DOCSLIB.ORG

A Look in the Mirror: Attacks on Package Managers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Look in the Mirror: Attacks on Package Managers See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/221609207 A look in the mirror: Attacks on package managers Conference Paper · January 2008 DOI: 10.1145/1455770.1455841 · Source: DBLP CITATIONS READS 18 107 4 authors, including: John H. Hartman The University of Arizona 61 PUBLICATIONS 1,992 CITATIONS SEE PROFILE Some of the authors of this publication are also working on these related projects: Diffuse optical imaging for breast-cancer detection View project All content following this page was uploaded by John H. Hartman on 05 February 2015. The user has requested enhancement of the downloaded file. A Look In the Mirror: Attacks on Package Managers Justin Cappos Justin Samuel Scott Baker John H. Hartman Department of Computer Science, University of Arizona Tucson, AZ 85721, U.S.A. {justin, jsamuel, bakers, jhh}@cs.arizona.edu ABSTRACT systems [1, 2, 3, 21, 22, 25, 26, 28, 31, 32]. Package managers This work studies the security of ten popular package man- provide a privileged, central mechanism for the management agers. These package managers use different security mech- of software on a computer system. As packages are installed anisms that provide varying levels of usability and resilience by the superuser (root), their security is essential to the to attack. We find that, despite their existing security mech- overall security of the computer. anisms, all of these package managers have vulnerabilities This paper evaluates the security of the eight most popu- that can be exploited by a man-in-the-middle or a malicious lar [9, 19] package managers in use on Linux: APT [1], APT- mirror. While all current package managers suffer from vul- RPM [2], Pacman [3], Portage [21], Slaktool [25], urpmi [28], nerabilities, their security is also positively or negatively im- YaST [31], and YUM [32]. Also examined is the popular pacted by the distribution’s security practices. Weaknesses package manager for BSD systems called ports [22] and a in package managers are more easily exploited when distri- popular package manager in the research community called butions use third-party mirrors as official mirrors. We were Stork [26]. These package managers use one of four differ- successful in using false credentials to obtain an official mir- ent security models: no security, cryptographic signatures ror on all five of the distributions we attempted. We also embedded within packages, signatures on detached package found that some security mechanisms that control where a metadata, or signatures on the root metadata (a file that client obtains metadata and packages from may actually de- contains the secure hashes of the package metadata). crease security. We analyze current package managers to This work demonstrates that there is an ordering to the show that by exploiting vulnerabilities, an attacker with a amount of security provided by the different package man- mirror can compromise or crash hundreds to thousands of ager security models. This order is preserved even as other clients weekly. The problems we disclose are now being cor- security weaknesses in the package managers are corrected. rected by many different package manager maintainers. Having no signatures allows the most egregious attacks, fol- lowed by having only package signatures, having signatures on detached package metadata, and finally having signa- Categories and Subject Descriptors tures on the root metadata, which provides the most secu- K.6.5 [Security and Protection]: Invasive software; C.2.0 rity. However, there are usability concerns with different [Computer-Communication Networks]: General—Se- signature mechanisms, most notably the ability to verify a curity and protection; K.4.1 [Social Issues]: Abuse and stand-alone package (a package obtained from a source other Crime Involving Computers than the main repository). Signatures on root metadata do not provide a convenient way to verify stand-alone packages General Terms and so the user is likely to install such packages without us- ing security checks. In contrast, package managers that use Security signatures on detached package metadata or signatures on packages can verify stand-alone packages. Keywords Because of the usability strengths and weaknesses of dif- Package Management, Mirrors, Replay Attack ferent techniques for providing security, this work recom- mends a layered approach created by combining two tech- 1. INTRODUCTION niques: signatures on the root metadata and either signa- tures on packages or package metadata. This technique pro- Package managers are a popular way to distribute software vides the security strengths and the usability strengths of (bundled into archives called packages) for modern operating both types of signatures with an overhead of between 2-5%. The layered approach has been added to the Stork package manager and is now in use by thousands of clients around Permission to make digital or hard copies of all or part of this work for the world. personal or classroom use is granted without fee provided that copies are While we find that vulnerabilities in package managers not made or distributed for profit or commercial advantage and that copies do exist, vulnerabilities are not always exploitable in the bear this notice and the full citation on the first page. To copy otherwise, to real world. We examine this by looking at the security of republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. popular distributions. We find that it is trivial for an at- CCS'08, October 27–31, 2008, Alexandria, Virginia, USA. tacker to control an official package mirror for a popular Copyright 2008 ACM 978-1-59593-810-7/08/10 ...