Re: [cmake-developers] Security in CMake

2016-09-21 Thread Egor Pugin 
Hi,

For those who may be interested I will leave this message here.

Mentioned package (dependency) manager is C++ Archive Network.
https://cppan.org/

It generates CMakeLists.txt from specification files.
It manages packages' dependencies, versions, different OSs (it's
crossplatform from very beginning), handles crossplatform builds very
easy (build will inherit your current project settings and
autocrossplaform all deps). All builds are cached too - you build your
dependency only once. Static/shared mt/md 32/64 deb/rel/... different
toolchains (vc11, vc12,vc14, clangX.X, gcc-X) are handled and
supported out of the box (with help of CMake).
It also stores sources on its site, so they shouldn't be lost.
And more to come.

I've added a lot of popular packages. I didn't do much advertisement
yet, so cppan is used only by a few people/projects at the moment.
In my 'to add' list of big and very known projects: opencv (near
future), qt (qt-lite?, ~ end of 2016).
I'm adding small projects from time to time.

Feel free to contact me here or privately.

On 22 August 2016 at 20:52, Egor Pugin  wrote:
> Hi Chuck,
>
>> Is this intended to run on Linux?
>
> Yes. And thanks for the pointing out to SELinux. I'll add it to my checklist.
>
> ---
>
> The system is on very early stages now, so its parts are changing
> rapidly and I'm able to consider different approaches to its
> subsystems (including security).
> But I probably confused all of you with the words 'package manager'.
> It's the package manager only in the narrow sense. It's not trying to
> be another apt, yum etc. Sorry that I didn't provide much details, but
> the original topic is very precise and I think I'll return to it a bit
> later when the functionality of the system will be in more stable
> state.
>
>
> On 22 August 2016 at 20:17, Chuck Atkins  wrote:
>> Hi Egor,
>> Is this intended to run on Linux?  If so, I think you're FAR better off
>> leveraging an existing security framework like SELinux, since it's actually
>> designed from the ground up to enforce these types of controls.  You could
>> define a label that you place on the executables run by the package manager
>> and then enforce whatever restrictions and controls you feel are
>> appropriate. This will let you do things like block network access got the
>> specific CMake executable used by the package system.  It allows the CMake
>> scripts to leverage all the available language and command features but
>> deny, ant a system level, actions you deem unsafe or harmful.
>>
>> --
>> Chuck Atkins
>> Staff R Engineer, Scientific Computing
>> Kitware, Inc.
>>
>>
>> On Sun, Aug 21, 2016 at 2:02 PM, Egor Pugin  wrote:
>>>
>>> > What is the attack you want to stop? What are bad scripts and commands
>>> > in this context?
>>>
>>> I wrote them in the first message. For example,
>>> - any cmake commands that use COMMAND keyword (execute_process(COMMAND
>>> ...), add_custom_{command|target}(...) etc. This will deny any user
>>> scripts, programs (wget, curl, rm, ...).
>>> - download commands (CMake's builtin curl) - they can fill the drives
>>> with trash.
>>>
>>> > CMake runs lots of commands all the time. Most can be changed by a user,
>>> > many are changed by the generator based on environment and whatnot. Any of
>>> > these may be bad commands -- based on configuration.
>>>
>>> Yes, and it should deny only stuff above in small CMakeLists.txt part
>>> that will be protected with some other commands or policies.
>>>
>>> > But if CMake gets a secure mode for your generator and if that is merged
>>> > upstream, then I need to know about that when reading or writing
>>> > CMakeLists.txt.
>>>
>>> For the moment I'm just asking about possibility of implementation of
>>> these features. Any decision will go from CMake guys, not from me. So,
>>> you shouldn't ask me about it. :)
>>>
>>> > Generated code is safe only as long as you very tightly control the
>>> > environment CMake runs in.
>>>
>>> I don't care what is around, what is in user env. This is his
>>> responsibility. I'm just worrying for my parts of CMake stuff.
>>>
>>> On 21 August 2016 at 20:43, Tobias Hunger  wrote:
>>> > Hi Egor,
>>> >
>>> > Am 21.08.2016 12:34 schrieb "Egor Pugin" :
>>> >>
>>> >> > What are the attack scenarios you want to defend against? What should
>>> >> > not be possible in your system that currently is in CMake?
>>> >>
>>> >> At least downloading or executing bad scripts and commands.
>>> >
>>> > What is the attack you want to stop? What are bad scripts and commands
>>> > in
>>> > this context?
>>> >
>>> > CMake runs lots of commands all the time. Most can be changed by a user,
>>> > many are changed by the generator based on environment and whatnot. Any
>>> > of
>>> > these may be bad commands -- based on configuration.
>>> >
>>> > Downloading can be done using internal commands or by running e.g.

[cmake-developers] CPack [NSIS] Install directory per component

2016-09-21 Thread Roman Wüger 
Hello,

Per default the install directory for a
component is $INSTDIR.

Is there a chance to change the install dir per component?

