headers
Rahsheen Porter | 3 Aug 2003 16:26
Picon

I already have that lib!!!

Excellent piece of software. :)

Just curious as to whether discussions are under way to allow it to check the local system for dependencies
*then* check zero-install. It's kind of upsetting to see that I have libgtk and friends installed in 2
different places.

I tried searching the archives but didn't see anything on this.

--

-- 
Rahsheen Porter	<microrahsheen <at> comcast.net>
Permalink | Reply | 1 comment |
headers
Thomas Leonard | 4 Aug 2003 12:58
Picon
Favicon

Re: I already have that lib!!!

On Sun, Aug 03, 2003 at 10:26:14AM -0400, Rahsheen Porter wrote:
> Excellent piece of software. :)
> 
> Just curious as to whether discussions are under way to allow it to
> check the local system for dependencies *then* check zero-install. It's
> kind of upsetting to see that I have libgtk and friends installed in 2
> different places.

It's possible, but we haven't done it yet (mainly because I already have
most stuff installed with APT, so I'd never get to test it ;-).

There are some problems with getting the latest version (eg, GTK is
already installed, but a newer version is available through Zero Install).

I'm not sure quite how it would work for C libraries, but ROX-Lib (python)
already allows pygtk to come from either Zero Install or from the usual
place (but always prefers the Zero Install copy at the moment).

Another problem is that it could lead to some subtle bugs (eg, Debian's
version of GTK has some bug, but only people who've installed that will
see it).

--

-- 
Thomas Leonard			http://rox.sourceforge.net
tal00r at ecs.soton.ac.uk	tal197 at users.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
Permalink | Reply | 0 comments |
headers
Rahsheen Porter | 6 Aug 2003 05:33
Picon

/uri/0install/crash_my_box...

Something odd I noticed. I had an icon on my rox panel pointing to:

/uri/0install/www-i1.informatik.rwth-aachen.de/kerofin.demon.co.uk/Load

and one too

/uri/0install/www-i1.informatik.rwth-aachen.de/kerofin.demon.co.uk/NetStat

This worked just fine while my session was running, but the power went out whilst I was at work. I tried
getting back into X, but it kept freezing my box. The only thing I could do was Alt-SysRq-B to reboot my box. 

I drove myself crazy for a few minutes before I was able to figure out it was the icons causing the crash, but I
still don't know *why* they cause a crash. I could easily access the locations from the console so
everything was all gravy as far as zero-install's install goes...

Can anyone shed some light on the situation?

--

-- 
Rahsheen Porter	<microrahsheen <at> comcast.net>
Permalink | Reply | 3 comments |
headers
Thomas Leonard | 6 Aug 2003 11:43
Picon
Favicon

Re: /uri/0install/crash_my_box...

On Tue, Aug 05, 2003 at 11:33:19PM -0400, Rahsheen Porter wrote:
> 
> Something odd I noticed. I had an icon on my rox panel pointing to:
> 
> /uri/0install/www-i1.informatik.rwth-aachen.de/kerofin.demon.co.uk/Load
> 
> and one too
> 
> /uri/0install/www-i1.informatik.rwth-aachen.de/kerofin.demon.co.uk/NetStat
> 
> This worked just fine while my session was running, but the power went
> out whilst I was at work. I tried getting back into X, but it kept
> freezing my box. The only thing I could do was Alt-SysRq-B to reboot my
> box. 
> 
> I drove myself crazy for a few minutes before I was able to figure out
> it was the icons causing the crash, but I still don't know *why* they
> cause a crash. I could easily access the locations from the console so
> everything was all gravy as far as zero-install's install goes...

Can you actually load the icons? Check the /var/cache/zero-inst filesystem
(with fsck). What version are you running (although I don't think it
should matter in this case).

> Can anyone shed some light on the situation?

The only thing I can think is that a '...' index file may have become
corrupted (but the kernel module is supposed to check for that anyway).

If the filesystem itself is OK, could you make a backup of the cache
(Continue reading)

Permalink | Reply | 2 comments |
headers
Rahsheen Porter | 7 Aug 2003 02:21
Picon

Re: /uri/0install/crash_my_box...

On Wed, 6 Aug 2003 10:43:52 +0100
Thomas Leonard <tal00r <at> ecs.soton.ac.uk> wrote:

> > Can anyone shed some light on the situation?
> 
> The only thing I can think is that a '...' index file may have become
> corrupted (but the kernel module is supposed to check for that anyway).
> 
> If the filesystem itself is OK, could you make a backup of the cache
> directory, and then refetch the programs, then do a diff (zero-inst.old ->
> /var/cache/zero-inst) to find out what changed? That would be really
> helpful...

Few things I forgot to mention. (sorry, I was tired :)

/var/cache/zero-inst is a symlink to /usr/local/zero-install on another partition Both filesystems
are ext3. 

Here is a unified diff of the cache compared to the actual /uri filesystem (only the kerofin.demon.co.uk
part). It seems that I was missing random files (links and whatnot). Not sure how much this'll help. 

Now that I recall, I was unable to see icons before the reboot. A few things were going kind of screwy with
zero-install, but I thought I'd had the problems eliminated.
--- 
Rahsheen Porter	<microrahsheen <at> comcast.net>

--- zero-old.txt	2003-08-06 20:14:48.000000000 -0400
+++ zero.txt	2003-08-06 20:14:52.000000000 -0400
 <at>  <at>  -1,4 +1,4  <at>  <at>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Thomas Leonard | 7 Aug 2003 11:22
Picon
Favicon

Re: /uri/0install/crash_my_box...

