From 37627136bdffaba5173f8f1913a6e1107d60b7df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Apeland?= Date: Fri, 27 Jul 2018 08:41:04 +0200 Subject: [PATCH] Change Linux install method Previously, files installed to /usr/local/bin/ would be owned by the user executing the command, not root. This change makes these installed files owned by root instead. Improving security is the goal. --- README.md | 6 +++--- cmd/util/util.go | 2 +- docs/drivers.md | 10 +++++++--- hack/jenkins/release_github_page.sh | 8 ++++---- 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 2a3e4d9e0290..3ae54ed4a3fc 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ brew cask install minikube ### Linux ```shell -curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ +curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube ``` ### Windows @@ -42,8 +42,8 @@ Install manually: Download the [minikube-windows-amd64.exe](https://storage.goog ### Linux Continuous Integration without VM Support Example with kubectl installation: ```shell -curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube -curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl +curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube +curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && sudo cp minikube /usr/local/bin/ && rm minikube export MINIKUBE_WANTUPDATENOTIFICATION=false export MINIKUBE_WANTREPORTERRORPROMPT=false diff --git a/cmd/util/util.go b/cmd/util/util.go index b526709c9ec2..405d43ff57af 100644 --- a/cmd/util/util.go +++ b/cmd/util/util.go @@ -191,7 +191,7 @@ func MaybePrintKubectlDownloadMsg(goos string, out io.Writer) { } verb := "run" - installInstructions := "curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/%s/bin/%s/%s/kubectl && chmod +x kubectl && sudo mv kubectl /usr/local/bin/" + installInstructions := "curl -Lo kubectl https://storage.googleapis.com/kubernetes-release/release/%s/bin/%s/%s/kubectl && chmod +x kubectl && sudo cp kubectl /usr/local/bin/ && rm kubectl" if goos == "windows" { verb = "do" installInstructions = `download kubectl from: diff --git a/docs/drivers.md b/docs/drivers.md index affc768c9a75..5f1cc2245b18 100644 --- a/docs/drivers.md +++ b/docs/drivers.md @@ -41,7 +41,10 @@ $ newgrp libvirt Then install the driver itself: ```shell -curl -LO https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-kvm2 && chmod +x docker-machine-driver-kvm2 && sudo mv docker-machine-driver-kvm2 /usr/local/bin/ +curl -Lo docker-machine-driver-kvm2 https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-kvm2 \ +&& chmod +x docker-machine-driver-kvm2 \ +&& sudo cp docker-machine-driver-kvm2 /usr/local/bin/ \ +&& rm docker-machine-driver-kvm2 ``` To use the driver you would do: @@ -85,9 +88,10 @@ It is built from the minikube source tree, and uses [moby/hyperkit](http://githu To install the hyperkit driver: ```shell -curl -LO https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-hyperkit \ +curl -Lo docker-machine-driver-hyperkit https://storage.googleapis.com/minikube/releases/latest/docker-machine-driver-hyperkit \ && chmod +x docker-machine-driver-hyperkit \ -&& sudo mv docker-machine-driver-hyperkit /usr/local/bin/ \ +&& sudo cp docker-machine-driver-hyperkit /usr/local/bin/ \ +&& rm docker-machine-driver-hyperkit \ && sudo chown root:wheel /usr/local/bin/docker-machine-driver-hyperkit \ && sudo chmod u+s /usr/local/bin/docker-machine-driver-hyperkit ``` diff --git a/hack/jenkins/release_github_page.sh b/hack/jenkins/release_github_page.sh index 03856145215d..282eee88ab86 100755 --- a/hack/jenkins/release_github_page.sh +++ b/hack/jenkins/release_github_page.sh @@ -49,17 +49,17 @@ Minikube is distributed in binary form for Linux, OSX, and Windows systems for t ## Installation ### OSX \`\`\`shell -curl -Lo minikube https://storage.googleapis.com/minikube/releases/${TAGNAME}/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ +curl -Lo minikube https://storage.googleapis.com/minikube/releases/${TAGNAME}/minikube-darwin-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube \`\`\` -Feel free to leave off the \`\`\`sudo mv minikube /usr/local/bin\`\`\` if you would like to add minikube to your path manually. +Feel free to leave off \`\`\`sudo cp minikube /usr/local/bin/ && rm minikube\`\`\` if you would like to add minikube to your path manually. Or you can install via homebrew with \`brew cask install minikube\`. ### Linux \`\`\`shell -curl -Lo minikube https://storage.googleapis.com/minikube/releases/${TAGNAME}/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ +curl -Lo minikube https://storage.googleapis.com/minikube/releases/${TAGNAME}/minikube-linux-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube \`\`\` -Feel free to leave off the \`\`\`sudo mv minikube /usr/local/bin\`\`\` if you would like to add minikube to your path manually. +Feel free to leave off \`\`\`sudo cp minikube /usr/local/bin/ && rm minikube\`\`\` if you would like to add minikube to your path manually. ### Debian Package (.deb) [Experimental] Download the \`minikube_${DEB_VERSION}.deb\` file, and install it using \`sudo dpkg -i minikube_$(DEB_VERSION).deb\`