new Library Infrastructure spec.
ijones at syntaxpolice.org
Wed Jun 2 21:14:51 EDT 2004
"S. Alexander Jacobson" <haskell at alexjacobson.com> writes:
> Regarding making installation safe, Isaac Jones asked:
>> What about packages that install binary tools or data files? I don't
>> want to limit the system to just libraries for the sake of this
>> security feature.
> and Simon noted:
>> Setup.lhs runs in the IO monad else it would not be able to move
>> files or run a compiler.
> Moving (data) files can be done completely
> declaratively and safely. Bob the Builder and Sam
> Sysadmin just needs to know if existing files or
> paths are being changed in the process.
I assume that your scheme has some kind of executable on Bob and Sam's
machines which knows how to install libraries and such, and this
system will also have to know how to perform the configuration. Let's
call that StaticSetup (since it performs the tasks of Setup.lhs, but
on static information provided by Angela). StaticSetup is a program
that Sam trusts.
Here are some more issues you're scheme will have to deal with:
1) Marcus Makefile. He's important to us; he's a hard-core haskell
developer and we want to support him. How does he go about calling
through to the "make install" command?
2) If you allow executables to be installed, you'll have to watch out
for attacks which replace "ls" or something. I guess you could
have a warning for any package which tries to overwrite an existing
file, though this may happen a lot for upgrading a current library.
3) There is some grey area between the Angela and Marcus use cases
where she can perform extra preprocessing steps and configuration
steps within the context of Setup.lhs (since she has all of Haskell
at her disposal.) In your scheme, there is no space between Angela
and Marcus. You're either in or out when it comes to utilizing
More information about the Libraries