[gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-13 Thread Markus Ullmann 
Doug Klima schrieb:
 While I haven't had much time to work on the bits, Gentopia does contain
 PolicyKit (though the 0.7 snapshots that appear do have some issues and
 you should stick to the 0.6 series). It's hopefully going to be the way
 forward for Gentoo to use PolicyKit. As many may know, Fedora has made
 this commitment and Ubuntu is starting to contribute more back and be
 involved a bit more.

The gui project peoples along with two contributors and upstream already
looked into that and at best we could use this notify feature for glsa.
Gentoo is just too different to sanely work with it for full updates.
Stuff like selecting useflags, outputting important changes, needed
configuration updates afterwards and some more issues are plain not
doable with packagekit.

Though there is some work going on to get an abstraction layer for all
three known package managers that work with the tree to make sure such a
notify can be done.

Greetz
Jokey



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-13 Thread Doug Klima 
Markus Ullmann wrote:
 Doug Klima schrieb:
   
 While I haven't had much time to work on the bits, Gentopia does contain
 PolicyKit (though the 0.7 snapshots that appear do have some issues and
 you should stick to the 0.6 series). It's hopefully going to be the way
 forward for Gentoo to use PolicyKit. As many may know, Fedora has made
 this commitment and Ubuntu is starting to contribute more back and be
 involved a bit more.
 

 The gui project peoples along with two contributors and upstream already
 looked into that and at best we could use this notify feature for glsa.
 Gentoo is just too different to sanely work with it for full updates.
 Stuff like selecting useflags, outputting important changes, needed
 configuration updates afterwards and some more issues are plain not
 doable with packagekit.

 Though there is some work going on to get an abstraction layer for all
 three known package managers that work with the tree to make sure such a
 notify can be done.

 Greetz
 Jokey

   
I only meant for notification purposes. Not for any updates or automatic
merges.
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-13 Thread Donnie Berkholz 
On 20:22 Tue 13 Nov , Markus Ullmann wrote:
 Doug Klima schrieb:
  While I haven't had much time to work on the bits, Gentopia does contain
  PolicyKit (though the 0.7 snapshots that appear do have some issues and
  you should stick to the 0.6 series). It's hopefully going to be the way
  forward for Gentoo to use PolicyKit. As many may know, Fedora has made
  this commitment and Ubuntu is starting to contribute more back and be
  involved a bit more.
 
 The gui project peoples along with two contributors and upstream already
 looked into that and at best we could use this notify feature for glsa.
 Gentoo is just too different to sanely work with it for full updates.
 Stuff like selecting useflags, outputting important changes, needed
 configuration updates afterwards and some more issues are plain not
 doable with packagekit.

I'd like to talk in more detail about this with someone, but nobody on 
#gentoo-guis seemed to know why PackageKit wouldn't work for the simple 
(no USE flag changes) case. Should I try the -guis mailing list instead?

Thanks,
Donnie
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-13 Thread Rémi Cardona 
Donnie Berkholz wrote:
 I'd like to talk in more detail about this with someone, but nobody on 
 #gentoo-guis seemed to know why PackageKit wouldn't work for the simple 
 (no USE flag changes) case. Should I try the -guis mailing list instead?

Looking at the current feature set of PackageKit, there's no reason we
couldn't add support for Gentoo.

However, PackageKit is really meant for binary distros, and some design
choices really rely on that. For instance, the PackageKit tray icon will
ping the backend for updates every 30 minutes or so (default value),
while this is perfectly fine for apt or yum where downloading the list
of available updates takes about 2 seconds (just to check the HTTP
headers to see if something has changed). Obviously, this can't be kept
as is for our case.

Also, PackageKit has its own conventions when it comes to packages being
available for one platform. Again, its model fits right with binary
distros and would require some major tweaking to fit our model, but I
don't think it's out of our reach.

Maybe one could start writing the search backend and the install/remove
backend. That would be a nice step in the right direction :)

Cheers,

Rémi
-- 
[EMAIL PROTECTED] mailing list

[gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-11 Thread Christian Faulhammer 
Steve Long [EMAIL PROTECTED]:
 Ciaran McCreesh wrote:
  Steve Long [EMAIL PROTECTED] wrote:
  I've always used EUID for the root check, eg:
  Which is just as bad.
 No, it's better for the reason given: it doesn't require login as
 root. Use of ((EUID)) is also quicker.

 Capabilites are the write access to the target you want to modify in
your eselect module:

test_for_root() {
# checks if the user has rights to modify /usr/bin/
[[ -w ${ROOT}/usr/bin ]] || die -q You need to be root!
}

 That's how the the vim and Emacs eselect modules do it.  In my opinion
the best way to check for the rights needed.

V-Li

-- 
Christian Faulhammer, Gentoo Lisp project
URL:http://www.gentoo.org/proj/en/lisp/, #gentoo-lisp on FreeNode

URL:http://www.faulhammer.org/


signature.asc
Description: PGP signature

[gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-08 Thread Steve Long 
Ciaran McCreesh wrote:

 if [[ ${UID} -ne 0 ]]; then
 
 We've always told people not to do that. Capabilities required by
 eselect modules should be tested by attempting to perform the action,
 not by some arbitrary query done on UIDs or groups. Being UID 0 doesn't
 mean you're allowed to do something, and not being UID 0 doesn't mean
 you're not allowed to do something.
 
I've always used EUID for the root check, eg:
if ((EUID)); then
echo You must be root to run this script 2
exit 1
fi

This won't get round capabilities (so error status should still be checked
and the script bail with appropriate output, if it can't do something it's
supposed to) but it's sufficient for root privilege check, and is better
than UID which requires login as root. This doesn't, of course, deal with
non-root users, eg where users in group portage are allowed to carry out a
task.

You can check for that kind of thing with a writeable test, eg:
[[ -w $PORTDIR ]] || die 'Write access to portage dir required
While none of this stops you from needing to check errors, it does make it
nicer for users, imo, if scripts check early on for broader permissions
where it's appropriate.

Wrt signalling die, the correct way for a script to terminate on signal is
something like this code, taken from a SIG_INT handler:
trap INT
kill -INT $$
This ensures the parent process is correctly notified. So IOW just kill self
with the appropriate signal, ensuring any traps are cleared.


-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-dev] Re: eselect_zenity: alpha eselect GUI

2007-11-08 Thread Ciaran McCreesh 
On Thu, 08 Nov 2007 18:22:48 +
Steve Long [EMAIL PROTECTED] wrote:
  if [[ ${UID} -ne 0 ]]; then
  
  We've always told people not to do that. Capabilities required by
  eselect modules should be tested by attempting to perform the
  action, not by some arbitrary query done on UIDs or groups. Being
  UID 0 doesn't mean you're allowed to do something, and not being
  UID 0 doesn't mean you're not allowed to do something.
  
 I've always used EUID for the root check, eg:

Which is just as bad.

 This won't get round capabilities (so error status should still be
 checked and the script bail with appropriate output, if it can't do
 something it's supposed to) but it's sufficient for root privilege
 check, and is better than UID which requires login as root. This
 doesn't, of course, deal with non-root users, eg where users in group
 portage are allowed to carry out a task.

Except you absolutely never should be checking for root. You should be
checking for capabilities.

 You can check for that kind of thing with a writeable test, eg:
 [[ -w $PORTDIR ]] || die 'Write access to portage dir required

-w is not reliable.

 Wrt signalling die, the correct way for a script to terminate on
 signal is something like this code, taken from a SIG_INT handler:
 trap INT
 kill -INT $$
 This ensures the parent process is correctly notified. So IOW just
 kill self with the appropriate signal, ensuring any traps are cleared.

No it isn't. When it comes to die, from bad implementations to good
implementations, the order goes: the original drobbins prefix die sucks
more than the original agriffis die, which sucks more than my original
signalling eselect die, which sucks more than the current signalling
paludis die. As time goes on we're finding better and better tricks to
work around bash's lack of exceptions; eselect is currently one
generation behind the best current known solution.

-- 
Ciaran McCreesh


signature.asc
Description: PGP signature