Thanks
Roman
-- 

Powered by www.kitware.com

Please keep messages on-topic and check the CMake FAQ at: 
http://www.cmake.org/Wiki/CMake_FAQ

Kitware offers various services to support the CMake community. For more 
information on each offering, please visit:

CMake Support: http://cmake.org/cmake/help/support.html
CMake Consulting: http://cmake.org/cmake/help/consulting.html
CMake Training Courses: http://cmake.org/cmake/help/training.html

Visit other Kitware open-source projects at 
http://www.kitware.com/opensource/opensource.html

Follow this link to subscribe/unsubscribe:
http://public.kitware.com/mailman/listinfo/cmake-developers

Re: [cmake-developers] [MODERN] CMake 3.6+ vs Qt 5.7 vs MSVC2015

2016-09-21 Thread Konstantin Podsvirov 
Hi all! CMake Master (Win32/Win64) updated! :-)

It's time to upgrade: CMake 3.6.20160921 now available!

"CMake Master" - is himself created (IFW generator) online installer for CMake 
users and developers.

23.06.2016, 19:38, "Konstantin Podsvirov" :
> Let me remind you of the link.
>
> Windows 32bit:
>
> http://ifw.podsvirov.pro/cmake/cmake-master-win32-online.exe
>
> Windows 64bit:
>
> http://ifw.podsvirov.pro/cmake/cmake-master-win64-online.exe
>
> If you have used it before, you can update via "CMake Maintenance Tool"
>
> I used Windows 7, but it should work for Windows Vista and Windows 8 and 
> Windows 10.
>
> I ask those wishing to test the functionality.
>
> Please test it :-)

Pay your attention:

Added new component "CMake Developer Reference" - Doxygen based source code 
reference.
You can install it by online installer in HTML and Qt Compressed Help formats 
or preview it
in your browser online at http://ifw.podsvirov.pro/cmake/doc/doxygen/

    01.10.2015, 09:29, Konstantin Podsvirov" :
> Hi all! Modern master alive! :-)
>
> It's been almost a month and it's time to upgrade:
>
> 3.3.20150901 CMake => CMake 3.3.20151001
>
> Dear friends, I have a question and call for help.
>
> With my assistance the project has an option for component 
> installation project:
>
> CMake_INSTALL_COMPONENTS
>
> Unfortunately not all files found your component.
> The files to be installed without specifying a component fall into 
> 'Unspecified' component.
> Need to parse them out and assign them to the component context.
>
> Now have the components:
>
> - cmake;
> - ctest;
> - cpack;
> - cmake-gui;
> - sphinx-man;
> - sphinx-html;
> - sphinx singlehtml;
> - sphinx-qthelp
>
> and General for everything else
>
> Is Unspecified;
>
> A list of unaccounted for 'Unspecified' of files to install on the 
> Window is attached.
>
> Links to the installers were specified earlier (see below).
>
> On 28.07.2015, 17:49, "Konstantin Podsvirov" 
> :
>> Hi dear CMake developers!
>>
>> 27.07.2015, 18:52, "Brad King" :
>>> On 07/24/2015 03:46 AM, Konstantin Podsvirov wrote:
 To solve the problem you run cmake-gui is now possible with the
 the following changes:
>>>
>>> Applied as two separate commits with minor tweaks:
>>>
>>> cmake-gui: Install Qt5 Windows platform plugin
>>> http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=42f0155b
>>>
>>> CMake: Add option CMake_INSTALL_DEPENDENCIES
>>> http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=068e7962
>>
>> Code now in 'master' branch.
>>
>> Thanks, Brad!
>>
>> Meet/install/CMake built modern update on MSVC2015 c QtDialog based 
>> on Qt 5.5 from today :-)
>>
>> Windows 32bit:
>>
>> http://ifw.podsvirov.pro/cmake/cmake-master-win32-online.exe
>>
>> Windows 64bit:
>>
>> http://ifw.podsvirov.pro/cmake/cmake-master-win64-online.exe
>>
>> cmake-gui should work now, but if not, then update your system and 
>> install
>>
>> The Visual C++ Redistributable for Visual Studio 2015 from the link 
>> below:
>>
>> http://www.microsoft.com/en-us/download/details.aspx?id=48145
>>
>> As always, questions and suggestions are welcome.
>
> --
> Regards,
> Konstantin Podsvirov
> ,--
>
> Powered by www.kitware.com
>
> Please keep messages on-topic and check the CMake FAQ at: 
> http://www.cmake.org/Wiki/CMake_FAQ
>
> Kitware offers various services to support the CMake community. For 
> more information on each offering, please visit:
>
> CMake Support: http://cmake.org/cmake/help/support.html
> CMake Consulting: http://cmake.org/cmake/help/consulting.html
> CMake Training Courses: http://cmake.org/cmake/help/training.html
>
> Visit other Kitware open-source projects at 
> http://www.kitware.com/opensource/opensource.html
>
> Follow this link to subscribe/unsubscribe:
> http://public.kitware.com/mailman/listinfo/cmake-developers

    Regards,
    Konstantin Podsvirov
>>
>>  Regards,
>>  Konstantin Podsvirov
>>  --
>>
>>  Powered by www.kitware.com
>>
>>  Please keep messages on-topic and check the CMake FAQ at: 
>> http://www.cmake.org/Wiki/CMake_FAQ
>>
>>  Kitware offers various services to support the CMake community. For more 
>> information on each offering, please visit:
>>
>>  CMake Support: http://cmake.org/cmake/help/support.html
>>  CMake