Package Details: ngrok 3.19.0-1

Git Clone URL: https://aur.archlinux.org/ngrok.git (read-only, click to copy)
Package Base: ngrok
Description: A tunneling, reverse proxy for developing and understanding networked, HTTP services
Upstream URL: https://ngrok.com
Licenses: LicenseRef-custom
Submitter: neersighted
Maintainer: brenekh
Last Packager: brenekh
Votes: 118
Popularity: 0.23
First Submitted: 2013-09-08 17:10 (UTC)
Last Updated: 2024-12-20 01:07 (UTC)

Pinned Comments

brenekh commented on 2022-04-20 17:11 (UTC)

ngrok v3 introduces breaking changes.

Check https://ngrok.com/docs/guides/upgrade-v2-v3 for the upgrade instructions.

daurnimator commented on 2019-03-06 21:05 (UTC)

Note to self/future maintainers, this software only provides official downloads for an old release. The package itself then tries to update itself using 'equinox'. To find out the real download url, I use this script get_download_info:

#!/bin/bash

exec http -b https://update.equinox.io/check \
    'Accept:application/json; q=1; version=1; charset=utf-8' \
    'Content-Type:application/json; charset=utf-8' \
    app_id=app_goVRodbMVm \
    arch=amd64 \
    channel=stable \
    current_sha256=1aaccea9c0668d97f19095636b2f4fca033fb8d9f7fc37241a013f4f1fa48bb3 \
    current_version=2.2.8 \
    goarm= \
    os=linux \
    target_version= \
    "$@"

You need to call it with the different architectures: 

get_download_info arch=386
get_download_info arch=amd64
get_download_info arch=arm
get_download_info arch=arm64

Latest Comments

1 2 3 4 5 Next › Last »

eternalfloof commented on 2024-06-13 02:25 (UTC) (edited on 2024-06-13 02:29 (UTC) by eternalfloof)

Since equinox hosts any package, it's actually very difficult to check the PKGBUILD to ensure you're installing legit software, and not any random exe.

I would always cross-check the binary against https://dl.equinox.io/ngrok/ngrok-v3/stable/archive

(for me the easiest is just to open the developer tools for the website and ctrl-f find the identifier).

For example, the current PKGBUILD (as of 3.10.1) contains this line: source_x86_64=("https://bin.equinox.io/a/81d5kzodW8G/ngrok-v3-3.10.1-linux-amd64")

but I cannot find 81d5kzodW8G in the ngrok-v3 website link. Therefore, I have locally patched it by running these steps:

Edit the PKGBUILD (I removed all the other flavors besides x86_64 to make my life easier. Replace the source with source_x86_64=("https://bin.equinox.io/a/gzCri6c7dA3/ngrok-v3-3.10.1-linux-amd64.tar.gz")

Run makepkg -g to generate the sha256 sums and replace those in the PKGBUILD as well. Finally, fix the .SRCINFO with makepkg --printsrcinfo > .SRCINFO

@brenekh it would be really appreciated if you could convert your process to use the download files that are on this page: https://dl.equinox.io/ngrok/ngrok-v3/stable/archive so we could easily audit them. Thank you!

Just to add: I'm not accusing anyone of maliciousness here, just an abundance of caution.

Diffing the file in PKGBUILD (https://bin.equinox.io/a/81d5kzodW8G/ngrok-v3-3.10.1-linux-amd64) versus the one inside https://bin.equinox.io/a/gzCri6c7dA3/ngrok-v3-3.10.1-linux-amd64.tar.gz and they are the exact same.

richard-muvirimi commented on 2023-05-15 09:26 (UTC)

Since the server where the package is downloaded does not support resuming it would be best to first clear the partially downloaded files. (using yay)

brenekh commented on 2022-04-20 17:11 (UTC)

ngrok v3 introduces breaking changes.

Check https://ngrok.com/docs/guides/upgrade-v2-v3 for the upgrade instructions.

Ranguna commented on 2021-08-01 11:35 (UTC)

I see that pkgbuild contains the following sha for amd64: 218d267cd1195334718bafac14bfdf1c19dc95dcf8a24aaa6a1383c21dc86e76

Searching for this in https://dl.equinox.io/ngrok/ngrok/stable/archive, gives me no results. Any reason for that ?

M.Srikanth commented on 2021-04-05 13:59 (UTC)

As per https://dl.equinox.io/ngrok/ngrok/stable/archive, the newest version is 2.3.38. (Even the script in your pinned comment gives the same thing.)

slabz commented on 2021-03-10 19:31 (UTC)

I just scanned the 64bit binary that this package installed and VirusTotal comes back clean: https://www.virustotal.com/gui/file/c930d52595169da874d201914b09b4cc779f536d7887eed90196aa3b40b4eafb/detection

trevordf commented on 2020-10-15 15:09 (UTC)

Might be nothing, but virustotal reported one detection on v2.3.35: https://www.virustotal.com/gui/file/1fdd1c057c3c31044400ef6ade20ad3f10bce415ad33ccfb4bc2fd83bb36f62f/detection.

If I download the official zip from https://dashboard.ngrok.com/get-started/setup I don't see the same thing: https://www.virustotal.com/gui/file/1761f150c5e1d210e8148a863441af4bf0f0ae413d205fdb3ce9db4a3454d504/detection

daurnimator commented on 2020-09-29 03:03 (UTC)

Despite the app claiming an update is available, there is no new version available on the download page; or via the update script I jury rigged up.

imlonghao commented on 2020-02-10 04:30 (UTC)

The download url can be found at https://dl.equinox.io/ngrok/ngrok/stable/archive

daurnimator commented on 2019-03-15 00:17 (UTC)

@kodopp that appears to be correct. (I only just took over this package to bump to a new release). However, I'm having trouble finding a license: I looked on the ngrok, in the upstream proper releases, and searched around elsewhere. Do you have any idea what license it is under?

1 2 3 4 5 Next › Last »