SIMPLE SOLUTIONS

0STORE-SECURE-ADD - reference manual online

Add an implementation to the system cache.

Chapter
2010
0STORE-SECURE-ADD(1)                                                         0STORE-SECURE-ADD(1)

NAME 0store-secure-add — add an implementation to the system cache
SYNOPSIS 0store-secure-add DIGEST
DESCRIPTION This command imports the current directory into the system-wide shared Zero Install cache, as /var/cache/0install.net/implementations/DIGEST. This allows a program downloaded by one user to be shared with other users. The current directory must contain a file called '.manifest' listing all the files to be added (in the format required by DIGEST), and this file must have the given digest. If not, the import is refused. Therefore, it is only possible to add a directory to the cache if its name matches its contents. It is intended that it be safe to grant untrusted users permission to call this command with elevated privileges. To set this up, see below.
SETTING UP SHARING To enable sharing, the system administrator should follow these steps: Create a new system user to own the cache: adduser --system zeroinst Create the shared directory, owned by this new user: mkdir /var/cache/0install.net chown zeroinst /var/cache/0install.net Use visudo(8) to add these lines to /etc/sudoers: Defaults>zeroinst env_reset,always_set_home ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add Create a script called 0store-secure-add-helper in PATH to call it. This script must be executable and contain these two lines: #!/bin/sh exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null The other Zero Install programs will call this helper script automatically.
FILES /var/cache/0install.net/implementations System-wide Zero Install cache.
LICENSE Copyright (C) 2009 Thomas Leonard. You may redistribute copies of this program under the terms of the GNU Lesser General Pub‐ lic License.
BUGS This program is EXPERIMENTAL. It has not been audited. Do not use it yet in security- critial environments. The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically. If sudo let us check whether we could call a command then we could switch to using it automatically, instead of needing to add the helper script. Currently, sudo delays for one second and writes to auth.log if we try to use this system when it hasn't been set up. Please report bugs to the developer mailing list: http://0install.net/support.html
AUTHOR Zero Install was created by Thomas Leonard.
SEE ALSO 0store(1) The Zero Install web-site: http://0install.net
Thomas Leonard 2010 0STORE-SECURE-ADD(1)
This manual Reference Other manuals
0store-secure-add(1) referred by 0store(1)
refer to visudo(8) | 0store(1)