Provided by: zeroinstall-injector_2.3.3-1_amd64 bug

NAME

       0store-secure-add — add an implementation to the system cache

SYNOPSIS

       0store-secure-add DIGEST

DESCRIPTION

       This command imports the current directory into the system-wide shared Zero Install cache,
       as /var/cache/0install.net/implementations/DIGEST.  This allows a  program  downloaded  by
       one user to be shared with other users.

       The  current  directory must contain a file called '.manifest' listing all the files to be
       added (in the format required by DIGEST), and this file must have  the  given  digest.  If
       not, the import is refused. Therefore, it is only possible to add a directory to the cache
       if its name matches its contents.

       It is intended that it be safe to grant untrusted users permission to  call  this  command
       with elevated privileges. To set this up, see below.

SETTING UP SHARING

       To enable sharing, the system administrator should follow these steps:

       Create a new system user to own the cache:

       adduser --system zeroinst

       Create the shared directory, owned by this new user:

       mkdir /var/cache/0install.net

       chown zeroinst /var/cache/0install.net

       Use visudo(8) to add these lines to /etc/sudoers:

       Defaults>zeroinst env_reset,always_set_home

       ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add

       Create  a  script  called 0store-secure-add-helper in PATH to call it. This script must be
       executable and contain these two lines:

       #!/bin/sh

       exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" < /dev/null

       The other Zero Install programs will call this helper script automatically.

FILES

       /var/cache/0install.net/implementations
              System-wide Zero Install cache.

LICENSE

       Copyright (C) 2009 Thomas Leonard.

       You may redistribute copies of this program under the terms  of  the  GNU  Lesser  General
       Public License.

BUGS

       This  program  is  EXPERIMENTAL.  It  has not been audited. Do not use it yet in security-
       critial environments.

       The env_reset line in sudoers may not be required. sudo(1) seems to do it automatically.

       If sudo let us check whether we could call a command then we  could  switch  to  using  it
       automatically, instead of needing to add the helper script. Currently, sudo delays for one
       second and writes to auth.log if we try to use this system when it hasn't been set up.

       Please report bugs to the developer mailing list:

       http://0install.net/support.html

AUTHOR

       Zero Install was created by Thomas Leonard.

SEE ALSO

       0store(1)

       The Zero Install web-site:

       http://0install.net