view org/pkg.org @ 20:c75924bd38e3

fix security hole relating to path for package user.
author Robert McIntyre <rlm@mit.edu>
date Thu, 10 Jan 2013 04:25:17 +0000
parents e056798af879
children
line wrap: on
line source
1 The point of this system to to
3 1. Determine the provenence of every file on my system.
4 2. Always have an "undo" button.
6 These criteria have evolved from my frustrations
7 with my previous LFS system.
10 User expreience:
12 Suppose I want to install emacs.
14 here's a sample terminal session
16 $ pkg emacs "a text editor"
17 > creating user emacs.
18 > cd /pkg/emacs
20 $ wget http://emacs.com/emacs.tar.bz2
21 > downloaded emacs.tar.bz2
23 $ unp emacs.tar.bz2; cd emacs; configure;
24 make install;
25 > install stuff..
27 $ hg st
28 > a bunch of files are added
30 1. Say I don't want emacs after all.
31 $ hg purge; hg revert --all
33 2. Complete emacs instilation
34 > hg addr; hg commit -m "emacs."
36 (this commits as the emacs user)
38 3. can examine provenance of information
39 $ pkg-report emacs
40 > package emacs owns the following files:
41 > emacs
42 > man/emacs
43 > ....
45 4. see all the commits that the "emacs" user made.
46 $ pkg-history emacs
47 > <filtered mercurial log>
49 5. remove a package in its entirety
50 $ pkg-remove emacs
51 > removed
52 > <list of files>
54 the root-level mercurial repository is owned by
55 hg-commiter:hg-wheel, where hg-committer is the
56 user for which the "hg" alise for each package
57 user is setuid.
59 high level users can be added to hg-heel to
60 administer the root-level mercurial repsitory,
61 which will allow them to do things like hg log, hg
62 purge, etc.