Hello,
Running Suse, I wish to allow users the ability to use some package
manager to install software in a sandbox area while protecting the
underlying core software. Something similar to Darwinports and Fink for
Mac OS X and Blastwave for Solaris. Does Suse (or really in Linux distro
for that matter) have some equivalent means?
I am aware of using "rpm --root --dbpath" but that too assumes the RPMS
themselves are relocatable. I don't have personal experience with
Gentoo's portage but I have read the forum post of a port of Portage
over to suse 9.0 years ago
(http://forums.suselinuxsupport.de/index.php?showtopic=796&hl=portage )
but that seemed to be a one-off project that never lifted of the ground.
Portage is interesting because you compile everything on the fly and
that gives you the flexibility to presumably --prefix your software
elsewhere either on Portage setup or during emerging (though it seemed
the configuration of the prototype was overlaying the base distro's
software which is not appealing.)
Again, I wish to offer my linux user base a workstation whereby they
can't alter the underlying base software so that we don't get requests
to re-image their workstation after they have broken it due to a bad
install, while on the other hand give them a means to automate software
installations into some sandbox like some opensource Darwin and Solaris
projects are giving their users. Surely there are Linux alternatives
here. Right?
The only other idea I can concieve is sudo'izing current tools like
smart with preconfigured channels AND to wrap smart itself so that it
checks a blacklist of software that under any circumstances can not be
updated. The goal here is to again allow software installations not
included in our base 'image' to be installed by users themselves, but
still gives system administators some control over what those packages
are so as to reduce the likelihood of the helpdesk ticket stating they
fried their workstation because they updated the kernel or some other
basic package to their demise. You may say to me, "Just create your own
repository base of pre-approved packages and allow your users to pull
from that." It's the 'pre-approval' process as well as the mirroring and
basic upkeep of a local respository that I wish to avoid. The
blacklisting will cause some upkeep, but I forsee that being easier to
create, maintain and manage than a whitelist which a local repository
implies (though pre-approved channels is a form of whitelisting which is
fine).
Any other ideas? Any tools already created or in the works? Or should I
just attempt to create a blacklist software "registery" - sorry for the
M$ profanity there ;-)
Thanks,
-Daniel
