PSA: Eget That Executable from GitHub
The blog post discusses the challenges of downloading binaries from GitHub and introduces "eget," a command-line tool that simplifies this process while addressing security and API limitations.
Read original article
The blog post discusses the challenges of downloading and installing binaries from GitHub, particularly when setting up a development container. The author highlights the cumbersome process of manually finding the latest releases, identifying the correct binaries, and handling various packaging formats. To streamline this process, the author introduces "eget," a command-line tool that simplifies downloading the latest releases from GitHub repositories with a single command. While eget is not included in any distribution and requires a specific installation method, it significantly reduces the complexity of managing binaries across different platforms. The tool also offers interactive prompts for ambiguous binaries and supports SHA256 checksums for safer automation. However, the author notes limitations with GitHub's API, which can hinder the tool's functionality due to call limits. Despite these challenges, the author advocates for using GitHub and finds eget to be a valuable tool for software acquisition across various systems.
- Eget simplifies the process of downloading and installing binaries from GitHub.
- The tool requires a specific installation method and is not included in standard distributions.
- Eget supports SHA256 checksums for enhanced security in automation.
- Limitations exist with GitHub's API, affecting the tool's ability to fetch release information.
- The author prefers GitHub for software projects despite its challenges.
Related
Storing Scraped Data in an SQLite Database on GitHub
The article explains Git scraping, saving data to a Git repository with GitHub Actions. Benefits include historical tracking and using SQLite for storage. Limitations and Datasette for data visualization are discussed.
Number of incidents affecting GitHub, Bitbucket, Gitlab and Jira is rising
Incidents on major development platforms like GitHub, Bitbucket, GitLab, and Jira are rising, with GitHub up 21% in 2023, highlighting security challenges and the need for better collaboration in DevSecOps.
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
The article addresses the security risks of managing software dependencies, highlighting a specific incident of a compromised package. It debates the effectiveness of containers versus VMs and seeks practical solutions.
Modern Unix Tool List
The article lists modern Unix command-line tools that enhance traditional utilities, highlighting Atuin, Bat, and Concurrently, while noting some tools as unsatisfactory and emphasizing the need for regular updates.
Making a blog for the next 10 years
The author plans to maintain their blog for a decade, using Markdown for readability, Mataroa for hosting, and Go for publishing tools, while addressing third-party module reliability concerns.
9 commentsI prefer hard-coded hashes in my code so that when the file changes, I'm made aware. I've lost so much time chasing bugs back to a dependency which changed without a version bump and whose hash was checked by a script that just got the hash it was checking at runtime.
https://www.reddit.com/r/github/comments/1at9br4/i_am_new_to...
We trust github.com and small-time publishers far too much. There’s a reason Debian packages software and runs mirrors.
1. There's a catch-22. In order to fetch binaries you need to first install eget.
2. You need to trust eget to not be (or become) malicious.
Perhaps #1 can be resolved by providing it as a proxy service and not an executable. For example, "wget eget.net/gopls@latest" which then usings eget on the server to grab/cache the binary and send it back.
Then again, that would mean putting even more trust in eget.
Good.
ubi --project oalders/is --in ~/local/bin
Related
Storing Scraped Data in an SQLite Database on GitHub
The article explains Git scraping, saving data to a Git repository with GitHub Actions. Benefits include historical tracking and using SQLite for storage. Limitations and Datasette for data visualization are discussed.
Number of incidents affecting GitHub, Bitbucket, Gitlab and Jira is rising
Incidents on major development platforms like GitHub, Bitbucket, GitLab, and Jira are rising, with GitHub up 21% in 2023, highlighting security challenges and the need for better collaboration in DevSecOps.
Ask HN: Pragmatic way to avoid supply chain attacks as a developer
The article addresses the security risks of managing software dependencies, highlighting a specific incident of a compromised package. It debates the effectiveness of containers versus VMs and seeks practical solutions.
Modern Unix Tool List
The article lists modern Unix command-line tools that enhance traditional utilities, highlighting Atuin, Bat, and Concurrently, while noting some tools as unsatisfactory and emphasizing the need for regular updates.
Making a blog for the next 10 years
The author plans to maintain their blog for a decade, using Markdown for readability, Mataroa for hosting, and Go for publishing tools, while addressing third-party module reliability concerns.