Installing Kotlin securely, with package signatures, auto-update etc

Kotlin is gaining widespread attention as being a great programming language, and is now officially supported e.g. for Android development. But the options I see for installing it aren't clear about security issues. I don't know if sdkman checks (or even supports) signatures on packages, I don't know if it automatically tracks security updates on Kotlin and other installed packages (like apt-get does), I don't know how big the install is going to be, etc.

So to sum up

Is there an installation approach for Kotlin that is relatively secure (with package signatures, auto-update etc)?

E.g., is there a PPA for it? (Is anyone even working to package it for Debian/Ubuntu?).

Or does sdkman have the necessary properties?

Or is there some other approach?

Update: I see that ubuntu-make (umake) is an option. For IDEA and Kotlin, it seems the version from their ppa is still needed, as explained at Ubuntu Make 16.03 Released With Eclipse JEE And IntelliJ IDEA EAP Support, More

But I'm surprised that I can't easily find any information on the security aspects of umake, and it seems that they don't do updates yet (updating tools · Issue #74), so my question remains open.


Solution 1:

The command line Kotlin compiler developed by JetBrains can be installed as a snap package in all currently supported versions of Ubuntu. To install it, open the terminal and type:

sudo apt install snapd  
sudo snap install kotlin --classic 

Available tools:

  • kotlinc
  • kotlinc-jvm
  • kotlinc-js
  • kotlin-dce-js

Example

  1. Create a simple application in Kotlin that displays Hello, World!. Create a new file with executable permission called hello.kt with the following:

    fun main(args: Array<String>) {
        println("Hello, World!")
    }
    
  2. Compile the application using the Kotlin compiler.

    kotlinc hello.kt -include-runtime -d hello.jar  
    
  3. Run the application.

    java -jar hello.jar
    

Solution 2:

I don't know about umake. I've just written a little bash script to generate a minimal deb package out of the distributed zip archive.

Create a new kotlinc-deb file:

#!/usr/bin/env bash
if [ -z "$1" ]; then echo "Error: no input zip file is specified"; exit 1; fi
version=${1#kotlin-compiler-}
version=${version%.zip}
unzip $1 -d kotlinc_${version}_all/
cd kotlinc_${version}_all/
mkdir -v opt
mv -v kotlinc opt/
rm -rv 'opt/kotlinc/bin/'*.bat
mkdir -vp usr/{bin,share/doc}
mv -v opt/kotlinc/license usr/share/doc/kotlinc
sed -i $'s/\r$//' 'opt/kotlinc/bin/'* #The new 1.2.0 version has shell scripts in
                                      # CRLF format. That causes issues when running
                                      # them. So I added this CRLF to LF conversion
cd usr/bin
ln -svt . '../../opt/kotlinc/bin/'*
cd ../..
mkdir -v DEBIAN
cat >DEBIAN/control <<EOF
Package: kotlinc
Version: ${version}
Section: java
Priority: optional
Maintainer: ${LOGNAME} <${LOGNAME}@localhost>
Architecture: all
Description: The Kotlin compiler
 The compiler for the Kotlin programming language.
EOF
dpkg-deb -b ../kotlinc_${version}_all{,.deb}

And then run:

$ chmod +x kotlinc-deb
$ ./kotlinc-deb kotlin-compiler-1.1.51.zip

After that, you can install the generated kotlinc_1.1.51_all.deb as a usual deb package.