| ▲ | tex0 10 hours ago | ||||||||||||||||||||||
This is a cool tool, I like the idea. But the way `uc machine init` works under the hood is really scary. Lot's of `curl | bash` run as root. While I would love to test this tool, this is not something I would run on any machine :/ | |||||||||||||||||||||||
| ▲ | psviderski 9 hours ago | parent | next [-] | ||||||||||||||||||||||
Totally valid concern. That was a shortcut to iterate quickly in early development. It’s time to do it properly now. Appreciate the feedback. This is exactly the kind of thing I need to hear before more people try it. | |||||||||||||||||||||||
| ▲ | redrove 9 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
+1 on this I wanted to try it out but was put off by this[0]. It’s just straight up curl | bash as root from raw.githubusercontent.com. If this is the install process for a server (and not just for the CLI) I don’t want to think about security in general for the product. Sorry, I really wanted to like this, but pass. [0] https://github.com/psviderski/uncloud/blob/ebd4622592bcecedb... | |||||||||||||||||||||||
| ▲ | jabr 4 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
There is a `--no-install` flag on both `uc machine init` and `uc machine add` that skips that `curl | bash` install step. You need to prepare the machine some other way first then, but it's just installing docker and the uncloud service. I use the `--no-install` option with my own cluster, as I have my own pre-provisioning process that includes some additional setup beyond the docker/uncloud elements. | |||||||||||||||||||||||
| ▲ | tontony 9 hours ago | parent | prev [-] | ||||||||||||||||||||||
Curious, what would be an ideal (secure) approach for you to install this (or similar) tool? | |||||||||||||||||||||||
| |||||||||||||||||||||||