$5.00. distribution (such as Ubuntu, Debian, Fedora, CentOS, and Root Metadata Package openSUSE) and therefore to be in the position to launch at- packagemetadata1 hash: c302df...f8 Metadata tacks on clients. To mitigate this threat, many distributions packagemetadata2 hash: 192ee0...31 packagemetadata1 use mechanisms to distribute requests to multiple mirrors Root Metadata signature (optional) or provide certain information from a trusted source. We A Package A Package’s Metadata show that some of these mechanisms actually decrease the foo−2.0.rpm security of users by making it easier to target attacks. name:’foo−2.0.rpm’ package contents size:’56242’ hash:’74b5a1...c3’ 2. BACKGROUND embedded package ... metadata Package Metadata Package 2.1 Package Formats signature (optional) signature (optional) Packages consist of an archive containing files and, in most cases, additional embedded package metadata. For a given package, the embedded package metadata contains informa- Figure 1: Repository Layout. The root metadata, tion about any other packages that must be installed in or- package metadata, and packages may all optionally der for it to operate (the dependencies), functionality the have signatures depending on the support of the package possesses (what the package provides), and various package manager. Arrows point from a secure hash other information about the package itself. The most popu- to the file it references. lar package format, RPM [23], has space for one signature. Other popular package formats have no standard field for Figure 1 shows the layout of a typical repository. A pack- signatures, although in some cases extensions exist to sup- age manager downloads the root metadata and uses that port signatures [8, 11]. to locate the files containing the package metadata. The package manager then downloads the package metadata. 2.2 Package Managers The package metadata is used to determine package avail- Clients use a package manager to install packages on their ability as well as for dependency resolution. Packages are system. A package manager gathers information about pack- then downloaded and installed. The root metadata, pack- ages available on package repositories. Almost all pack- age metadata, and packages may be signed depending on age managers automatically download requested packages as the security model of the package manager. well as any additional packages that are needed to correctly install the software. This process is called dependency res- 2.4 Mirror olution. For example, a requested package foo may depend It is common for a distribution to have more than one on libc and bar. If libc is already installed, then libc is server from which users can download packages and package a dependency that has been resolved (no package must be metadata. There is usually a main repository for a distribu- installed to satisfy the dependency). If there is no installed tion whose contents are copied by many separate mirrors. package that provides bar, then bar is an unresolved depen- A mirror typically contains exactly the same content as the dency and a package that provides bar must be installed main repository and is updated via rsync or a similar tool. before foo may be installed. The package manager may be A mirror differs from a main repository in that a mirror is able to locate a package that provides bar on a repository. not intended to have packages directly added to it or re- The packages that are chosen to fulfill dependencies may moved from it by its administrators. Packages are added or have unresolved dependencies of their own. Packages are removed only on the main repository and the mirrors later continually added to the list of packages to be installed until obtain the changes when copying the main repository. either the package manager cannot resolve a dependency A mirror can be public (available for anyone to use) or (and produces an error) or all dependencies are resolved. private (restricted to a specific organization). A mirror may also be endorsed by a distribution for public use, typically 2.3 Repository when that the distribution is in contact with the mirror A package repository is usually an HTTP or FTP server maintainers. This type of mirror is called an official mirror from which clients can obtain packages and package meta- (the terminology used outside of this document varies by data.
