packaging system

Mark Wolfe wolfem at alphalink.com.au
Fri Jul 18 21:29:45 PDT 2003


Sorry about missing the goals section of your site I have since 
revisited it and done some reading. Man there are some pretty good 
ideas there..

Have you had a look at portage in gentoo and how it manages versioning 
as a possible short term alternative to your vision?

On Saturday, July 19, 2003, at 01:11  PM, Matthew Dillon wrote:

:Gday all,
:
:Just a couple of questions.
:
:Has anyone got any ideas on what you are envisioning for the packaging
:system of dragonfly. I have used FreeBSDs ports, debians dpkg and 
Osx's
:fink for a bit and I am interested in software distribution and update
:systems. I would be happy to begin looking into a helping with a 
higher
:level design or even just happy to help compile peoples ideas for web
:content.

    I have a basic idea of what I would like to see, and how it could 
be
    accomplished.  I discuss it somewhat in the Goals section of the
    site.

:Also what are your thoughts of NSS switch.. are you planning to
:integrate this feature into dragonfly? I am a stalwart supporter of 
the
:move to ldap as the core of an os's AAA model.

    Well, I don't know enough about NSS switch to comment on it.  I do
    know what I want to see for authentication and that is a port 
service...
    a user level daemon, which takes and responds to requests from 
processes
    for user, group, and other authentication info.  e.g. it would run 
the
    password crypt check too, and would be able to ask for (opaque to 
it)
    config files and environment variables from the requesting client 
in
    order to resolve things like ssh keys, kerberos, and so forth.  It 
would
    deal with NIS or other over-the-network authentication systems as 
well.
    All of that would be invisible to the requesting client.  I
    really dislike having to compile authentication support into every 
program
    in the system, even if it is in DLL form (like PAM.  I really hate 
PAM).

    e.g., the conversation would go something like this:

    program: help, I need to authenticate 'charlie'!  I have the 
following
    pieces of opaque data:

	- Something called a ssh2_public_key, whatever that is
	- Something called ORIGINATING_IP, whatever that is
    service: send me your ~/.rhosts, ~/.shosts, ~/.ssh/authorized_keys 
file
    please.

    program: I only have ~/.shosts and ~/.ssh/... here ya go.

    service: that's good enough, your authenticated for the following 
(opaque)
    capabilities: (list of opaque capabilities)

    program: Thanks!  I have no idea what these capabilties are but 
I'll hand
    them out (one could be related to ssh that ssh understands.  If 
this
    program is ssh then it will understand the ssh-related 
capabilities).

    And so on and so forth.

:Lastly have you thought about doing some research into some of the
:technologies used in darwin to possibly add even more to you new
:distribution. This is just a general fish for ideas from people in 
this
:group and is not directed at any particular part of darwin.

    It would depend on the technology.  Some things might not mesh 
well with
    the existing goal set, other things might.

					-Matt
					Matthew Dillon
					<dillon at xxxxxxxxxxxxx>
:BTW good to see there still people out there who are brave enough to
:break away from the establishment, roll up there sleeves and break 
some
:stuff in the name of learning and innovation.
:
:Regards,
:
:Mark Wolfe
:Hammond Street Developments







More information about the Kernel mailing list