Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Proposal: elixir-lang.org/install.sh
215 views
Skip to first unread message
Wojtek Mach
Sep 13, 2024, 8:06:26 AM9/13/24
to elixir-lang-core
Hey everyone,
We already have multiple ways of installing Elixir (https://elixir-lang.org/install.html) but I believe we can still do better. Elixir is cross-platform but Erlang/OTP is not. We need to get OTP for **our OS/architecture**, ideally prebuilt or otherwise we need to compile it from source. I've listed some challenges with existing installation methods here: https://github.com/erlef/build-and-packaging-wg/issues/80.
Since a few releases ago, Elixir project maintains installer for Windows, e.g. <https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.exe>, but that still requires OTP. The installer tries to be helpful, finds whether OTP is already installed and the version matches and otherwise show a link to download it. This is a GUI installer that fortunately can be running headless, `.\elixir-otp-27.exe /S /D=C:\elixir`, but, again, we need to first install OTP.
I believe we can significantly improve Elixir getting started experience by having a "one click install" but for terminals, download a single script that installs Elixir and OTP for their system.
I've created a proof-of-concept called Elixir Install (https://elixir-install.org) and we can use it in bash for macOS/Ubuntu/Windows:
$ curl -fsS https://elixir-install.org/install.sh
$ sh install.sh eli...@1.17.2 o...@27.0.1
$ export PATH=$HOME/.elixir-install/installs/otp/27.0.1/bin:$PATH
$ export PATH=$HOME/.elixir-install/installs/elixir/1.17.2-otp-27/bin:$PATH
iex
and Powershell on Windows:
> curl.exe -fsS https://elixir-install.org/install.bat
> .\install.bat eli...@1.17.2 o...@27.0.1
> $env:PATH = "$env:USERPROFILE\.elixir-install\installs\otp\27.0.1\bin;$env:PATH"
> $env:PATH = "$env:USERPROFILE\.elixir-install\installs\elixir\1.17.2-otp-27\bin;$env:PATH"
> iex.bat
(The actual script is .bat because I noticed that even though Windows ships with Powershell, by default running external scripts is prohibited.)
The script can also be executed without arguments, it will install the latest Elixir & OTP (hardcoded inside the script)
$ curl -fsS https://elixir-install.org/install.sh | sh
downloading https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz
downloading https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.zip
(...)
The script is downloading OTP from these places:
* macOS: <https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz>, see https://github.com/erlef/build-and-packaging-wg/issues/80
* Ubuntu: <https://builds.hex.pm/builds/otp/arm64/ubuntu-22.04/OTP-27.0.1.tar.gz>, see <https://github.com/hexpm/bob?tab=readme-ov-file#erlang-builds>. In the future I'd like to move it to <github.com/erlef/otp_builds> too.
* Windows: <https://github.com/erlang/otp/releases/download/OTP-27.0.1/otp_win64_27.0.1.zip>
I'd like to propose making this official under elixir-lang.org, that is:
* https://elixir-lang.org/install.sh
* https://elixir-lang.org/install.bat
## Security
In my proof of concept there are no additional security considerations besides using https. If this is not good enough, I think we could use the same security model as `mix local.hex`, that is, we'd download the build, the builds.txt (with all builds and their checksums), and the builds.txt.signed, and verify the signature against the public key the install would ship with. See https://blog.voltone.net/post/25 for more information.
To have an idea, this would be along the lines of:
curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv
curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv.signed
# run `mix local.public_keys --detailed` and create public_key.pem
openssl dgst -sha256 -verify public_key.pem -signature <(openssl base64 -d -in hex-1.x.csv.signed) hex-1.x.csv
`openssl` is available on macOS, Windows, and Ubuntu Desktop.
## Non-Goals
* No version management along the lines of asdf/mise/etc, this is better solved by these tools anyway.
