Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
github.com/vmware-tanzu/tanzu-framework/cli/core
- Version published
- Created
Using APT to install the Tanzu CLI
APT uses Debian packages for installation. This document describes how to build such packages for the Tanzu CLI, how to push them to a public repository and how to install the CLI from that repository.
Building the Debian package
Executing the hack/apt/build_package.sh script will build the Debian packages under cli/core/hack/apt/_output.
The hack/apt/build_package.sh script is meant to be run on a Linux machine that has apt installed.
This can be done in docker. To facilitate this operation, the new apt-package Makefile target has been added
to cli/core/Makefile; this Makefile target will first start a docker container and then run the hack/apt/build_package.sh script.
cd tanzu-framework/cli/core
make apt-package
Note that two packages will be built, one for AMD64 and one for ARM64.
Also, a repository will be generated as a directory called _output/apt which will contain the two
built packages. Please see the section on publishing the repository for more details.
Testing the installation of the Tanzu CLI locally
We can install the Tanzu CLI using the newly built Debian repository locally on a Linux machine with apt installed
or using a docker container. For example:
$ cd tanzu-framework
$ docker run --rm -it -v $(pwd)/cli/core/hack/apt/_output/apt:/tmp/apt ubuntu
echo "deb file:///tmp/apt jessie main" | tee /etc/apt/sources.list.d/tanzu.list
apt-get update --allow-insecure-repositories
apt install -y tanzu-cli --allow-unauthenticated
tanzu
Note that the repository isn't signed at the moment, so you may see warnings during installation.
Publishing the package to GCloud
We have a GCloud bucket dedicated to hosting the Tanzu CLI OS packages. That bucket can be controlled from:
https://console.cloud.google.com/storage/browser/tanzu-cli-os-packages.
To publish the repository containing the new debian packages for the Tanzu CLI, we must upload the entire apt
directory to the root of the bucket. You can do this manually. Once uploaded, the Tanzu CLI can be installed
publicly as described in the next section.
Installing the Tanzu CLI
Currently, the repo is not signed but will be in the future; you may get warnings. To install from an insecure repo:
$ docker run --rm -it ubuntu
apt update
apt install -y ca-certificates
echo "deb https://storage.googleapis.com/tanzu-cli-os-packages/apt jessie main" | tee /etc/apt/sources.list.d/tanzu.list
apt update --allow-insecure-repositories
apt install -y tanzu-cli --allow-unauthenticated
FAQs
Unknown package
Package last updated on 02 May 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024