On Wed, Aug 06, 2003 at 08:21:34PM -0400, Rahsheen Porter wrote:
> On Wed, 6 Aug 2003 10:43:52 +0100
> Thomas Leonard <tal00r <at> ecs.soton.ac.uk> wrote:
> 
> > > Can anyone shed some light on the situation?
> > 
> > The only thing I can think is that a '...' index file may have become
> > corrupted (but the kernel module is supposed to check for that anyway).
> > 
> > If the filesystem itself is OK, could you make a backup of the cache
> > directory, and then refetch the programs, then do a diff (zero-inst.old ->
> > /var/cache/zero-inst) to find out what changed? That would be really
> > helpful...
> 
> Few things I forgot to mention. (sorry, I was tired :)
> 
> /var/cache/zero-inst is a symlink to /usr/local/zero-install on another
> partition Both filesystems are ext3. 
> 
> Here is a unified diff of the cache compared to the actual /uri
> filesystem (only the kerofin.demon.co.uk part). It seems that I was
> missing random files (links and whatnot). Not sure how much this'll
> help. 

Sorry, I meant a diff of the files themselves, not the listing.
You should compare the two cache directories, not /uri/0install, eg:

$ diff -ur /var/cache/zero-inst /var/cache/zero-inst.old

(or maybe use '-qur')
(Continue reading)

Permalink | Reply | 0 comments |
headers
Thomas Leonard | 7 Aug 2003 13:25
Picon
Favicon

Zero Install 0.1.14

New release:

	http://zero-install.sourceforge.net/install.html

There are no changes to the kernel module this time (the last one seemed
pretty good).

For each new release of the ROX applications I've put up a version in Zero
Install. You can find them here (Edit, Memo, Wallpaper at the moment):

	/uri/0install/rox.sourceforge.net/apps

ROX-Lib, pygtk-1.99.17 and the shared MIME database are all also
available. The current CVS version of ROX-Filer will run 0refresh if you
click the Refresh toolbar button in a Zero Install directory, and uses the
shared MIME database through Zero Install if possible.

Changes since 0.1.13:

* 0refresh can be given a path and a date (like 0run), and only does
  the refresh if the path isn't recent enough.

* Fixed a bug in 0run when the executable was a directory.

* Removed 0show. It wasn't much use, and ZeroProgress replaces it.

* Added missing test_cases.py file to the distribution.

* Mount the /uri/0install filesystem automatically at install time.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Thomas Leonard | 7 Aug 2003 16:51
Picon
Favicon

Re: Zero Install 0.1.10

On Wed, Jul 02, 2003 at 02:07:34AM +0100, Stuart Langridge wrote:

> One more note: you need the Expat development headers to compile zero-install 
> too (libexpat-dev in Debian) or "make" throws an error about not being
> able to find expat.h.

Ooops. You can just remove that. It's gone from CVS now.

--

-- 
Thomas Leonard			http://rox.sourceforge.net
tal00r at ecs.soton.ac.uk	tal197 at users.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
Permalink | Reply | 0 comments |
headers
Gregory W Alexander | 8 Aug 2003 19:21
Favicon

Security

I took a look at the security page and at least one change came to mind.

It would probably be a good idea to include a local file that contains a
list of uri/public key pairs.  This would allow "distributions" to be
significantly more secure by including a list of known-good sites and
public keys.  These public keys could then be included on the install
CD/floppy, or downloaded as part of the install process.  (I.E. the
floppy could just include the distribution's public key, and the uri
list could then be downloaded from the distribution's page, signed with
the distribution's public key.)

The important thing here is to allow the system to form a web of trust
based on something more secure than previous internet downloads from the
same untrusted site.  The user would still have the option to install
untrusted software, but:

A.) Untrusted software can be identified as such.
and
B.) Trojan software witin the distribution is identifiable even if it
has never been accessed before.

To a lesser extent, you also get:
C.) Cracked keys can be revoked by the distributor by including a new
key for the same URI.

Hope you found these interesting,

GREG
(Continue reading)

Permalink | Reply | 1 comment |
headers
Thomas Leonard | 9 Aug 2003 10:44
Picon
Favicon

Re: Security

On Fri, Aug 08, 2003 at 12:21:11PM -0500, Gregory W Alexander wrote:
> I took a look at the security page and at least one change came to mind.
> 
> It would probably be a good idea to include a local file that contains a
> list of uri/public key pairs.  This would allow "distributions" to be
> significantly more secure by including a list of known-good sites and
> public keys.  These public keys could then be included on the install
> CD/floppy, or downloaded as part of the install process.

The easy way to do this is for the distribution to install the keys as,
eg:

	/var/cache/zero-inst/gimp.org/.0inst-key.pub

Then it should all work securly, even if the distro installer doesn't
include gimp itself. I'll add a note to the security page (and try to
actually implement some of these features ;-)

> To a lesser extent, you also get:
> C.) Cracked keys can be revoked by the distributor by including a new
> key for the same URI.

It should be possible for the site itself to revoke the cracked key, once
they get control of their server back. Perhaps the distro could distribute
new keys for cracked sites (if the owners are slow to respond). That way,
noone will be able to update the site until the site uses a key signed by
the one the distro/securityfocus/etc generated.

Thanks,
(Continue reading)

Permalink | Reply | 0 comments |

Gmane