Development/Tutorials/KNewStuffSecure: Difference between revisions

From KDE TechBase
(wikify)
(Mark for archiving)
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Improve}}
{{Archived}}
{{KDE3}}


== Resource sharing ==
== Resource sharing ==
Line 12: Line 13:
== General information ==
== General information ==


Using KNewStuff itself is quite simple, and I tried to make KNewStuffSecure not more complicated. The only extra requirement is to have <strong>gpg</strong> installed in your {{file|$PATH}}, and for uploading of course it is preferred if you already have a GPG key that you can use for resource signing.
Using KNewStuff itself is quite simple, and I tried to make KNewStuffSecure not more complicated. The only extra requirement is to have <strong>gpg</strong> installed in your {{path|$PATH}}, and for uploading of course it is preferred if you already have a GPG key that you can use for resource signing.


As '''gpg''' is not a compilation time requirement, it is suggested that you check on application startup for its presence and warn the user what he misses without it. Of course the check is performed by KNewStuffSecure as well, but I find it muchnicer to check for runtime dependencies on startup.
As '''gpg''' is not a compilation time requirement, it is suggested that you check on application startup for its presence and warn the user what he misses without it. Of course the check is performed by KNewStuffSecure as well, but I find it muchnicer to check for runtime dependencies on startup.
Line 19: Line 20:
== Downloading resources ==
== Downloading resources ==
The first thing you must to is to subclass the {{class|KNewStuffSecure}} class and implement the installResource method, which is a pure virtual method in KNewStuffSecure. Here is an example of what you should put in a header file:
The first thing you must to is to subclass the {{class|KNewStuffSecure}} class and implement the installResource method, which is a pure virtual method in KNewStuffSecure. Here is an example of what you should put in a header file:
<code cppqt3>
<syntaxhighlight lang="cpp-qt">
#include <knewstuff/knewstuffsecure.h>
#include <knewstuff/knewstuffsecure.h>


Line 34: Line 35:
     virtual void installResource();
     virtual void installResource();
};
};
</code>
</syntaxhighlight>


In order to know what you should do in installResource() it is important to understand the structure of the resource you get via KNewStuffSecure. The resource is a gzipped tarball, let's call it {{file|resource.tar.gz}}. The resource.tar.gz contains three files:
In order to know what you should do in installResource() it is important to understand the structure of the resource you get via KNewStuffSecure. The resource is a gzipped tarball, let's call it {{path|resource.tar.gz}}. The {{path|resource.tar.gz}} contains three files:


{| border="1"
{| border="1"
! Filename !! Description
! Filename !! Description
|-
|-
| {{file|data.tar.gz}} || another tarball containing the actual data to be installed. The name is not fixed, it can be anything like {{file|cards.tgz}}, {{file|greetings.tar.gz}} or whatever.
| {{path|data.tar.gz}} || another tarball containing the actual data to be installed. The name is not fixed, it can be anything like {{path|cards.tgz}}, {{path|greetings.tar.gz}} or whatever.
|-
|-
| signature || holds the signature for {{file|data.tar.gz}}
| signature || holds the signature for {{path|data.tar.gz}}
|-
|-
| md5sum || holds the MD5 sum for the {{file|data.tar.gz}}
| md5sum || holds the MD5 sum for the {{path|data.tar.gz}}
|}
|}


In the implementation file you have to process the {{file|data.tar.gz}} only, the rest is handled by KNewStuffSecure. If installing the resource means that you put the downloaded file(s) from data.tar.gz into a directory, the implementation of MyNewStuff looks like:
In the implementation file you have to process the {{path|data.tar.gz}} only, the rest is handled by KNewStuffSecure. If installing the resource means that you put the downloaded file(s) from {{path|data.tar.gz}} into a directory, the implementation of MyNewStuff looks like:


