Feature changed by: Marcus Meissner <meissner@novell.com> Feature #305582, revision 7 Title: Off-Line one click install (MSI for Linux) openSUSE-11.2: New Priority Requester: Important Requested by: Raúl García <raul@bgta.net> Partner organization: openSUSE.org Description: Idea from community member Raúl García. Same concept as MSI packages for Windows but exploiting the One Click Install concept of openSUSE (and therefore inheriting the simplicity, code and security. Basically a compressed file which includes a repository inside, plus one click install information, and a script to trigger the oneclickinstall handler with the data as payload in the script. Therefore is a collection of rpms that can be installed detailed description is here http://en.opensuse.org/OSI There is already a prototype working. Example script: http://dl.getdropbox.com/u/363315/MozillaFirefox.osi This requires some extra features in one click install and other pieces * ability to force OneClick to add the repo (the one inside the compressed file) Additionally I see other features: * ability to suggest an update repo for the installed bundle * support from build service to generate bundles * easy way to generate them locally Out of scope but interesting: * Ablity to trigger a YaST workflow (its own control.xml?) Business case (Partner benefit): openSUSE.org: This solves the business case of distributing service packs, applications, codecs bundles by just downloading a big file, 100% offline, supporting dependencies and repo signatures. Discussion: #1: Benjamin Weber <benji@opensuse.org> (2008-12-17 18:38:57) Sounds good. I suggest not using a shell script to start the process as this could contain anything. Executing arbitrary untrusted code is not really a good idea. An archive containing metadata coupled with a handler that understands the format should be sufficient. #2: Stanislav Visnovsky <visnov@novell.com> (2008-12-17 20:31:15) Do you mean an ISO image containing an add-on product with privilege separation? #3: Raúl García <raul@bgta.net> (2008-12-18 13:01:10) The shell script will be executed by the user, with user privileges. Once the file is decompressed, the "One Click Install" is launched and it's works normally but with a local repository. Yes, the shell script could be altered, but any shell script could be altered :) + #4: Marcus Meissner <meissner@novell.com> (2008-12-18 13:07:13) + Security comments. + - There should be a signature / key already in tarball that validies + all other data - and why not a repomd tree, with everything reviewable + from repodata/repomd.xml + - what advantage brings this compared to just a tar-ed up RPM-MD tree + in usual format and signature checked? + (and btw, the example script on the page has /tmp problem en-masse) -- openSUSE Feature: https://features.opensuse.org/?rm=feature_show&id=305582