[Koha-devel] dselect non-funcitonal on Ubuntu

MJ Ray mjr at phonecoop.coop
Fri Sep 28 11:32:23 CEST 2012 

"Mark Tompsett" <mtompset at hotmail.com>
> [...] I also don 't think a wrapper for sudo 
> apt-get install calls based on an existing file we provide is any different:
> 
> $ ./install_misc/ubuntu-packages.sh -i
> 
> vs.
> 
> $ sudo apt-get install dselect
> $ sudo dpkg --set-selections < install_misc/ubuntu.packages
> $ sudo dselect
> 
> Frankly, not having to install dselect (one less thing on the server = 
> good), less typing (less prone to errors = good), less figuring out problems 
> (=good -- oh, use ubuntu.10.04.packages on ubuntu 10.04 instead = bad). As 
> for your security concern, where does the line of trust get drawn? I don't 
> think a retooled script is a big issue.

There is a big difference between asking people to run a downloaded
script as an admin user and asking them to use already-installed
system utilities.  The system utilities have man pages, are signed by
the distributor and are usually limited in the tasks that they do.
Downloaded scripts have variable documentation, are rarely signed and
can do absolutely everything.  I feel this is a big issue: we
shouldn't be encouraging people in bad security habits, like to run
random scripts as root or let them sudo.

Where does the line of trust get drawn?  For me, it's "in god we
trust... all others must bring data."  It's not paranoia when they're
really out to get you and there's a lot of people on the internet who
really ARE out to get you.  Spend some time working for Internet
Service Providers (which is how our co-op started), deal with a few
cracked websites and servers (which was often why people called us in
- too late, but not necessarily beyond help), it might change one's
view on this.

One might say that an admin has to trust us to run Koha, so they
should just run the script as part of that trust.  But they don't need
to trust us to run Koha - I've installed it without root before,
although it wasn't pretty - and there's always the risk of someone
setting up a spoof download.koha-community.org (I hear someone is
already using koha.org for a fork...) and doing Really Bad Things in
the admin script included in that one, to punish people for something
or other.

Or one might say that any good admin should check the script
thoroughly before use, but those scripts quickly become long as they
cope with more edge cases or feature creeps.  How many admins would
read it all?  And then they've got to understand the scripting
language too, which is more complex than just a few apt-get and dpkg
commands as it copes with stuff like default values or stopping if an
earlier command fails, which humans are pretty good at, as standard.

Most of the time I dealt with such installation scripts during
packaging for various distributions, I was horrified by the bad habits
in them - they usually needed rewriting to stand any chance of passing
QA and working in reasonably-forseeable situations.

So, please, avoid a "sudo ./ubuntu-install.sh" or similar.

Would it still be necessary to install dselect if the "dselect install"
command was changed to "apt-get dselect-upgrade"?

However, that would still suffer from ubuntu's multiarch bug.  Can
we bulk-edit the package selections another way?  I've not yet found
one.

Worst case, could we use a script that suggests the right "apt-get
install ..." command?  Is there a flaw in that I'm not seeing?

Hope that explains,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/

More information about the Koha-devel mailing list