Hi again,<br><br>A generic KDE installer to later organize all kde specific apps is a good idea to keep things under control.<br><br><span style="font-weight: bold;">Regarding the KDE installer:</span><br>I've been trying to make a portable kde to carry around on my pendisk and showcase to a few work friends but copying the binaries and running on another machine won't work.<br>
<br>Do I need to install any Qt related service or add any registry keys to carry the kde base folder to somewhere else?<br><br><br>------<br><br><br><br><br><div><span class="gmail_quote">2008/3/29, <a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a> <<a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Send Kde-windows mailing list submissions to<br> <a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a><br> <br> To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="https://mail.kde.org/mailman/listinfo/kde-windows">https://mail.kde.org/mailman/listinfo/kde-windows</a><br>
or, via email, send a message with subject or body 'help' to<br> <a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a><br> <br> You can reach the person managing the list at<br> <a href="mailto:kde-windows-owner@kde.org">kde-windows-owner@kde.org</a><br>
<br> When replying, please edit your Subject line so it is more specific<br> than "Re: Contents of Kde-windows digest..."<br> <br> <br> Today's Topics:<br> <br> 1. Re: Kde-windows Digest, Vol 30, Issue 29 (Nuno Brito)<br>
2. Re: specialized installers (Jaros?aw Staniek)<br> 3. Re: specialized installers (Ralf Habacker)<br> 4. Hint: cs and cb commands on Windows (Jaros?aw Staniek)<br> 5. Re: KProcess, KRun, KShell, KMacroExpander, their abuse,<br>
windows and security holes (Jaroslaw Staniek)<br> <br> <br> ----------------------------------------------------------------------<br> <br> Message: 1<br> Date: Fri, 28 Mar 2008 10:22:30 -0100<br> From: "Nuno Brito" <<a href="mailto:mail@nunobrito.eu">mail@nunobrito.eu</a>><br>
Subject: Re: Kde-windows Digest, Vol 30, Issue 29<br> To: <a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a><br> Message-ID:<br> <<a href="mailto:c6aeeb1d0803280422y25f27b34o857dfeb354b312e@mail.gmail.com">c6aeeb1d0803280422y25f27b34o857dfeb354b312e@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br> <br> Innosetup is a very good installer.<br> <br> But how will this apply to the context of KDE?<br> <br> Shouldn't it be less dependent on the mechanisms of Windows?<br>
<br> Imagine the restrictions for running a installer on Vista machines where UAC<br> is enabled or under XP/2000 with no administrative permissions.<br> <br> The main advantage of the KDE project for windows (on my humble opinion) is<br>
the independence from the restrictions imposed by windows and let users<br> decide what to do next.<br> <br> Would be good to see KDE as self contained as possible and handle their own<br> installs without resorting to Add/Remove program tab from the windows<br>
control panel.<br> <br> :)<br> <br> <br> 2008/3/28, <a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a> <<a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a>>:<br> ><br>
> Send Kde-windows mailing list submissions to<br> > <a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a><br> ><br> > To subscribe or unsubscribe via the World Wide Web, visit<br> > <a href="https://mail.kde.org/mailman/listinfo/kde-windows">https://mail.kde.org/mailman/listinfo/kde-windows</a><br>
> or, via email, send a message with subject or body 'help' to<br> > <a href="mailto:kde-windows-request@kde.org">kde-windows-request@kde.org</a><br> ><br> > You can reach the person managing the list at<br>
> <a href="mailto:kde-windows-owner@kde.org">kde-windows-owner@kde.org</a><br> ><br> > When replying, please edit your Subject line so it is more specific<br> > than "Re: Contents of Kde-windows digest..."<br>
><br> ><br> > Today's Topics:<br> ><br> > 1. specialized installers (Ralf Habacker)<br> ><br> ><br> > ----------------------------------------------------------------------<br> ><br> > Message: 1<br>
> Date: Fri, 28 Mar 2008 11:47:59 +0100<br> > From: Ralf Habacker <<a href="mailto:ralf.habacker@freenet.de">ralf.habacker@freenet.de</a>><br> > Subject: specialized installers<br> > To: KDE on Windows <<a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a>><br>
