For other environments, using "asdf/kerl" is still the best route. Elixir install mostly relies on prebuilt binaries, which currently are available for Windows (via Erlang) and Ubuntu (via Hex).
On Tue, Sep 17, 2024 at 12:45 PM Jim Freeze <jimfre...@gmail.com> wrote: > What do we need to do to support FreeBSD? > > Dr. Jim Freeze, Ph.D. > ElixirConf® > ElixirConf.com > ElixirConf.eu > (m) 512 949 9683 > > > On Fri, Sep 13, 2024 at 7:06 AM Wojtek Mach <woj...@wojtekmach.pl> wrote: > >> Hey everyone, >> >> We already have multiple ways of installing Elixir ( >> https://elixir-lang.org/install.html) but I believe we can still do >> better. Elixir is cross-platform but Erlang/OTP is not. We need to get OTP >> for **our OS/architecture**, ideally prebuilt or otherwise we need to >> compile it from source. I've listed some challenges with existing >> installation methods here: >> https://github.com/erlef/build-and-packaging-wg/issues/80. >> >> Since a few releases ago, Elixir project maintains installer for Windows, >> e.g. < >> https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.exe>, >> but that still requires OTP. The installer tries to be helpful, finds >> whether OTP is already installed and the version matches and otherwise show >> a link to download it. This is a GUI installer that fortunately can be >> running headless, `.\elixir-otp-27.exe /S /D=C:\elixir`, but, again, we >> need to first install OTP. >> >> I believe we can significantly improve Elixir getting started experience >> by having a "one click install" but for terminals, download a single script >> that installs Elixir and OTP for their system. >> >> I've created a proof-of-concept called Elixir Install ( >> https://elixir-install.org) and we can use it in bash for >> macOS/Ubuntu/Windows: >> >> $ curl -fsS https://elixir-install.org/install.sh >> $ sh install.sh elixir@1.17.2 otp@27.0.1 >> $ export PATH=$HOME/.elixir-install/installs/otp/27.0.1/bin:$PATH >> $ export >> PATH=$HOME/.elixir-install/installs/elixir/1.17.2-otp-27/bin:$PATH >> iex >> >> and Powershell on Windows: >> >> > curl.exe -fsS https://elixir-install.org/install.bat >> > .\install.bat elixir@1.17.2 otp@27.0.1 >> > $env:PATH = >> "$env:USERPROFILE\.elixir-install\installs\otp\27.0.1\bin;$env:PATH" >> > $env:PATH = >> "$env:USERPROFILE\.elixir-install\installs\elixir\1.17.2-otp-27\bin;$env:PATH" >> > iex.bat >> >> (The actual script is .bat because I noticed that even though Windows >> ships with Powershell, by default running external scripts is prohibited.) >> >> The script can also be executed without arguments, it will install the >> latest Elixir & OTP (hardcoded inside the script) >> >> $ curl -fsS https://elixir-install.org/install.sh | sh >> downloading >> https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz >> downloading >> https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.zip >> (...) >> >> The script is downloading OTP from these places: >> >> * macOS: < >> https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz>, >> see https://github.com/erlef/build-and-packaging-wg/issues/80 >> * Ubuntu: < >> https://builds.hex.pm/builds/otp/arm64/ubuntu-22.04/OTP-27.0.1.tar.gz>, >> see <https://github.com/hexpm/bob?tab=readme-ov-file#erlang-builds>. In >> the future I'd like to move it to <github.com/erlef/otp_builds> too. >> * Windows: < >> https://github.com/erlang/otp/releases/download/OTP-27.0.1/otp_win64_27.0.1.zip >> > >> >> I'd like to propose making this official under elixir-lang.org, that is: >> >> * https://elixir-lang.org/install.sh >> * https://elixir-lang.org/install.bat >> >> ## Security >> >> In my proof of concept there are no additional security considerations >> besides using https. If this is not good enough, I think we could use the >> same security model as `mix local.hex`, that is, we'd download the build, >> the builds.txt (with all builds and their checksums), and the >> builds.txt.signed, and verify the signature against the public key the >> install would ship with. See https://blog.voltone.net/post/25 for more >> information. >> >> To have an idea, this would be along the lines of: >> >> curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv >> curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv.signed >> # run `mix local.public_keys --detailed` and create public_key.pem >> openssl dgst -sha256 -verify public_key.pem -signature <(openssl >> base64 -d -in hex-1.x.csv.signed) hex-1.x.csv >> >> `openssl` is available on macOS, Windows, and Ubuntu Desktop. >> >> ## Non-Goals >> >> * No version management along the lines of asdf/mise/etc, this is >> better solved by these tools anyway. >> >> ## Caveats >> >> In my proof of concept, the script requires sh and unzip on UNIX. (On >> Windows it's using curl too, which is built-in, but can be easily rewritten >> to using Powershell `Invoke-WebRequest`.) One caveat with this is while >> this works out of the box on Ubuntu Desktop, >> the official Ubuntu Docker images does not have these and so they need to >> be installed: >> >> $ docker run --rm -it ubuntu bash >> docker$ apt update && apt install -y curl unzip >> docker$ curl -fsS https://elixir-install.org/install.sh | sh >> >> This applies to `openssl` mentioned in the security section too. We could >> solve this by instead of a script have an executable (written in >> Go/Rust/Zig/etc) that would have everything it needs to download, unpack, >> and verify things. I think this would complicate things (executable would >> now or down the road have to be code signed, which fortunately we have some >> experience with already), users will be presented with a list to pick, and >> scripts would need a heuristic to figure out which installer to download. >> >> ## BEAMup >> >> Tristan Sloughter is working on [BEAMup]( >> https://erlangforums.com/t/beamup-a-new-way-to-install-erlang-gleam-and-more-to-come/3912), >> similar tool but way more ambitious and with bigger scope. I'd like to >> think much smaller scope of elixir-lang.org/install.sh would make it >> easier to maintain. The most complicated underlying piece, having prebuilt >> OTP, is shared between the tools anyway. >> >> ## Elixir.app >> >> Brian Cardarella shared a proof-of-concept of a GUI installer for macOS: >> https://x.com/bcardarella/status/1831040691801088308. Again, this would >> have bigger scope and the underlying foundation in prebuilt OTP is shared >> anyway. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elixir-lang-core" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to elixir-lang-core+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elixir-lang-core/6bbf2aa9-7d1b-42fe-a61e-abf72729519an%40googlegroups.com >> <https://groups.google.com/d/msgid/elixir-lang-core/6bbf2aa9-7d1b-42fe-a61e-abf72729519an%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "elixir-lang-core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to elixir-lang-core+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elixir-lang-core/CAP1mN_ymsbyx-wEN-hKNJGuLTAsS80gTLL7RpVtum90gYaVg%2Bw%40mail.gmail.com > <https://groups.google.com/d/msgid/elixir-lang-core/CAP1mN_ymsbyx-wEN-hKNJGuLTAsS80gTLL7RpVtum90gYaVg%2Bw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "elixir-lang-core" group. To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-core+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/CAGnRm4%2Bhw1PV97frN%3D9RR6TPQjP0s_FGnOhJK8d5y6Gs09FsuQ%40mail.gmail.com.
