Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Support asdf .plugin-versions #1577

Closed
aabouzaid opened this issue Jun 12, 2023 · 4 comments
Closed

Feature: Support asdf .plugin-versions #1577

aabouzaid opened this issue Jun 12, 2023 · 4 comments
Labels
enhancement

Comments

@aabouzaid
Copy link

Is your feature request related to a problem? Please describe

Currently, asdf doesn't provide a method to pin its plugin's URL and version. This creates 2 main issues:

  1. Security-wise, the plugins are not secure unless manually added in 2 steps, first asdf plugin add <name> [<git-url>], and second asdf plugin update <name> [<git-ref>].
  2. Operational-wise, unlike .tool-versions, it's not possible to set up asdf plugins declaratively, and it's hard to use it as part of Git/GitOps.

The .plugin-versions will be more or less the same format as .tool-versions, where the name, version/hash/tag, and URL will be set.

Describe the proposed solution

There are many issues here in this repo as well as asdf-plugins about the first point (security) (starting from #166 and ending with #1564, )

I believe introducing a new file called .plugin-versions should be the best solution for that without touching .tool-versions. That will reduce the complexity of the feature and avoid breaking changes in .tool-versions.

It can use what's in PR no. #1204 and build on top of it.

Describe similar asdf features and why they are not sufficient

asdf doesn't support the suggested feature.

Describe other workarounds you've considered

The current workaround is each user will create a make or bash script to manage asdf plugins in a secure way.
@aabouzaid aabouzaid mentioned this issue Jun 12, 2023
Closed
@hyperupcall
Copy link
Contributor

hyperupcall commented Jun 15, 2023
edited
Loading

This would depend on #166

Edit: Didn't see this was already mentioned

@hyperupcall
Copy link
Contributor

Looks related to #240 and #829

@aabouzaid
Copy link
Author

@hyperupcall Well, it looks like a popular request 😀

Thanks for mentioning those issues 🙇
I will read those issues and probably will close this one since it looks duplicated.

@jthegedus
Copy link
Contributor

Closing as this is a duplicate of the aforementioned tickets.

@aabouzaid aabouzaid mentioned this issue Aug 7, 2023
Merged
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
deb98d8 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
103fae8 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
c28cc38 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
3f8a059 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
e9d6a5a 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
aabouzaid added a commit to asdf-community/asdf-plugin-manager that referenced this issue Aug 7, 2023
@aabouzaid
feat: asdf-plugin-manager first version (#1)
a68f1d7 
Manage asdf plugins securely and declaratively.

Fixes:
- asdf-vm/asdf#166
- asdf-vm/asdf#240
- asdf-vm/asdf#829
- asdf-vm/asdf#1577
@hyperupcall hyperupcall mentioned this issue Jan 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aabouzaid @jthegedus @hyperupcall