> Message-ID: <<a href="mailto:47ECCCDF.4080207@freenet.de">47ECCCDF.4080207@freenet.de</a>><br> > Content-Type: text/plain; charset="iso-8859-15"<br> ><br> > Hi,<br> ><br> > Christian informed me that the amarok team asked for the possibility for<br>
> an application specific installer. Because in the future there may<br> > additional projects like koffice which may like to use such a<br> > specialized installer i like to give some hints about this topic:<br>
><br> > 1.There is always the way to build application specific setups using<br> > nsis or inno setup. The advantage is that the application<br> > maintainer/packager has full control about what is in the package and<br>
> what not. The disadvantage is that the application maintainer/package is<br> > on his own on building every required package. Packagers could reduces<br> > this expense by using the already available packages from the kde<br>
> mirrors, but then they are bound on the package release cycle<br> ><br> > 2. The qt based installer was extended to be able to handle application<br> > specific themes containing different icons/images/pages like shown in<br>
> the appended screenshot for a possible amarok installer. Technical it<br> > would use the public available binary packages. For specialized<br> > installers patches are welcome.<br> ><br> > Any comments ?<br>
><br> > Ralf<br> ><br> ><br> > -------------- next part --------------<br> > A non-text attachment was scrubbed...<br> > Name: amarok-installer.jpg<br> > Type: image/jpeg<br> > Size: 29065 bytes<br>
> Desc: not available<br> > Url :<br> > <a href="http://mail.kde.org/pipermail/kde-windows/attachments/20080328/4125bcea/attachment.jpg">http://mail.kde.org/pipermail/kde-windows/attachments/20080328/4125bcea/attachment.jpg</a><br>
><br> > ------------------------------<br> ><br> > _______________________________________________<br> > Kde-windows mailing list<br> > <a href="mailto:Kde-windows@kde.org">Kde-windows@kde.org</a><br> > <a href="https://mail.kde.org/mailman/listinfo/kde-windows">https://mail.kde.org/mailman/listinfo/kde-windows</a><br>
><br> ><br> > End of Kde-windows Digest, Vol 30, Issue 29<br> > *******************************************<br> ><br> <br> <br> <br> --<br> Nuno Brito<br> <a href="http://nunobrito.eu">http://nunobrito.eu</a><br>
-------------- next part --------------<br> An HTML attachment was scrubbed...<br> URL: <a href="http://mail.kde.org/pipermail/kde-windows/attachments/20080328/c97a9fc7/attachment-0001.html">http://mail.kde.org/pipermail/kde-windows/attachments/20080328/c97a9fc7/attachment-0001.html</a><br>
<br> ------------------------------<br> <br> Message: 2<br> Date: Fri, 28 Mar 2008 12:44:29 +0100<br> From: Jaros?aw Staniek <<a href="mailto:js@iidea.pl">js@iidea.pl</a>><br> Subject: Re: specialized installers<br>
To: KDE on Windows <<a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a>><br> Message-ID: <<a href="mailto:47ECDA1D.7080103@iidea.pl">47ECDA1D.7080103@iidea.pl</a>><br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br> Nuno Brito said the following, On 2008-03-28 12:22:<br> > Innosetup is a very good installer.<br> ><br> > But how will this apply to the context of KDE?<br> ><br> > Shouldn't it be less dependent on the mechanisms of Windows?<br>
><br> > Imagine the restrictions for running a installer on Vista machines where UAC<br> > is enabled or under XP/2000 with no administrative permissions.<br> ><br> > The main advantage of the KDE project for windows (on my humble opinion) is<br>
> the independence from the restrictions imposed by windows and let users<br> > decide what to do next.<br> <br> I consider NSIS and Innosetup (rather) only as temporary solution for anyone<br> who wants to play with them. We indeed want and have more and more control<br>
over our installation processes and that is good.<br> <br> That said, of course we won't have equally lightweight installers for<br> particular apps as long as we use Qt, but we do value ease of maintenance and<br> quality, right?<br>