Load more

Recommended publications
  • Hacker Public Radio
    hpr0001 :: Introduction to HPR hpr0002 :: Customization the Lost Reason hpr0003 :: Lost Haycon Audio Aired on 2007-12-31 and hosted by StankDawg Aired on 2008-01-01 and hosted by deepgeek Aired on 2008-01-02 and hosted by Morgellon StankDawg and Enigma talk about what HPR is and how someone can contribute deepgeek talks about Customization being the lost reason in switching from Morgellon and others traipse around in the woods geocaching at midnight windows to linux Customization docdroppers article hpr0004 :: Firefox Profiles hpr0005 :: Database 101 Part 1 hpr0006 :: Part 15 Broadcasting Aired on 2008-01-03 and hosted by Peter Aired on 2008-01-06 and hosted by StankDawg as part of the Database 101 series. Aired on 2008-01-08 and hosted by dosman Peter explains how to move firefox profiles from machine to machine 1st part of the Database 101 series with Stankdawg dosman and zach from the packetsniffers talk about Part 15 Broadcasting Part 15 broadcasting resources SSTRAN AMT3000 part 15 transmitter hpr0007 :: Orwell Rolled over in his grave hpr0009 :: This old Hack 4 hpr0008 :: Asus EePC Aired on 2008-01-09 and hosted by deepgeek Aired on 2008-01-10 and hosted by fawkesfyre as part of the This Old Hack series. Aired on 2008-01-10 and hosted by Mubix deepgeek reviews a film Part 4 of the series this old hack Mubix and Redanthrax discuss the EEpc hpr0010 :: The Linux Boot Process Part 1 hpr0011 :: dd_rhelp hpr0012 :: Xen Aired on 2008-01-13 and hosted by Dann as part of the The Linux Boot Process series.
    [Show full text]
  • Sabayon Linux
    Copyright: DOSgg ProgrammaTheek BV SoftwareBus 2007 1 volgend artikel). Tenslotte is omwille aan de ‘enige echte’ output, die al van de lengte van dit artikel de inhoud sinds de uitvinding van de fotografie beperkt gebleven. En ik zal ongetwijfeld het streven is van elke fotograaf: de dingen over het hoofd hebben gezien. afdruk – als kunststuk, voor nú en voor Evenwel hoop ik te hebben bijgedragen later. Veel succes en kijkplezier ! x Sabayon Linux: Italiaanse stijl voor echte mannen Jan Stedehouder Sinds een paar maanden hebben we van de SchoenUitsmijter? Logisch toch. thuis digitale televisie. Nu hebben jullie Nee, dan moeten we toch echt bij de daar niet veel aan, maar voor mij heeft Italianen zijn. Die kunnen stijl, functie het erg inspirerend gewerkt. Er lag nogal en mannelijkheid prima met elkaar in wat schrijfwerk te wachten en ik heb balans brengen. Denk maar aan auto’s. dan graag iets op de achtergrond draaien Maserati, Ferrari. Vanuit het modebe- dat inspirerend en ontspannend werkt. wuste en stijlvolle Italië komt nu een Li- Het digitale zenderaanbod is kwantita- nux distributie die de hele concurrentie, tief een stuk ruimer en na wat experi- inclusief Windows Vista en Mac OS X, in menteerwerk bleek dat Fashion TV de de stofwolken achter zich laat: Sabayon meest ideale zender was. Ja-ja, ik hoor Linux. al wat mannelijke lezers besmuikt la- chen. Computernerds en mode. Dat zal Een paar maanden geleden liep ik bij wel. Het zal wel om de mooie meiden toeval tegen Sabayon Linux 3.1 aan en gaan. Nee, echt, de begeleidende mu- recentelijk is versie 3.2 al uitgebracht.
