Provided by: 0install-core_2.15.1-1_amd64 bug

NAME
       0store-secure-add — add an implementation to the system cache


SYNOPSIS
       0store-secure-add DIGEST


DESCRIPTION
       This  command  imports  the  current  directory  into  the  system-wide  shared  Zero  Install  cache, as
       /var/cache/0install.net/implementations/DIGEST.  This allows a program  downloaded  by  one  user  to  be
       shared with other users.

       The  current  directory  must contain a file called '.manifest' listing all the files to be added (in the
       format required by DIGEST), and this file must have the given digest. If  not,  the  import  is  refused.
       Therefore, it is only possible to add a directory to the cache if its name matches its contents.

       It  is  intended  that  it be safe to grant untrusted users permission to call this command with elevated
       privileges. To set this up, see below.


SETTING UP SHARING
       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create a script called 0store-secure-add-helper in PATH to call it. This script must  be  executable  and
       contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The other Zero Install programs will call this helper script automatically.


FILES
       /var/cache/0install.net/implementations
              System-wide Zero Install cache.


LICENSE
       Copyright (C) 2009 Thomas Leonard.

       You may redistribute copies of this program under the terms of the GNU Lesser General Public License.


BUGS
       This  program  is  EXPERIMENTAL.  It  has  not  been  audited.  Do  not  use  it  yet in security-critial
       environments.

       The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.

       If sudo let us check whether we could call a command then we could  switch  to  using  it  automatically,
       instead of needing to add the helper script. Currently, sudo delays for one second and writes to auth.log
       if we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html


AUTHOR
       Zero Install was created by Thomas Leonard.


SEE ALSO
       0store(1)

       The Zero Install web-site:

       http://0install.net