[guardian-dev] idea for "install profiles" for Lil' Debi

Jonas Smedegaard dr at jones.dk
Mon Feb 16 09:34:10 EST 2015


Quoting Hans-Christoph Steiner (2015-02-16 12:59:10)
> Jonas Smedegaard:
>> Quoting Hans-Christoph Steiner (2015-02-13 11:31:06)
>>>
>>> I had an idea for a feature that I think would make Lil' Debi a lot 
>>> more useful for things like that.  Now I'm looking for feedback on 
>>> how useful it would be, and anything else people might think of.
>>>
>>> Basically, Lil' Debi should support "installation profiles" On the 
>>> install screen, there would be a menu of profiles to choose from.  
>>> Some profiles could be "basic webserver", "wireshark", "minimal 
>>> SSH", etc. etc.  The user would just choose one of those profiles, 
>>> and then Lil' Debi would make that setup.
>>>
>>> I think this could be implemented as a folder like 
>>> /data/data/info.guardianproject.lildebi/app_profiles, and each 
>>> profile would be an sh script with a little metadata in it, like 
>>> name and description.  The menu would be automatically built from 
>>> whatever script are in that folder, so people could easily write and 
>>> test their own profile scripts, just by copying them to that folder.
>>>
>>> Or maybe this profile would be even simpler, it is just a list of 
>>> packages to install.  Then there would be much less security risk, 
>>> and we could make it really easy for people to swap these profiles 
>>> with each other, and have them installed into Lil' Debi.
>>
>> Sounds like an excellent use of boxer: https://wiki.debian.org/Boxer
>>
>> Declarative profile not only means much less security risk but also 
>> lees derived from Debian - potentially none (a.k.a. a Debian Pure 
>> Blend).
>>
>>  - Jonas
>
> Nothing everything needed is possible just by installing packages, so 
> a script would be needed to actually get things working.  For example, 
> any daemon or app that uses internet would have to be granted INTERNET 
> permission, i.e. adding them to that permission group, i.e. `adduser 
> app_123 internet`

Boxer currently supports not only package selections (and suppressing 
recommendations), but also debconf preseeding and shell code.

Ideally, boxer classes contain no shell code, only declarative hints.  
So when some classes have been written which works for Lil' Debi, we can 
look into extending Boxer with declarative hints better supporting the 
needs of Lil' Debi.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150216/b728d7b8/attachment.sig>


More information about the guardian-dev mailing list