## Caveats
In my proof of concept, the script requires sh and unzip on UNIX. (On Windows it's using curl too, which is built-in, but can be easily rewritten to using Powershell `Invoke-WebRequest`.) One caveat with this is while this works out of the box on Ubuntu Desktop,
the official Ubuntu Docker images does not have these and so they need to be installed:
$ docker run --rm -it ubuntu bash
docker$ apt update && apt install -y curl unzip
docker$ curl -fsS https://elixir-install.org/install.sh | sh
This applies to `openssl` mentioned in the security section too. We could solve this by instead of a script have an executable (written in Go/Rust/Zig/etc) that would have everything it needs to download, unpack, and verify things. I think this would complicate things (executable would now or down the road have to be code signed, which fortunately we have some experience with already), users will be presented with a list to pick, and scripts would need a heuristic to figure out which installer to download.
## BEAMup
Tristan Sloughter is working on [BEAMup](https://erlangforums.com/t/beamup-a-new-way-to-install-erlang-gleam-and-more-to-come/3912), similar tool but way more ambitious and with bigger scope. I'd like to think much smaller scope of elixir-lang.org/install.sh would make it easier to maintain. The most complicated underlying piece, having prebuilt OTP, is shared between the tools anyway.
## Elixir.app
Brian Cardarella shared a proof-of-concept of a GUI installer for macOS: https://x.com/bcardarella/status/1831040691801088308. Again, this would have bigger scope and the underlying foundation in prebuilt OTP is shared anyway.
We already have multiple ways of installing Elixir (https://elixir-lang.org/install.html) but I believe we can still do better. Elixir is cross-platform but Erlang/OTP is not. We need to get OTP for **our OS/architecture**, ideally prebuilt or otherwise we need to compile it from source. I've listed some challenges with existing installation methods here: https://github.com/erlef/build-and-packaging-wg/issues/80.
Since a few releases ago, Elixir project maintains installer for Windows, e.g. <https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.exe>, but that still requires OTP. The installer tries to be helpful, finds whether OTP is already installed and the version matches and otherwise show a link to download it. This is a GUI installer that fortunately can be running headless, `.\elixir-otp-27.exe /S /D=C:\elixir`, but, again, we need to first install OTP.
I believe we can significantly improve Elixir getting started experience by having a "one click install" but for terminals, download a single script that installs Elixir and OTP for their system.
I've created a proof-of-concept called Elixir Install (https://elixir-install.org) and we can use it in bash for macOS/Ubuntu/Windows:
$ curl -fsS https://elixir-install.org/install.sh
$ sh install.sh eli...@1.17.2 o...@27.0.1
$ export PATH=$HOME/.elixir-install/installs/otp/27.0.1/bin:$PATH
$ export PATH=$HOME/.elixir-install/installs/elixir/1.17.2-otp-27/bin:$PATH
iex
and Powershell on Windows:
> curl.exe -fsS https://elixir-install.org/install.bat
> .\install.bat eli...@1.17.2 o...@27.0.1
> $env:PATH = "$env:USERPROFILE\.elixir-install\installs\otp\27.0.1\bin;$env:PATH"
> $env:PATH = "$env:USERPROFILE\.elixir-install\installs\elixir\1.17.2-otp-27\bin;$env:PATH"
> iex.bat
(The actual script is .bat because I noticed that even though Windows ships with Powershell, by default running external scripts is prohibited.)
The script can also be executed without arguments, it will install the latest Elixir & OTP (hardcoded inside the script)
$ curl -fsS https://elixir-install.org/install.sh | sh
downloading https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz
downloading https://github.com/elixir-lang/elixir/releases/download/v1.17.2/elixir-otp-27.zip
(...)
The script is downloading OTP from these places:
* macOS: <https://github.com/erlef/otp_builds/releases/download/OTP-27.0.1/OTP-27.0.1-macos-arm64.tar.gz>, see https://github.com/erlef/build-and-packaging-wg/issues/80
* Ubuntu: <https://builds.hex.pm/builds/otp/arm64/ubuntu-22.04/OTP-27.0.1.tar.gz>, see <https://github.com/hexpm/bob?tab=readme-ov-file#erlang-builds>. In the future I'd like to move it to <github.com/erlef/otp_builds> too.
