10STORE-SECURE-ADD(1)                                      0STORE-SECURE-ADD(1)
2
3
4

NAME

6       0store-secure-add — add an implementation to the system cache
7
8

SYNOPSIS

10       0store-secure-add DIGEST
11
12

DESCRIPTION

14       This  command imports the current directory into the system-wide shared
15       Zero Install cache, as  /var/cache/0install.net/implementations/DIGEST.
16       This  allows  a  program downloaded by one user to be shared with other
17       users.
18
19
20       The current directory must contain a file  called  '.manifest'  listing
21       all  the files to be added (in the format required by DIGEST), and this
22       file must have the given digest. If not, the import is refused.  There‐
23       fore,  it  is only possible to add a directory to the cache if its name
24       matches its contents.
25
26
27       It is intended that it be safe to grant untrusted users  permission  to
28       call this command with elevated privileges. To set this up, see below.
29
30

SETTING UP SHARING

32       To enable sharing, the system administrator should follow these steps:
33
34
35       Create a new system user to own the cache:
36
37       adduser --system zeroinst
38
39
40       Create the shared directory, owned by this new user:
41
42       mkdir /var/cache/0install.net
43
44       chown zeroinst /var/cache/0install.net
45
46
47       Use visudo(8) to add these lines to /etc/sudoers:
48
49       Defaults>zeroinst env_reset,always_set_home
50
51       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
52
53
54       Create  a  script  called  0store-secure-add-helper in PATH to call it.
55       This script must be executable and contain these two lines:
56
57       #!/bin/sh
58
59       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null
60
61
62       The other Zero Install programs will call this helper script  automati‐
63       cally.
64
65

FILES

67       /var/cache/0install.net/implementations
68              System-wide Zero Install cache.
69
70

LICENSE

72       Copyright (C) 2009 Thomas Leonard.
73
74
75       You  may redistribute copies of this program under the terms of the GNU
76       Lesser General Public License.
77
78

BUGS

80       This program is EXPERIMENTAL. It has not been audited. Do  not  use  it
81       yet in security-critial environments.
82
83
84       The  env_reset line in sudoers may not be required. sudo(1) seems to do
85       it automatically.
86
87
88       If sudo let us check whether we could call  a  command  then  we  could
89       switch  to using it automatically, instead of needing to add the helper
90       script. Currently, sudo delays for one second and writes to auth.log if
91       we try to use this system when it hasn't been set up.
92
93
94       Please report bugs to the developer mailing list:
95
96       http://0install.net/support.html
97
98

AUTHOR

100       Zero Install was created by Thomas Leonard.
101
102

SEE ALSO

104       0store(1)
105
106
107       The Zero Install web-site:
108
109       http://0install.net
110
111
112
113Thomas Leonard                       2010                 0STORE-SECURE-ADD(1)
Impressum