standard location for user binaries like ~/bin/, so installers don't write to oshrc/oilrc #736
Comments
|
Tools that edit the
I think we need a protocol for this... symlink to ~/bin ? Related to #588 |
|
This came up in an e-mail about config file evaluation and I think we might need a META_PATH or something, for #848 I guess there are two separate goals
And another requirement here is to install binaries without root privileges. That seems to be standard these days, whereas it didn't used to be |
andychu
changed the title
|
Interesting.
It's a large security problem, though, to allow arbitrary placement and execution of executable binaries. In unix/linux the risk is traditionally dealt with by only allowing the execution of files that have been selectively approved (granted executable file permissions) and moved to an immutable location (e.g. /usr/local/bin for non-distro-packages). The approvement for system wide execution requires root authentication. This approach could nicely lend itself for user installed executables very similarly, here only checking user authentication, though (i.e sudo/doas? takes the user's password and the approved code is moved into the otherwise not writable ~/bin and made executable.) Oilshell already brings, or can bring improvements and simplifications, to protect some very important corners in a shell:
Some complementary, and not shell-bound, but still related solutions are:
|
|
Concerning that more ambitious package manager aspect: Zeroinstall seems to solve the problem cross-platform, already. With its hashed names it even allows to have the files automatically installed into a protected directory that is shared system-wide. https://docs.0install.net/details/sharing/ Once there is an established scheme for a protected ~/bin (single-user-installs), zeroinstall could also support to move single-user cached implementations into the protected ~/bin directory. Making one's project's sources readily available and compilable with the zeroinstall tools (incl. crypto-secured downloads for the supply chain) is even quite easy. See https://docs.0install.net/tools/0compile/developers/ |
|
Here are also good explanations of how different installation schemes can work with different guarantees based on the same resource permission system: Could be a good read to clean up above two remaining shady security corners of the shell (protected ~/bin, and protected privilege escalation tools). |
|
Do you have any good experiences with 0install? I heard of 0install like 10-15 years ago ... but I never heard anyone use it? I think the issue is bootstrapping (how do I install the installer) and the fact that Ubuntu and even Debian want to control their software distribution. It hard for a non-OS to control the installation situation over 10-15 years ... e.g. Red Hat and Ubuntu both have their own container-based packaging now too .. I think the general problem with this issue, and which your comment hints at, is that it quickly expands into Write a Package Manager I do think that is complementary to Oil, but I tried to do it once, and it's a HUGE HUGE job ... But still maybe we can do something very small without trying to boil the ocean Another problem is that people use multiple shells on the same machine. So Oil could have ~/bin in PATH, but bash might not, and that could break bash scripts. |
|
Also this ties into #1075 In some sense that is the opposite. If you develop INSIDE A CONTAINER, then the issues are mitigated. Package managesr can install in to So then we don't have to "boil the ocean". The key is to bring the Ditto for And also you don't want to lose GUIs / X / ssh-agent It's a tough problem |
what do you mean here? |
|
Just saying that zeroinstall is not an OS, while Ubuntu and Windows are. So yeah basically I think I haven't seen it used in ~15 years because it has the "who installs the installer" problem. If you're an OS, then you don't have that problem. It comes with the OS itself So the native OS mechanisms will always be more fundamental, because you use them to install a package manager / installer (If Oil is packaged with an OS, then it will be a native OS mechanism... but that's a long way off. Even bash was not that popular until ~10-15 years into its life) |
|
Ok, sure releasing distro-independent packages only makes sense for projects until distro-packages are available, and, if that package manager implements package signature verification that's better than manual downloads and verifications. 0install is included in several distros (e.g. https://get.0install.net/#linux-ubuntu) and can check signatures. So, installing the installer may be just like any other package. Unfortunately, following the packaging docs didn't produce an easy success: 0install/0publish#6 Nix-bin seems in debian but that does not seem to be indicated on the nix install page. And nix does not seem to support signed source packages: Another thing that the language specific package installers seems to do is managing different environments. In this direction I noticed this shell-based approach: https://github.com/ilyash/E Interestingly, your prospective Oil features to help tame those solutions (rc file access) seem to correlate to the ones to help tame against further breakage: |
|
From the xdg spec:
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html |
That’s also what some distros are doing in .bashrc, eg if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]; then
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATHhttps://src.fedoraproject.org/rpms/bash/blob/rawhide/f/dot-bashrc So they may modify oshrc likewise if this isn’t in there when they do the packaging. |
pip seems to have a problem with this
https://www.gdbgui.com/installation/
https://pypi.org/project/userpath/
I want to install some "polyfills" too, and that is an issue.
maybe the default install script should write an
oshrcthat prepends~/binto$PATH?The text was updated successfully, but these errors were encountered: