Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tidy up the output during installation #28

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Tidy up the output during installation #28

wants to merge 3 commits into from

Conversation

canterberry
Copy link
Member

@canterberry canterberry commented Jul 28, 2022
edited
Loading

Currently, the output of this plugin when installing a version is quite ugly and intimidating.

Screen Shot 2022-07-27 at 23 06 00

In this PR, I've made that output much cleaner for humans to read.

Screen Shot 2022-07-27 at 23 04 12

Notable Changes

  1. The -q flag is now being passed to wget commands, which are the primary offenders of the bulky output.
  2. The -q flag is now being passed to gpg commands, particularly the --verify command, which prints a spurious warning about the key not being trusted -- we can safely ignore that because we're using a dedicated keyring for this plugin where we've pulled the signing key from a trusted official source via a secure channel.
  3. Output is now consolidated to a single line, whether successful or failed, with a curated error message upon failure and an unambiguous confirmation upon success.

How to verify

# Install this plugin if it's not already installed
$ asdf plugin-add yarn

# Fetch the latest source and check out this PR's branch
$ (cd ~/.asdf/plugins/yarn && git fetch --all && git checkout quiet-gpg-and-wget)

# Install a real version of yarn to confirm it works as expected
$ asdf install yarn 1.22.19

# Install a non-existent version to confirm it fails as expected
$ asdf install yarn 1.3.37

Potential Issues

  • If my "prettification" here is too cute or garish, I accept that. I may have gone overboard. If you're on board with the goal of reducing spurious CLI output during install, but think I should rein it in, let me know.
  • I'm not sure how well this plugin works on Windows (if at all) and don't intend to test that myself. Any active Windows/WSL users out there, I'd appreciate your help validating these changes or spotting any obvious issues.

@canterberry
🎨 Tidy up wget and gpg output during installation
e55e491
@canterberry
🎨 Ignore GPG output on signature verification
4e122b3 
This plugin uses a dedicated keyring containing only the signing key
we know to trust because we obtained it from an official source via
a secure channel. However, because we haven't told GPG that we trust
the key, we see a trust warning when attempting to verify a signature
made using that key. This warning is spurious (aside: the GPG-level
trust model is esoteric and rarely used, in favor of pushing trust
upward to ensure you're only using trusted keys to verify signatures
in the first place).

If signature verification fails, we'll still get a non-zero exit code,
which will halt the process from continuing to install the errant file.
@canterberry
🎨 Prettifying progress updates
5ff06a5 
Writing progress to standard error (vs standard output)
because it is intended for humans to read (vs machines).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@canterberry