Difference between revisions of "InkBox GUI user apps"
Line 1: | Line 1: | ||
This page describes the internals of InkBox GUI's user applications feature. | This page describes the internals of InkBox GUI's user applications feature. | ||
== Description == | == Description == | ||
This GUI feature permits the user to run digitally signed external Qt/FB applications available at https://23.163.0.39/bundles/inkbox/apps.<br>User applications in are executed in their own chroot jail, to prevent external access to parts of the filesystem and increase security. They are also mounted read-only, with some exceptions. | This GUI feature permits the user to run digitally signed external Qt/FB applications available at https://23.163.0.39/bundles/inkbox/apps.<br>User applications in are executed in their own chroot jail as an unpriviledged user, to prevent external access to parts of the filesystem and increase security. They are also mounted read-only, with some exceptions. | ||
== Application package == | == Application package == | ||
=== Contents === | === Contents === | ||
App packages have the <code>.isa</code> extension. Signature files (digests) have the <code>.isa.dgst</code> extension. A standard application package layout will look like this:<pre>. | App packages have the <code>.isa</code> extension. Signature files (digests) have the <code>.isa.dgst</code> extension. A standard application package layout will look like this:<pre>. | ||
├── app-data | ├── app-data | ||
├── app.json | |||
├── app-lib | ├── app-lib | ||
│ └── libzip.so | │ └── libzip.so | ||
├── dev | ├── dev | ||
├── etc | |||
│ └── passwd | |||
├── proc | ├── proc | ||
├── sanki | ├── sanki | ||
Line 15: | Line 18: | ||
├── sys | ├── sys | ||
└── system-lib</pre> | └── system-lib</pre> | ||
==== app.json ==== | |||
This file contains a description of the application in the JSON format that will be parsed by the GUI. A sample <code>app.json</code> may look like this:<pre>{ | |||
"app": { | |||
"Author": "John Doe", | |||
"AuthorContact": "johndoe@johndoe.com" | |||
"Enabled": true, | |||
"ExecPath": "SampleApp", | |||
"IconPath": "SampleApp.png", | |||
"Name": "SampleApp", | |||
"SupportedDevices": "all", | |||
"Version": "0.1-testing" | |||
} | |||
}</pre> | |||
==== <code>app-data</code> ==== | ==== <code>app-data</code> ==== | ||
This directory contains the only read-write part of the extension package. It is actually a bind mount of the related path <code>.apps-data/<app-name></code> in the exported USB mass storage. Applications can store their user data, such as preferences, files and stats, there.<br>Applications can access this location at <code>/app-data</code>. | This directory contains the only read-write part of the extension package. It is actually a bind mount of the related path <code>.apps-data/<app-name></code> in the exported USB mass storage. Applications can store their user data, such as preferences, files and stats, there.<br>Applications can access this location at <code>/app-data</code>. |
Revision as of 12:13, 21 May 2022
This page describes the internals of InkBox GUI's user applications feature.
Description
This GUI feature permits the user to run digitally signed external Qt/FB applications available at https://23.163.0.39/bundles/inkbox/apps.
User applications in are executed in their own chroot jail as an unpriviledged user, to prevent external access to parts of the filesystem and increase security. They are also mounted read-only, with some exceptions.
Application package
Contents
App packages have the .isa
extension. Signature files (digests) have the .isa.dgst
extension. A standard application package layout will look like this:
. ├── app-data ├── app.json ├── app-lib │ └── libzip.so ├── dev ├── etc │ └── passwd ├── proc ├── sanki ├── sanki.bin ├── sanki.png ├── sys └── system-lib
app.json
This file contains a description of the application in the JSON format that will be parsed by the GUI. A sample app.json
may look like this:
{ "app": { "Author": "John Doe", "AuthorContact": "johndoe@johndoe.com" "Enabled": true, "ExecPath": "SampleApp", "IconPath": "SampleApp.png", "Name": "SampleApp", "SupportedDevices": "all", "Version": "0.1-testing" } }
app-data
This directory contains the only read-write part of the extension package. It is actually a bind mount of the related path .apps-data/<app-name>
in the exported USB mass storage. Applications can store their user data, such as preferences, files and stats, there.
Applications can access this location at /app-data
.
app-lib
This directory contains the libraries the application needs to have to function properly. If it is based on Qt, there is no need to bundle it in there, as it will be provided in the system-lib directory. In this example, the application requires libzip.so
, so it has been put there. LD_LIBRARY_PATH
environment variable is automatically adjusted by the main launch script.
Applications can access this location at /app-lib
.
dev
This directory contains a mounted devtmpfs
filesystem used by the chroot.
proc
This directory contains a mounted proc
filesystem used by the chroot.
sys
This directory contains a mounted sysfs
filesystem used by the chroot.
system-lib
This directory contains the system's Qt libs and are made available so that the application can launch.
Applications can access this location at /system-lib
.
Other files
Those may include a main binary, a launch script and an application icon that will be read by the GUI.