This thread is in response to this Twitter conversation.
It has been admitted for some time that providing a
curl | sh installation solution leaves a lot to be desired as a way of installing rustc, cargo, and rustup.
While I’d ultimately like to see a Debian repository, an Ubuntu PPA, and a Copr for Fedora/RHEL for rustc and cargo, what I’m proposing is repositories along this line simply for
cargo is a bit more involved that packaging
rustup, so I believe that
rustup would be a good start.
Since having the latest stable
rustup is something desirable by everyone, the Rust community should officially provide repositories for it, and I am happy to contribute in this regard. Introducing a signed source-RPM build for Copr which would create packages for rustup for Fedora, RHEL 6/7 would not take a lot of time and should be fairly easy to integrate into the current Rust build workflow. The same goes for Debian and Ubuntu packages. Since I do believe that Rust is signing releases using PGP, it should be trivial to extend this model to then produce packages for these most popular distributions.
A little is also good in this regard, so even building packages with
fpm would be a large improvement over
curl | sh for security purposes.
I am happy to help in this endeavor, and like I have said, I don’t think we need to get it perfect the first time, the rule should be that adding the repository and installing the package should lead to a working
rustup which can be further used to install a version of Rust, etc.