Re: Application Manager scripting, second try
ext Kees Jongenburger [EMAIL PROTECTED] writes: On 2/27/07, Marius Vollmer [EMAIL PROTECTED] wrote: ext Kees Jongenburger [EMAIL PROTECTED] writes: What happens if the .install file wants to replace the uri or name of a catalogue? Is this considered a security risk? Can you elaborate, with an example maybe? Catalogues are replaced as one unit and the user can review the details of the new dialog when it is added (except in the card_install interaction flow). I am just worried. Even if people are not bad , it just takes one typo in one install to brake the system and replace the repository.maemo.org bora extra's repository with a non working one Hmm, I am afraid I still need more details to understand fully what you have in mind. Can you give a step-by-step list of what might happen and what would be bad about it? For example: - User clicks on foo.install on downloads.maemo.org - Application Manager adds the maemo Extras repository with components free non-free and installs the foo package - User removes the free component from the maemo Extras catalogue configuration - Updates for foo will no longer be available Note that in order for catalogues to be considered 'the same', they right now have to have the same uri, dist, and component strings. Maybe we should try to be smarter an merge catalogues with different components but equal uris and dists somehow, but I don't want to get too clever. My idea is that the user either doesn't care about the Application Catalogues dialog at all and is happy with what s/he gets from .install files, or s/he knows what's going on and is not confused. ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Application Manager scripting, second try
On 2/27/07, Marius Vollmer [EMAIL PROTECTED] wrote: ext Kees Jongenburger [EMAIL PROTECTED] writes: What happens if the .install file wants to replace the uri or name of a catalogue? Is this considered a security risk? Can you elaborate, with an example maybe? Catalogues are replaced as one unit and the user can review the details of the new dialog when it is added (except in the card_install interaction flow). Hello I am just worried. Even if people are not bad , it just takes one typo in one install to brake the system and replace the repository.maemo.org bora extra's repository with a non working one Idem ,. what happens if only some of the the components are removed? greetings ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Application Manager scripting, second try
Hi Mariuses and all, I must say that I like this second try better :D One thing that I wondered is that could the Adding catalogues interaction flow be handled with the same [install] group syntax as the second Installing a package from the network catalogues flow. With the difference that the [install] group would only have a `catalogues' key and no `package' key. But at a second thought it might be a bit confusing if the catalogues are treated differently in these two cases... On Mon, Feb 26, 2007 at 08:42:23PM +0100, Kees Jongenburger wrote: For example, the following file will offer to install the `maemofoo` package from the Foobar catalogue: [install] catalogues = foobar package = maemofoo [foobar] name = Foobar Catalogue name[en_GB] = Foobar Catalogue name[de_DE] = Foobar Katalog uri = http://foobar.com/repository components = main I would try to make the file more self describing so that that you really can create a syntax for it. therefore I would replace the [foobar] with [catalogue]. does the glib ini file parser allow mutiple init entries with the same name? Nope, it does not allow multiple groups with same name. [catalogue] id = foobar name = Foobar Catalogue name[nl_NL] = . Yet another possibility would be to name the catalogue groups like this: [catalogue foobar] name = ... Perhaps it would be more descriptive but I don't have a really strong preference here. Cheers, Jari -- Jari Tenhunen, stardate [-29]7206.34 :wq ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Application Manager scripting, second try
ext Kees Jongenburger [EMAIL PROTECTED] writes: ### Adding catalogues. Each catalogue is considered in turn and the user is asked whether to add it or not. When it should be added and a catalogue is already configured in the Application Manager that is equal to the one considered, the configured catalogue is removed first. When the user declines the adding, the next catalogue is considered. What happens if the .install file wants to replace the uri or name of a catalogue? Is this considered a security risk? Can you elaborate, with an example maybe? Catalogues are replaced as one unit and the user can review the details of the new dialog when it is added (except in the card_install interaction flow). [sdk] name = maemo SDK catalogue uri = http://repository.maemo.org/ components = free non-freees I still think this all looks way to much like debian , nobody in theire right mind would create an installer with different