🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/vmware-tanzu/tanzu-framework/cli/core

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/vmware-tanzu/tanzu-framework/cli/core

v0.0.0-20230502112918-8070299d2252
Source
Go
Version published
Created
Source

Using APT to install the Tanzu CLI

APT uses Debian packages for installation. This document describes how to build such packages for the Tanzu CLI, how to push them to a public repository and how to install the CLI from that repository.

Building the Debian package

Executing the hack/apt/build_package.sh script will build the Debian packages under cli/core/hack/apt/_output. The hack/apt/build_package.sh script is meant to be run on a Linux machine that has apt installed. This can be done in docker. To facilitate this operation, the new apt-package Makefile target has been added to cli/core/Makefile; this Makefile target will first start a docker container and then run the hack/apt/build_package.sh script.

cd tanzu-framework/cli/core
make apt-package

Note that two packages will be built, one for AMD64 and one for ARM64. Also, a repository will be generated as a directory called _output/apt which will contain the two built packages. Please see the section on publishing the repository for more details.

Testing the installation of the Tanzu CLI locally

We can install the Tanzu CLI using the newly built Debian repository locally on a Linux machine with apt installed or using a docker container. For example:

$ cd tanzu-framework
$ docker run --rm -it -v $(pwd)/cli/core/hack/apt/_output/apt:/tmp/apt ubuntu
echo "deb file:///tmp/apt jessie main" | tee /etc/apt/sources.list.d/tanzu.list
apt-get update --allow-insecure-repositories
apt install -y tanzu-cli --allow-unauthenticated
tanzu

Note that the repository isn't signed at the moment, so you may see warnings during installation.

Publishing the package to GCloud

We have a GCloud bucket dedicated to hosting the Tanzu CLI OS packages. That bucket can be controlled from: https://console.cloud.google.com/storage/browser/tanzu-cli-os-packages.

To publish the repository containing the new debian packages for the Tanzu CLI, we must upload the entire apt directory to the root of the bucket. You can do this manually. Once uploaded, the Tanzu CLI can be installed publicly as described in the next section.

Installing the Tanzu CLI

Currently, the repo is not signed but will be in the future; you may get warnings. To install from an insecure repo:

$ docker run --rm -it ubuntu
apt update
apt install -y ca-certificates
echo "deb https://storage.googleapis.com/tanzu-cli-os-packages/apt jessie main" | tee /etc/apt/sources.list.d/tanzu.list
apt update --allow-insecure-repositories
apt install -y tanzu-cli --allow-unauthenticated

FAQs

Package last updated on 02 May 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts

Research

Security News

Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts

Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.

By Olivia Brown  -  May 15, 2025