Wiley.Mobile.Python.Rapid.prototyping.of.applications.on.the.mobile.platform.Dec.2007 (779889), страница 53
Текст из файла (страница 53)
There are a few cases that needdevcert capabilities and they are listed in Table A.2.If your program doesn’t need any of these functions, or any third-partyextension that would need extra capabilities, then you can avoid some ofthe effort related to code signing.A.3 File System ProtectionBesides the limitations described previously, access to some files islimited. There are three protected directories on each drive that havespecial properties. The protected directories are:• \sys: Requires AllFiles to read, TCB to write.The most important part here is the \sys\bin directory since, underPlatform Security, the phone can only execute native code in the\sys\bin directories.
On previous S60 editions it was possible tostore C++ extension modules for PyS60 in any directory, but in S603rd Eition they must all be stored in \sys\bin.• \resource: Requires TCB to write and no capabilities to read.SIS PACKAGE SIGNING283This directory is used for storing shared, non-sensitive data that mustbe accessible to several programs. Python for S60 comes with a set ofstandard library modules written in Python and they are stored here.• \private: Reading and writing to a program’s own directory needsno capabilities.
Reading other programs’ directories requires AllFilesand writing to them requires TCB.All other parts of the file system (for example, \data\images) can befreely read and written by all code. regardless of capabilities.If you need to store program-specific data that must be easily accessibleand writable by anyone, storing it in a program-specific subdirectoryunder \data is a good choice. The Nokia PC Suite file manager is ableto access the entire contents of the memory card, but only the C:\datadirectory on the C: drive. The ability to use the file manager can beconvenient especially during program development.If you need to keep some or all of the data in your program private, youshould store it in the directory c:\private\<UID>, where <\UID> isthe UID code obtained from the function appuifw.app.uid().
Sinceonly your program and programs that have the AllFiles capability areable to access this directory and AllFiles capability is granted to onlyvery few specialized programs, your data is relatively safe if stored in\private.A.4 SIS Package SigningThe only way to install native code to a normal device that uses PlatformSecurity is through the Symbian OS software installer, from a signed SISpackage.
Before Platform Security, signing was optional but from SymbianOS 9.1 and the 3rd Edition of the S60 platform, it is mandatory if yourprogram requires capabilities.There are many different ways to obtain a signature for a SIS file andthe way to use it depends mainly on the following factors:•How and to whom you intend to distribute the SIS file? Is the numberof target devices 1, 10, 100 or 100 000? How technically skillful arethe intended users?•What capabilities are needed for the code in that SIS file?•Is the code intended for temporary or permanent use?For a PyS60 programmer, the most interesting ways to obtain a signature are self-signing, signing with a devcert and going through theSymbian Signed process.284PLATFORM SECURITYFor the two former methods, you sign the SIS package yourself using akey and a certificate.
In self-signing, you generate the key and certificateyourself and in signing with a devcert you obtain the certificate and keyfiles by request from a network service hosted by Symbian.The Symbian Signed process is different, in that the signing is not doneby you. Instead, you submit your program for testing to a testing house,which sends you back a signed SIS package, provided your programpasses the tests. See www.symbiansigned.com for more information.A.4.1 Creating a Key and a Self-Signed CertificateThe tools for signing and creating keys and certificates are included in theS60 3rd Edition C++ SDK. Once you have installed the SDK, creating aself-signed certificate and the corresponding key takes just one command:makekeys -cert -dname "CN=John Doe EM=john@doe.com" mykey.key mycert.cerThe – dname parameter can be used to identify the owner of the givenkey.
Replace John Doe with your name and john@doe.com with youremail address. There are also several other fields that you can add,such as:•CO – two-letter country code of the country where you live, forexample ‘‘GB’’•OR – organization you are a part of, for example ‘‘Acme Ltd.’’A.4.2 Getting a Developer CertificateA developer certificate, devcert for short, is a key–certificate pair that canbe used to sign SIS packages with higher capabilities than is availablethrough self-signing, but with two important restrictions:•The devcert expires at a specific time and after that SIS packagessigned using the devcert can’t be installed without tampering with thephone’s clock.•Packages signed with a devcert can only be installed into a specific,limited set of phones identified by their IMEIs.
