Open noraj opened 1 year ago
I can likely substitute with https://rakudo.org/dl/rakudo
but would need to parse the JSON. Perhaps I can create something similar in this repo to what rakudo-releases
is doing. The rakudo-releases
repo is automatically updated every 30 mins so becoming outdated is not currently a worry, but malice is certainly a valid concern.
I've opened the PR #11. The script currently still depends on rakudo-releases
for the versions, but it extracts the filename and appends the rakudo.org domain itself. Additionally the script will also download the accompanying checksum file. At some point I may consider checking the gpg signatures, but the link to the keys list on this page is currently broken: https://rakudo.org/downloads/verifying
At some point I may consider checking the gpg signatures, but the link to the keys list on this page is currently broken: https://rakudo.org/downloads/verifying
https://rakudo.org/downloads/gpg2-key-list is dead but there are only 4 keys and they are listed just below.
Another option to get all versions:
$ curl https://api.github.com/repos/rakudo/rakudo/releases -s | jq '.[].tag_name'
"2022.12"
"2022.07"
"2022.06"
"2022.04"
"2022.03"
"2022.02"
"2021.12"
"2021.10"
"2021.09"
"2021.08"
"2021.07"
"2021.06"
"2021.05"
"2021.04"
"2021.03"
"2021.02.1"
"2021.02"
"2020.12"
"2020.11"
"2020.10"
"2020.09"
"2020.08.2"
"2020.08.1"
"2020.08"
"2020.07"
"2020.06"
"2020.05.1"
"2020.05"
"2020.02.1"
"2020.02"
jq
is an option I considered. I wanted to avoid an additional dependency, but perhaps it would be useful in combination with a non-jq fallback.
I would rather parse the official list (https://rakudo.org/downloads/rakudo or https://github.com/rakudo/rakudo/releases or https://github.com/rakudo/rakudo/tags) of available releases rather than trust a third party that can be outdated or become malicious.
https://github.com/m-dango/asdf-raku/blob/198f806f17a8d703992c2aa6f38e5fe3a754c118/lib/utils.sh#L32