this post was submitted on 16 Feb 2025
7 points (100.0% liked)

No Stupid Questions (Developer Edition)

959 readers
1 users here now

This is a place where you can ask any programming / topic related to the instance questions you want!

For a more general version of this concept check out !nostupidquestions@lemmy.world

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev
7
is there anything like an app/script for .tar files that automates configure-make-makeinstall into a single step for the end user? (after onetime manual config) (lemmy.dbzer0.com)
submitted 6 days ago* (last edited 6 days ago) by quickenparalysespunk@lemmy.dbzer0.com to c/no_stupid_questions@programming.dev
1 comments fedilink hide all child comments
 

In my understanding, the options need to be customized for each machine, as well as the fact that making packages for tons of distros can be a lot of work for solo or small team devs, and that's why some software is provided as .tar only.

but it seems like the install process on the user side could be automated to a single command or drag-drop, as long as the script would throw informative alerts for any errors and the user is prepared to take over manually.

does something like this exist in a standalone form that's not bundled like snaps or flatpaks?

if not, is there a broadly-applicable reason (security, damaging OS, etc) that makes it a terrible idea? or simply that no one has gotten to it?

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev 4 points 6 days ago

if not, is there a broadly-applicable reason (security, damaging OS, etc

Yeah. The big one is security. Windows suffers from this, where being able to just download an exe and run it results in the ease of distribution for malware.

Repositories of software have a massive advantage, in that they are vetted and watched by a multitude of individuals. The recent XZ backdoor didn't even make it to the repos of Debian 12 due to the slow policies. Of course, this comes with the notable disadvantage of not all software being packaged.

In my opinion, a reasonable compromise are distro agnostic package formats with their own package managers, like flatpak or nix. Flathub and Nix are maintained, vetted, and haven't been hit by malware (yet). For servers and their services, there are docker images, which can be run any of the many ways to run docker containers. At this point, I think almost all server software I've looked at offers a docker container.

Distros like Debian, have a footnote on potential pitfalls of getting software from places other than the repos. Also, I'd say that Linux distros in general don't want people to create packages of their software.

Your specific idea, make install, has it's own issues as well. If you make install something and an incompatible version of something is installed to the host system, then breakages can occur. Flatpak, nix, docker, all have in common that they are isolated from the host system, and cannot interfere or cause breakages, due to their design.

Now, technically what you want does exist as curl somescript.com | sh but these are security nightmares, and also difficult to maintain post installation. You're supposed to manually check what the script does, but no one does that, and on the more complex scripts, it's not really feasible to check them for malware.