[opam-devel] OPAM 1.3 roadmap

Anil Madhavapeddy anil at recoil.org
Sat Feb 21 08:45:25 GMT 2015


Cabal sandboxing is analogous to an OPAM switch, and doesn't provide security against malicious code.

Once the build/install phases are separated out, it should be reasonably straightforward to add plugins for support for OS-specific sandboxing to prevent network connections or filesystem access outside of a sandbox.  This could be quite lightweight (like systrace on OpenBSD, which has some races but is still better than nothing), or App Sandboxing on OSX (see `man sandbox_init`), or heavyweight such as a Docker container on Linux.

-anil

> On 21 Feb 2015, at 08:37, Simon Cruanes <simon.cruanes.2007 at m4x.org> wrote:
> 
> Sandboxing the build would also be a big security improvement. I think cabal now does it, and signing packages doesn't protect against malicious or buggy packages (see: bumblebee's uninstall target). That also goes hand in hand with file tracking. I don't know how difficult it is, though.
> 
> Cheers! 
> 
> Le 21 février 2015 05:01:56 UTC+01:00, Louis Gesbert <louis.gesbert at ocamlpro.com> a écrit :
> With 1.2.1 almost out of the door, time has come to review the roadmap discussed back in December and choose where we'll be going for 1.3. Original mail attached for reference.
> 
> 
> The topic that is burning hot at the moment is, specially after the Debian Haskell build host has been compromised, security: we have no signing at all at the moment, and we need to improve on this before it becomes a problem. TUF [1] has devised a sane amount of rules for repository management and signing that should make it easier to get it right in OPAM. Hannes has mentionned writing an OCaml implementation for TUF, which could get very helpful.
> 
> 
> Also of importance is Windows support. It should at least be straighforward and documented to get a basic Cygwin setup working. That goes with adding automated tests (appveyor can now be added in Github alongside Travis). Related is cleaning up external command usage (even if not really justified by a Windows
> port only, as David Allsopp pointed out) -- replacing curl calls by cohttp, use ocaml-fileutils...
> 
> 
> 
> These are the other main features, that'll probably take more time if we are to focus eg. on security:
> 
> * a plugin mechanism with plugins for example for OCaml (for better agnosticity), external dependency handling [2], documentation generation...
> 
> * a 'provides:' field in OPAM files [3]. This is a loose requirement if we want to switch the repository to have OCaml itself in a package (which is already possible, but the system compiler may yet be an issue).
> 
> * More flexible switch handling (multi-switch packages, per-switch remotes, layered switches for cross-compilation...)
> 
> * Tracking of files installed by packages. While unrelated to repo signing, this might have some security implications, so we might want to bring it in.
> 
> * With file tracking, generating a binary repo (with some limitations) could be quite
> straight-forward.
> 
> 
> 
> Which of these do you think is most important ? Have I forgotten anything ?
> 
> Cheers,
> Louis
> 
> 
> [1] http://theupdateframework.com/
> [2] https://github.com/ocaml/opam/blob/master/doc/design/depexts-plugins
> [3] https://github.com/ocaml/opam/blob/master/doc/design/provides.md
> message suivi
> 
> De :	Louis Gesbert 
> À :	opam-devel at lists.ocaml.org
> Envoyé :	Wed Dec 17 11:07:40 UTC+01:00 2014
> Objet :	[opam-devel] OPAM Roadmap -- what next ?
> Hi all,
>  
> with some lag after the 1.2 release, I'd like to open some space for a collective discussion of the priorities for where the energies should go next. We have mainly 3 directions for improvements: first, portability, with the main goal of a Windows version. Second, agnosticity, with the goal to make OPAM more generic, and try and open it to users outside of the OCaml community (wouldn't OPAM for Haskell be fun ?). Third, there are always lots of features and improvements that have been asked for, and would improve the experience of current users.
>  
> So here is a summary of what I've gathered. Feel free to add your own.
>  
>  
>  
> ## Portability
>  
> - **Rewrite parallel command engine.** / done.
>  
> - **Native system manipulation (cp, rm, curl...).**
>   These are mostly done through calls to the shell or external programs. It's
>   not very pretty but quite pragmatic actually... until we want to run on
>   Windows without Cygwin. Anyway, this wouldn't be the end of portability
>   issues.
>  
> - **Windows support.**
>   for OPAM itself to begin with. This should be pretty close.
>  
> - **Packages on Windows.**
>   Locate common issues and attempt to find generic fixes.
>  
> - Allow **direct use of more solvers** or solver servers.
>  
> - **Support cross-compilation**
>   This is quite an open issue at the moment.
>  
> ## Agnosticity
>  
> - **Isolate OCaml-specific stuff.**
>   E.g. specific opam-file variables. See ocaml-specific.md
>  
> - **Separate as plugins**
>   To open the gate to OPAM without these plugins, or with other ones
>  
> - **Compilers as packages.**
>   This should mostly work now, but needs some tests and strengthening. The main
>   thing still to do is to handle the system compiler changes properly ; that
>   part should be made more generic anyway (see discussion on hooks)
>  
> ## Features
>  
> - A **provides** field. Generally useful, but particulary so with
>   compilers-as-packages
>  
> - Releasing the **"features" field** for easier package configuration
>  
> - **Track installed files**
>  
> - **Improve security**: just checking md5s is quite light ; package scripts can
>   write anywhere
>  
> - **OS-specific handling of dependencies** (eg dependencies on packages from the
>   OS) with plugins (#1519)
>  
> - Specify and implement **hooks**
>  
> - Find a nicer way to **share dev repos** / undoable "pinning sources"
>  
> - **Per-switch remotes**
>  
> - **Multi-switch packages**
>  
> - Support for (automatic generation of) **binary packages**
>  
> - Nicer **ocamlfind interaction**
>  
>  
>  
> Cheers,
> Louis Gesbert
> 
> 
> opam-devel mailing list
> opam-devel at lists.ocaml.org
> http://lists.ocaml.org/listinfo/opam-devel
> 
> 
> opam-devel mailing list
> opam-devel at lists.ocaml.org
> http://lists.ocaml.org/listinfo/opam-devel
> 
> -- 
> Simon_______________________________________________
> opam-devel mailing list
> opam-devel at lists.ocaml.org
> http://lists.ocaml.org/listinfo/opam-devel



More information about the opam-devel mailing list