components, repositories. Well, we use the Debian package management tools, so we have to do things the way they do it. And I don't actually see what's bad about it. Right now, we have to struggle with a lot of repositories, but in an ideal world, you shouldn't need to worry about repositories much if at all. Ubuntu and Debian have much more softweare available than we do, and they do it all without repository fragmentation. The most difficult tjing with their repositories is deciding which mirror to use... [...] If possible I would present the user with a list of changes that are going to happen -add repo bla -update repo x -install libsqlite3 from maemo-repo -install maemo-mapper from contributors-repo (ok/cancel) Except for the source of a package, you can get this information already. Also, I wouldn't expect users to care about this level of detail. Is a package allowed to have both a file_uri and a weburi? Packages don't have URIs, catalogues (repositories) have. A catalogue can must have exactly one of uri and file_uri, depending on the context it is used in. would there be some autorun.bat file on the media card? is there a format that just gets executed from the file manager? The .deb packages can run scripts at various stages during installation, updating and removing. See the Debian Policy Manual for details. ### Compatibility with IT OS 2007. In addition to the format described above, the Hildon Application Manager also understands the old .install files from IT OS 2007. why is it Hildon Application Manager and not Maemo Application Manager? No really strong reason, but it is part of the Hildon Desktop environment, which in turn is part of maemo. Other components of the Hildon Desktop are the Hildon Home, Hildon Statusbar, Hildon Widgets, etc. where URI, DIST, and COMPONENTS are parsed out of DEB, as appropriate. Are we thinking planing on automatic server side enhancements to the .install file, if not when does the deb get parsed? I think you misunderstand. Parsing stuff out of DEB was referring to how the old style maemo_deb = deb http://foobar.com bora main is translated to uri = http://foobar.com dist = bora components = main DEB is just a variable used in the text, it is not referring to a .deb package. The main thing really is that I would not allow all these catalogue information and translations to end up in the .install files. I will be a mess in no time. Let's see. One point of the design is to avoid the need for centralized maintenance. ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Application Manager scripting, second try
On Mon, Feb 26, 2007 at 07:54:07PM +0200, Marius Vollmer wrote: This time, I don't try to be more general than needed. I hope that this version is a nice incremental improvement to the existing way of doing things. To put things into context, let me briefly list the new features: - You can have more than one catalogue in the .install file. - Catalogue names can be localized. - There is a special mode for installing stuff from a memory card. ... A group describing a catalogue can contain the following keys: ... - `dist` The distribution of the `deb` line that will be added to `sources.list` for this catalogue. If you omit it, it will default to the distribution corresponding to the IT OS release on the device. The fact that the distribution should be selected automatically is remembered by the Application Manager. For example, if you make a backup that contains a catalogue with automatic distribution selection and restore it on a different IT OS release, the distribution for the new version will be used automatically. It would be good to clarify whether mistral, scrirocco, and gregale are considered to be different distributions, or if they all use the name 'mistral'. ... ### Adding catalogues. This interaction flow is controlled by the catalogues group. This group has one mandatory key, catalogues, and no optional ones. The catalogues key is a list of strings that refer to the catalogue groups that describe the catalogues to be added. How are the strings in the list separated? I would expect spaces or commas, but in your examples you use semicolons. Is that something standard for GKeyFiles? Example: [catalogues] catalogues = extras; sdk ... ### Installing a package This interaction flow is controlled by the install group. This group has one mandatory key, package, and a optional one, catalogues. The package key gives the name of the package to install. So it is impossible to write a single .install file that installs multiple packages? I'm trying to imagine a use case for that... Still trying... The only idea that comes into mind is some uber-user crafting a .install file containing all her favourite applications for single-click reinstalling after a reflash. Packages who want to create bundles are probably better off writing meta-packages. Marius Gedminas -- The memory management on the PowerPC can be used to frighten small children. -- Linus Torvalds signature.asc Description: Digital signature ___ maemo-developers mailing list maemo-developers@maemo.org https://maemo.org/mailman/listinfo/maemo-developers