The number of devicesthat can be attached to a devcert depends on the type of devcert.There are many different kinds of developer certificates that grantdifferent levels of capabilities, enable installation to different numbers ofdevices and take different amounts of effort to obtain.The capabilities granted by different devcerts and the specific procedures needed to obtain them are a matter of policy that may change in theSIS PACKAGE SIGNING285future.
The reader is encouraged to check the Symbian Signed websitefor information regarding changes.For the beginning Python for S60 programmer, the most interesting andpractical type of developer certificate is available from a public Symbiannetwork service. At the time of writing, this developer certificate can beused to install software onto one phone, with the user-grantable and freedevcert capabilities.Higher-grade devcerts are available and they may be used to get accessto sensitive manufacturer-approved capabilities or to sign a SIS packagefor installation to more than just one device. The specifics of obtaininghigher-grade devcerts is beyond the scope of this introductory appendixand the interested reader is encouraged to study the documentationavailable at the Symbian Signed website.You can get a free devcert as follows:1.Register into the Symbian Signed web service at www.symbiansigned.com.2.Download, install and run the Developer Certificate Request Tool.3.Enter the IMEI of your phone and the capabilities you want.
Typicallyyou would want to select all the capabilities available with a freedevcert.4.The tool generates a private key and a certificate request file. Uploadthis into the Symbian Signed web service.5.Download the finished developer certificate from the SymbianSigned service.6.Proceed with signing and installation as described below.Note: a devcert is only valid for a limited time. Remember to renew itbefore it expires! Also, make sure the clock on your phone is set correctlyor the devcert will not work.A.4.3 Signing the Python for S60 Interpreter with a devcertIn case you’d like to use free devcert capabilities with your Python interpreter software, all you need to do is to sign the Python ScriptShell file (e.g.PythonScriptShell 1 4 0 3rdEd unsigned freedevcert.SIS) with your devcert.
The PythonForS60 file (e.g. PythonForS60 14 0 3rdEd.sis), which is the other installation file for your Python forS60 interpreter software, is already fully signed and doesn’t require anyaction by you.If you only want to use user-grantable capabilities there is no need tosign the installation file. You can use them as you downloaded them fromthe Sourceforge website.286PLATFORM SECURITYA.4.4 Creating a Standalone Python ProgramThe Python for S60 SDK comes with a tool called py2sis that can beused to create SIS packages from PyS60 programs.To use py2sis, you need:• S60 C++ SDK, 3rd Edition, Maintenance Release• Python for S60 SDK plugin• Python 2.4 or greaterThe tool is installed in the directory \epoc32\tools\py2sis. Toturn a simple ‘hello world’ program into a SIS package perform thefollowing steps:1.Pick a UID for your program.
A UID is a 32-bit number that identifiesa given Symbian program and all programs installed in a device musthave a unique UID. For use during development and testing youmay pick a UID randomly from the range 0xe0000000–0xefffffff.If you intend to distribute your program, you should obtain a UIDfrom the Symbian Signed website.2.Invoke py2sis with a command such as the following (the UID isjust for example – invent your own, don’t use this one):python \epoc32\tools\py2sis\py2sis.py hello.py hello.sis -sdk30-appname=HelloApp -uid=0xe01234563.A package called hello.sis is generated.4.The package generated by py2sis is unsigned and must be signedbefore it can be installed.
Signing the package with your key andcertificate is accomplished by the following command:signsis hello.sis hello-signed.sis mycert.cer mykey.keywhere mycert.cer and mykey.key are the key and certificate to beused (either self-signed or devcert). Note that the key and certificate aregiven to the makekeys and signsis commands in the opposite order!You are done! hello-signed.sis is now ready for installation.A.5 Running Python for S60 Code under Platform SecurityThere are many different ways to run your PyS60 code in a device thatuses Platform Security and you will typically use several different waysRUNNING PYTHON FOR S60 CODE UNDER PLATFORM SECURITY287during the lifetime of your program.
The procedures needed are differentfor development time and deployment time: they depend on the set ofcapabilities needed and the type of the intended final audience.A.5.1 DevelopmentWhen developing your program, the typical procedure is to install theappropriate version of the PyS60 runtime package and the PyS60 interpreter to your device and test your program using that. The version of thePyS60 runtime needed depends on the capabilities you need:•If your program requires only user-grantable capabilities, then thispart is easy: you can just install and use the default version of thePyS60 runtime and script shell.•If you need any devcert capabilities, then you will need to obtaina developer certificate for each device with which you want to testyour code.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