<code cppqt3>
<syntaxhighlight lang="cpp-qt">
void MyNewStuff::installResource()
void MyNewStuff::installResource()
{
{
  bool ok = true;
   KTar tar(m_tarName, "application/x-gzip" );
   KTar tar(m_tarName, "application/x-gzip" );
   if (tar.open(IO_ReadOnly))
   if (tar.open(IO_ReadOnly))
Line 62: Line 62:
     tar.close();
     tar.close();
   } else
   } else
    ok = false;
  if (!ok)
     KMessageBox::error(parentWidget(), i18n("There was an error with the
     KMessageBox::error(parentWidget(), i18n("There was an error with the
     downloaded resource tarball file. Possible causes are damaged archive or
     downloaded resource tarball file. Possible causes are damaged archive or
Line 70: Line 67:
     i18n("Resource Installation Error" ));
     i18n("Resource Installation Error" ));
}
}
</code>
</syntaxhighlight>


As you can see the name of the resource tarball you have to install is in
As you can see the name of the resource tarball you have to install is in
"m_tarName". The above code installs the files from m_tarName to {{file|$KDEHOME/share/appname/stuff}}. Of course, you must provide the real appname there.
"m_tarName". The above code installs the files from m_tarName to {{path|$KDEHOME/share/appname/stuff}}. Of course, you must provide the real appname there.


You are free to do other installation methods, depending on your needs. In some cases it may be just enough to copy the resource tarball somewhere. This part of the code depends completely on the type of the resource and your application.
You are free to do other installation methods, depending on your needs. In some cases it may be just enough to copy the resource tarball somewhere. This part of the code depends completely on the type of the resource and your application.
Line 83: Line 80:


Example:
Example:
<code cppqt3>
<syntaxhighlight lang="cpp-qt">
void MyApp::slotDownloadResource()
void MyApp::slotDownloadResource()
{
{
Line 93: Line 90:
   m_newStuff->downloadResource();
   m_newStuff->downloadResource();
}
}
</code>
</syntaxhighlight>


Just a note: ''"appname/resourcetype"'' is in free form, it identifies the type of the resource. See the standard KNewStuff documentation for details.
Just a note: ''"appname/resourcetype"'' is in free form, it identifies the type of the resource. See the standard KNewStuff documentation for details.
Line 100: Line 97:


== Uploading resources ==
== Uploading resources ==
Uploading is simple as well. You just have to create the {{file|data.tar.gz}} (which is specific for your application) and call uploadResource(fileName), where fileName points to the created data tarball.  
Uploading is simple as well. You just have to create the {{path|data.tar.gz}} (which is specific for your application) and call uploadResource(fileName), where fileName points to the created data tarball.  


Example:
Example:
<code cppqt3>
<syntaxhighlight lang="cpp-qt">
void MyApp::slotUploadResource()
void MyApp::slotUploadResource()
{
{
Line 111: Line 108:
   m_newStuff->uploadResource(fileName);
   m_newStuff->uploadResource(fileName);
}   
}   
</code>
</syntaxhighlight>


Here createUploadResource() creates the data tarball and returns the name with path to the created tarball.
Here createUploadResource() creates the data tarball and returns the name with path to the created tarball.


That is all. I hope you will find this tutorial useful.
That is all. I hope you will find this tutorial useful.

Latest revision as of 13:23, 31 May 2019


This page has been archived
The information on this page is outdated or no longer in use but is kept for historical purposes. Please see the Category:Archives for similar pages.
Tip
Note: This page deals with content related to KDE 3. If you are developing for KDE 4, this information might not be valid anymore.


Resource sharing

Many applications work with external resources which gives them the freedom to change or extend the behavior without requiring to change the application code itself. Others are extensible with the help of binary plugins. All these external resources should be provided in a way to the user, and the most common way is to put them on the homepage of the application, which works, but it is not so convenient to the final user to get the updates. It is much easier to get them from inside the application. Luckily KDE has the corresponding technology called KNewStuff which not only makes possible to download updates and resources, but if the application supports it, it is even possible to share a resource created by the user with other users. KNewStuff has a weak point though, that you cannot really know who created a resource when downloading, nor the maintainer of the resource repository can know who created the resource that was uploaded, and there is no corruption checking either.

Starting with KDE 3.4 and with the introduction of the KNewStuffSecure class this problems are solved. With this technology the resources can be digitally signed, an md5sum is calculated for them, so both the uploaded and downloaded resources can be verified whether they come from a safe source and person or not.

