Clone or install script

geffers · June 11, 2018, 2:26pm

Folks,

Bought the explorer HAT recently plus accessory tin but haven’t actually done anything yet.

Now curious, from Pimoroni’s git hub page one can download or clone the files. There is also an installation script which I have viewed and appears quite long.

I haven’t coded for many years so am out of the loop a wee bit so question is, why would I clone and how does that differ to the installation script?

Geffers

alphanumeric · June 11, 2018, 9:37pm

I don’t know what the difference is? But JFYI all I ever do is run the one line installer
curl https://get.pimoroni.com/explorerhat | bash
for my Explorer pHat’s

gadgetoid · June 12, 2018, 9:11am

A vast majority of the installer scripts is boilerplate to handle various different routine tasks, but they all just:

Enable any required hardware interfaces (i2c, spi)
Update your Pi’s software indexes
Install any dependencies
Install the Python 2 and Python 3 libraries from apt or pip
Download the examples and documentation from GitHub into ~/Pimoroni/productname

If you clone from GitHub and install, you’ll have the library and examples but you may be missing some dependencies for examples, etc- you’ll find out soon enough though!

geffers · June 12, 2018, 1:29pm

Thanks for replies folks.

Whilst Pimoroni are no doubt fine I’ve always been reluctant to install direct from internet without viewing the script file first, just good security practice - not that I can understand too much of the script :-)

Appreciate too that security is not so much of an issue with Linux.

Geffers

gadgetoid · June 13, 2018, 11:42am

Oh a script run on the Pi could absolutely root your system and give an attacker unfettered access to your Pi and potentially a jumping off point to attack the rest of your network, so your caution is absolutely warranted if not outright encouraged. Not to mention, it’s always good practise to know what a script is doing to your system, since even if its intended to be benign it may have unintended consequences.

The security issue is why we have an SSL certificate for our get.pimoroni.com domain, so you can be reasonably assured that the script is not doing anything suspect- as long as you trust us that is (which given our piratical image you may not :D)

Unfortunately the scripts are so rammed with boilerplate code that it’s difficult to know what exactly they’re doing- usually you can check the very top and very bottom of our scripts for an idea of what boilerplate and custom actions are being performed.

From the top of Explorer HAT’s installer you can just about glean that - on top of installing the Python 2 and 3 libraries - it clones the “documentation” and “examples” folders from git, installs “cap1xxx” as a Python dependency, and optionally installs “pygame” for the examples.

geffers · June 18, 2018, 8:27pm

Piratical image - great adjective…

Geffers

Topic		Replies	Views
Explorer pHAT install script double failure Support	8	1146	November 16, 2016
Explorer HAT install instructions Support	19	7924	September 30, 2015
Curl -sS get.pimoroni.com/unicornhat non interactive Support	3	411	March 17, 2020
Get i2c script troubles Support	3	916	July 23, 2016
Skywriter installer fails on examples Support	1	833	March 1, 2015

Clone or install script

Related Topics