get.sh - storage.yandexcloud.net is blocked under corporate proxies

[epappas]

Hi team,

For some corporate proxies the domain storage.yandexcloud.net is blocked, because "reasons". This might hurt the adoption of the solution, as this is where get.sh is trying to fetch the binaries from.

I think as an alternative you could pull the release binaries from github.

The error looks like the following:

curl -L https://raw.githubusercontent.com/werf/multiwerf/master/get.sh | bash -x                                                                                                                                                                    i30662@LVVD9DBEMD6M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3582  100  3582    0     0  17645      0 --:--:-- --:--:-- --:--:-- 17645
+ set -e -o nounset
+ http_client=curl
+ PROGRAM=multiwerf
++ uname
++ tr '[:upper:]' '[:lower:]'
+ OS=darwin
++ uname -m
+ ARCH=x86_64
+ DL_URL_BASE=https://storage.yandexcloud.net/multiwerf/targets/releases
+ '[' x86_64 = x86_64 ']'
+ ARCH=amd64
+ check_os_arch
+ supported='linux-amd64 linux-arm64 darwin-amd64 darwin-arm64'
+ echo 'linux-amd64 linux-arm64 darwin-amd64 darwin-arm64'
+ tr ' ' '\n'
+ grep -q darwin-amd64
+ detect_downloader
++ curl --version
+ tmp=
+ return
+ VERSION=latest
+ MULTIWERF_BIN_NAME=multiwerf-darwin-amd64-latest
+ echo 'Downloading multiwerf-darwin-amd64-latest...'
Downloading multiwerf-darwin-amd64-latest...
+ download_file https://storage.yandexcloud.net/multiwerf/targets/releases/latest/multiwerf-darwin-amd64-latest multiwerf-darwin-amd64-latest
+ '[' curl = curl ']'
+ curl -Ls https://storage.yandexcloud.net/multiwerf/targets/releases/latest/multiwerf-darwin-amd64-latest -o multiwerf-darwin-amd64-latest
+ return
+ echo 'Checking hash sum...'
Checking hash sum...
+ download_file https://storage.yandexcloud.net/multiwerf/targets/releases/latest/SHA256SUMS multiwerf.sha256sums
+ '[' curl = curl ']'
+ curl -Ls https://storage.yandexcloud.net/multiwerf/targets/releases/latest/SHA256SUMS -o multiwerf.sha256sums
+ return
+ sha256check multiwerf-darwin-amd64-latest multiwerf.sha256sums
+ BIN_FILE=multiwerf-darwin-amd64-latest
+ SHA_FILE=multiwerf.sha256sums
+ SHA_SUM=multiwerf.sha256sums.sum
+ grep multiwerf-darwin-amd64-latest multiwerf.sha256sums
+ sha_cmd=sha256sum
+ '[' darwin = darwin ']'
+ sha_cmd='shasum -a 256'
+ shasum -a 256 -c multiwerf.sha256sums.sum
shasum: multiwerf.sha256sums.sum: no properly formatted SHA checksum lines found
+ rm -f multiwerf.sha256sums.sum multiwerf.sha256sums multiwerf-darwin-amd64-latest
+ return 1
+ echo 'multiwerf-darwin-amd64-latest sha256 hash is not verified. Please download and check hash manually.'
multiwerf-darwin-amd64-latest sha256 hash is not verified. Please download and check hash manually.
+ exit 1

[distorhead]

Hi, @epappas!

First of all thanks for your interest in werf project.

There is a new generation package manager for werf called trdl ("true delivery" :)): https://github.com/werf/trdl. We are currently use this package manager internally (alpha testning phase). Starting with coming weeks we are going to make this package manager as main way to use werf. Multiwerf installations will still be active, these will be migrated to trdl smoothly a little bit later.

Trdl uses S3 compatible storage to store packages for a project in a TUF-repository format: https://theupdateframework.io/ This is way more secure than an approach currently used by the multiwerf.

Werf project releases already published into tuf-repository, which is located in the google-storage currently (we have been moved away from storage.yandexcloud.net).

You can easily use trdl instead of multiwerf like that:

# install trdl client (this is a cli-tool similar to multiwerf, which could download packages releases from TUF-repositories)
curl https://tuf.trdl.dev/targets/releases/0.1.3/linux-amd64/bin/trdl --output /tmp/trdl && chmod +x /tmp/trdl && mkdir -p ~/bin && mv /tmp/trdl ~/bin/trdl

# add werf official TUF repository into your system
trdl add werf https://tuf.werf.io 1 b7ff6bcbe598e072a86d595a3621924c8612c7e6dc6a82e919abe89707d7e3f468e616b5635630680dd1e98fc362ae5051728406700e6274c5ed1ad92bea52a2

# use werf similarly to multiwerf
source $(trdl use werf 1.2 ea)

Some more details about trdl add params. These are sort of "fingerprints" of trusted tuf-repository:

trdl add werf https://tuf.werf.io 1 b7ff6bcbe598e072a86d595a3621924c8612c7e6dc6a82e919abe89707d7e3f468e616b5635630680dd1e98fc362ae5051728406700e6274c5ed1ad92bea52a2
# 1 stands for a version of root.json tuf metadata file: https://tuf.werf.io/1.root.json
# hash is a sha512 of root.json tuf metadata file: https://tuf.werf.io/root.json

Upd. It is better to use tuf.werf.io instead of storage.googleapis.com/werf-tuf directly and tuf.trdl.dev instead of storage.googleapis.com/trdl-tuf

[epappas]

thanks @distorhead I'll give trdl a try as well. Feel free to close the issue or manage it however it seems fit.