5. 0store-secure-add(1)

0store-secure-add(1) 


  • NAME
       0store-secure-add — add an implementation to the system cache

SYNOPSIS
       0store-secure-add DIGEST

DESCRIPTION
       This  command imports the current directory into the system-wide shared
       Zero Install cache, as  /var/cache/0install.net/implementations/DIGEST.
       This  allows  a  program downloaded by one user to be shared with other
       users.

       The current directory must contain a file  called  '.manifest'  listing
       all  the files to be added (in the format required by DIGEST), and this
       file must have the  given  digest.  If  not,  the  import  is  refused.
       Therefore,  it  is only possible to add a directory to the cache if its
       name matches its contents.

       It is intended that it be safe to grant untrusted users  permission  to
       call this command with elevated privileges. To set this up, see below.

SETTING UP SHARING
       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create  a  script  called  0store-secure-add-helper in PATH to call it.
       This script must be executable and contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The  other  Zero  Install  programs  will  call  this   helper   script
       automatically.

FILES
       /var/cache/0install.net/implementations
              System-wide Zero Install cache.

LICENSE
       Copyright (C) 2009 Thomas Leonard.

       You  may redistribute copies of this program under the terms of the GNU
       Lesser General Public License.

BUGS
       This program is EXPERIMENTAL. It has not been audited. Do  not  use  it
       yet in security-critial environments.

       The  env_reset line in sudoers may not be required. sudo(1) seems to do
       it automatically.

       If sudo let us check whether we could call  a  command  then  we  could
       switch  to using it automatically, instead of needing to add the helper
       script. Currently, sudo delays for one second and writes to auth.log if
       we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html

AUTHOR
       Zero Install was created by Thomas Leonard.

SEE ALSO
       0store(1)

       The Zero Install web-site:

       http://0install.net
ubuntu manpages 1903
Log in to reply
 

© Lightnetics 2024