    [Show full text]
  • Urpmi.Addmedia
    Todo lo que siempre quisiste saber sobre urpmi pero nunca te atreviste a preguntarlo Todo lo que siempre quisiste saber sobre urpmi pero nunca te atreviste a preguntarlo Traducido por Willy Walker de http://mandrake.vmlinuz.ca/bin/view/Main/UsingUrpmi Descargalo en PDF Otros recursos para aprender sobre urpmi Urpmi es una importante herramienta para todos los usuarios de Mandriva. Tomate tiempo para aprender utilizarlo. Esta página te da una descripción de las opciones más comúnmente usadas. Debajo están otros recursos con una información más detallada sobre urpmi: ● http://www.urpmi.org/ : Página de buena documentación de urpmi en Francés y en Inglés. ● Páginas man: comprueba las páginas man para todas las opciones. Ésas son la fuente más actualizada de información. Junto a una introducción muy básica, esta página intenta cubrir lo qué no se cubre en las dos fuentes antedichas de información. Asumimos que sabes utilizar una página man y que has leído la página antedicha. Una vez que lo hayas hecho así, vuelve a esta página: hay más información sobre problemas no tan obvios que puede no funcionarte. Usando urpmi Lista rápida de tareas comunes Comando Que te dice urpmq -i xxx.rpm Información del programa urpmq -il xxx.rpm Información y los archivos que instala urpmq --changelog xxx.rpm changelog (cambios) urpmq -R xxx.rpm Que requiere este rpm urpmf ruta/a/archivo Que rpm proporciona este archivo rpm -q --whatprovides ruta/a/ similar a urpmf, pero trabaja con ambos hdlist.cz y synthesis.hdlist.cz archivo urpmi.update updates Actualizaciones disponibles desde sus fuentes de actualización Actualizaciones disponibles desde todas las fuentes urpmi (puede urpmc necesitar urpmi a urpmc primero) urpmq --list-media Lista los repositorios que tienes Todo lo que siempre quisiste saber sobre urpmi pero nunca te atreviste a preguntarlo Comando Que hace urpme xxxx Elimina el rpm (y dependencias) Muestra todos los rpms que coinciden con esta cadena.
    [Show full text]
  • Introduction to Fmxlinux Delphi's Firemonkey For
    Introduction to FmxLinux Delphi’s FireMonkey for Linux Solution Jim McKeeth Embarcadero Technologies [email protected] Chief Developer Advocate & Engineer For quality purposes, all lines except the presenter are muted IT’S OK TO ASK QUESTIONS! Use the Q&A Panel on the Right This webinar is being recorded for future playback. Recordings will be available on Embarcadero’s YouTube channel Your Presenter: Jim McKeeth Embarcadero Technologies [email protected] | @JimMcKeeth Chief Developer Advocate & Engineer Agenda • Overview • Installation • Supported platforms • PAServer • SDK & Packages • Usage • UI Elements • Samples • Database Access FireDAC • Migrating from Windows VCL • midaconverter.com • 3rd Party Support • Broadway Web Why FMX on Linux? • Education - Save money on Windows licenses • Kiosk or Point of Sale - Single purpose computers with locked down user interfaces • Security - Linux offers more security options • IoT & Industrial Automation - Add user interfaces for integrated systems • Federal Government - Many govt systems require Linux support • Choice - Now you can, so might as well! Delphi for Linux History • 1999 Kylix: aka Delphi for Linux, introduced • It was a port of the IDE to Linux • Linux x86 32-bit compiler • Used the Trolltech QT widget library • 2002 Kylix 3 was the last update to Kylix • 2017 Delphi 10.2 “Tokyo” introduced Delphi for x86 64-bit Linux • IDE runs on Windows, cross compiles to Linux via the PAServer • Designed for server side development - no desktop widget GUI library • 2017 Eugene
    [Show full text]
  • Get Smart Get Smart
    KNOW-HOW Smart Package Manager The fast and sensible Smart package manager GETGET SMARTSMART The package manager is one of the central components on any Linux system. If you have a system with unre- liable package management – such as Suse Linux 10.1 – you may want to consider the Smart alternative. BY MARCEL HILZINGER he true test of a package manager important focus of the Smart project -- means for adding new package and re- is how the tool resolves depen- and an important reason why the Smart pository formats. Tdencies. Smart is one of the best developers believe their tool is different. package managers around for navigating When it comes to dependencies, Smart Installation through dependency issues. The Smart does not just use the easiest and most The easiest way to install Smart is to use package manager does not depend on obvious solution but actually weighs your existing package manager, assum- any specific distribution, and it can han- every possible option using a policy- ing you have an Internet connection. dle more than ten repository formats. based priority system. In some cases, the Ubuntu users can run the sudo apt-get Smart comes with the smart command “best” solution may depend upon the install smartpm command to install the line tool, the Smart shell (smart -shell), goal. For instance, if you are performing package from the Universe repository. and a graphical user interface (Figure 1), an upgrade, Smart may not choose the Users with Fedora Core 5 will find Smart which you can launch by entering smart most recent version of a package if an in- in the extras repository; just type yum --gui.
