Mercurial > pkg
view org/pkg.org @ 20:c75924bd38e3
fix security hole relating to path for package user.
author | Robert McIntyre <rlm@mit.edu> |
---|---|
date | Thu, 10 Jan 2013 04:25:17 +0000 |
parents | e056798af879 |
children |
line wrap: on
line source
1 The point of this system to to3 1. Determine the provenence of every file on my system.4 2. Always have an "undo" button.6 These criteria have evolved from my frustrations7 with my previous LFS system.10 User expreience:12 Suppose I want to install emacs.14 here's a sample terminal session16 $ pkg emacs "a text editor"17 > creating user emacs.18 > cd /pkg/emacs20 $ wget http://emacs.com/emacs.tar.bz221 > downloaded emacs.tar.bz223 $ unp emacs.tar.bz2; cd emacs; configure;24 make install;25 > install stuff..27 $ hg st28 > a bunch of files are added30 1. Say I don't want emacs after all.31 $ hg purge; hg revert --all33 2. Complete emacs instilation34 > hg addr; hg commit -m "emacs."36 (this commits as the emacs user)38 3. can examine provenance of information39 $ pkg-report emacs40 > package emacs owns the following files:41 > emacs42 > man/emacs43 > ....45 4. see all the commits that the "emacs" user made.46 $ pkg-history emacs47 > <filtered mercurial log>49 5. remove a package in its entirety50 $ pkg-remove emacs51 > removed52 > <list of files>54 the root-level mercurial repository is owned by55 hg-commiter:hg-wheel, where hg-committer is the56 user for which the "hg" alise for each package57 user is setuid.59 high level users can be added to hg-heel to60 administer the root-level mercurial repsitory,61 which will allow them to do things like hg log, hg62 purge, etc.