[Pkg-ROX-devel] ROX-Lib2 & more

Thomas Leonard tal at ecs.soton.ac.uk
Sat Oct 1 11:04:13 UTC 2005 

On Sat, Oct 01, 2005 at 12:26:17PM +0200, Torsten Marek wrote:
> Francesco P. Lovergine schrieb:
> > On Sun, Sep 25, 2005 at 11:10:16PM +0200, Torsten Marek wrote:
> >>There is already a zeroinstall-injector deb in sourceforge, maybe it
> >>could also be adopted.
> > Uhm, I'm not so keen on zeroinstall generally, it could violate debian
> > policy in principle...
> 
> I've tried it out, and it works as it should, which makes it difficult
> for us.  Right now, it doesn't even check if ROX-Lib2 is installed on
> the system somewhere, it just downloads it from the web. I did not
> have time to look into the source code, so I'm not sure whether it's
> possible to provide a system-wide override.

Create a symlink:

/var/cache/0install.net/implementations/sha1=XXXX -> /usr/lib/rox-lib-VVV

where XXX is the SHA1 digest of ROX-Lib (assuming it hasn't been
modified from the upstream version) and VVV is the version. Then, if the
user wants to run the version installed by the Debian package it doesn't
need to be downloaded again.

If you want to modify the upstream version, then you need to tell the
injector about it by adding a <feed src='/path/to/ROX-Lib.xml'> line in
the system-wide default config file for ROX-Lib.

> If we *would* want to support zeroinstall injector, then the software
> would have to be modified to allow system-wide installations.

The software needs to support system-wide installations anyway. This is
quite easy; you basically need a program that does this:

  TMP_DIR=/var/cache/0install.net/implementations/tmp-$$
  mkdir $TMP_DIR
  DIGEST=`basename $1`
  cp -r $1 $TMP_DIR/$DIGEST
  if 0store verify $TMP_DIR/$DIGEST; then
    mv $TMP_DIR/$DIGEST /var/cache/0install/implementations/$DIGEST
  else
    echo Error: directory name does not match contents' digest!
    exit 1
  fi

except written in a more secure style, obviously. The injector can then
call this (setuid to 'zeroinstall') program to install programs
system-wide. This is safe, because the directory has to be named after
the digest of its contents (the program above checks), and other users
know what digest they are looking for.

> This is the problem because 0install solves a problem Debian already
> has solved.

The problem 0install solves is letting users install desktop software
without needing root access. This is useful even on a Debian system.

> Uploading zeroinstall-injector, as you said, might violate policy,
> since it provides another install mechanism for software besides
> apt/dpkg (which is not impossible, see the extensions of Firefox).

Without the program above to share downloads safely between users, the
current injector is indeed very like firefox's extensions mechanism.


-- 
Dr Thomas Leonard		http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

More information about the Pkg-rox-devel mailing list