This tutorial will explain how to use KNewStuffSecure in your application to enable downloading and uploading secured resources. It will not explain the usage of KNewStuff itself and how you can set up a resource repository on the server. These informations can be found in the KNewStuff API documentation, in the KNewStuff tutorial and in the sources: kdelibs/knewstuff/README.knewstuff and kdelibs/knewstuff/data.


General information

Using KNewStuff itself is quite simple, and I tried to make KNewStuffSecure not more complicated. The only extra requirement is to have gpg installed in your $PATH, and for uploading of course it is preferred if you already have a GPG key that you can use for resource signing.

As gpg is not a compilation time requirement, it is suggested that you check on application startup for its presence and warn the user what he misses without it. Of course the check is performed by KNewStuffSecure as well, but I find it muchnicer to check for runtime dependencies on startup.


Downloading resources

The first thing you must to is to subclass the KNewStuffSecure class and implement the installResource method, which is a pure virtual method in KNewStuffSecure. Here is an example of what you should put in a header file:

#include <knewstuff/knewstuffsecure.h>

class MyNewStuff: public KNewStuffSecure
{
  Q_OBJECT
  
  public:
    MyNewStuff(const QString &type,  QWidget *parentWidget=0)
      : KNewStuffSecure(type, parentWidget){};
    ~MyNewStuff() {};
  
  private:
    virtual void installResource();
};

In order to know what you should do in installResource() it is important to understand the structure of the resource you get via KNewStuffSecure. The resource is a gzipped tarball, let's call it resource.tar.gz. The resource.tar.gz contains three files:

Filename Description
data.tar.gz another tarball containing the actual data to be installed. The name is not fixed, it can be anything like cards.tgz, greetings.tar.gz or whatever.
signature holds the signature for data.tar.gz
md5sum holds the MD5 sum for the data.tar.gz

In the implementation file you have to process the data.tar.gz only, the rest is handled by KNewStuffSecure. If installing the resource means that you put the downloaded file(s) from data.tar.gz into a directory, the implementation of MyNewStuff looks like:

void MyNewStuff::installResource()
{
  KTar tar(m_tarName, "application/x-gzip" );
  if (tar.open(IO_ReadOnly))
  {
    const KArchiveDirectory *directory = tar.directory();
    QString resDir =KGlobal::dirs()->saveLocation("data" ) + "appname/stuff/";
    directory->copyTo(resDir, true);
    tar.close();
  } else
    KMessageBox::error(parentWidget(), i18n("There was an error with the
    downloaded resource tarball file. Possible causes are damaged archive or
    invalid directory structure in the archive." ), 
    i18n("Resource Installation Error" ));
}

As you can see the name of the resource tarball you have to install is in "m_tarName". The above code installs the files from m_tarName to $KDEHOME/share/appname/stuff. Of course, you must provide the real appname there.

You are free to do other installation methods, depending on your needs. In some cases it may be just enough to copy the resource tarball somewhere. This part of the code depends completely on the type of the resource and your application.

Now how to initiate a download? You have to do three things:

  • create a MyNewStuff object
  • connect the signal installFinished() to a slot to do things what you want after the install is done
  • call downloadResource() for the MyNewStuff object

Example:

void MyApp::slotDownloadResource()
{
  if (!m_newStuff)
  {
    m_newStuff = new MyNewStuff("appname/resourcetype", this);
    connect(m_newStuff, SIGNAL(installFinished()), this, SLOT(slotResourceInstalled()));
  }
  m_newStuff->downloadResource();
}

Just a note: "appname/resourcetype" is in free form, it identifies the type of the resource. See the standard KNewStuff documentation for details.


Uploading resources

Uploading is simple as well. You just have to create the data.tar.gz (which is specific for your application) and call uploadResource(fileName), where fileName points to the created data tarball.

Example:

void MyApp::slotUploadResource()
{
  QString fileName = createUploadResource();
  if (!m_newStuff)
    m_newStuff = new MyNewStuff("application/resourcetype", this);
  m_newStuff->uploadResource(fileName);
}

Here createUploadResource() creates the data tarball and returns the name with path to the created tarball.

That is all. I hope you will find this tutorial useful.