Moreover (that was probably already mentioned), what a problem with extra 2MB<br> if a number of gfx card drivers' installers contain 20MB+ of additional<br> garbage? ;)<br> <br> As a side note: note however, that some enterprises have policy of only<br>
allowing .msi installers in their environments...<br> <br> Again, Ralf and Christian, kudos for your work on the installer(s)!<br> <br> > Would be good to see KDE as self contained as possible and handle their own<br>
> installs without resorting to Add/Remove program tab from the windows<br> > control panel.<br> <br> Yes, putting every application (or rather module like amarok or koffice) in<br> the add/remove list would be indeed an overkill. Note how much this list is<br>
broken under Vista (every important KB fix is mentioned there), and I guess on<br> XPSP2 too.<br> So we can have our subsystem and just keep "KDE icon" in the control panel.<br> Optionally we can have one add/remove entry called "K Desktop Environment -<br>
Add/remove programs" or so.<br> <br> just my 2 cents<br> <br> --<br> regards / pozdrawiam, Jaroslaw Staniek<br> Sponsored by OpenOffice Polska (<a href="http://www.openoffice.com.pl/en">http://www.openoffice.com.pl/en</a>) to work on<br>
Kexi & KOffice (<a href="http://www.kexi.pl/en">http://www.kexi.pl/en</a>, <a href="http://www.koffice.org/kexi">http://www.koffice.org/kexi</a>)<br> KDE Libraries for MS Windows (<a href="http://windows.kde.org">http://windows.kde.org</a>)<br>
<br> <br> ------------------------------<br> <br> Message: 3<br> Date: Fri, 28 Mar 2008 13:14:56 +0100<br> From: Ralf Habacker <<a href="mailto:ralf.habacker@freenet.de">ralf.habacker@freenet.de</a>><br> Subject: Re: specialized installers<br>
To: KDE on Windows <<a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a>><br> Message-ID: <<a href="mailto:47ECE140.8070402@freenet.de">47ECE140.8070402@freenet.de</a>><br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br> Jaros?aw Staniek schrieb:<br> > Nuno Brito said the following, On 2008-03-28 12:22:<br> ><br> >> Innosetup is a very good installer.<br> >><br> >> But how will this apply to the context of KDE?<br>
>><br> >> Shouldn't it be less dependent on the mechanisms of Windows?<br> >><br> >> Imagine the restrictions for running a installer on Vista machines where UAC<br> >> is enabled or under XP/2000 with no administrative permissions.<br>
>><br> >> The main advantage of the KDE project for windows (on my humble opinion) is<br> >> the independence from the restrictions imposed by windows and let users<br> >> decide what to do next.<br>
>><br> ><br> > I consider NSIS and Innosetup (rather) only as temporary solution for anyone<br> > who wants to play with them. We indeed want and have more and more control<br> > over our installation processes and that is good.<br>
><br> > That said, of course we won't have equally lightweight installers for<br> > particular apps as long as we use Qt, but we do value ease of maintenance and<br> > quality, right?<br> > Moreover (that was probably already mentioned), what a problem with extra 2MB<br>
> if a number of gfx card drivers' installers contain 20MB+ of additional<br> > garbage? ;)<br> ><br> there is no problem i think additional compared to the size of the whole<br> kde installation the 2MB of the installer are irrelevant ;)<br>
> As a side note: note however, that some enterprises have policy of only<br> > allowing .msi installers in their environments...<br> ><br> Applications on windows more and more supports self contained<br> updaters/installers like Acrobat Reader, Apple Quicktime and others<br>
independently from the Microsoft Windows Installer, they only use an<br> initial msi package. To fit this need there could be one msi package<br> which installs the kde installer and the software control panel entries<br>
you mentioned below.<br> > Again, Ralf and Christian, kudos for your work on the installer(s)!<br> ><br> ><br> >> Would be good to see KDE as self contained as possible and handle their own<br> >> installs without resorting to Add/Remove program tab from the windows<br>
>> control panel.<br> >><br> ><br> > Yes, putting every application (or rather module like amarok or koffice) in<br> > the add/remove list would be indeed an overkill. Note how much this list is<br> > broken under Vista (every important KB fix is mentioned there), and I guess on<br>