    [Show full text]
  • Happy Birthday Linux
    25 Jahre Linux! Am Anfang war der Quellcode Entstehungsgeschichte und Werdegang von Linux Entwicklung und Diversifizierung der Distributionen Der Wert von Linux oder: „Wat nix kost, dat is och nix.“ Andreas Klein ORR 2016 1 Am Anfang war der Quellcode (70er) ● 1969, Ken Thompson u. Dennis Ritchie erstellen die erste Version von Unix in Assembler. ● Von 1969-1971 entwickeln sie gemeinsam die Programmiersprache B. ● Ab 1971 erweiterte in erster Linie Dennis Ritchie B, um weitere Elemente und nannte sie Anfangs NB (new B). ● 1973 waren die Erweiterungen soweit gediehen, das er die stark verbesserte Sprache C nannte (Brian W. Kernighan hat ebenfalls maßgeblich dazu beigetragen). //Unix=25 PCs ● Bis 1974 war das gesamte Betriebssystem UNIX vollständig in C implementiert und wurde mit einem C-Compiler kostenfrei an verschiedene Universitäten verteilt. ● 1978 wurden bereits über 600 Computer mit dem UNIX-Betriebssystemen betrieben. ● Das aufblühende Zeitalter der Computerisierung der 70er Jahre war geprägt vom regen und freien Austausch von Programmen und dessen zugrunde liegenden Ideen. Sinnvoller Weise tauschte man diese als Quellcode untereinander aus. ● 1979 wurde von AT&T die letzte UNIX-Version 7, mit freiem Quellcode veröffentlicht. Andreas Klein ORR 2016 2 Am Anfang war der Quellcode (80er) ● 1980 – 1983 AT&T sowie zahlreiche andere Unternehmen beginnen mit der Kommerzialisierung von UNIX, durch Koppelung an stark beschränkenden Lizenzen und Geheimhaltung des zugrunde liegenden Quelltextes. ● Richard Stallman kündigt am 27. September 1983 in den Newsgroups net.unix-wizards und net.usoft das GNU-Projekt an. ● Am 5. Januar 1984 begann Stallman offiziell mit der Arbeit am GNU-Projekt, nachdem er seine Stelle am MIT gekündigt hatte.
    [Show full text]
  • CIT 470: Advanced Network and System Administration Slide #1 CIT 470: Advanced Network and System Administration Slide #2
    Topics 1. The Problem of Software Installation 2. Package Management Systems CIT 470: Advanced Network and 3. Using RPM System Administration 4. Finding RPMs Package Management 5. Building RPMs CIT 470: Advanced Network and System Administration Slide #1 CIT 470: Advanced Network and System Administration Slide #2 Software Installation What’s the problem? 1. Customization What prerequisites does your software have? Select options like language. What prereqs do your prereq packages have? Select file set. How do you handle conflicts? What if two programs install/modify same file? 2. Install new files in appropriate locations. Does your install work on every type of computer? 3. Modify existing configuration files. How do you handle upgrades? 4. Make software available to user. What if user has customized configuration? Shell configuration (PATH, etc.) What if ownerships/permissions have changed? GUI configuration (menu, icons, etc.) What if user needs old and new versions? How do you uninstall software? CIT 470: Advanced Network and System Administration Slide #3 CIT 470: Advanced Network and System Administration Slide #4 Package Manager Features UNIX Package Management Systems • Build management. deb: Debian system uses dpkg and APT. • Dependency tracking. pkgadd: Solaris packaging system. • Querying. portage: Gentoo uses with emerge. • Reversibility. ports: BSD ports system. • Verification. RPM: Redhat packaging system. • Version control. tgz: Tarballs used by Slackware. CIT 470: Advanced Network and System Administration Slide #5 CIT 470: Advanced Network and System Administration Slide #6 1 RPM RPM Package Names RPM Package Manager <name>-<version>-<release>.<arch>.rpm – Originally stood for Red Hat Package Manager – Came with Red Hat Linux 2.0 in 1995.
