On Wed, 17 May 2006 19:15:10 +0100, Thomas Leonard wrote:
Yes, but executing code from the downloaded package during installation would break our security model, which is that installation and uninstallation are safe (but execution is at your own risk ;-) We need to be able to extract the payload without having to trust the package.
Hmm well being able to install without root is actually possible with autopackage anyway ... being able to confine it so it installs to /usr without needing root access is a problem to solve some other day (all existing systems except for us crazy alternatives people need root :)
However, we don't need to be able to cope with arbitrary autopackages, because there will always be a "packager" who creates the XML description, so something that just happens to work with the existing packages may be good enough. Or perhaps the offset of the payload could be given as a header field?
That wouldn't work either as the payload can be either LZMA or bzip2 compressed, and new schemes might be added in future.
Like I said, the contents of the archive even if it could be extracted don't necessarily bear any resemblence to the files that'll actually be installed. They can be post processed in any way in between being decompressed and installed on the users system. We've had to rely on this design several times now to deal with compatibility problems, so your best bet is still just to use apbuild directly (and disable the compatibility features that need post-processing like C++ support).
thanks -mike