> XPSP2 too.<br> > So we can have our subsystem and just keep "KDE icon" in the control panel.<br> > Optionally we can have one add/remove entry called "K Desktop Environment -<br> > Add/remove programs" or so.<br>
><br> I add this to the installer todo list.<br> <br> Thanks for this pointers.<br> <br> Ralf<br> <br> <br> ------------------------------<br> <br> Message: 4<br> Date: Fri, 28 Mar 2008 19:16:21 +0100<br> From: Jaros?aw Staniek <<a href="mailto:js@iidea.pl">js@iidea.pl</a>><br>
Subject: Hint: cs and cb commands on Windows<br> To: KDE on Windows <<a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a>><br> Message-ID: <<a href="mailto:47ED35F5.9010602@iidea.pl">47ED35F5.9010602@iidea.pl</a>><br>
Content-Type: text/plain; charset="utf-8"<br> <br> <br> The command prompt is not as flexible but at least I have two batch commands<br> (attached).<br> <br> 1. I use<br> <br> cb kdelibs<br> <br> to move to kdelibs bianary directory, e.g. to quickly type nmake install<br>
somewhere. In my case it moves to<br> c:\kde4\tmp\kdelibs-20080202\work\msvc2005-Debug.<br> <br> That's for msvc, and assuming your builddir is %KDEROOT%\tmp.<br> So you may want to alter this.<br> <br> <br> 2. I use<br>
<br> cs kdelibs<br> <br> to move to kdelibs source directory.<br> <br> <br> --<br> regards / pozdrawiam, Jaroslaw Staniek<br> Sponsored by OpenOffice Polska (<a href="http://www.openoffice.com.pl/en">http://www.openoffice.com.pl/en</a>) to work on<br>
Kexi & KOffice (<a href="http://www.kexi.pl/en">http://www.kexi.pl/en</a>, <a href="http://www.koffice.org/kexi">http://www.koffice.org/kexi</a>)<br> KDE Libraries for MS Windows (<a href="http://windows.kde.org">http://windows.kde.org</a>)<br>
-------------- next part --------------<br> A non-text attachment was scrubbed...<br> Name: cb_cs.zip<br> Type: application/zip<br> Size: 269 bytes<br> Desc: not available<br> Url : <a href="http://mail.kde.org/pipermail/kde-windows/attachments/20080328/0e23c443/attachment-0001.zip">http://mail.kde.org/pipermail/kde-windows/attachments/20080328/0e23c443/attachment-0001.zip</a><br>
<br> ------------------------------<br> <br> Message: 5<br> Date: Fri, 28 Mar 2008 22:07:39 +0100<br> From: Jaroslaw Staniek <<a href="mailto:js@iidea.pl">js@iidea.pl</a>><br> Subject: Re: KProcess, KRun, KShell, KMacroExpander, their abuse,<br>
windows and security holes<br> To: <a href="mailto:kde-core-devel@kde.org">kde-core-devel@kde.org</a><br> Cc: KDE on Windows <<a href="mailto:kde-windows@kde.org">kde-windows@kde.org</a>><br> Message-ID: <<a href="mailto:47ED5E1B.9030407@iidea.pl">47ED5E1B.9030407@iidea.pl</a>><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br> <br> Oswald Buddenhagen said the following, On 2008-03-16 22:40:<br> <br> > first of all, a rant: i did a grep on KShell::quoteArg ... the number of<br> > hits is amazing. and 90+% indicate unnecessary use of a shell.<br>
> the top three reasons *not* to go through a shell:<br> > - it is not portable<br> > - it is slow<br> > - you risk security holes (if you get the argument quoting wrong) -<br> > remember that delayed release some years ago?<br>
> so if your code contains any of these:<br> > - system()<br> > - popen()<br> > - KProcess::setShellCommand() or K3Process::setUseShell(true)<br> > you are likely to be doing something wrong. please review and fix any<br>
> code that you maintain.<br> > on a related note, KMacroExpander::expandMacrosShellQuote() and<br> > KShell::splitArgs() are still under-used, leading to lots of duplicated<br> > (and usually not particularly robust) code. but see below.<br>
><br> ><br> > now to the broader topic ... starting subprocesses and supplying<br> > arguments to them. for now only unix ...<br> ><br> > - the basic and usually only correct way to start a process is by using<br>
> KProcess (without resorting to setShellCommand). you can run processes<br> > synchronously, asynchronously or completely detached, supply a working<br> > dir, make redirections, chain processes and deal with their i/o.<br>
><br> > - if you have the user supply file names, you might want to run them<br> > through KShell::tildeExpand() prior to passing them to the process.<br> > but KFileDialog already handles this internally, so usually there is<br>
