10STORE-SECURE-ADD(1)                                      0STORE-SECURE-ADD(1)
2
3
4

NAME

6       0store-secure-add - add an implementation to the system cache
7
8

SYNOPSIS

10       0store-secure-add DIGEST
11
12

DESCRIPTION

14       This  command imports the current directory into the system-wide shared
15       Zero Install cache (by default, as  /var/cache/0install.net/implementa‐
16       tions/DIGEST).   This  allows  a  program  downloaded by one user to be
17       shared with other users.
18
19
20       The current directory must contain a file  called  '.manifest'  listing
21       all  the files to be added (in the format required by DIGEST), and this
22       file must have the given digest. If not, the import is refused.  There‐
23       fore,  it  is only possible to add a directory to the cache if its name
24       matches its contents.
25
26
27       It is intended that it be safe to grant untrusted users  permission  to
28       call this command with elevated privileges. To set this up, see below.
29
30

SETTING UP SHARING

32       To enable sharing, the system administrator should follow these steps:
33
34
35       Create a new system user to own the cache:
36
37       adduser --system zeroinst
38
39
40       Create the shared directory, owned by this new user:
41
42       mkdir /var/cache/0install.net
43
44       chown zeroinst /var/cache/0install.net
45
46
47       Use visudo(8) to add these lines to /etc/sudoers:
48
49       Defaults>zeroinst env_reset
50
51       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
52
53
54       Create  a  script  called  0store-secure-add-helper in PATH to call it.
55       This script must be executable and contain these two lines:
56
57       #!/bin/sh
58
59       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null
60
61
62       The other Zero Install programs will call this helper script  automati‐
63       cally.
64
65

FILES

67       /var/cache/0install.net/implementations
68              Default system-wide Zero Install cache.
69
70
71       ~/.config/0install.net/injector/implementation-dirs
72              List of system cache directories, one per line.
73
74

LICENSE

76       Copyright (C) 2007 Thomas Leonard.
77
78
79       You  may redistribute copies of this program under the terms of the GNU
80       Lesser General Public License.
81
82

BUGS

84       This program is EXPERIMENTAL. It has not been audited. Do  not  use  it
85       yet in security-critial environments.
86
87
88       The  env_reset line in sudoers may not be required. sudo(1) seems to do
89       it automatically.
90
91
92       If sudo let us check whether we could call  a  command  then  we  could
93       switch  to using it automatically, instead of needing to add the helper
94       script. Currently, sudo delays for one second and writes to auth.log if
95       we try to use this system when it hasn't been set up.
96
97
98       Please report bugs to the developer mailing list:
99
100       http://0install.net/support.html
101
102

AUTHOR

104       Zero Install was created by Thomas Leonard.
105
106

SEE ALSO

108       0store(1)
109
110
111       The Zero Install web-site:
112
113       http://0install.net
114
115
116
117Thomas Leonard                       2007                 0STORE-SECURE-ADD(1)
Impressum