Re: Activity packaging
by Bernie Innocenti
On Tue, 2010-07-06 at 12:02 -0400, Benjamin M. Schwartz wrote:
> I think you are missing an important requirement: installation without
> elevated permissions.
XO and SoaS distributions are configured for sudo with no password.
Rainbow has been bit-rotting for the past 2 years and nobody volunteered
to work on it. The bottom line is that *nowadays*, any activity can
escalate root privileges.
Before someone screams in horror, consider this: the only valuable data
on the laptop belongs to user "olpc". A non-privileged account can
already effectively do anything that a spammer would like to do.
Even in a Rainbow-enabled environment, privileged vs unprivileged
installation isn't by itself the source of security issues. Packages
could easily be checked to ensure that all bundled files are within a
specific path, like we currently do with the zip files. Post-install
scriptlets can be disabled.
Even with these limitations, a native packaging system is still years
ahead of us in terms of robustness and feature-completeness.
> P.S. This cross-posting is getting ridiculous.
Mikus keeps moving this thread to other lists because he won't subscribe
to sugar-devel. (why?? ask him).
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months
Re: [Sugar-devel] Activity packaging
by Michael Stone
Aleksey wrote:
> On Wed, Jul 07, 2010 at 01:18:04AM -0400, Michael Stone wrote:
>> Bernie wrote:
>> On Tue, 2010-07-06 at 12:02 -0400, Benjamin M. Schwartz wrote:
>> >> I think you are missing an important requirement: installation without
>> >> elevated permissions.
>> >
>> > Rainbow has been bit-rotting for the past 2 years
>>
>> Ahem. Sugar's integration with rainbow has bit-rotted, been rebuilt, and still
>> received no independent testing despite repeated calls for same.
>
> To be honest I wasn't a fan of rainbow a bit time ago..
>
> But having Zero Sugar fully implemented and potential possibility to launch
> almost any piece of software... rainbow should be more then essential
> requirement.
Let's be clear: the actual requirement is for something more like "safety" or
"isolation".
Rainbow is merely one of several reasonable approaches -- and competition and
interoperability would be no bad thing here.
Michael
P.S. - Several other isolation shells that might be worth thinking about, if
only to better understand the tradeoffs that rainbow makes, are briefly
described at
http://sandboxing.org
P.P.S. - Also, either way, thanks for your encouragement. :)
13 years, 10 months
Re: [Sugar-devel] Activity packaging
by Bernie Innocenti
On Tue, 2010-07-06 at 19:56 +0000, Aleksey Lim wrote:
> Just to mention how it could look like on high level
> http://wiki.sugarlabs.org/go/Activity_Team/Zero_Sugar#How_it_works_at_a_g...
Will it also remove the need to ship "fat bundles", as we do now?
I mean, will it produce separate packages for each architecture/os or
just one large package with many binaries in it?
I tend to prefer the first way, like rpm and deb do.
> - move all packaging related stuff from current glucose to some kind
> of packaging core with using 0install as an unified packaging
> "engine", such core could be e.g. a dbus service (but could be a
> library as well) e.g. for now, shell does things like: decides what
> activities to use, from /usr or from ~/Activities, "plain versions
> vs. dotted versions" (sounds a bit amusing). All these tasks will be
> handled within new packaging core
Wouldn't PackageKit be a perfect match for this?
> So, Zero Sugar will be useful already in two weeks e.g. it should be possible to attach
> Sugar:Platform:Factory repo from obs to have development sucrose on
> major rpm/deb distros (http://wiki.opensuse.org/openSUSE:Build_Service_supported_build_targets)
> or install sugarized GC (in form of application or activity) from native packages.
It's an amazing piece of work, Aleksey!!
Considering that you're tackling on the hardest problem in the Sugar
universe, I'm very impressed by the progress you've made in such a short
amount of time.
