UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Need help for application building

    Scheduled Pinned Locked Moved
    App Development
    4
    5
    382
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jmlichJ
      jmlich
      last edited by Keneda

      I am trying to port application to ubports/lomiri and I still don't understand some concepts.

      Is the clickable application started in some kind of container / systemd-cgroup or it is just started with reduced privileges (given by apparmor settings?).

      Is there way to run systemd service with application? I have background service which gathers data in time via BLE.

      I am wondering what is the best way to debug apparmor setting. I guess, I will set "unconfined" mode and will try to find some kind of audit log which should report which permission was used (similar to selinux permissive mode, yes, I have very few experience with selinux, but no apparmor). Maybe some generic link into clickable documentation may accelerate my start (and maybe also others)

      I am trying to summarize knowledge about ubports for myself into blog post. WIP version is at https://board.net/p/ubports-en

      arubislanderA jmlichJ KenedaK lduboeufL 5 Replies Last reply Reply Quote 0
      • KenedaK Keneda forked this topic on
      • KenedaK
        Keneda @jmlich
        last edited by

        @jmlich
        Please use the right topic, or create appropriated one in the right part of the forum, to post your questions.

        For this time i did it for you, but let keep the forum clear and well sorted πŸ˜‰

        2015-2023 : Meizu MX4 now in legacy drawer by lack of pristine battery 😫
        2023-***** : Nexus 5 (16.04 OTA 25) for daily use, slowly dying πŸ€•
        2024-***** : Fairphone 5 waiting UT for freedom πŸ˜‰
        πŸ‡²πŸ‡«πŸ‡¬πŸ‡§

        1 Reply Last reply Reply Quote 0
        • arubislanderA
          arubislander @jmlich
          last edited by arubislander

          @jmlich said in Need help for application building:

          I am trying to port application to ubports/lomiri and I still don't understand some concepts.

          This is a laudable goal, and we welcome all who are willing to undertake this effort in order to bring more recognizable apps to our ecosystem. Thank you in advance.

          Is the clickable application started in some kind of container / systemd-cgroup or it is just started with reduced privileges (given by apparmor settings?).

          It depends where you are running the application. Clickable is only used during development and debugging of the application. To facilitate (cross) compilation clickable uses docker-compatible container technology. (some devs have reported success with Podman as well). When testing on the desktop, the app is also run in a container.
          The resulting click package (which could also be assembled in other ways, but clickable is the easiest) that can be installed on a device running UT does not run in a container, but is indeed constrained by apparmor policies.

          Is there way to run systemd service with application?

          At the moment there is no 'supported' way for doing that. There are ideas and designs floating around to implement what is needed to facilitate background processes. But no concrete decisions have been made or actions taken as yet. Other, more immediate, concerns have been pushing this topic to the background.

          Having said that, this is still Ubuntu under the hood, so it remains possible to have your application deploy the services it needs on first run, or some such. This will mean your app will need elevated privileges to do so. And if you plan on publishing it to the Open Store, it will need to be reviewed by the Store maintainers on every new version update.

          I am wondering what is the best way to debug apparmor setting.

          Have you seen this page? It details most the apparmor policy groups that are currently available to app developers.

          I guess, I will set "unconfined" mode and will try to find some kind of audit log which should report which permission was used.

          I tend to think it works better the other way around. Once you have developed your app, remove "unconfined" mode and use the above list to add the policy groups you obviously need. Then keep an eye on the logs, as AppArmor
          will complain if you are missing any permissions.

          I am trying to summarize knowledge about ubports for myself into blog post. WIP version is at https://board.net/p/ubports-en

          Looking forward to seeing this expand. You might also be interested in helping update the official documentation πŸ™‚

          πŸ‡¦πŸ‡Ό πŸ‡³πŸ‡± πŸ‡ΊπŸ‡Έ πŸ‡ͺπŸ‡Έ
          Happily running Ubuntu Touch
          Google Pixel 3a (20.04 DEV)
          JingPad (20.04 DEV)
          Meizu Pro 5 (16.04 DEV)

          jmlichJ 1 Reply Last reply Reply Quote 1
          • jmlichJ
            jmlich @arubislander
            last edited by

            @arubislander said in Need help for application building:

            Is the clickable application started in some kind of container / systemd-cgroup or it is just started with reduced privileges (given by apparmor settings?).

            The resulting click package (which could also be assembled in other ways, but clickable is the easiest) that can be installed on a device running UT does not run in a container, but is indeed constrained by apparmor policies.

            I was wondering if there is some kind of overlayfs thing. I did expected to have application installed into standard paths (i.e. application can by started from PATH). It seems the content of package is simply extracted into /opt/click.ubuntu.com/app-name/version and LD_LIBRARY_PATH and relative paths are used.

            BTW the container approach sounds like a doable workaround how to run 16.04 apps in 20.04 ubuntu. For some reason, I was thinking that this kind of container is used for normal run of apps.

            I am wondering what is the best way to debug apparmor setting.

            Have you seen this page? It details most the apparmor policy groups that are currently available to app developers.

            Yes, I have seen that page, but I am wondering how is it done technically. Those methods looks orthogonal to each others.

            • Some of APIs groups looks like dbus interface (for example contacts),
            • others looks like work with block device (for example camera reads /dev/video0 -> gstreamer -> qt -> app).
            • For example for video_files_read I would expect some QDir dir("Pictures/MyPictures").entryList(...);

            My application is using some Blootooth Low Energy library. I am wondering if it goes via standard bluetooth api or it is bypassed. I will probably find the answer immediately after first run, but I am waiting for hardware delivery so I am stating unnecessary questions ;-D

            I guess, I will set "unconfined" mode and will try to find some kind of audit log which should report which permission was used.

            I tend to think it works better the other way around. Once you have developed your app, remove "unconfined" mode and use the above list to add the policy groups you obviously need. Then keep an eye on the logs, as AppArmor
            will complain if you are missing any permissions.

            It would be great to know which log exactly to watch. This is one bit I haven't found in docs.

            Next it would be great to have a link to source code where the apparmor policy are defined.

            I am trying to summarize knowledge about ubports for myself into blog post. WIP version is at https://board.net/p/ubports-en

            Looking forward to seeing this expand. You might also be interested in helping update the official documentation πŸ™‚

            Right, but first things first. The document was google translated text I had. I need to clear facts first, then polishing my grammar and then I can consider contribution to documentation. I definitely want to publish it in my blog and I am not against republishing it anywhere else (e.g. ubports blog)

            1 Reply Last reply Reply Quote 0
            • lduboeufL
              lduboeuf @jmlich
              last edited by

              I am trying to summarize knowledge about ubports for myself into blog post. WIP version is at https://board.net/p/ubports-en

              Thanks for sharing.
              You could be a perfect candidate to improve documentation πŸ˜‰
              Hope you will find answers to your questions.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post