> no need to bother with it (and expanding strings that are not meant to<br> > be would be potentially harmful, anyway).<br> ><br> > - then there is KShell::splitArgs() (used without AbortOnMeta). it<br> > performs word-splitting according to somewhat simplified bash rules.<br>
> the result is usually fed into a KProcess.<br> > meanwhile it is even somewhat popular.<br> > but one has to wonder what it is actually used for - why would anyone<br> > supply something that resembles a shell command, but is none?<br>
><br> > - then exists the possibility to run a complete command through a shell<br> > via KProcess::setShellCommand().<br> ><br> > - if you use KShell::quoteArg() or KShell::joinArgs() to construct a<br>
> command line, you should reconsider - see above.<br> ><br> > - a generally justified use of the shell are user-supplied command<br> > lines. often such a command line is filtered through<br> > KMacroExpander::expandMacrosShellQuote() prior to passing it to<br>
> KProcess to replace any expandos in the command.<br> ><br> > - a somewhat fancy way to execute a shell command is<br> > KRun::runCommand()<br> ><br> > - a fairly efficient way to execute a shell command is using<br>
> KShell::splitArgs() with the AbortOnMeta flag - if it can be parsed<br> > according to the simplified bash rules, it can be run directly,<br> > otherwise it needs to be run through the shell.<br> > KRun does that internally.<br>
><br> > now comes into play this bloody braindead waste of time that is called<br> > windows. it pretty much screws us over with everything that actually<br> > requires using a shell. the gory details are explained in<br>
> <a href="http://lists.kde.org/?l=kde-windows&m=119159232432366&w=2">http://lists.kde.org/?l=kde-windows&m=119159232432366&w=2</a><br> ><br> > as a consequence i suggest the following course of action:<br>
><br> > - i would build the KShell::splitArgs() with AbortOnMeta magic from KRun<br> > directly into KProcess::setShellCommand(). on unix, a flag to bypass<br> > this automagic would exist. on windows, it would simply refuse to<br>
> run anything too complex - users can be expected to use batch files for<br> > complex constructs anyway.<br> > to KRun::runCommand() the same would apply.<br> ><br> > - KShell::splitArgs() would disappear from the public api on windows. on<br>
> unix, its use should be limited. it would be mostly obsoleted by the<br> > previous point anyway.<br> ><br> > - any code that uses KShell::quoteArg() or KShell::joinArgs() is likely<br> > to be either bogus or inherently platform-dependend. i think it<br>
> should be made unix-only again.<br> ><br> > - KMacroExpander::expandMacrosShellQuote() would be safe only as far as<br> > the improved KProcess::setShellCommand() goes.<br> ><br> > anything i did not consider?<br>
<br> I can only say that the fact that bool<br> KMacroExpanderBase::expandMacrosShellQuote( QString &str,<br> int &pos ) just fails on Windows makes KRun::processDesktopExec() failing too,<br> what in turn breaks opening in my KMail :).<br>
<br> On windows it's true that 99.(9)% of use cases for symbol expanding is<br> "<command> %f" call, what's indeed the pattern used so often in the windows<br> registry.<br> <br> --<br> regards / pozdrawiam, Jaroslaw Staniek<br>
Sponsored by OpenOffice Polska (<a href="http://www.openoffice.com.pl/en">http://www.openoffice.com.pl/en</a>) to work on<br> Kexi & KOffice (<a href="http://www.kexi.pl/en">http://www.kexi.pl/en</a>, <a href="http://www.koffice.org/kexi">http://www.koffice.org/kexi</a>)<br>
KDE Libraries for MS Windows (<a href="http://windows.kde.org">http://windows.kde.org</a>)<br> <br> <br> ------------------------------<br> <br> _______________________________________________<br> Kde-windows mailing list<br>
<a href="mailto:Kde-windows@kde.org">Kde-windows@kde.org</a><br> <a href="https://mail.kde.org/mailman/listinfo/kde-windows">https://mail.kde.org/mailman/listinfo/kde-windows</a><br> <br> <br> End of Kde-windows Digest, Vol 30, Issue 30<br>
*******************************************<br> </blockquote></div><br><br clear="all"><br>-- <br>Nuno Brito<br><a href="http://nunobrito.eu">http://nunobrito.eu</a>