syft: README instructions don't work verbatim
From the README:
$ curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
Expected Installs.
Actual Doesn’t install.
[info] fetching release script for tag='v0.55.0'
[info] using release tag='v0.55.0' version='0.55.0' os='linux' arch='amd64'
install: cannot create regular file '/usr/local/bin/syft': Permission denied
[error] failed to install syft
System:
$ uname -a
Linux hostname 4.19.0-21-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64 GNU/Linux
Work around
$ curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin
[info] fetching release script for tag='v0.55.0'
[info] using release tag='v0.55.0' version='0.55.0' os='linux' arch='amd64'
[info] installed /usr/local/bin/syft
Additional details Consider updating the README instructions.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 19 (10 by maintainers)
Won’t users almost always encounter the permission denied issue if they run the listed instructions verbatim? Why document a command that doesn’t work?
We have a few suggestions here, and I think we would want to keep the download as a single line command. This is done easily as @spiffcs mentioned with:
The caveat is you would have to run
./syft, which seems like it would be a simple thing to document. We then add the second variant with some text like: “If you would like to install in your system bin directory, run this as root:”That should avoid any confusion for users who do not have root access and that the
/usr/local/binprobably needs root access to write to it. Hopefully a user could figure this out from there.What do you all think?
@spiffcs if there’s only a single binary, that’d be fine, although technically since
.isn’t typically in the path, you’d have to use./syftinstead ofsyft. Truly, you are probably better off with:Users who know whether the first two steps are optional will skip them anyway.