Skip to content
This repository has been archived by the owner on Mar 26, 2024. It is now read-only.

Hypergolix distribution as standalone package #19

Open
16 tasks
Badg opened this issue Jan 22, 2017 · 0 comments
Open
16 tasks

Hypergolix distribution as standalone package #19

Badg opened this issue Jan 22, 2017 · 0 comments

Comments

@Badg
Copy link
Member

Badg commented Jan 22, 2017
edited
Loading

Hypergolix should be distributed as a standalone package with its own python interpreter for all supported platforms. Installation should be as simple as "download, install, done".

Some important bits to consider:

  • cross-platform install experience and app invocation
  • what's the update/upgrade story?
  • cross-platform code signing?

Current plan:

  • Frozen (PyInstaller) or compiled (Nuitka) bootstrap app. This is what gets signed, installed, and invoked.
    • Written in python 3.5 (for stability reasons, not 3.6)
    • Creates python root installations for each minor version, 3.5.X+ (eg py3k5, py3k6)
    • Handles updating each python root to newest patch version (be sure to checksum and checksig)
    • On startup, scans a directory for app config files specifying:
      • App python version
      • App installation entry point
      • App invocation entry point
      • App upgrade entry point
    • (After bootstrap is complete, also listens for some kind of "new app config available" notification)
    • Checks for env for each app; if none exists, creates one and installs the app
    • Invokes each app in its own child process
    • Listens for signals, including machine shutdown, and passes them to child processes
  • Normal, pure-python Hypergolix app, exactly as it currently works
    • Uses the bootstrap for updating
    • Uses pip for installation, potentially with a local wheelhouse distributed with the app

Unresolved questions:

  • How should this handle privilege deescalation for the headless daemon? The config file should only be readable by root, which would imply the bootstrap would need to run as root. But ideally it would deescalate after startup. Will apps need to manually deescalate? Will apps need special sudo option in config file? ... etc.
  • For the headless daemon, does the bootstrap need to be daemonized?
  • Should the bootstrap app do any source validation for tamper resistance when invoking apps?
  • Should the bootstrap app archive known-good app installs and be able to revert to them upon upgrade problems?
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Badg