[packagekit] DownloadPackages and uid

Richard Hughes hughsient at gmail.com
Mon Aug 18 04:40:38 PDT 2008


On Sun, 2008-08-17 at 16:21 +0200, Sebastian Heinlein wrote:
> Would be nice to also give the uid of the calling user to the backend.
> This way we could avoid creating package files owned by a user root
> which cannot be deleted anymore by the user.

Right, I'm not that happy at the way DownloadPackages works internally,
as it also pretty badly breaks SELinux as the on disk contexts are all
wrong.

Ultimately, I think it should work like this:

S: rm -rf /var/cache/PackageKit (at startup)

C: DownloadPackages (hal;012.foo;bar, /home/hughsie/Desktop)
S: mkdir /var/cache/PackageKit/ab123random
S: DownloadPackages (hal;012.foo;bar, /var/cache/PackageKit/ab123random)
S: Package(Downloading, hal;012.foo;bar, "Hal is not a HAL")
S: Files("/var/cache/PackageKit/ab123random/hal-0.12.rpm")
S: Finished
C: for file in files, copy $file to /home/hughsie/Desktop

This way the server downloads to /var/cache/PackageKit, and then the
client copies out of this directory so that the ownership and SELinux
contexts are preserved, and we don't need to be so security paranoid
with the directory permissions checks.

Does that sound better?

Richard.





More information about the PackageKit mailing list