Page 5 of 15 FirstFirst 12345678910 ... LastLast
Results 81 to 100 of 295
  1. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #81  
    i'm in irc at the moment.
  2. #82  
    Since SFF made some nice work on this yesterday i have started doing some research on this.

    Throughout today i was able to make my own packages and install them via the command line utility sff stated above. Every time i try emailing myself a link to my own app, it actually downloads the file to downloads, so something is failing on integrity/sig.

    I also found an integrity checker seemingly built into the OS to perform some type of MD5 baselining, but it is an intersting shell script for everyone to look into. "/usr/sbin/integcheck".

    @TheToad: I have been working on the same idea, the pre does store SSL certs locally and could be the key to having a list of CA's that could be used or a place where we can store our public key to "be a developer" that luna references. dunno though. I have been trying to install packages that do not even interface to LUNA (ie shell script) but it still only downloads it and doesnt execute, so i assume there is a middle man somewhere.

    By the way, Hi! i just started on this so i can help =p
  3. #83  
    Quote Originally Posted by thetoad View Post
    the idea is to figure out the complete set of options passed to openssl by lunasysmgr so we can figure out how it verifies the ipk.
    I see. I make a openssl shell script in it's place and rename my openssl to openssl.real...
  4. dog44's Avatar
    Posts
    138 Posts
    Global Posts
    143 Global Posts
    #84  
    Hey i changed my notification ringtone it removed the original but will not copy the new one in so now i have no sms ringtone how do i restore backup of the ringtone?
  5. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #85  
    also, could be a mime types issue.

    when you download the file from the cdn, it has this mime type

    application/x-debian-package

    my guess is that when one uses their own file on their own web server, it doesn't have that mime type so luna doesn't know to install it. that be the first thing to check b4 signing.
  6. #86  
    Quote Originally Posted by thetoad View Post
    so
    can someone with a pre write a littler wrapper around openssl so that all its options passed to it on exec() are dumped to disk so we can see how its called?
    Okay, I tried this, and validated the logging of the arguments by running openssl directly.

    But when I attempt to install speed-brain by tapping on a URL in an email message, I see this appear in /var/log/messages:

    2009-06-21T18:56:32.137229Z [71120] castle user.err LunaSysMgr: {LunaSysMgrJS} Error: NotificationAssistant.setFilter(a=45079976738827, f=78065325572134, m=59373627901248), file:///usr/palm/applications/com.palm.app.email/index.html:0

    ...and nothing in the OpenSSL argument log.

    I have yet to get anything installed following the email/URL process. I must be doing something wrong...
  7. #87  
    Here is my openssl dump...

    dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
  8. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #88  
    AddType application/x-debian-package .ipk might help if added to apache config if mime type issue.
  9. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #89  
    Quote Originally Posted by simplyflipflops View Post
    Here is my openssl dump...

    dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
    hmm, this would indcate that its passing the files to verify in over stdin.

    that make it harder to test.
  10. #90  
    I'm a little confused by what seems inconsistent results, but here's some more info using the OpenSSL argument capture process:

    Tapping a link to the speed-brain package on my private web server results in this in /var/log/messages:

    2009-06-21T19:11:08.122195Z [71996] castle user.crit fileindexer[1143]: Failed to get path details: /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/controlTmp

    The speed-brain ipk package was *not* copied to /media/internal/downloads, though the ipk package I constructed was when I tapped it's link.

    The OpenSSL argument log captured this, though, for speed-brain:

    dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/signature.sha1
  11. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #91  
    the speed-brain ipk is probably downloaded, extracted and deleted there (hence why the tmp stuff is there.

    as its not processing the manually created one, it just saves it there.
  12. #92  
    Quote Originally Posted by thetoad View Post
    the speed-brain ipk is probably downloaded, extracted and deleted there (hence why the tmp stuff is there.

    as its not processing the manually created one, it just saves it there.
    Ack! And there it (Speed Brain) is, in the launcher! So I believe you're right....

    I think I must have somehow screwed up the URLs in my email in the initial attempts.
  13. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #93  
    Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.

    What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
  14. #94  
    Quote Originally Posted by xorg View Post
    Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.

    What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
    Are you reinstalling a package you already have installed? It may be choking on the fact that there's already an app there. I tried to overwrite a package by reinstalling it and ipkg install coughed. Luna may not be smart enough to interpret this error as a cannot overwrite error and just assumes it's a path problem...
  15. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #95  
    Quote Originally Posted by xorg View Post
    Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.

    What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
    hard links probably negate need to time it right
  16. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #96  
    thanks to sff, we have with speed-brain, manual verification

    $ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
    Verified OK
  17. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #97  
    Quote Originally Posted by simplyflipflops View Post
    Are you reinstalling a package you already have installed? It may be choking on the fact that there's already an app there. I tried to overwrite a package by reinstalling it and ipkg install coughed. Luna may not be smart enough to interpret this error as a cannot overwrite error and just assumes it's a path problem...

    Yeah, I've been removing temp files in downloads as well as deleting it from Launcher.

    BTW, as you may already know. If the install is successful, it removes the ipk from downloads directory. If the install fails, the package stays in downloads.

    I was hoping placing packages in downloads would be an alternative install method, but I tried a stock app and there is nothing monitoring it. So the installer only deals with specific files in downloads on a specific trigger, not any file in downloads.
  18. xorg's Avatar
    Posts
    633 Posts
    Global Posts
    1,010 Global Posts
       #98  
    Quote Originally Posted by thetoad View Post
    thanks to sff, we have with speed-brain, manual verification

    $ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
    Verified OK
    Very good news. So can you generate?

    openssl req \
    -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
  19. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #99  
    so now we can test a self signed package.

    1) create a private key

    openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

    2) extract the public key

    openssl rsa -in mycert.pem -pubout > pubkey.pem

    3) sign your ipk

    cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -sign mycert.pem -out signature.sha1

    4) package it up with ar.

    try to install
  20. spotter's Avatar
    Posts
    316 Posts
    Global Posts
    327 Global Posts
    #100  
    I don't know if the above works, as can't test obviously
Page 5 of 15 FirstFirst 12345678910 ... LastLast

Posting Permissions