Plugin Downloads Server Uptime
This is a public repository for community created CF CLI plugins. To submit your plugin approval, please submit a pull request according to the guidelines below.
- You need to have git installed
- Clone this repo
git clone https://github.com/cloudfoundry/cli-plugin-repo
- Include your plugin information in
repo-index.yml
, here is an example of a new plugin entry
- authors:
- contact: contact@sample-author.io
homepage: https://github.com/sample-author
name: Sample-Author
binaries:
- checksum: 2a087d5cddcfb057fbda91e611c33f46
platform: osx
url: https://github.com/sample-author/new_plugin/releases/download/v1.0.0/echo_darwin
- checksum: b4550d6594a3358563b9dcb81e40fd66
platform: win64
url: https://github.com/sample-author/new_plugin/releases/download/v1.0.0/echo_win64.exe
- checksum: f6540d6594a9684563b9lfa81e23id93
platform: linux32
url: https://github.com/sample-author/new_plugin/releases/download/v1.0.0/echo_linux32
company:
created: 2015-01-31T00:00:00Z
description: new_plugin to be made available for the CF community
homepage: https://github.com/sample-author/new_plugin
name: new_plugin
updated: 2015-01-31T00:00:00Z
version: 1.0.0
Please make sure the spacing and colons are correct and that the fields are alphabetized in the entry. The following describes each field's usage.
Field | Description |
---|---|
authors |
Fields to detail the authors of the pluginname : name of authorhomepage : Optional link to the homepage of the authorcontact : Optional ways to contact author, email, twitter, phone etc ... |
binaries |
This section has fields detailing the various binary versions of your plugin. To reach as large an audience as possible, we encourage contributors to cross-compile their plugins on as many platforms as possible. Go provides everything you need to cross-compile for different platformsplatform : The os for this binary. Supports osx , linux32 , linux64 , win32 , win64 url : A versioned HTTPS link to the binary file itselfchecksum : SHA-1 of the binary file for verificationUse a unique URL that includes the release version for each release of your plugin, as each binary will have a unique checksum. |
company |
Optional field detailing company or organization that created the plugin |
created |
date of first submission of the plugin, in iso 8601 combined date and time with timezone format |
description |
describe your plugin in a line or two. this description will show up when your plugin is listed on the command line |
homepage |
Link to the homepage where the source code is hosted. Currently we only support open source plugins |
name |
name of your plugin, must not conflict with other existing plugins in the repo. It must also match the name your plugin returns. |
updated |
Date of last update of the plugin, in ISO 8601 Combined Date and Time with Timezone Format |
version |
version number of your plugin, in [major].[minor].[build] form |
-
run
go run sort/main.go repo-index.yml
. This will sort your additions to the file. -
After making the changes, fork the repository
-
Add your fork as a remote
cd $GOPATH/src/github.com/cloudfoundry/cli-plugin-repo git remote add your_name https://github.com/your_name/cli-plugin-repo
-
Push the changes to your fork and submit a Pull Request
Golang supports cross compilation to several systems and architectures. Theres an in-depth article by Dave Cheney here explaining how to do it and how it works. You can also find a list of supported systems and architectures here under the $GOOS and $GOARCH
section.
The CF cli supports 5 combinations:
linux
/386
(known aslinux32
)linux
/amd64
(known aslinux64
)windows
/386
(known aswin32
)windows
/amd64
(known aswin64
)darwin
/amd64
(known asosx
)
And at a minimum we want plugins to support linux64
, win64
and osx
.
So, with all that, you can generate those binaries for your plugin with the following snippet:
PLUGIN_PATH=$GOPATH/src/my-plugin
PLUGIN_NAME=$(basename $PLUGIN_PATH)
cd $PLUGIN_PATH
GOOS=linux GOARCH=amd64 go build -o ${PLUGIN_NAME}.linux64
GOOS=linux GOARCH=386 go build -o ${PLUGIN_NAME}.linux32
GOOS=windows GOARCH=amd64 go build -o ${PLUGIN_NAME}.win64
GOOS=windows GOARCH=386 go build -o ${PLUGIN_NAME}.win32
GOOS=darwin GOARCH=amd64 go build -o ${PLUGIN_NAME}.osx
By signing the plugin binary, you can assure recipients that it did indeed come from you.
Although an optional step, unsigned binaries often cannot be used in locked-down machines common in organizations with stricter security policies. Signing the binary allows system admins to whitelist the plugin by signature or publisher.
The cf CLI binary is signed using a Cloud Foundry Foundation certificate. This certificate cannot be used to sign third-party plugins; plugin authors need to procure their own code-signing certificate.
You’ll need a code-signing certificate compatible with Microsoft Authenticode issued by a Microsoft-authorized certificate authority such as Thawte, Comodo, Symantec, or Digicert. A standard code signing certificate is sufficient - extended validation (EV) is not required. Buying direct from these CAs can be expensive. There are many resellers of certificates that pass on savings they get from volume discounts; you can shop around for a good price or support but fundamentally they’re all selling the same thing. You should expect an average price of between USD 80 and USD 150 for a one-year cert.
Once the certificate is obtained, refer to the following steps to sign your plugin binary.
CERT_LOCATION=my-cert-location
CERT_PASSWORD=my-cert-password
PLUGIN_BINARY_NAME=my-plugin.win32
mkdir signed-binaries
osslsigncode sign \
-pkcs12 $CERT_LOCATION \
-pass $CERT_PASSWORD \
-t http://timestamp.comodoca.com/authenticode \
-h sha256 \
-in ${PLUGIN_BINARY_NAME} \
-out signed-binaries/${PLUGIN_BINARY_NAME}
rm -f ${PLUGIN_BINARY_NAME}
Checksums in the repo-index.yml
file are used to verify the integrity of the binaries, to prevent corrupted downloads from being installed. We use the sha-1
checksum algorithm, you can compute it with: shasum -a 1 <myfile>
So continuing the above snipped you'd do:
shasum -a 1 ${PLUGIN_NAME}.linux64
shasum -a 1 ${PLUGIN_NAME}.linux32
shasum -a 1 ${PLUGIN_NAME}.win64
shasum -a 1 ${PLUGIN_NAME}.win32
shasum -a 1 ${PLUGIN_NAME}.osx
Take note of those so that you can put them on repo-index.yml
later when you have uploaded the binaries.
You could use whatever file hosting you like here, the easiest and recommended one is GitHub releases, given that your plugin's code is already hosted on GitHub it might be the easiest solution too.
You can read more about GitHub Releases here but for the purposes of releasing your plugin you should upload those five binaries generated above on the same release.
You should then copy the resulting links for the uploaded binaries from the release page and put them on the repo-index.yml
file.
This process can get a little tedious if you do it manually every time, that's why some plugin developers have automated it. You can probably put together scripts based on the snippets above to automate compiling, generating checksums and uploading the release to GitHub. There are tools available to manage GitHub releases such as this one.
Included as part of this repository is the CLI Plugin Repo (CLIPR), a reference implementation of a repo server. For information on how to run CLIPR or how to write your own, please see the CLIPR documentation here.