang.org/rustup.sh) && sudo sh -c "$script"This will avoid executing the script if |
|
I would strongly prefer fixing Rustup rather than changing the instructions. |
|
How would you propose changing rustup? If it defaulted to installing per-user, I would still request this same change be made to the instructions, just without the |
|
There's two big concerns with Rustup, right now:
The first is fixible by modifying Rustup. The second... I can't even believe that that happens, though of course, lol computers. Do you have any more information on this actually happening? Secondarily, it seems that a fix for that problem was presented by @kballard : " taking the body of rustup.sh and wrapping it in a main() {} function, and then invoking that function at the bottom of the file". Would that address your concern? Other projects just pipe to I'm a bit loathe to change the instructions, because a single step to install is so much nicer than 'two steps and then delete this file.' Especially if we can get away with just one. Finally, while you're right that you're installing a compiler, and so you have to trust us anyway, this argument always comes up on every HN/reddit thread where someone suggests |
I've had it happen, and can somewhat reliably make it happen using a slow network connection that goes down for a few seconds in the middle of the script downloading. (In this case, I deliberately throttled it, but no worse than what I get on my cell phone on caltrain...). I tried to make an automated test case so you can try at home but it was a pain compared to just doing it manually. |
That sort of the point of @kballard's suggestion, it saves the script to a variable instead of a file, giving you the same benefit as a file but without having to care about deleting it. |
|
Closing due to inactivity |
internal: Add analysis-stats flag to trigger some IDE features Closes rust-lang/rust-analyzer#15131 Running this on r-a showed an 86mb memory increase, but that was without running it on the deps, will try that later when I don't need to use my pc.
Piping
curldirectly to| sudo shhas very weird failure modes: If the connection is interrupted, you can end up executing part of a script.The small rant about "Trusting Rust" to not hack your computer is completely misguided as well. You're going to run binaries one way or another, so you're still trusting Rust developers.
The fact that we're delivering unsigned binaries over http is still cringeworthy though.