|
|
webOS Nation Forums > webOS apps and software > webOS development > Installing homebrew apps w/out rooting
1 2 3 4 5 6 7 8 9 10 ... Last
i'm in irc at the moment.
Since SFF made some nice work on this yesterday i have started doing some research on this.
Throughout today i was able to make my own packages and install them via the command line utility sff stated above. Every time i try emailing myself a link to my own app, it actually downloads the file to downloads, so something is failing on integrity/sig.
I also found an integrity checker seemingly built into the OS to perform some type of MD5 baselining, but it is an intersting shell script for everyone to look into. "/usr/sbin/integcheck".
@TheToad: I have been working on the same idea, the pre does store SSL certs locally and could be the key to having a list of CA's that could be used or a place where we can store our public key to "be a developer" that luna references. dunno though. I have been trying to install packages that do not even interface to LUNA (ie shell script) but it still only downloads it and doesnt execute, so i assume there is a middle man somewhere.
By the way, Hi! i just started on this so i can help =p
Throughout today i was able to make my own packages and install them via the command line utility sff stated above. Every time i try emailing myself a link to my own app, it actually downloads the file to downloads, so something is failing on integrity/sig.
I also found an integrity checker seemingly built into the OS to perform some type of MD5 baselining, but it is an intersting shell script for everyone to look into. "/usr/sbin/integcheck".
@TheToad: I have been working on the same idea, the pre does store SSL certs locally and could be the key to having a list of CA's that could be used or a place where we can store our public key to "be a developer" that luna references. dunno though. I have been trying to install packages that do not even interface to LUNA (ie shell script) but it still only downloads it and doesnt execute, so i assume there is a middle man somewhere.
By the way, Hi! i just started on this so i can help =p
Originally Posted by thetoad:
the idea is to figure out the complete set of options passed to openssl by lunasysmgr so we can figure out how it verifies the ipk.
I see. I make a openssl shell script in it's place and rename my openssl to openssl.real...the idea is to figure out the complete set of options passed to openssl by lunasysmgr so we can figure out how it verifies the ipk.
Hey i changed my notification ringtone it removed the original but will not copy the new one in so now i have no sms ringtone how do i restore backup of the ringtone?
also, could be a mime types issue.
when you download the file from the cdn, it has this mime type
application/x-debian-package
my guess is that when one uses their own file on their own web server, it doesn't have that mime type so luna doesn't know to install it. that be the first thing to check b4 signing.
when you download the file from the cdn, it has this mime type
application/x-debian-package
my guess is that when one uses their own file on their own web server, it doesn't have that mime type so luna doesn't know to install it. that be the first thing to check b4 signing.
Originally Posted by thetoad:
so
can someone with a pre write a littler wrapper around openssl so that all its options passed to it on exec() are dumped to disk so we can see how its called?
Okay, I tried this, and validated the logging of the arguments by running openssl directly.so
can someone with a pre write a littler wrapper around openssl so that all its options passed to it on exec() are dumped to disk so we can see how its called?
But when I attempt to install speed-brain by tapping on a URL in an email message, I see this appear in /var/log/messages:
2009-06-21T18:56:32.137229Z [71120] castle user.err LunaSysMgr: {LunaSysMgrJS} Error: NotificationAssistant.setFilter(a=45079976738827, f=78065325572134, m=59373627901248), file:///usr/palm/applications/com.palm.app.email/index.html:0
...and nothing in the OpenSSL argument log.
I have yet to get anything installed following the email/URL process. I must be doing something wrong...
Here is my openssl dump...
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
AddType application/x-debian-package .ipk might help if added to apache config if mime type issue.
Originally Posted by simplyflipflops:
Here is my openssl dump...
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
hmm, this would indcate that its passing the files to verify in over stdin.Here is my openssl dump...
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.markspace.missingsync_0.9.12_all_signed.ipk/signature.sha1
that make it harder to test.
I'm a little confused by what seems inconsistent results, but here's some more info using the OpenSSL argument capture process:
Tapping a link to the speed-brain package on my private web server results in this in /var/log/messages:
2009-06-21T19:11:08.122195Z [71996] castle user.crit fileindexer[1143]: Failed to get path details: /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/controlTmp
The speed-brain ipk package was *not* copied to /media/internal/downloads, though the ipk package I constructed was when I tapped it's link.
