How do app signatures work? Problems developing.

Questions related to developing on the Tonido Platform
User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: How do app signatures work? Problems developing.

Postby madhan » Sat Mar 12, 2011 9:16 am

When you are installing your own app manifest, make sure you have an empty "<files>" listing and an empty "<signature>" block.

The manifest will get rejected and not get loaded if there are files listed and the signature doesn't match the files listing.

What I recomment is just to have the meta information and empty file listing during development. You send us that manifest when we are done and we generate the file data and sign it and deploy.

Here's an example:

Code: Select all

<?xml version="1.0" encoding="UTF-8" ?>
<TonidoManifest>
   <Meta>
      <Name>phpdevplugin</Name>
      <BaseURL></BaseURL>
      <HomePageURL>http://www.tonido.com/phpdevplugin</HomePageURL>
      <Version>0.1.0.4154</Version>
      <CompatibleVersion>\d+\.\d+\.\d+\.\d+</CompatibleVersion>
      <OS>Windows NT</OS>
      <OSVersion></OSVersion>
      <Arch>IA32</Arch>
      <Vendor>CodeLathe</Vendor>
      <Description>Showcases PHP scripting support for Plugin Development</Description>
      <Critical>false</Critical>
      <AppURL>dyn/phpdevplugin/index.php</AppURL>
      <Authentication>AUTH_ROLE_OWNER</Authentication>
      <Runtime>php</Runtime>
   </Meta>
   <Files>
   </Files>
   <SharedLibraries />
</TonidoManifest>


User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: How do app signatures work? Problems developing.

Postby madhan » Sat Mar 12, 2011 9:36 am

Yes, realize someone hijacks a client and makes it download a bunch of files from the internet. We want to be sure that the files are really what we have verified.

User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: How do app signatures work? Problems developing.

Postby madhan » Sat Mar 12, 2011 10:02 am

Once app is installed, new files added in the folder cause no problems. Those are just ignored. You can any number of new files without them in the manifest.

When a manifest is loaded, if signature data and files are present they have to match, if not it is ignored.

Similarly when it is trying to do an update, the remote manifest files and signature have to match before a download is triggered otherwise it is rejected.

Manifests can also get rejected if the meta information doesnt match the system, ie architecture, OS etc.

Usually, reasons for not loading the manifests are clearly stated in the log file (especially enable the log level to trace)

User avatar
madhan
Admin Tonidoid
Admin Tonidoid
Posts: 8617
Joined: Tue Dec 30, 2008 12:13 am
Location: Austin, TX, USA
Contact:

Re: How do app signatures work? Problems developing.

Postby madhan » Sat Mar 12, 2011 10:46 am

Yes, we wanted devs to build stuff without us giving them a signing tool and only require signing when it is time to deploy.

I apologize some of this information is not fully documented, just swamped with stuff.

Maybe we should copy paste this into the dev area in tonidouser.com wiki.


Return to “Tonido Platform Development”

Who is online

Users browsing this forum: No registered users and 4 guests