[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Comments? (OpenOffice.org Dictionaries)



On Mon, 2004-04-12 at 09:41, Dan Williams wrote:
> Hi,
> 
> I guess the disadvantage of individual language packs is that users have
> to go off and find them and install them.  Consider:
> 
> o  Additional logic applied to Anaconda to install only the languages
> necessary for the user (not sure, will ask Jeremy how much work it will
> be)

%lang in the rpm should take of that no problem

> 
> o  Must be _root_ to install these language packs.  With DicOOo you
> don't have to be.

I think a change needs to made to package installation in general.
I think only the _base core_ should be installed by root.

Then something like /software/{bin,include,lib,etc,var,yada} that is
writable by user software - a user that doesn't have a login, but has a
group that the sysadmin can add users to.

A wrapper for rpm is installed that has suid bit set to user software -
but only executable for users in the group software. Thus someone in the
group software can install those rpm's and they will install as if the
user software installed them. But the users in the group software do not
themselves actually have write access to the /software directory
structure. Strict requirement of PGP sig policy can be enforced to
prevent a hijacked account who is in group software from installing a
trojan rpm that ends up in other people's path.

This would allow the _base_ OS to be quite small - as most of the
applications could be separated from the _base_ install.

It would also mean that the need to become root is greatly reduced -
updating the system won't need to be done as root except for the few
packages that really can't be installed in /software (services with init
scripts, stuff like that) and that would be safer, because the
connection to the update server wouldn't be done as root (something I
don't like about up2date and yum) and the %pre/%post scripts wouldn't
need to be run as root.

I'm working on a write up of my idea.

The only thing that might be an issue is ldconfig - but I think properly
setting the LDFLAGS at configure time should eliminate that issue (as in
- LDFLAGS="-L/software/lib/qt-1.3"; export LDFLAGS; %configure
--with-qt=/software/lib/qt-1.3 or whatever)

I have to do some testing of that though.

> 
> o  If the installation is not done at system install time, the user
> still has to manually install language packs, as with DicOOo.
> 

Not if a single rpm is provided that has proper %lang flags - and the
installer only installs the requested %lang files.
-- 
Cheap Linux CD's - http://mpeters.us/linux/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]