On Wed, 17 May 2006 15:54:38 +0100, Mike Hearn wrote:
On Tue, 16 May 2006 18:21:04 +0100, Thomas Leonard wrote:
[...]
By the way, now that autopackage has reached 1.0, are there any plans to stabilise the file-format?
Sorry, no.
This is a shame, because the payload of an autopackage would often make an ideal Zero Install package too!
However the -x command line argument is guaranteed to be present in future versions, so you can simply run the file with that option to make it dump its contents to a new directory.
Yes, but executing code from the downloaded package during installation would break our security model, which is that installation and uninstallation are safe (but execution is at your own risk ;-) We need to be able to extract the payload without having to trust the package.
There are several reasons for wanting this, including:
- We store the digest of the extracted tree, not of the compressed archive. This allows multiple methods of getting it (download an archive, download individual files, rsync or patch from previous version, etc) and lets us verify the installation later. This means that we don't know that an archive should be trusted until *after* we have extracted it (that said, it would be possible to store a second checksum for each version to cope with this).
- A system administrator should be able to install software requested by a large number of users without risking the whole system to every package. If Mary and Bob want to install some weird analysis program for their work, it shouldn't get the chance to wipe my data too. In the limit, the installation part of a sysadmin's job can then be done automatically by a setuid script.
- If I just want to read the documentation for a program, diff it against a previous version or just look at the code, I should be able to install the package without running anything (either because I'm worried about security, or just because I want to be sure it won't change anything).
- It should be possible to install documentation packages, clip-art and translations without letting the author run any code on my machine.
- Indexing and archiving systems should be able to index archives from the web without having to trust all of them.
However, we don't need to be able to cope with arbitrary autopackages, because there will always be a "packager" who creates the XML description, so something that just happens to work with the existing packages may be good enough. Or perhaps the offset of the payload could be given as a header field?
Anyway, it sounds like going with the RPM + binreloc will be a better solution for us.
Thanks,