Clone or install script


#1

Folks,

Bought the explorer HAT recently plus accessory tin but haven’t actually done anything yet.

Now curious, from Pimoroni’s git hub page one can download or clone the files. There is also an installation script which I have viewed and appears quite long.

I haven’t coded for many years so am out of the loop a wee bit so question is, why would I clone and how does that differ to the installation script?

Geffers


#2

I don’t know what the difference is? But JFYI all I ever do is run the one line installer
curl https://get.pimoroni.com/explorerhat | bash
for my Explorer pHat’s


#3

A vast majority of the installer scripts is boilerplate to handle various different routine tasks, but they all just:

  • Enable any required hardware interfaces (i2c, spi)
  • Update your Pi’s software indexes
  • Install any dependencies
  • Install the Python 2 and Python 3 libraries from apt or pip
  • Download the examples and documentation from GitHub into ~/Pimoroni/productname

If you clone from GitHub and install, you’ll have the library and examples but you may be missing some dependencies for examples, etc- you’ll find out soon enough though!


#4

Thanks for replies folks.

Whilst Pimoroni are no doubt fine I’ve always been reluctant to install direct from internet without viewing the script file first, just good security practice - not that I can understand too much of the script :-)

Appreciate too that security is not so much of an issue with Linux.

Geffers


#5

Oh a script run on the Pi could absolutely root your system and give an attacker unfettered access to your Pi and potentially a jumping off point to attack the rest of your network, so your caution is absolutely warranted if not outright encouraged. Not to mention, it’s always good practise to know what a script is doing to your system, since even if its intended to be benign it may have unintended consequences.

The security issue is why we have an SSL certificate for our get.pimoroni.com domain, so you can be reasonably assured that the script is not doing anything suspect- as long as you trust us that is (which given our piratical image you may not :D)

Unfortunately the scripts are so rammed with boilerplate code that it’s difficult to know what exactly they’re doing- usually you can check the very top and very bottom of our scripts for an idea of what boilerplate and custom actions are being performed.

From the top of Explorer HAT’s installer you can just about glean that - on top of installing the Python 2 and 3 libraries - it clones the “documentation” and “examples” folders from git, installs “cap1xxx” as a Python dependency, and optionally installs “pygame” for the examples.


#6

Piratical image - great adjective…

Geffers