maemo.org - Talk - Is it possible to download applications on pc and then install locally on the n900?

maemo.org - Talk (https://talk.maemo.org/index.php)

- Applications (https://talk.maemo.org/forumdisplay.php?f=41)

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by retsaw (Post 923771)

No, but when downloading paid apps from the Ovi store before installation they get saved in /home/user/MyDocs/.tmp, copy the file elsewhere to keep as a backup before telling the App Manager to install it.

nice one now i have a reason to install tempy

Re: Is it possible to download applications on pc and then install locally on the n900?

I don't think Tempy will help with this. Tempy is for saving Flash videos, which get saved in a different directory.

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by retsaw (Post 923894)

No, if it worked at all it'd just mess up your Ubuntu install.

You just run that command on your N900 and if you wanted its output to go in a text file you'd append something like ">/home/user/MyDocs/packages.txt" to redirect the output to a file called "packages.txt" on your MyDocs partition.

@retsaw, thanks for your feedback. btw, I was thinking to use apt-get to download the packages/files only and NOT to installing them. I might have not made my question clear; sorry. Would that still work?

My rational is to get all these packages onto a SD or some local storage as backup; then I would be free from having to be online for re-install of these apps. I know there is a backup app(ie. the one in extra testing/dev) that does a good job for the N900; but it would not help for the case where I want to do a clean re-install of everything.

Sorry for the some what long winded post:p; I look forward to your comments.

Cheers,

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by zimon (Post 923898)

I was referring (but not mentioning) to the fact that doing package install that way (dpkg -i) one doesn't check the authenticity of the package in any way. If it would be a rpm-package instead, the GPG-signature would come embedded and would be checked automatically before installation (rpm -i).
Dependency-wise the two system are identical, but not security-wise.

But that check relies on getting the public key from the repository it's from, which you get when you first download the RPM repository setup file. If you grab an RPM for a repository you don't have in your list, it will throw a signing error and you'd have to use --force to make it install the rpm anyway. (Or download and install the repository and its key.)

I will grant that it's nice to at least have an attempt to automate some minor level of security into the package manager. But really, it's not that terribly secure. All that signature means is that the repository you're getting data from has signed it. Most repositories will auto-sign anything uploaded. A signature doesn't mean it's been validated in any way to not contain bad software, just that it came from that particular repository.

Frankly, if you're downloading and manually installing packages (rpm or deb), you're probably taking some trust issues on anyway in where you're downloading it from. Just like you do for enabling a repository to start with, in either system.

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by cheve (Post 923808)

noop question:(, would one change the repository for apt-get on a linux box(say Ubuntu) to pointing to the maemo repository and then execute the apt-get to download the packages(with all dependence).

You should be able to, yes - you'll need to use the "-d" flag to apt-get to prevent it installing the packages.

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by woody14619 (Post 924025)

The repository's GPG-public key is most likely in the system already, unless you are installing from scratch when installing manually package by package is practically impossible anyway.
So in the situation like the OP is talking about, having rpm packages would cause check of their authenticity correctly and without extra trouble for the end user.

Having embedded GPG signature in the package makes it possible to check there was no MITM-attack between you and the repository even if you transfer and install packages in some other means than with "normal" repository tools (apt,yum,zypper) straight from repository to your end system.

In the ideal world, a developer (automatically) signs the .src.rpm -package before it is taken to repositories to be build and signed with repository's GPG-key. Or, if you get the package straight from the developer, it is also automatically signed when developer builds the binary or source package (rpmbuild -ba --sign). RPM-package format makes this all possible and consistent. Debian people would make FOSS-world a favor and let go of its stubbornness and change from deb-package system to rpm, like LSB wishes.
With deb-system there is quite lot manual work to do so authenticity chain wouldn't have weak links between a developer and an end user. Many people just refuse to see it, although in this thread again the weak links are obvious and visible.

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by cheve (Post 924007)

It's do-able, but would alse involve copying across the dpkg database (so it knows what is already installed and thus which dependencies are needed) and getting it to use that rather than the one for the Ubuntu install, as well as getting it to use the Maemo repositories. I'm sure it can be done, but I'm not sure how simple it would be to set up.

Re: Is it possible to download applications on pc and then install locally on the n900?

Quote:

Originally Posted by retsaw (Post 924191)

@Rob1n, retsaw: thanks for your comments. I have Ubuntu on a VM and will give it a try.

Cheers,