This thread is in response to this Twitter conversation.
It has been admitted for some time that providing a curl | sh
installation solution leaves a lot to be desired as a way of installing rustc, cargo, and rustup.
While I’d ultimately like to see a Debian repository, an Ubuntu PPA, and a Copr for Fedora/RHEL for rustc and cargo, what I’m proposing is repositories along this line simply for rustup
. Packaging rustc
and cargo
is a bit more involved that packaging rustup
, so I believe that rustup
would be a good start.
Since having the latest stable rustup
is something desirable by everyone, the Rust community should officially provide repositories for it, and I am happy to contribute in this regard. Introducing a signed source-RPM build for Copr which would create packages for rustup for Fedora, RHEL 6/7 would not take a lot of time and should be fairly easy to integrate into the current Rust build workflow. The same goes for Debian and Ubuntu packages. Since I do believe that Rust is signing releases using PGP, it should be trivial to extend this model to then produce packages for these most popular distributions.
A little is also good in this regard, so even building packages with fpm
would be a large improvement over curl | sh
for security purposes.
I am happy to help in this endeavor, and like I have said, I don’t think we need to get it perfect the first time, the rule should be that adding the repository and installing the package should lead to a working rustup
which can be further used to install a version of Rust, etc.