InkBox GUI user apps
This page describes the internals of InkBox GUI's user applications feature.
Description
This GUI feature permits the user to run digitally signed external Qt/FB applications available at https://23.163.0.39/bundles/inkbox/apps.
User applications in are executed in their own chroot jail as an unpriviledged user, to prevent external access to parts of the filesystem and increase security. They are also mounted read-only, with some exceptions.
Application package
Contents
App packages have the .isa
extension. Signature files (digests) have the .isa.dgst
extension. A standard application package layout will look like this:
. ├── app-bin │ └── SampleApp │ └── SampleApp.sh ├── app-data ├── app-lib │ └── libzip.so ├── app-misc │ └── SampleApp.png ├── app-temp ├── dev ├── etc ├── mnt ├── proc ├── sys ├── system-bin └── system-lib
app-bin
This directory contains the application's binaries.
Applications can access this location at /app-bin
.
app-data
This directory contains the only read-write part of the extension package. It is actually a bind mount of the related path .apps-data/<app-name>
in the exported USB mass storage. Applications can store their user data, such as preferences, files and statistics, there.
Applications can access this location at /app-data
.
app-lib
This directory contains the libraries the application needs to have to function properly. If it is based on Qt, there is no need to bundle it in there, as it will be provided in the system-lib directory. In this example, the application requires libzip.so
, so it has been put there. LD_LIBRARY_PATH
environment variable is automatically adjusted by the main launch script.
Applications can access this location at /app-lib
.
app-misc
This directory contains miscellanous data about the application, such as its icon.
app-temp
This directory contains a mounted tmpfs
filesystem that the application can use to store temporary data, such as files, sockets or cache. Please note that the maximum storage space in this directory is 8 MiB, considering the low RAM amount the devices InkBox OS runs on generally have.
sys
This directory contains a mounted sysfs
filesystem used by the chroot.
dev
This directory contains a mounted devtmpfs
filesystem used by the chroot.
proc
This directory contains a mounted proc
filesystem used by the chroot.
etc
This directory contains a mounted tmpfs
filesystem used by the chroot.
mnt
This directory contains a mounted tmpfs
filesystem used by the chroot, namely for printing to the framebuffer.
system-lib
This directory contains the system's Qt libs and are made available so that the application can launch.
Applications can access this location at /system-lib
.
system-bin
This directory contains the system's binaries made available to the application (e.g. BusyBox).
Applications can access this location at /system-bin
.
GUI launch process
The main Qt GUI will launch the application in the chroot jail as an unpriviledged user, based on its JSON file's ExecPath
property. Once the program has finished running, the GUI will restart itself.
JSON application descriptor file
The app.json
file, located outside of the main application package but extracted in the same folder, contains information about the application, how to run it and what system features it requires that will be parsed by the GUI. A sample app.json
may look like this:
{ "app": { "Author": "John Doe", "AuthorContact": "johndoe@johndoe.com", "Enabled": true, "ExecPath": "/app-bin/SampleApp", "IconPath": "/app-misc/SampleApp.png", "Name": "SampleApp", "SupportedDevices": "all", "RequiredFeatures": [ 1 ], "Version": "0.1-testing" } }
Properties
Author
Property containing the application author's name.
AuthorContact
Property containing the application author's contact e-mail address or the application's issue tracker link.
Enabled
Property containing the application's current status in the main GUI.
ExecPath
Property containing the path to the main application's launch script. The recommended location for it is at /app-bin/SampleApp.sh
. See the related section below for more details.
IconPath
Property containing the path to the main application's icon.
Name
Property containing the name of the main application. It can be a full string with spaces.
SupportedDevices
Property containing an array of the application's supported devices. This can be, for example, [ "n236", "n437", "n306" ]
. If the application aims to support every device, this property must contain the "all"
string instead.
RequiredFeatures
Property containing an array of the application's required features. Features are functions of InkBox OS that are not always available based on user interaction (e.g. Wi-Fi connection). Below is a list of features that this property supports.
Feature identifier | Description |
0 | Wi-Fi connection required |
1 | Rooted kernel required |
A simple array for this property may be, for example, [ 0, 1 ]
. If the application requires no OS features, the array must be empty: [ ]
.
Application launch script
This file is the script that will be run (as an unpriviledged user) by the main GUI when the application is launched. It will be interpreted by busybox ash
, thus, no bash
-style extensions like arrays are supported.
This script, to ensure the application will launch and run properly, needs to meet the following requirements:
- Its shebang (first line of the script) needs to be
#!/system-bin/sh
. - The dynamic linker (
/system-lib/lib/ld-linux-armhf.so.3
) must be invoked first instead of directly executing the application's binary, otherwise it might not run.
Below are sample launch scripts you can use to set up your own GUI user application.
- For a Qt application:
#!/system-bin/sh env -i PATH="/system-bin" LD_LIBRARY_PATH="/system-lib/lib:/system-lib/qt/lib:/app-lib" QT_QPA_PLATFORM="kobo" /system-lib/lib/ld-linux-armhf.so.3 /app-bin/SampleApp
- For a non-Qt application:
#!/system-bin/sh env -i PATH="/system-bin" LD_LIBRARY_PATH="/system-lib/lib:/app-lib" /system-lib/lib/ld-linux-armhf.so.3 /app-bin/SampleApp
Backend setup
The service gui_apps
in the main root filesystem manages the setup of user applications.