Eliminating Ministro but still avoiding duplicate libraries.

[/#!/JoePea]

I have a couple of ideas that eliminate having to have Ministro installed
while still avoiding duplicate Qt libraries on an Android device.

My first idea:
An easier solution would be for Necessitas apps to download missing Qt
libraries and store them in a common folder on the "external storage" that
all Google-Play-enabled phones ship with. External storage is shared with
all applications, so all Necessitas apps could look in one central location
for library files. When a Qt library file is needed by a Necessitas app, it
should be checked for an md5 or sha1 sum (or etc) to be sure another
malicious app has not tampered with the files. If the validity check fails
for a file, then the Necessitas app would simply download the file again
and replace the file in question. All Necessitas apps can check for Qt
libraries in a single central location on the phone.

But what if no "external storage" is available?

We could use the data/ folder for each Necessitas app to store Qt files,
but having multiple Necessitas apps would begin wasting phone space with
duplicate Qt libraries in each app's data folder.

What can we do in this case to avoid duplicate Qt library files?

My second idea:
A more dificult but much better solution would be to use broadcasts and
listeners. All Necessitas apps would send a broadcast during first-run to
determine if any other Necessitas apps are installed and to determine if
those apps already have the needed libraries. Pretend there are three
Necessitas apps in Google Play called X, Y, and Z. If you install Y (the
first Necessitas app on your device), it will send a broadcast when you run
it for the first time but will not get a response. Y app will then download
the necessary Qt libraries into it's data/ folder on the first run. Now,
you install the Z app next. The Z app will send a first-run broadcast that
all Necessitas apps listen for. The broadcast from Z contains a request for
the Qt libraries that it needs. If another Necessitas app has the required
Qt libraries, it will return a message saying which library it already has
available. For example, Y has a library that Z needs, so Z will not have to
download that library because Y will share it with Z (Y has given the
library world-readable permissions). However, Y doesn't have one of the
library files that Z needs so Z will also download a new library file. So
now, Y has a library file, and Z has another one. Now we install the X app.
X app sends a first-run broadcast to determine which other Necessitas apps
already have the libraries X needs. In our example, Y and Z acknowledge
they have the needed files for X, so X uses those files. The X app might
also need to download more libraries. Now we delete the Y app. At this
point no other Necessitas app has the library file that Y had. Next we run
the X app and it detects that the library file provided by Y is now
missing. The X app will send a new broadcast to see if any other apps have
the needed file. No other apps have the file that Y had so X app will
download the needed library file and be the new carrier of that file. Now
when we run the Z app, it will also detect that the file from Y is gone and
it will send a new broadcast. The X app will respond and Z will take note
that X is the new carrier for the library file (a matter of milliseconds)
and Z will look for the world-readable file in the data directory of X app
from now on, until X is uninstalled. And so this loop continues
indefinitely. No matter how many Necessitas apps you install, you will not
have duplicate libraries. We would still need file-validity checks (e.g.
md5, sha1, etc) because a malicious app could pretend to be a Necessitas
app and could respond to broadcasts with a malicious Qt library file.
Overall this would be more secure than using external storage because apps
would not have write permissions to any of the library files in the data
folders like they would with external storage and users would not
arbitrarily remove the library files. A Necessitas app could blacklist apps
that provide tampered library files during a broadcast and try the
broadcast again.

Eliminating Ministro would provide a smoother experience for users so they
only need to install a single app (their app) instead of two apps (their
app + Ministro) when they use a Qt-powered app for the first time.

What do you think about my ideas (particularly the second one)?

/#!/JoePea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/necessitas-devel/attachments/20130112/2d73c297/attachment.html>