docs(install_linux.md): speedup file writing #11474
Conversation
|
Hi! Thanks for the pull request. Please ensure that this change is linked to an issue by mentioning an issue number in the description of the pull request. If this pull request would close the issue, please put the word 'Fixes' before the issue number somewhere in the pull request body. If this is a tiny change like fixing a typo, feel free to ignore this message. |
There was a problem hiding this comment.
Pull Request Overview
This PR optimizes the Linux installation process by simplifying the file download and writing procedure. The change eliminates unnecessary intermediate steps and improves performance by downloading directly to the destination.
- Replaces multi-step download process with direct download to destination
- Removes temporary file creation and cleanup overhead
- Streamlines the installation command chain
| @@ -16,8 +16,7 @@ Install: | |||
| ```bash | |||
| (type -p wget >/dev/null || (sudo apt update && sudo apt install wget -y)) \ | |||
| && sudo mkdir -p -m 755 /etc/apt/keyrings \ | |||
| && out=$(mktemp) && wget -nv -O$out https://cli.github.com/packages/githubcli-archive-keyring.gpg \ | |||
| && cat $out | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \ | |||
| && sudo wget -nv -O /etc/apt/keyrings/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg \ | |||
There was a problem hiding this comment.
Running wget with sudo to write directly to /etc/apt/keyrings/ could be a security risk. If the download fails or is compromised, it could affect system files. The original approach using a temporary file first allows for validation before writing to the system directory.
| && sudo wget -nv -O /etc/apt/keyrings/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg \ | |
| && wget -nv -O /tmp/githubcli-archive-keyring.gpg https://cli.github.com/packages/githubcli-archive-keyring.gpg \ | |
| && sudo mv /tmp/githubcli-archive-keyring.gpg /etc/apt/keyrings/githubcli-archive-keyring.gpg \ |
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
I just happened to be reviewing https://github.com/nodesource/distributions/blob/master/scripts/deb/setup_24.x earlier today and wondering about these instructions versus having a single Bash script for setting all of this up. 🤔
The way it handles this is by piping the content of the key into gpg to dearmor it and write the file:
# Run 'curl' and 'gpg' to download and import the NodeSource signing key
if ! curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg; then
handle_error "$?" "Failed to download and import the NodeSource signing key"
fiThis would be an alternative we could adopt, too
There was a problem hiding this comment.
I like the "dearmor" idea. It's a best practice now. But is the key "armored"?
As for command versus bash file, I love command because it's obvious how things will go, and it's easier to adopt. In my case, I adopted into Dockerfile
Originally, this guide makes us:
Hence, I change it to download to the destination directly to enhance performance.