    [Show full text]
  • Monthly Newsletter of the Washington Area Computer User Group
    TheMonthly NewsletterCursor of the Washington Area Computer User Group Meeting Location Next Meeting: OLLI, 4210 Roberts Road, December 11, 2010 Fairfax, VA Presidential Bits by Geof Goodrum, President WACUG, [email protected] I want to express my deepest thanks to Rob Pegoraro, Washington Post tech columnist, for stepping in with only a couple of days notice to give a presentation on “Setting Up a New Home Computer” at the November meeting. Gabe Goldberg, who was scheduled to demonstrate some of his favorite software utilities at the meeting, was unable to attend and contacted Rob on behalf of WAC and OPCUG. Rob's talk gave him a chance to go over a draft column planned for the Post in December and pick up ideas from the audience. Since I don't want to take away from Rob's article, I will only summarize by saying that he gave advice about add-ons such as Java and Flash, how to migrate files and applications between Windows and Mac OSX upgrades, selection of web browsers, backup software, and Table of Contents anti-malware programs. Rob also gave us a glimpse of the Apple Mac Air notebook and the Samsung Galaxy Tab. I highly recommend keeping an eye Lloyd’s Web Sites out for Rob's column in the Fast Forward section of the Post, as you are sure for December ...................2 to see some of the audience's comments reflected in the article (he was fre- GNU/Linux SIG .............3 quently jotting notes during the meeting). I do apologize that WAC was not Annual Election and nom- able to give Rob's talk the advance promotion that it deserved.
    [Show full text]
  • Sabayon Linux 5.4
    Sabayon Linux 5.4 Sabayon L inux yang dibangun berdasarkan distro Gentoo Linux meluncurkan versi 5.4 yang dioptimalkan untuk Desktops menggunakan Kernel Linux 2.6.35. Di lumbung repositorinya juga disediakan Kernel yang dioptimalkan untuk server. Berbeda dengan Gentoo Linux yang langsung dikompilasi dari kode sumbernya saat instalasi yang memakan waktu cukup lama, Sabayon Linux dapat diinstalasi dalam waktu singkat. Menurut pengembangnya, instalasi Sabayon Linux 5.4 dapat dituntaskan tidak lebih dari sepuluh menit. Media instalasi Sabayon 5.4 menyediakan pilihan lingkungan Desktop baik GNOME 2.30 atau KDE 4.5.1. Sebagai sistem berkas standar digunakan Ext4, disamping mendukung Btrfs. Sebagai pengelola paket software disediakan Entropy-Framework baru yang dapat memasang paket binari di komputernya dengan cepat. Sebagai alternatif juga masih tersedia sistem Portage, yang mampu mengkompilasi program dan dioptimalkan dengan hardware. Paket lain yang disertakan termasuk X.Org 7.5 dan OpenOffice.org 3.2, kemudian Media-Center XBMC sebagai aplikasi multimedia dan Game demo World of Goo sebagai pengisi kegiatan saat jeda. Sekitar 1.000 paket aplikasi telah diaktualisasi dan 100 kekliruan telah diluruskan sejak versi 5.3 terakhir. Kebutuhan hardware minimal untuk Sabayon 5.4 adalah prosesor i686-kompatibel, 512 MB RAM dan 8 GB spasi harddisk. Media diterbitkan baik untuk arsitektur 32 maupun 64-B it. Fitur utama Sabayon Linux 5.4: • Linux kernel 2.6.35 (dioptimalkan untuk desktops); • Extra kernel packages disediakan di lumbung repositories (Server-optimized,
    [Show full text]
  • Software Packages (Not Only) in Linux
    Software Packages (not only) in Linux Michal Hruˇseck´y openSUSE Team @ SUSE May 13, 2013 1 of 28 Introduction Who am I? • used to maintain build of distribution from OpenEmbedded • maintainer of MySQL packages in openSUSE/SLE • Gentoo developer ) package maintainer for past seven years for various distributions What is the talk about? • packaging and software packages - what, why and how 1 of 28 Software Packages - what and why 2 of 28 What is software package? • archive with files to be installed • metadata for package manager • most common are .rpm and .deb Usual metadata: • description • license • dependencies • extra installation instructions • checksums 2 of 28 Why do we need them? Convenience • easy installation • easy update • clean uninstall • easy distribution of software Security • avoid development tools on production machines • detect tempering 3 of 28 Life without packages • Get a tarball • Find out dependencies • Build and install dependencies • Build and install package itself ◦ ./configure --prefix=/usr --enable-this n --disable-that --with-lib=there ◦ make ◦ fix what is broken ◦ make install ◦ try it ◦ make uninstall ◦ clean up left-overs 4 of 28 Life with packages • pkg-manager install pkg • pkg-manager remove pkg 5 of 28 RPM 6 of 28 Basic information • one of the oldest in Linux world • created in 1997 for RedHat • used by various distributions ◦ RedHat/Fedora and derivates ◦ openSUSE/SLE, Mandriva/Mageia, Meego, . • several frontends to make operations easier ◦ yum - used by RedHat/Fedora and derivates ◦ zypper - used by openSUSE/SLE and Meego ◦ urpmi - used by Mandriva/Mageia 6 of 28 File format • 32 bytes lead (magic, rpm version, type of package, architecture) • signature • header ◦ name, version and release ◦ license ◦ summary ◦ description ◦ changelog ◦ requires and provides ◦ file list with rights, md5s and more • archive ◦ cpio, compressed by gzip, bzip2, xz, .
