Comments (2)
Hi @jbrucker, thanks for opening an issue to try and improve the CLI.
Firstly,
Did someone from Microsoft write this stuff?
While I'm sure that quipping makes you feel good, it's not going to advance the technical discussion, so I'd ask that you leave it out. We're all here to try to make gh
a valuable piece of software, otherwise I'm sure you wouldn't have taken the time to open this issue.
Now, onto the actual details. The original authors of these instructions are long gone so let's work together and make sure this gets the attention it needs. Firstly, I assume you're talking about this snippet:
type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
&& sudo apt update \
&& sudo apt install gh -y
So let's talk about your specific concerns:
completely trust whatever junk you download via a pipe
I assume what you're getting at here is that there is no verification that the contents of /usr/share/keyrings/githubcli-archive-keyring.gpg
are what the user expects? Can you be more specific about the security implications of this file containing unexpected data (noting that to do so would require either for a user to ignore certificate errors, to have a broken trust store, or for https://cli.github.com
to be compromised, which also serves the packages themselves).
make his system less secure by adding a keyring with global write permisions
I don't see this. The keyring is made world readable in chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
which was a response to systems that have umask
set to 600
. The documentation for signed-by
states that everyone should have read permissions on these.
It is specified as a list of absolute paths to keyring files (have to be accessible and readable for the _apt system user, so ensure everyone has read-permissions on the file) and fingerprints of keys to select from these keyrings.
install the 'gh' package and dependencies using the -y flag so the poor user has no chance to change his mind after seeing what will be installed.
I can see why this would have some merit. I don't think it would be a big deal to remove this and allow the user a moment to double check.
pipe output to /dev/null so the user cannot see the output
Are you talking about this line?
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
What would you expect to happen here if the pipe to /dev/null
was removed? The only thing you'd see would be the line that is being echoed with the evaluation of dpkg --print-architecture
being included right? I don't really see what the security implications of this are.
Cheers.
from cli.
@jbrucker : I'm closing this issue for now due to inactivity. If you feel there is more to contribute to the conversation, please capture your ideas on how to address these concerns in a practical way as well as review our Code of Conduct.
from cli.
Related Issues (20)
- Add `ref` support to `gh cache list` command HOT 1
- Updating of a repo variable returns a Created message instead of Updated message HOT 2
- Allow `gh issue list` to filter by more than one milestone HOT 9
- Te bug
- Problem parsing comma when using: `gh pr create --fill` HOT 1
- Unexpecte comparison operator error when using templates with graphql query HOT 8
- `gh project view` with `web` flag does not open interactive mode HOT 3
- warning: templates not found /usr/share/git-core/templates HOT 2
- gh repo clone should resolve paths too HOT 3
- "This endpoint requires you to be authenticated" only to be told "You were already logged in" HOT 15
- The "Created at" column in the table of the list of PR doesn't sound good with "about 1 month ago" HOT 3
- Support using both `--jq` and `--template` for `gh repo list` HOT 2
- gh pr create -f breaking up titles with commas HOT 2
- Add File Exclusion Option to gh pr diff Command
- viewing an issue/pr executes fragments of the ANSI Escape code on `:terminal` in Neovim HOT 1
- cannot use cli after reading README page HOT 2
- `gh issue list` should show assignee/s if any
- gh pr merge --admin Does not circumvent merge queue as documented HOT 6
- Enable authentication using GitHub App
- Windows MSI installer should (optionally) add a Start Menu and/or icon
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.