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months
Re: Activity packaging
by Martin Langhoff
On Tue, Jul 6, 2010 at 1:50 PM, John Gilmore <gnu(a)toad.com> wrote:
>> I think you are missing an important requirement: installation without
>> elevated permissions.
>
> Enhancing deb or rpm to be able to do this would be a win all around.
Yes, it's been in the To Do list for dpkg and rpm for as long as I've
been using Linux -- I asked about this for rpms in '98.
Sadly, the rate of development around rpm and dpkg is... well... slow...
rpm has a leg up, anyway, in that it has (limited? buggy?) support for
relocatable rpms.
It would be amazing for the overall health of Linux distros if someone
took this on and worked on it all the way to getting it done and
merged.
Packages (and maint scripts) would need to be updated/adapted to
support this, and of course it's not appropriate for all packages.
cheers,
m
--
martin.langhoff(a)gmail.com
martin(a)laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
13 years, 10 months
Re: [Sugar-devel] UI experiments: pop-up menus and hot corners
by Bernie Innocenti
Err, we've dropped sugar-devel off the cc list again :-)
On Mon, 2010-07-05 at 10:37 -0400, Christian Marc Schmidt wrote:
> We are looking to schedule a design meeting next Saturday (July 10),
> at 10:30am EST (2:30 UTC/GMT). We'll be reviewing designs for the
> proposed Start new/Resume functionality in Home view. Please join!
This Saturday I'll be in Belo Horizonte, probably without Internet
connection. I'll try to join in if I can.
> Thanks,
>
>
> Christian
>
>
>
> On Sun, Jul 4, 2010 at 7:05 PM, Bernie Innocenti <bernie(a)codewiz.org> wrote:
> > On Sun, 2010-07-04 at 23:42 +0100, Gary Martin wrote:
> >> P.S. We keep slipping on a date/time for the next irc #sugar-meeting
> >> design meeting, folks are most welcome, Christian has some nice
> >> mockups he's been polishing up for publication. We're trying again for
> >> tomorrow/Monday, but no time confirmed just yet.
> >
> > Tomorrow (monday) I'll be in Caacupé all day and I might be offline most
> > of the time. Please, give me some advance notice if the meeting is
> > happening tomorrow.
> >
> >
> >> > p.s.
> >> > The Journal user-interface was invented, with a "filter" capability.
> >> > Now a full screen dialogue user-interface would be duplicating what the
> >> > Journal can show. I myself am not comfortable with duplication.
> >
> > I agree with Mikus, but I'd like to see the mock-ups
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months
Re: NetworkManager time sync
by Bernie Innocenti
On Mon, 2010-07-05 at 20:30 -0400, C. Scott Ananian wrote:
> I wrote that script when I was at OLPC. It should still be packaged somewhere.
I see olpc-update-ifup in my builds, but nothing related to ntpdate.
Do you remember if it was part of olpc-utils or olpc-update?
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months
Re: [Sugar-devel] UI experiments: pop-up menus and hot corners
by Bernie Innocenti
On Mon, 2010-07-05 at 13:29 +0200, James Zaki wrote:
> But could you add a message hint that then dissappear after some
> seconds ?
> For example, when you launch, and auto-resume last saved work, a
> discrete message appears and after some time dissappear (fade, or
> slide away), say 5 or so seconds.
> For example a title with a button (eg: "This is <journal
> title> ..." ["start new instead?"]
> ) that descends from the top just beneath the menu (like web browser
> notifications)
Good idea. We could put the activity title in the startup window, below
the glowing icon.
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months
Re: NetworkManager time sync
by Bernie Innocenti
On Mon, 2010-07-05 at 10:33 +0200, Tomeu Vizoso wrote:
> You mean a script placed in /etc/NetworkManager/dispatcher.d/ ?
Yes, and then invoke hwclock --systohc.
I was just hoping to find something already written, tested and packaged
nicely so we could use it both on the XO and SoaS.
--
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
13 years, 10 months