LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: Embedded and Mobile Linux

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Entitlements provide access control

Entitlements provide access control

Posted May 20, 2008 17:23 UTC (Tue) by michaelkjohnson (subscriber, #41438)
In reply to: Entitlements are not DRM by skitching
Parent article: A review of rPath Linux 2.0 (LinuxDevices)

First, I'd like to mention that rPath's documentation is available on our wiki and that we have a forum for discussing rPath products and technologies. So while I don't mind answering questions here, I'd suggest that more detailed discussion might reasonably be pursued in an rPath context, since we're going well beyond anything related to the article to which LWN linked here.

That said: Entitlements control repository access. So yes, (1) a conary repository server can be available at a public address and have a mix of accessible and inaccessible data, controlled by entitlements. The client presents the entitlement data as its credentials for repository access. (2) Prior to Conary 2.0, access control was by "label" (from a user point of view, think "branch"), controlled by a regular expression. Conary 2.0 added the ability for more fine-grained control, down to individual "troves" (packages and things like packages, including groups of packages). A loose analogy might be .htaccess/.htpasswd files providing fine-grained access to individual files and scripts being served by a web server. (3) Yes, the administrator of the repository can modify the rights which are available based on any particular entitlement; again, removing lines from .htaccess/.hgpasswd files would be a loose analogy.

We at rPath use this facility ourselves to provide our customers access to our proprietary products such as rBuilder Appliance. We do not restrict read access to rPath Linux by entitlement. rPath Appliance Platform Linux Service is an entitled product (with access to source code for everyone who has access to binaries) which is built from the rPath Linux core but is restricted to components for which rPath provides customers an SLA. The "software bundles" you refer to (we call them "appliances") are intentionally updateable. That is part of our relationship with our customers, and reliable, testable updates are a critical component of Conary design.

Again, while I very much enjoy describing the technical features of Conary that make all this possible, I don't want to "hijack" this link from LWN, and suggest that rPath's forum might be a more useful place to discuss the details, since someone else looking for information on Conary would probably look there before here.

Thanks for the questions!

(Log in to post comments)

Entitlements provide access control

Posted May 20, 2008 21:41 UTC (Tue) by drag (subscriber, #31333) [Link] 


And everybody keep in mind that Conary and such is free software. To understand Conary think
"RPM, but designed for online distribution of software and easy package creation"

rPath isn't the only people that use Conary.  Foresight Linux, the people that make it easy to
test brand-new Gnome releases, base their distribution on the Conary package management
system. Easy package creation and effortless uninstall/rollback capabilities makes it much
easier to work with then, say, Debian or Fedora in terms of packages and system updates. (ps.
Foresight Linux has begun to ship on Shuttle's KPC line of small form factor PCs)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds