In harmattan, if you want to access certain resources (E.G. Tracker) you need to ask for permission to the Security FW. It is not as bad as it sounds. You just need to add a file in your package explaining what “tokens” do you need. Then depending on where your package comes from and some other ingredients, the security FW decides if your application is worthy of such a privilege.

Today I was packaging a very first version of Mussorgsky in QML which requires the “TrackerReadAccess” token (to query Tracker via dbus). So far I have been working in the command line tool where a aegis-su -r TrackerReadAccess python was enough. But how to do the same when the application is installed?

  1. Create a $PACKAGE_NAME.aegis file under your debian/ directory. There you need to declare what tokens you want for what binary. Example: in mussorgsky.aegis I request “TrackerReadAccess” for “/usr/lib/mussorgsky/”, which is the executable that starts my program.
  2. Put the aegis file in the package. Using CDBS is almost the same as in C++, without the include of

    # Add this to the debian/rules file
    PACKAGE_TARGETS := $(foreach pkg,$(DEB_ALL_PACKAGES),binary/$(pkg))
    [ ! -f debian/$(notdir $@).aegis ] || aegis-deb-add -control \
    debian/$(notdir $@)/DEBIAN/control .. debian/$(notdir $@).aegis=_aegis

  3. Make your package build-depend on aegis-builder (>=1.4)

Then you build your package. It should install nicely and your application run without problems on the device. Still, a couple of remarks:

  • The token must go to a executable script (with #!/usr/bin/python on its first line). python will not work. The path is absolute.
  • After installing the package, do NOT modify the installed files if they request a token. Security FW will discover an unexpected change in the file and lock the device (ops! reflash). Imported files and other resources can be modified.

Happy hacking.