The OpenSSL argument log captured this, though, for speed-brain:
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/signature.sha1
Tapping a link to the speed-brain package on my private web server results in this in /var/log/messages:
2009-06-21T19:11:08.122195Z [71996] castle user.crit fileindexer[1143]: Failed to get path details: /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/controlTmp
The speed-brain ipk package was *not* copied to /media/internal/downloads, though the ipk package I constructed was when I tapped it's link.
The OpenSSL argument log captured this, though, for speed-brain:
dgst -sha1 -verify /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/pubkey.pem -signature /media/internal/downloads/_tmpdir_com.lumoslabs.speed-brain_0.9.13_all_signed.ipk/signature.sha1
the speed-brain ipk is probably downloaded, extracted and deleted there (hence why the tmp stuff is there.
as its not processing the manually created one, it just saves it there.
as its not processing the manually created one, it just saves it there.
Originally Posted by thetoad:
the speed-brain ipk is probably downloaded, extracted and deleted there (hence why the tmp stuff is there.
as its not processing the manually created one, it just saves it there.
Ack! And there it (Speed Brain) is, in the launcher! the speed-brain ipk is probably downloaded, extracted and deleted there (hence why the tmp stuff is there.
as its not processing the manually created one, it just saves it there.
So I believe you're right....I think I must have somehow screwed up the URLs in my email in the initial attempts.
Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
Originally Posted by xorg:
Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
Are you reinstalling a package you already have installed? It may be choking on the fact that there's already an app there. I tried to overwrite a package by reinstalling it and ipkg install coughed. Luna may not be smart enough to interpret this error as a cannot overwrite error and just assumes it's a path problem...Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
Originally Posted by xorg:
Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
hard links probably negate need to time it right Yes, downloaded apps go to /media/internal/downloads temporarily. If you do an iterative loop of ls on that folder while downloading, you'll see it for a while (after download, during install). BTW, this also happens while downloading from the ApP Catalog and you can make a copy of any package if you time it right.
What I find strange is that even an untampered package still gets those "failed to get path details" in the log even though it works successfully.
thanks to sff, we have with speed-brain, manual verification
$ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
Verified OK
$ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
Verified OK
Originally Posted by simplyflipflops:
Are you reinstalling a package you already have installed? It may be choking on the fact that there's already an app there. I tried to overwrite a package by reinstalling it and ipkg install coughed. Luna may not be smart enough to interpret this error as a cannot overwrite error and just assumes it's a path problem...
Are you reinstalling a package you already have installed? It may be choking on the fact that there's already an app there. I tried to overwrite a package by reinstalling it and ipkg install coughed. Luna may not be smart enough to interpret this error as a cannot overwrite error and just assumes it's a path problem...
Yeah, I've been removing temp files in downloads as well as deleting it from Launcher.
BTW, as you may already know. If the install is successful, it removes the ipk from downloads directory. If the install fails, the package stays in downloads.
I was hoping placing packages in downloads would be an alternative install method, but I tried a stock app and there is nothing monitoring it. So the installer only deals with specific files in downloads on a specific trigger, not any file in downloads.
Originally Posted by thetoad:
thanks to sff, we have with speed-brain, manual verification
$ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
Verified OK
Very good news. So can you generate?thanks to sff, we have with speed-brain, manual verification
$ cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1
Verified OK
openssl req \
-newkey rsa:1024 -keyout mycert.pem -out mycert.pem
so now we can test a self signed package.
1) create a private key
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
2) extract the public key
openssl rsa -in mycert.pem -pubout > pubkey.pem
3) sign your ipk
cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -sign mycert.pem -out signature.sha1
4) package it up with ar.
try to install
1) create a private key
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
2) extract the public key
openssl rsa -in mycert.pem -pubout > pubkey.pem
3) sign your ipk
cat control.tar.gz data.tar.gz debian-binary | openssl dgst -sha1 -sign mycert.pem -out signature.sha1
4) package it up with ar.
try to install
I don't know if the above works, as can't test obviously
1 2 3 4 5
6 7 8 9 10
...
Last
webOS Nation Forums > webOS apps and software > webOS development > Installing homebrew apps w/out rooting