* Windows: <https://github.com/erlang/otp/releases/download/OTP-27.0.1/otp_win64_27.0.1.zip>
I'd like to propose making this official under elixir-lang.org, that is:
* https://elixir-lang.org/install.sh
* https://elixir-lang.org/install.bat
## Security
In my proof of concept there are no additional security considerations besides using https. If this is not good enough, I think we could use the same security model as `mix local.hex`, that is, we'd download the build, the builds.txt (with all builds and their checksums), and the builds.txt.signed, and verify the signature against the public key the install would ship with. See https://blog.voltone.net/post/25 for more information.
To have an idea, this would be along the lines of:
curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv
curl -fsSO https://builds.hex.pm/installs/hex-1.x.csv.signed
# run `mix local.public_keys --detailed` and create public_key.pem
openssl dgst -sha256 -verify public_key.pem -signature <(openssl base64 -d -in hex-1.x.csv.signed) hex-1.x.csv
`openssl` is available on macOS, Windows, and Ubuntu Desktop.
## Non-Goals
* No version management along the lines of asdf/mise/etc, this is better solved by these tools anyway.
## Caveats
In my proof of concept, the script requires sh and unzip on UNIX. (On Windows it's using curl too, which is built-in, but can be easily rewritten to using Powershell `Invoke-WebRequest`.) One caveat with this is while this works out of the box on Ubuntu Desktop,
the official Ubuntu Docker images does not have these and so they need to be installed:
$ docker run --rm -it ubuntu bash
docker$ apt update && apt install -y curl unzip
docker$ curl -fsS https://elixir-install.org/install.sh | sh
This applies to `openssl` mentioned in the security section too. We could solve this by instead of a script have an executable (written in Go/Rust/Zig/etc) that would have everything it needs to download, unpack, and verify things. I think this would complicate things (executable would now or down the road have to be code signed, which fortunately we have some experience with already), users will be presented with a list to pick, and scripts would need a heuristic to figure out which installer to download.
## BEAMup
Tristan Sloughter is working on [BEAMup](https://erlangforums.com/t/beamup-a-new-way-to-install-erlang-gleam-and-more-to-come/3912), similar tool but way more ambitious and with bigger scope. I'd like to think much smaller scope of elixir-lang.org/install.sh would make it easier to maintain. The most complicated underlying piece, having prebuilt OTP, is shared between the tools anyway.
## Elixir.app
Brian Cardarella shared a proof-of-concept of a GUI installer for macOS: https://x.com/bcardarella/status/1831040691801088308. Again, this would have bigger scope and the underlying foundation in prebuilt OTP is shared anyway.
Simon McConnell
Sep 15, 2024, 6:58:16 PM9/15/24
to elixir-lang-core
For Windows, it might be easier to use `winget`. Erlang and Gleam are already there.
Jim Freeze
Sep 17, 2024, 6:45:41 AM9/17/24
to elixir-l...@googlegroups.com
What do we need to do to support FreeBSD?
--
You received this message because you are subscribed to the Google Groups "elixir-lang-core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elixir-lang-co...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/6bbf2aa9-7d1b-42fe-a61e-abf72729519an%40googlegroups.com.
José Valim
Sep 17, 2024, 6:47:03 AM9/17/24
to elixir-l...@googlegroups.com
For other environments, using "asdf/kerl" is still the best route. Elixir install mostly relies on prebuilt binaries, which currently are available for Windows (via Erlang) and Ubuntu (via Hex).
To view this discussion on the web visit https://groups.google.com/d/msgid/elixir-lang-core/CAP1mN_ymsbyx-wEN-hKNJGuLTAsS80gTLL7RpVtum90gYaVg%2Bw%40mail.gmail.com.