    [Show full text]
  • Ocrmypdf Documentation Release 11.0.1 James R. Barlow
    ocrmypdf Documentation Release 11.0.1 James R. Barlow 2020-08-18 Contents 1 Introduction 3 2 Release notes 7 3 Installing OCRmyPDF 41 4 PDF optimization 53 5 Installing additional language packs 55 6 Installing the JBIG2 encoder 57 7 Cookbook 59 8 OCRmyPDF Docker image 65 9 Advanced features 69 10 Batch processing 75 11 Performance 83 12 PDF security issues 85 13 Common error messages 89 14 Using the OCRmyPDF API 91 15 Plugins 95 16 API Reference 103 17 Contributing guidelines 109 18 Indices and tables 111 Python Module Index 113 Index 115 i ii ocrmypdf Documentation, Release 11.0.1 OCRmyPDF adds an optical charcter recognition (OCR) text layer to scanned PDF files, allowing them to be searched. PDF is the best format for storing and exchanging scanned documents. Unfortunately, PDFs can be difficult to modify. OCRmyPDF makes it easy to apply image processing and OCR to existing PDFs. Contents 1 ocrmypdf Documentation, Release 11.0.1 2 Contents CHAPTER 1 Introduction OCRmyPDF is a Python 3 application and library that adds OCR layers to PDFs. 1.1 About OCR Optical character recognition is technology that converts images of typed or handwritten text, such as in a scanned document, to computer text that can be selected, searched and copied. OCRmyPDF uses Tesseract, the best available open source OCR engine, to perform OCR. 1.2 About PDFs PDFs are page description files that attempts to preserve a layout exactly. They contain vector graphics that can contain raster objects such as scanned images. Because PDFs can contain multiple pages (unlike many image formats) and can contain fonts and text, it is a good formats for exchanging scanned documents.
    [Show full text]
  • Oracle VM Virtualbox User Manual
    Oracle VM VirtualBox R User Manual Version 4.0.26 c 2004-2014 Oracle Corporation http://www.virtualbox.org Contents 1 First steps 9 1.1 Why is virtualization useful?............................. 10 1.2 Some terminology................................... 10 1.3 Features overview................................... 11 1.4 Supported host operating systems.......................... 13 1.5 Installing VirtualBox and extension packs...................... 14 1.6 Starting VirtualBox.................................. 15 1.7 Creating your first virtual machine......................... 16 1.8 Running your virtual machine............................ 19 1.8.1 Starting a new VM for the first time.................... 19 1.8.2 Capturing and releasing keyboard and mouse.............. 19 1.8.3 Typing special characters.......................... 21 1.8.4 Changing removable media......................... 21 1.8.5 Resizing the machine’s window...................... 22 1.8.6 Saving the state of the machine...................... 22 1.9 Snapshots....................................... 23 1.9.1 Taking, restoring and deleting snapshots................. 23 1.9.2 Snapshot contents.............................. 25 1.10 Virtual machine configuration............................ 26 1.11 Removing virtual machines.............................. 26 1.12 Importing and exporting virtual machines..................... 26 1.13 Alternative front-ends................................. 28 2 Installation details 29 2.1 Installing on Windows hosts............................. 29 2.1.1
    [Show full text]