keybase
CLI only installation on OS X?
I only use keybase.io to download people's OpenPGP keys. I am not interested in
- An icon I will ever click at the top of my screen
- A graphical application
- A kernel module (!)
- A "service" that runs with elevated privileges at boot time
- An "updater" that phones home in the background
- ...
It used to be possible to install just the CLI using Homebrew. Apparently, that now has become a wrapper for the whole "user friendly" installation though.
Is there a way -- short of installing a Go toolchain and building from source -- to get only the CLI on a Mac? And get it into my $PATH without having to /Applications/foo/bar/mumble/something/keybase install -c cli. Could this way please be documented somewhere on keybase.io?
Thanks.
We haven't spent time officially supporting this, but go get github.com/keybase/client/go/keybase will get you 90% of the way there if you have go installed, and you don't mind trusting github.
I'd prefer not to install a Go toolchain. But I've managed to get a more reasonable installation like this. Perhaps this will be useful for others.
# Link the CLI to /usr/local/bin/keybase
% /Applications/Keybase.app/Contents/SharedSupport/bin/keybase install -c cli
# Terminate the GUI bits
# Note this does **not** kill the privileged helper process!
% keybase ctl stop
# Uninstall everything except for the CLI
# Note this does **not** remove the privileged helper binary
% keybase uninstall -c fuse helper kbfs service updater
% sudo pkill -TERM keybase.Helper
% sudo rm -f /Library/LaunchDaemons/keybase.Helper.plist \
/Library/PrivilegedHelperTools/keybase.Helper
I've aliased keybase to keybase --standalone too.
So far, this seems to be working.
Thanks for posting that! It should also be compatible with whatever pinentry program you have installed.
It should also be compatible with whatever pinentry program you have installed.
Oh! Is there any way to tell it which one to use? It seems to default to pinentry-curses, while I have pinentry-mac in my $PATH.
Thanks.
👍 to a CLI only installation option. After my keybase CLI client got “upgraded” to the new GUI/FUSE/FS/kernel extension thing my first action was to remove Keybase entirely from my computer.
I use Keybase extremely rarely and definitely don't want to have some random kernel extension installed for that…
Totally agree with this: I uninstalled the new Keybase immediately after seeing how invasive it is.
If someone creates a CLI-only Keybase, can we get a Homebrew formula for it (keybase-cli)?
I'm interested in a CLI-only Keybase too. I mainly used the Keybase tool for commandline track operations, and otherwise mostly used the web interface to verify peoples' identities.
keybase track seems to be a command that doesn't support --standalone, so I've just stopped using Keybase altogether. The GUI app is too big and the services are completely unnecessary for anything I do with it.
We've been fixing some standalone bugs recently. @zapu have you see that one?
Pretty sure it's caused by the argument parsing here: https://github.com/keybase/client/blob/42ce51214415a68e1348ece2565e28ca21c615be/go/client/cmd_follow.go#L64-L66
It looks like it's doing its own independent argument parsing, and the --standalone isn't consumed and removed from the args by whatever launches track, so it sees it as an extraneous argument and immediately quits with "Error parsing command line arguments: Follow only takes one argument, the user to follow." There's an identical bug in several other commands too.
That argument is stripped off and handled before control gets here. I think I know why. Try this, I bet it will work:
keybase --standalone track max
(And BTW, we renamed the command to follow):
keybase --standalone follow max
(I just tried it and it worked)
Can't figure out what I did that caused it not to work before! Working for me now, thanks.
Server security can be especially important and challenging. The listed solutions don't provide an install that gets regular security upgrades when security bugs are found. I'd like to see this on Linux (Ubuntu) but assume most of the work would be the same as for MacOS.
On a headless server, the attack surface and overhead implications of installing X11 and a whole slew of GUI tools would overwhelm the security benefits of using Keybase for communications.
Are there plans for supporting CLI-only packaging?
In the past two years since this issue was opened, I haven't started using Keybase again. Even with --standalone, the Keybase app bundle is just too big and heavyweight for what I'd use.
Note that the Arch install is split in to keybase (CLI) vs keybase-gui vs kbfs. So we're pushing to get the same split for server/CLI installs on other suitable platforms.
Seems people would flock back in droves if there was a possibility to only install a CLI version of Keybase. Is this still being pursued?
I would still be interested in a CLI-only installation too. Though I get the impression that Keybase has become more interested in the instant messaging space and the PGP public key directory is increasingly an afterthought.
Actually the chat capabilities on CLI are most useful. Keybase is unique in that is provides a bridge between a mobile chat app and the CLI. That opens up a world of possibilities for building custom chat proxies/bots that propagate messages between non-tech savvy user and a home automation environment. Non-tech savvy users get for free a user-friendly mobile chat app for sending commands to home automation devices and can inversely receive status update messages from them on their mobiles.