Wojtek Mach
Oct 31, 2024, 5:34:11 AM10/31/24
to elixir-lang-core
I just submitted the PR: https://github.com/elixir-lang/elixir-lang.github.com/pull/1778
Benjamin Philip
Oct 31, 2024, 8:15:03 AM10/31/24
to elixir-lang-core
I'm really sorry about bringing this up a month after your original email, but I don't quite see where I would use such a script.
Your non-goal of no version management makes the script unsuitable for development, since a developer wouldn't be able to upgrade to newer elixir versions seamlessly. Additionally a user wouldn't be able to switch between projects with different elixir/otp versions. Indeed this problem is solved better with tools like asdf, kerl or nix. Other language stacks have introduced their own version managers for this like rustup, GHCup, (which manages cabal, stack and HLS in addition to the GHC), opam (which handles the entire OCaml development environment including libraries), and coursier. This is effectively what BEAMup is aiming to be. For those who do not want to install an additional package manager, development could be done on top of a docker container, or with the linux distro's elixir binary.
From a deployment perspective, I feel the elixir docker image has solved the problem, since today the vast majority deploy at the container/kubernetes level. This leads me to believe that the only place such a script would be used is in deploying to a regular VM or even bare-metal. Though I'm not too knowledgeable on what the current trends are, I suspect that today this may be too niche a use case for the effort of maintaining and testing such a script to be worth, especially one that is Windows compliant.
Is this the scenario you have in mind, or is it something else?
-- bp
José Valim
Oct 31, 2024, 8:48:25 AM10/31/24
to elixir-l...@googlegroups.com
Two notes:
1. If someone wants to install Elixir to give it a try, we should not ask them to install asdf or something else first. You can find many places in both ElixirForum and Reddit where asdf is recommended *first*. If they are already using asdf or they need version management, then certainly go for it, but it should not be a requirement.
2. Either the install scripts themselves or their infrastructure (i.e. the precompiled artifacts) can be used by higher level tools, such as beamup. The fact they don't offer version management doesn't mean others cannot offer it on top :)
Perhaps one feature we could add is the ability of simply installing Elixir (skipping Erlang), which would probably be useful for such tools too.
> with the linux distro's elixir binary.
Unfortunately this is not an actual option. Those are always outdated by the distro's own design, be it Elixir, be it Python. The distro distribution is really not meant to be used for actual development but rather as a dependency of other tools shipped with the distro.
José Valim
To view this discussion visit https://groups.google.com/d/msgid/elixir-lang-core/e14e2571-0f1f-417d-9fbd-112315aec1f1n%40googlegroups.com.
Benjamin Philip
Oct 31, 2024, 10:04:35 AM10/31/24
to elixir-l...@googlegroups.com
1. If someone wants to install Elixir to give it a try, we should not ask them to install asdf or something else first. You can find many places in both ElixirForum and Reddit where asdf is recommended *first*. If they are already using asdf or they need version management, then certainly go for it, but it should not be a requirement.
I see that is useful in this context, though I wouldn't encourage using it except for quick and dirty installs. Maybe it should also be accompanied by an uninstall script?
2. Either the install scripts themselves or their infrastructure (i.e. the precompiled artifacts) can be used by higher level tools, such as beamup. The fact they don't offer version management doesn't mean others cannot offer it on top :)Perhaps one feature we could add is the ability of simply installing Elixir (skipping Erlang), which would probably be useful for such tools too.
I definitely see the value of precompiled artifacts. I'm not familiar with the elixir installation process, and if it's just the matter of adding elixir to PATH, I suspect most tools would opt to implement the install themselves as they would want granular control as to where and how (think asdf which doesn't use PATH) elixir is installed.
Installing only elixir sounds trivial since it's cross platform. Installing OTP on the other hand seems very tricky. For instance, how do you install runtime dependencies (eg: wxWidgets, odbc), even if you eliminate compile time deps with precompilation?
-- bp
To view this discussion visit https://groups.google.com/d/msgid/elixir-lang-core/CAGnRm4JkgWzPUnG0%3D4Xp5O_SfrZCh0GdkYrCsnaUA39ZN324XQ%40mail.gmail.com.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages