1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • a two cent suggestion

    From Patrice Duroux@21:1/5 to All on Sat Nov 26 20:10:01 2022
    XPost: linux.debian.user

    Dear Debian people,

    Already possible or not, I would like to have a Debian system for
    which packages can be installed either by a specific user
    (root/sysadmin as usual) only or by any other (or a group of) users.
    But this would also depend on the class of the requested packages:
    1. packages providing mainly commands or library facility (large
    majority packages?),
    2. packages providing modifying system runtime like (root) services,
    new kernel modules, ... (very few packages?).

    Any (or a specific group of) users could be able to install any
    package of the first class by their own without asking a sysadmin (or explicitly acquiring privilege of) user.

    With this goal (dream?) in mind, I tried to cluster all the packages
    between the one that wouldn't change the system runtime (and therefore
    even after a reboot) and whatever would be the sign of that.Those
    package installation should insure a sort of system default runtime reproducibility in fact.

    If needed in the future, any build process could help to class/tag a
    package regarding this purpose (as it could also read any debian/*
    packaging file).

    Finally the best would be for apt to handle such a scenario, allowing
    those users to run the apt command which may fail or not regarding
    each package class.

    To cluster packages, my first material is to look at the file contents
    of a package (having content related to sbin or a systemd service or
    init.d or ...)

    Opinions or ideas are welcome.

    Could this clustering by it-self be interesting fin any case (for
    Debian QA, metrics...)?

    Regards,
    Patrice

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Tomas Pospisek@21:1/5 to Patrice Duroux on Mon Nov 28 08:40:01 2022
    On 26.11.22 19:42, Patrice Duroux wrote:
    Dear Debian people,

    Already possible or not, I would like to have a Debian system for
    which packages can be installed either by a specific user
    (root/sysadmin as usual) only or by any other (or a group of) users.
    But this would also depend on the class of the requested packages:
    1. packages providing mainly commands or library facility (large
    majority packages?),
    2. packages providing modifying system runtime like (root) services,
    new kernel modules, ... (very few packages?).

    Any (or a specific group of) users could be able to install any
    package of the first class by their own without asking a sysadmin (or explicitly acquiring privilege of) user.

    With this goal (dream?) in mind, I tried to cluster all the packages
    between the one that wouldn't change the system runtime (and therefore
    even after a reboot) and whatever would be the sign of that.Those
    package installation should insure a sort of system default runtime reproducibility in fact.

    If needed in the future, any build process could help to class/tag a
    package regarding this purpose (as it could also read any debian/*
    packaging file).

    Finally the best would be for apt to handle such a scenario, allowing
    those users to run the apt command which may fail or not regarding
    each package class.

    To cluster packages, my first material is to look at the file contents
    of a package (having content related to sbin or a systemd service or
    init.d or ...)

    Opinions or ideas are welcome.

    Could this clustering by it-self be interesting fin any case (for
    Debian QA, metrics...)?

    A few thoughts -

    * You should not crosspost. There's various reasons for that f.ex.
    discussion will split because - as in my case - I am not subscribed to
    debian-users...
    * You haven't received any feedback yet on debian-devel. A reason
    for that might be that the idea is good, but the devil is in
    implementing it. So unless you come up with code and solutions,
    the idea for itself is maybe not that interesting to discuss
    (because everybody would like to have user installable packages...)
    * Debian has "Tags" for packages. Have a look whether there's not
    already a classification like you suggest (or something very
    similar). Maybe you can contribute there (note that last I've
    heard the tag DB and system was unmaintained).

    Greets,
    *t

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Wise@21:1/5 to Patrice Duroux on Thu Dec 1 10:20:01 2022
    XPost: linux.debian.user

    On Sat, 2022-11-26 at 19:42 +0100, Patrice Duroux wrote:

    Any (or a specific group of) users could be able to install any
    package of the first class by their own without asking a sysadmin (or explicitly acquiring privilege of) user.

    The general idea of a safe way to allow users to manage system-wide
    apt packages has come up before, here is another writeup about it:

    https://wiki.debian.org/UntrustedDebs

    The goal of allowing all users to manage installed software seems like something better served by app sandboxing technologies like Flatpak.
    It is probably possible to convert .deb packages to Flatpak packages.

    --
    bye,
    pabs

    https://wiki.debian.org/PaulWise

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmOIcQQACgkQMRa6Xp/6 aaMa4g//WurLJ+k4Pimw1BctIUffhvvOZRRuL+jlA3Tj815be/ZTZ+C5bh5aN/5T XXXIAY1K4LuLMN4Pl07ZxwpZLYf5gPOdEbUFMJi7ewkSU3yzFRP3hZxd+PdpoajM hsosq3Nz7EcxQgYm7+DQ5EPYBNey4T2m+sVZu2MDFs8lmcdsy3571fOohHE8f18F 16DPmYFTySJwYhtYT/IwxyORH4aD/BCminNPAuPXrEzk5PfmiSBPlHkKBNXX+upC /hMfHHtYcBZf5dIlysUFzTU0h+35ZSxLp5QaNaczJNckD4vzF4rxTzaYZIM8mz3V zvvsBsUxUoAlCuYNm0SJAKEbAjcTt7Dv/57Q1Chu9PLCA3X+6Mjqv3eylJCVFqmi VgZGXP+6X0A1PvZaUVC+dnGQ8GJjySd4ZJzJNhYg1W2jMnrSyCsMXAEkRT6jgdAO LzKpldzIBD3hFCJ/d1gtaDT9H8c6S7iCulpNxAbJIf69mfON+JdoxiS2zMMAVWPk ejT7fWhr9JtHNmB6yUKJ35SDjeUPngEY/j0p8A2qdLnsadQakJeq3PWIHDJlSvKn Xizt0FoWWhx7gBaVuIxmp5G1F2rYDpxGbI36qr9R7V1GHh3drTqcqaDYMJ4ERNxN sDk8ZvtNzwzXZaaWRZGSEyX18nAAVx63v81RXJiDtMAK+5ry2kY=
    =WUXL
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Hakan_Bay=c4=b1nd=c4=b1r?@21:1/5 to All on Thu Dec 1 14:20:01 2022
    XPost: linux.debian.user
    Copy: pabs@debian.org (Paul Wise)
    Copy: patrice.duroux@gmail.com (Patrice Duroux)
    Copy: debian-user@lists.debian.org

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------jXOuH6IZcz6ho2w9sDubVuoR
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    DQoNCk9uIDEuMTIuMjAyMiAxMjoxNiwgUGF1bCBXaXNlIHdyb3RlOg0KPiBPbiBTYXQsIDIw MjItMTEtMjYgYXQgMTk6NDIgKzAxMDAsIFBhdHJpY2UgRHVyb3V4IHdyb3RlOg0KPiANCj4+ IEFueSAob3IgYSBzcGVjaWZpYyBncm91cCBvZikgdXNlcnMgY291bGQgYmUgYWJsZSB0byBp bnN0YWxsIGFueQ0KPj4gcGFja2FnZSBvZiB0aGUgZmlyc3QgY2xhc3MgYnkgdGhlaXIgb3du IHdpdGhvdXQgYXNraW5nIGEgc3lzYWRtaW4gKG9yDQo+PiBleHBsaWNpdGx5IGFjcXVpcmlu ZyBwcml2aWxlZ2Ugb2YpIHVzZXIuDQo+IA0KPiBUaGUgZ2VuZXJhbCBpZGVhIG9mIGEgc2Fm ZSB3YXkgdG8gYWxsb3cgdXNlcnMgdG8gbWFuYWdlIHN5c3RlbS13aWRlDQo+IGFwdCBwYWNr YWdlcyBoYXMgY29tZSB1cCBiZWZvcmUsIGhlcmUgaXMgYW5vdGhlciB3cml0ZXVwIGFib3V0 IGl0Og0KPiANCj4gaHR0cHM6Ly93aWtpLmRlYmlhbi5vcmcvVW50cnVzdGVkRGVicw0KPiAN Cj4gVGhlIGdvYWwgb2YgYWxsb3dpbmcgYWxsIHVzZXJzIHRvIG1hbmFnZSBpbnN0YWxsZWQg c29mdHdhcmUgc2VlbXMgbGlrZQ0KPiBzb21ldGhpbmcgYmV0dGVyIHNlcnZlZCBieSBhcHAg c2FuZGJveGluZyB0ZWNobm9sb2dpZXMgbGlrZSBGbGF0cGFrLg0KPiBJdCBpcyBwcm9iYWJs eSBwb3NzaWJsZSB0byBjb252ZXJ0IC5kZWIgcGFja2FnZXMgdG8gRmxhdHBhayBwYWNrYWdl cy4NCj4gDQoNCkkgdGhpbmsgQXBwSW1hZ2VzIGFyZSBncmVhdCAoZnJvbSBteSBwZXJzcGVj dGl2ZSkgZm9yIGFsbG93aW5nIHBlb3BsZSB0byANCnJ1biB3aGF0ZXZlciB0aGV5IHdhbnQg b24gdGhlaXIgc3lzdGVtcywgd2l0aG91dCBnZXR0aW5nIHJvb3QgcHJpdmlsZWdlcyANCmFu ZCBoYXZpbmcgYSBzYW5kYm94ZWQsIGhlcm1ldGljYWxseSBzZWFsZWQgYXBwbGljYXRpb24g d2l0aCBiYXR0ZXJpZXMgDQppbmNsdWRlZC4NCg0KVGhlIG5pY2VyIHRoaW5nIGlzLCB0aGV5 IGhhdmUgYSB0b29sIHRvIGNvbnZlcnQgLmRlYiBwYWNrYWdlcyB0byANCkFwcEltYWdlcyBb MF0sIGFuZCBtb3Jlb3ZlciwgdGhlIHRvb2wgZG9lc24ndCBuZWVkIHJvb3QgcGVybWlzc2lv bnMgdG8gDQpydW4uIFRoZSB0b29sIGV2ZW4gaW5jbHVkZXMgcmVjaXBlcyBmb3IgcG9wdWxh ciBwYWNrYWdlcywgdG9vLg0KDQpbMF06IGh0dHBzOi8vZ2l0aHViLmNvbS9BcHBJbWFnZUNv bW11bml0eS9wa2cyYXBwaW1hZ2UNCg==

    --------------jXOuH6IZcz6ho2w9sDubVuoR--

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEULItFeESq+SJGkXo3mItzvCdB5wFAmOIiKQACgkQ3mItzvCd B5xITg//eqSSWmr5dbgLBu1OmpYJ4TqQZwIOn/2Bg0Bch52gDFgJ3gtZiBnjT0+n xhmebvY/1BmQQmN+L/M6gca3B+MQeHgeOrLCU/kxPoHX69Doe9szWv8ULAtAoUT9 3UAXYyZ4YtIbY2YhLaCHWC1NZ3V/XCQD9DhvaAK4rpfqZFFaF7mvxEfBvD5PcF7+ QJw7YraiVXAriDsSUqzupWIOk0CWV8oW79f97kLY9z1ksTvkGalwrpfy/3eccyU+ Fj9cNr0BE+Ttyi/5PkGCgr2upDzDv9rDP+PeGDYljddGno1b/UCTGRmDpjOXLCLw jj9h1XHmbPIeoPcRb4g6Y//2baLJZF0SaivOwMZCLMZo2P2ihwrVIuGug5OYUNoF 0ZVKI7aPyXr/MHLpY1K2kAT4vvkwhToCnUWt8fagw7sSHeCePYcp75XSOQ1s83Vx XmRXa7VYh6pfmJEQKlFHXEHsKb9bRaCV2pBMig3eM+48bEl4tyC297AOViIoE4Uj mpneRFb7+y7n8FFBwl8r0V/ElF1l5lIr7TRJ66gBBR1TJjxvIoR4FoxH+E4z+igS EvRuLSsr2QQ+mdZRgYXdMKF0ADCLS/HXpd095HLCFJ+ohCREvaCSkMqx52umwWgI EFSjuLREplTmvnUzRCUAsYBRzDCv4y5vj7K6OrNOZWvluqNkAjM=
    =BpZ8
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)