kallasoft

I recently ran across an interesting application that allows unprivileged users to install programs. While this maybe a good surface idea, the concept and coolness factor runs a little deeper.

The idea behind 0Install is to give the ’standard user’ install privileges without compromising a system if malicious software is installed. While this is cool for the user, it is even cooler for the application developer. As you might know, package maintenance can be both tedious and time consuming, but 0Install offers to ease that by giving you a useful tool to easily deploy your app on any distribution. In other words, instead of needing to be “blessed”, as the author states, “by a distribution,” all you need is a URI to give to your potential user. If the user has 0Install on their system, all they need to do is drag the URI onto the 0Install application, and install. This can be done regardless of distribution, and regardless of the package manager employed by the system.

Of course, the cautious may ask about system security, and rightly so. I mean, it is true we don’t want our less knowledgeable users installing applications that could potentially harm our rather big 100+ user system! Instead of taking one package and making it available to everybody on the box, 0Install protects the system by using that URI as a unique identifier.

In a traditional system, “if one user installs the Gimp from http://evil.com then it might save the executable as /usr/bin/gimp. Another user might run this, thinking it was from http://gimp.org.”

Different from how the traditional system works, 0Install relies on the aforementioned URI to determine which application to run. The user that installed from http://gimp.org will never run the binary from http://evil.com because of that URI protection. Of course, the caching system is also smart enough to be space efficient, and not continue to cache applications of the same URI. These features can greatly increase security and ease of deployment while providing better software for users. The 0Install system supports Linux, FreeBSD, Solaris, and MacOSX (using MacPorts), and offers a tutorial that goes through the explaination of how to convert an existing binary tarball into a 0install feed. Check it out, and let us know what you think!