[Sugar-devel] Bundling libraries, RPMs? (was Re: WatchMe-1, a VNC activity)

Mathieu Bridon (bochecha) bochecha at fedoraproject.org
Mon Aug 17 17:59:19 EDT 2009


> The whole point is a learner/teacher can modify any activity at any time and
> then share that modification in a safe, sandboxed way, to other Sugar users
> (and perhaps back to us). No existing packaging systems seem to have any
> concept of this basic Sugar feature/goal :-(

Don't the .xo packages provide this ? :)

> They all shout root, root, root

You never used PackageKit right ?

As I said, PackageKit uses PolicyKit and can then be configured to
*not* ask for any password in order to let the user install new
applications. Actually, here is how I setup my mom's computer:
- don't ask for password for updates (I want my mom to have bug fixes
and security updates quickly, and I don't want to bother her with
passwords)
- ask for root password for installing or removing applications (I
don't want her to install/remove an application that could break her
computer as I'm too far to help her fix it quicly and efficiently)

That's an example, PolicyKit enables much more.

> and have install dependancies splattered across the OS like some midnight
> software massacre :-((

How is that a problem ? Dependencies are not « splattered », they are
« shared » ;)

> Apple I think are the closest I've seen, if you app needs some zany
> dependancies then it includes them in it's bundle (just like Sugar bundles).

And you get tenth of copies of each and every library (sometimes in
different versions) on your disk, loaded in memory,... Bundling
dependencies is definitely a bad idea.

> For the Mac users, it's just "Drag this application to your application
> folder." Done, end of story.

I read something about this for Linux as well. Now that we have a
cross-distro package manager front-end, someone was talking about
having a FUSE mounted pseudo-filesystem where a user would simply drag
and drop a « something representing the application » and in the
background, it would invoke the package manager to install the
application and all its dependencies. Kinda cool as it takes the
easiness of Mac and brings to it the flexibility of package managers
from Linux :)

However, I don't see this as a good solution for Sugar, or if it is, I
still have to find the file explorer ^^'

Now, let's talk about activities.sugarlabs.org.

Basically, it's a web interface where the user browses for activities
and installs them by clicking on pretty links. Reminds me of this:
https://fedoraproject.org/wiki/Features/PackageKitBrowserPlugin

With this, a user can click on a link, and it will launch his package
manager to install the application *from the configured, known and
safe repositories* (rather than by downloading them on an obscure web
site that could be providing malware). And if you had configured it to
not ask for root password, what you have is basically the
functionality of a.sl.o :)

Oh, and did I mention that PackageKit can use several backends, and
thus a backend fetching from a.sl.o rather than from the distros
repositories (like the yum backend for example) could be envisioned ?
(thus installing in ~/ if you so desire)

I know I mentioned this already (at least on fedora-olpc, not sure if
I did here as well) but it looks to me like PackageKit can really
provide most of what you're trying to do. All I can see missing is the
possibility to install several versions of the same activity in
parallel, but that depends more on the packaging system (.xo bundles)
and the actual package manager than on PackageKit.


----------

Mathieu Bridon (bochecha)


More information about the Sugar-devel mailing list