Update: We have a method working thanks to greg roll. This method is much easier than all of the initial installation steps for the SDK method.
Here are detailed instructions...
http://www.webos-internals.org/wiki/...talling_An_Ipk
See post for other methods that could still be pursued.
Original initiative posted...
Originally Posted by :
Ping
xorg@borg:/# ping thecollective.borg.com
Pinging the collective for a new mission. The United Federation of Palm has plugged the email link method for installing apps with webOS 1.04. The new mission is to find another way to load apps on a stock Pre w/out needing to use the SDK or rooting the phone. For those fully assimilated, share your ideas with the collective and let's operate as a single hive mind.
Hella lame, enough of that, on to the good stuff…
Purpose
Provide homebrewers a way to widely distribute apps, allowing easy install for the average consumer. The rooting and SDK methods are not exactly consumer oriented.
Goal
- Create a simple, consumer friendly, more secure way to load apps on a stock Pre
- Pre must be non-rooted
- No SDK installation (though simplifying that method could be a start)
Ideas to Explore...
Mimic the SDK install method w/out SDK
greg_roll discovered that the SDK method pushes this command with palm-install...
luna-send -i palm://com.palm.appinstaller/installNoVerify '{"target": "/media/internal/developer/FILENAME.ipk", "subscribe": true}'
More here. I dropped an ipk in /media/internal/developer (the USB drive) and ran this command from root and it installed.
Perhaps this command can be executed with webOS Doctor only installed or maybe with just 3rd party novacom drivers. The curious thing about webOS Doctor is that it doesn't require Dev mode ('roar' pointed this out).
Update: We essentially have this working thanks to greg. Is much easier than all of the initial installation steps for the SDK method. See page 10 of this thread.
Here are detailed instructions...
http://predev.wikidot.com/installing...st-1-04-update
Loading via USB drive, triggered by external web page
Could an external web page be created that uses a <script> tag to reference JavaScript and execute an SDK installer command against an ipk that exists in /media/internal (the usb drive)? Or execute a provided shell script that the user puts in the usb drive with the ipk? The luna command above could then be pushed. I'm a unix/linux guy, not a web developer.
The user experience would then be to copy the ipk to the USB drive (with sh script if needed) and then visit a web page to complete install.
BTW, I also experimented with trying to trigger things in the web browser with file:///media/internal/index.html and the like with no luck. Browser doesn't appear to support it. Also tried palm:// commands. No luck so far but it could probably be looked into further.
Spoof download of real app
When downloading an app from the app store, it temporarily places the .ipk file in /media/internal/downloads, which is also accessible from the USB drive. When the file download completes, it unpackages in the same dir with a subdir of _tmp*(package name). Watch this folder while downloading an app from the app catalog. Also check out /var/log/messages for hints with what is going on.
I've been tinkering with placing a homebrew app in place of the original .ipk as well as in the _tmp dir. The Pre will overwrite the files no matter the permissions, but this is still worth looking further into. There are several challenges to this, but worth exploring more.
Look for USB folder
Look for code in the OS that may already allow loading apps if dropped in some USB folder that may not exist yet.
Spoof a valid resource ID to launch an ipk package
Check out /usr/palm/command-resource-handlers.json , which launches apps based on file extension or commands. While likely a stretch, if you rename a .ipk with the extension of an app that launches, maybe there is a way to get the launching app to trigger an install.
Tools
To search for a string through entire system...
find / -type f -exec grep -l "searchstring" {} \;
Or from directory you are standing in...
find . -type f -exec grep -l "searchstring" {} \;
To search files by file name...
find / -name "filename" -print
Check logs for clues when researching how something behaves...
/var/log (especially messages and installer.log, use 'tail -f' command to watch live)
The Collective
Please post your ideas for any of the above or any new approaches. If we operate as a hive, a collective with a single mind, we can get it done. Healthy, half-glass full collaboration and experimentation is key. You will be credited for any breakthrough that leads to a solution.
Attention Palm
I intend to keep this white hat and completely in the open. By placing in a public forum, all ideas will be known to you. PM me if you have a comment on the effort. I have sent an email to webos-security@palm to inform Palm this effort is in progress. - xorg
Attention Contributors
I have been in contact with Palm and they are aware of this initiative (and likely monitoring this thread). They seem to be OK with it as long as we keep it white hat. Please follow white hat guidelines if you want to participate. Also lookup responsible disclosure, which I've been trying to follow by making all ideas available to Palm as they progress.
Hopefully we'll find a way that allows apps to be very easily installed and requires a conscious effort by the end user, therefore being relatively more secure than the email link method. Maybe we can find the right balance of liberty and security that works effectively for Palm, end users/consumers and homebrewers.
In the meantime, for those who want to load apps via the SDK, here is that method...
http://forums.precentral.net/web-os-...pre-howto.html
Edit:
Also being tracked on the Dev Wiki...
pre dev wiki: Installing Apps on a Stock Pre (post 1.04 update)