Re: Application Manager scripting, second try
Hello Marius ### Overview The Application Manager offers some pre-defined 'interaction flows' that can be controlled with a .install file. Such a .install file is a text file following the GKeyfile format, as defined by glib. I like this approach very much. (convention over configuration) For example, the following file will offer to install the `maemofoo` package from the Foobar catalogue: [install] catalogues = foobar package = maemofoo [foobar] name = Foobar Catalogue name[en_GB] = Foobar Catalogue name[de_DE] = Foobar Katalog uri = http://foobar.com/repository components = main I would try to make the file more self describing so that that you really can create a syntax for it. therefore I would replace the [foobar] with [catalogue]. does the glib ini file parser allow mutiple init entries with the same name? [catalogue] id = foobar name = Foobar Catalogue name[nl_NL] = . As explained below, omitting the dist key means that the 'current' distribution will be used. ### Catalogues ### Adding catalogues. Each catalogue is considered in turn and the user is asked whether to add it or not. When it should be added and a catalogue is already configured in the Application Manager that is equal to the one considered, the configured catalogue is removed first. When the user declines the adding, the next catalogue is considered. What happens if the .install file wants to replace the uri or name of a catalogue? Is this considered a security risk? [sdk] name = maemo SDK catalogue uri = http://repository.maemo.org/ components = free non-freees I still think this all looks way to much like debian , nobody in theire right mind would create an installer with different components, repositories. They would also not let the package management system tell then where to download the deb , they would just list the direct uri's /.install files for all the dependent packages. . Each catalogue is considered in turn and when it there isn't already a catalogue configured that is equal to it, the user is informed that it needs to be added and is asked for confirmation. Alternatively, when a catalogue is already present but disabled, the user is informed that it needs to be enabled and is asked for confirmation. When the user confirms, the catalogue is added and processing continues. When s/he declines, processing of the .install file stops and the changes to the configured catalogues that have been made for it are reverted. I tried to install maemo-mapper for the n770 this week-end, it did not contain a it2006 repository and the installer just told me the installation failed. I think you are right it should be an all or nothing situation. currently even after those steps are completed. the install still can fail because some deps are missing. If possible I would present the user with a list of changes that are going to happen -add repo bla -update repo x -install libsqlite3 from maemo-repo -install maemo-mapper from contributors-repo (ok/cancel) The packages key lists the names of packages that can be installed from the memory card, using the card_catalogues. Installation of the packages happens in a temporary environment: in this environment, the normally configured catalogues are not available, only the catalogues listed by the card_catalogues key are configured. All of these catalogues must use file_uri instead of uri. Is a package allowed to have both a file_uri and a weburi? The packages are installed in this temporary environment. The user gets to select them from a list. Only packages that are not already installed or are not uptodate are offered. When the offered list would be empty, processing stops with an appropriate note. would there be some autorun.bat file on the media card? is there a format that just gets executed from the file manager? ### Compatibility with IT OS 2007. In addition to the format described above, the Hildon Application Manager also understands the old .install files from IT OS 2007. why is it Hildon Application Manager and not Maemo Application Manager? where URI, DIST, and COMPONENTS are parsed out of DEB, as appropriate. Are we thinking planing on automatic server side enhancements to the .install file, if not when does the deb get parsed? The main thing really is that I would not allow all these catalogue information and translations to end up in the .install files. I will be a mess in no time. so I would just create a website where developers can register catalogue names / perform translations. the manager would download the list once in a while. The install file format would be very simple because it would only list the required repositories, The catalogue file format would also allow to give more information about the catalogues. 100% of the irc users thrust the maemo-hackers catelogue. greetings ___ maemo-developers mailing list