| 1 |
Gentoo's popularity contest package |
| 2 |
----------------------------------- |
| 3 |
|
| 4 |
by davoid and rufiao |
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
ABSTRACT: |
| 9 |
|
| 10 |
The purpose of this system is to guide the developers of gentoo as to what |
| 11 |
they |
| 12 |
should be concentrating on based on what gentoo's users have installed on |
| 13 |
their |
| 14 |
system for example. |
| 15 |
|
| 16 |
The setup is a client-server system. The server should be stored on |
| 17 |
gentoo.org |
| 18 |
It's mainly php and CGI scripts with access to a database. |
| 19 |
|
| 20 |
The client is composed of a first-time setup utility and a deamon whose job |
| 21 |
is |
| 22 |
to collect data on the system it runs on and to upload this package for |
| 23 |
analyze |
| 24 |
to the gentoo.org webserver. |
| 25 |
|
| 26 |
The server is composed of a php page that checks if the user can upload to |
| 27 |
it |
| 28 |
(so to as limit abuse), and some back-end that would analyze the transferred |
| 29 |
data and merge it into the table if it is correct. |
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
I. Server-side setup |
| 35 |
1. New user authentication |
| 36 |
2. Normal package information upload |
| 37 |
II. Client-side setup |
| 38 |
1. Contents of tarball |
| 39 |
2. first-time configuration of deamon |
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
I. 1. New user authentication |
| 45 |
============================== |
| 46 |
|
| 47 |
o php server accepts new user's e-mail address in URL form. Server then |
| 48 |
records |
| 49 |
into newUsersPendingTable user's IP address, request time and any other |
| 50 |
relevant |
| 51 |
information such as browser maybe. The mysql fields filled in by the php |
| 52 |
server |
| 53 |
should be filly configurable on the server side using forms. |
| 54 |
|
| 55 |
o server sends an email to user with a initial session ID generated using |
| 56 |
/dev/urandom maybe, or whatever medium php is given. it also saves a record |
| 57 |
with |
| 58 |
email/cookie pair in mysql table. |
| 59 |
|
| 60 |
(user is required to copy-paste the 128-bit cookie from server that he |
| 61 |
received |
| 62 |
at the e-mail address he specified upon initial connection and to put it |
| 63 |
into a |
| 64 |
configuration file that deamon will read.) |
| 65 |
|
| 66 |
Note here that user is not required to answer to any e-mail. He just has |
| 67 |
to |
| 68 |
set up his system. This could be as well implemented in the client's user |
| 69 |
interface as a box that will hold the initial magic cookie, removing the |
| 70 |
need of |
| 71 |
editing an external file. |
| 72 |
|
| 73 |
|
| 74 |
o when client comes online for the first transaction, it provides initial |
| 75 |
cookie |
| 76 |
and e-mail associated with that cookie. Server detects it is the first time |
| 77 |
his |
| 78 |
client would upload his information |
| 79 |
|
| 80 |
o client uploads file to client using POST method. server gives client new |
| 81 |
session ID as soon as transfer is done. server merges information about |
| 82 |
packages |
| 83 |
used, version, system into infoTable adds lastMerged in user's record. |
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
I. 2. Normal package information upload |
| 89 |
======================================= |
| 90 |
|
| 91 |
o client connects to server, gives in email address and cookie, starts |
| 92 |
transfer. |
| 93 |
|
| 94 |
o server gives client new session ID by some means (either redirecting user |
| 95 |
to a |
| 96 |
new page for which in the URL there is the magic cookie that client has to |
| 97 |
parse), records lastMerged, starts merging package into infoTable using some |
| 98 |
CGI |
| 99 |
script ... |
| 100 |
|
| 101 |
|
| 102 |
Problem: what if client deleted its cookie and wants to upload? cookie |
| 103 |
invalid? |
| 104 |
Answer: We could deny access to the database for the user in the future. |
| 105 |
Problem2: where and how do clients upload their home-made tarball |
| 106 |
Answer: Clients use the POST method to upload files |
| 107 |
Problem3: how do we check if the tarball hasn't been modified by the user |
| 108 |
with |
| 109 |
bogus information, badly formed data that hog up tables? |
| 110 |
Answer: the php script should be smart enough to detect this. If script |
| 111 |
becomes |
| 112 |
too heavy, there's also CGI and a good perl script. |
| 113 |
Problem4: table size limited in mysql. |
| 114 |
Answer: merging into a better database such as postgresql should be |
| 115 |
condidered. |
| 116 |
|
| 117 |
|
| 118 |
|
| 119 |
II. Client-side setup |
| 120 |
====================== |
| 121 |
|
| 122 |
|
| 123 |
II.1. Contents of the tarball uploaded by client deamon to server |
| 124 |
=============================================================== |
| 125 |
|
| 126 |
In the final version, the user who wants to can control what information is |
| 127 |
colected from his system. |
| 128 |
|
| 129 |
- architecture |
| 130 |
- ram |
| 131 |
- installed packages |
| 132 |
- connection to net |
| 133 |
etc (whatever that the gentoo developers would need to know about their |
| 134 |
users) |
| 135 |
|
| 136 |
|
| 137 |
|
| 138 |
|
| 139 |
|
| 140 |
|
| 141 |
|
| 142 |
|
| 143 |
_________________________________________________________________ |
| 144 |
Send and receive Hotmail on your mobile device: http://mobile.msn.com |
Archives