Installation should use some kind of package manager

[erikbgithub]

Otherwise how would I update? Nobody reinstalls tools again and again, if they are already installed once. Like, how do I install a go program usually as a go developer? Is there a way like with python and pip?

[kytrinyx]

In go it's go get -u and the package name, but with a binary it's different.

On mac you can use homebrew to both install and update. I wish I knew of a similar system for windows!

http://cli.exercism.io/

I've had on my TODO list to figure out how to create an installer that deals with auto-updates (one for windows, one for mac). I've also got an AUR package in the works for linux.

[Spinarooni]

For Windows you could use https://chocolatey.org/ as the package manager.

[kytrinyx]

Oh, nice, thanks for the tip.

@LegalizeAdulthood, @jwood803 are either of you familiar with chocolatey? Would you reach out to your networks of windows devs to see if someone would have some time to figure out what needs to happen in clear enough terms that we can create a proper issue or project for it? It's always easier to contribute when there are good specifics.

[jwood803]

I've used it once before and it is pretty slick. I'll see what I can come up with.

[kytrinyx]

Sweet, thank you! As always let me know how I can help out. If you need a GitHub repo for it just tell me what you need and I'll set it up and give you commit.

[erikbgithub]

AUR won't suffice for Linuxes like Ubuntu, Suse or Fedora I think (adding all three you might have the majority of Linux systems out there). Nobody who uses these systems well wants to install stuff around their individual package managers. Python and Ruby users might tolerate pip and whatever the ruby tool was called, but AUR is installing without telling the package manager, and therefore probably not better than manual install (noob here, maybe I'm wrong).

I googled a little and maybe something can be worked out with the linux homebrew guys? Then you might only need to manage a single deployment package and can reach all of mac and linux together. In fact this might already working fine. I'll try it.

[kytrinyx]

Oh, linux homebrew sounds incredibly promising.

I've not worked with package managers for linux for almost a decade so I'm woefully out of date there :/

[erikbgithub]

Installation works, but the binary can't work with Linux. I guess it's the Mac binary I get this way. Also the problem with having package managers take care of updating my software is not completely solved because now exercism might be updated, but linuxbrew isn't installed via any package manager either :D ... Really not sure how this could be solved.

[LegalizeAdulthood]

AFAIK, homebrew is for MacOS package management only. At least, I never heard of it until getting some feedback about using it to install C++ related items on MacOS when making the C++ language track.

In the Windows world, there isn't really anything like a package manager like zypper, yum, apt-get, etc., on Linux. Recently, NuGet appeared on the scene, but that was primarily for development packages, not end-user utilities. I haven't heard of chocolatey before, but at first glance it appears to be a nuget derivative/adjunct.

I know it's very NIH-ish, but is there any reason we can't have a command in exercism itself to orchestrate an update?

[kytrinyx]

I know it's very NIH-ish, but is there any reason we can't have a command in exercism itself to orchestrate an update?

We probably could. I'm worried about security, to be honest. If we have an update URL, that opens up the possibility of a man-in-the-middle attack. I'm sure we could do some sort of signing that would make it reasonable, though. If someone knows crypto and security and all of that wonderful stuff, I'd love to get some ideas about how to manage that.

[LegalizeAdulthood]

Funny you should mention security and crypto as I literally just finished reading Implementing SSL / TLS Using Cryptography and PKI today. If you did the version check and the download with https talking to the exercism.io server, then you are protected against man-in-the-middle attacks by TLS/SSL by virtue of using https and not http to contact the server. The crypto infrastructure used is the same one that is used by any browser when connecting to a site via https. However, I see that because I login to exercism.io through github, I'm not actually connected to exercism.io via https when I am manipulating my account page. For this to work properly, you need to get a certificate for the *.exercism.io site that your web server uses to handle the https traffic. This is a yearly expense, albeit not a large one.

[LegalizeAdulthood]

An example of an application that detects updates, alerts the user and prompts them to install the update is IntelliJ IDEA. I suppose that's because even the community edition is obtained directly from JetBrains and not from apt-get, zypper, yum, etc.

Here are some thoughts on how this would work:

1. Periodically (once a week, max? update check frequency determined by a config setting?), exercism client checks for updates when invoked for any command.
2. If an update is found, the user is notified that an update is available
3. The user can issue an exercism update command to update their client. We can decide that this should delegate to a package manager, or for platforms where package managers aren't available/common, we can use https to get the new version and an appropriate script for the platform to perform the update.

Why the update script? Because on Windows, you can't replace an executable that's in use. So you transfer control from the executable to cmd.exe to run the update script in another process. That gives your existing exercism process a chance to exit so the update script can proceed in replacing the executable.

[kytrinyx]

For this to work properly, you need to get a certificate for the *.exercism.io site that your web server uses to handle the https traffic. This is a yearly expense, albeit not a large one.

This is something we're going to need to work out soon in any case. The "log in via github" was great when there were 500 people using the site. Not so much when there are 6000 people and the visibility is high. The API key thing is a barely-there let's-all-be-friendly-neighbors type security.

[Tonkpils]

This has been resolved with the upgrade command.

[erikbgithub]

Could you link issues, commits or something? Haven't been following closely enough to know about this command.

[Tonkpils]

Sure, I'll go ahead and do it once I have access to a computer.

[kytrinyx]

Here you go: https://github.com/exercism/cli/pull/196 https://github.com/exercism/cli/issues/61

[erikbgithub]

Cool thanks!

[educastro]

Why there is not .deb package available? Is there any restriction?

This semester I have a class that requires a final project and I am thinking about using this opportunity to create something to exercism, maybe a debian package. What do you think about it?

[kytrinyx]

Hi @educastro, there's no restriction. It's mostly a matter of what people have requested and what we have documented. If you would like to work on this, would you help figure out what it would take to release the .deb package every time we release a new version of the CLI?

We've had trouble in the past when we either don't know how to release new versions of the CLI to 3rd party package managers, or we simply don't have access.

[educastro]

@kytrinyx Amazing! So I'll work on this during the next weeks and try to figure out this issue with updates! Any updates or doubt I'll post it here :)

[kytrinyx]

Yay, thank you @educastro! :heart:

[jtigger]

Here there, @educastro! Any updates?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[kytrinyx]

I accidentally reopened this. It's actually resolved.