On Thu, Mar 26, 2009 at 3:19 PM, Rainer Müller <rai...@macports.org> wrote:
> Dave Howell wrote: > > What about this: I do a "ports install widget", ports looks for a > > binary, doesn't find one that matches (in this case, the default > > options and current version), so it goes about building it. When it's > > done, it says "upload compiled binary to binary archives?" I say "Y", > > and up it goes. Now it's available for the next user who comes along. > > Sure, we would just distribute arbitrary binaries to end-users... NOT! > Ever thought about security? What if I upload some rootkit instead of > the real software and everyone installs it? No, this will not work. > > Rainer > I've been running mpab for a few days now, ie: http://trac.macports.org/wiki/MPAB This is a chroot approach. Obviously, as it is, anyone could tinker with it to include a rootkit or whatever. Nevertheless, I wonder if it's possible to create a binary app of this, which is authenticated during installation (at least), and we ensure that it must do some handshaking to get hold of the "official" and "secure" port tree somehow (probably an encrypted handshake, encrypted file archive for download, etc.) and then it goes about it's business on a user machine and only does an upload (if any) when there is some kind of further authentication that the port build is correct (binary md5 etc. for at least 2-5 builds on the exact same configuration). Even if it does no uploads, it could create useful information about the stability or integrity (you name it) of the entire build process. It would be really neat to have an Xgrid controller (or many) be able to run a job that can parse out port dependencies and have some kind of parallelism in the build. Best, Darren PS, `man otool` can tell you just about anything you need to know about the binary file, eg otool -l /opt/local/bin/gls otool -L /opt/local/bin/gls
_______________________________________________ macports-users mailing list macports-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/macports-users