I am developing a package manager for ICP.
After installing a new package, we need the user (the owner of the package manager) to open the frontend module of the package and manually finish its installation, because otherwise we don’t know the principal of the user in the given frontend.
That’s not just inconvenient, it prevents seamless automatic installation of package dependencies, because its possible to finish installation only manually.
Any proposals how to fix that? We need to change the IC protocol somehow. But what exactly do we need to change?
How is your package manager currently working? Are you injecting raw wasm? Or compiling from source? On the ic or off?
Of course I inject raw WASM. Of course it is meant that the WASM modules of a package are compiled by moc outside of IC.
Very cool. Am I assuming right that your package manger has some code “in” the canister as well as a front end served from it and thus when using II to mange it will never be able to know ahead of time what principal the installing user will have until the canister is is created and the domain is known?
Of course, the package manager (package icpack) has some code “in” the canister as well as a front end served from it.
But above I was talking about an installed package (such as package example), not the package manager itself.
Yes, I mean this: it will never be able to know ahead of time what principal the installing user will have until the canister is is created and the domain is known. But moreover, the user’s principal is unknown even when the canister is created and its principal is known. The user’s principal becomes known only after the user logs in.
Thus to finish the installation (know the owner of a canister newly created by the package manager), it’s necessary to wait till the user logs in.
If I want to install multiple packages, this is a problem: We need to make the user to login in each of the frontend canisters, what is at least inconvenient.
Need to invent something at IC core level to solve this problem.
Can you at least pass something known in?
Maybe a signature that the canisteR can say “I will delegate owner rights to this key” later? And then do a one time subnet delegation to switch things out later?
I can. But I can pass only through frontend, because otherwise the secret key will be visible to malicious replicas. Not very big harm, but they can at least complicate life of my users.
Also, to verify the key, the user needs to login anyway, don’t he?
Please, explain what is subnet delegation.
A signature would only expose the public key. Are these mostly devs that will be using it? You could put some kind of set up in their dev machine? If it is all on IC you could look at storing their key using vet keys and the app could download it anytime it needs it via some kind of config canister.
Subnet signing is the old way of getting signatures(non tecdsa). It is the way II and siwe works. Basically you put data in your canisters data and sign it. How to create a decentralized community neuron
No, it is for “normal” users, not devs only.
Could you explain your idea in more details? However, if it amounts to creating a PC/phone app and using it instead of apps in a browser, that’s unacceptable, because the users should rely on the security model of the browser not additional apps, and also it would be inconvenient to install additional apps.