What actually is Aurora OS and who is using it?

Yes. With an unlocked device it works just like in SFOS. You enable the option in settings and voila, you get Fingerterm, ssh access, etc. A locked device controlled by MDM “Aurora Centr” most probably will not allow you to do it.

I do not know for sure (have to test somehow), but very likely they would work. However, in order to install such an app one still needs a signed Aurora package.

I shudder to think about all the backdoors and phone-home functionality installed in this.

Nah, qmlscene accepts a qml file, so you can run any qml-only app with it, even copy-paste into notepad/nano etc and execute from fingerterm (assuming names haven’t changed from Jolla/Sailfish to Aurora/…)

The main emphasis of Aurora OS is ABSENSE of backdoors and Trusted Platform with MDM certified to be protected from evil entities (such as Google, Apple, CIA, NSA…). The devices can be locked (100% controlled by the corporate MDM system) and unlocked (private, which is a very new development). The OS is certified to handle classified/secret info and be used at places like government, nuclear powerplants, etc.

The F+ phone hardware itself seems to be a rebranded Chinese phone UleFone Armor X8 or its twin brother. Source (Youtube offers translated subs).

Here is my attempt to install Midnight Commander rpms from OpenRepos in AuroraOS.

[root@R570E TEST]# rpm -ihv mc-4.8.30-1.aarch64.rpm
ошибка: Неудовлетворенные зависимости:
	/usr/bin/perl нужен для mc-1:4.8.30-1.aarch64
	ld-linux-aarch64.so.1()(64bit) нужен для mc-1:4.8.30-1.aarch64
	ld-linux-aarch64.so.1(GLIBC_2.17)(64bit) нужен для mc-1:4.8.30-1.aarch64
	libc.so.6()(64bit) нужен для mc-1:4.8.30-1.aarch64
	libc.so.6(GLIBC_2.17)(64bit) нужен для mc-1:4.8.30-1.aarch64
	libe2p.so.2()(64bit) нужен для mc-1:4.8.30-1.aarch64
	libglib-2.0.so.0()(64bit) нужен для mc-1:4.8.30-1.aarch64
	libslang.so.2()(64bit) нужен для mc-1:4.8.30-1.aarch64
	libslang.so.2(SLANG2)(64bit) нужен для mc-1:4.8.30-1.aarch64
	libutil.so.1()(64bit) нужен для mc-1:4.8.30-1.aarch64
	libutil.so.1(GLIBC_2.17)(64bit) нужен для mc-1:4.8.30-1.aarch64
	perl(File::Basename) нужен для mc-1:4.8.30-1.aarch64
	perl(File::Temp) нужен для mc-1:4.8.30-1.aarch64
	perl(POSIX) нужен для mc-1:4.8.30-1.aarch64
	perl(bytes) нужен для mc-1:4.8.30-1.aarch64
	perl(strict) нужен для mc-1:4.8.30-1.aarch64
	perl(warnings) нужен для mc-1:4.8.30-1.aarch64

Failed dependencies…

[root@R570E TEST]# pkcon install perl

Perl installs just fine.

[root@R570E TEST]# rpm -ihv ./mc-4.8.30-1.armv7hl.rpm 
ошибка: Неудовлетворенные зависимости:
	libslang.so.2 нужен для mc-1:4.8.30-1.armv7hl
	libslang.so.2(SLANG2) нужен для mc-1:4.8.30-1.armv7hl

Let’s try to install libslang. The command ‘pkcon install libslang’ tells me that libslang is not available.
OK. I’ll try a Sailfish package from OpenRepos.

[root@R570E TEST]# rpm -ihv ./libslang2-2.3.0-10.6.1.jolla_.armv7hl.rpm 
ошибка: libslang2 does not have developer signature.
ошибка: Plugin validation: hook tsm_pre failed
предупреждение: Plugin validation: hook tsm_post failed

It won’t install for lack of Aurora developer signature.
I have the “Enable package validation” option in the developer settings OFF*

Interesting, binary packages seem a no go (unless you compile on device ;), can you pkcon install qt5-declarative-qmlscene?

Edit: or just check any qml-only app what command it executes in .desktop file and use that from fingerterm?

No. It says that such package is not available.

# pkcon install qt5-declarative-qmlscene
Сопоставление                                                                                                                                         [                                                                                ] (0%)  Пакет не найден: qt5-declarative-qmlscene
Команда завершилась с ошибкой: Этот инструмент не нашёл ни одного доступного пакета: Пакеты не найдены

I want to have at least mc to be able to manually copy qml files to places, where rpm would put them. Plain shell commands are a PITA to install multiple files and cleanly remove them afterwards.

Yeah, get gcc first and foremost, with that you should be able to compile qmlscene from sources and no worrying about keys anymore

Not sure you are aware of but you are messing two architecture aarch64 vs armv7hl. You need an aarch64 rpms.

Yes, I sorted it out already. I need armv7hl even though

[root@R570E TEST]# uname -a
Linux R570E 4.9.190 #1 SMP PREEMPT Fri Oct 13 20:13:39 UTC 2023 aarch64 GNU/Linux

but

[root@R570E TEST]# rpm -q glibc
glibc-2.30+git15-1.6.4.omp.armv7hl

aarch64 did not work.

I forced installation of the openrepos mc (armv7hl) and libslang by signing the mc rpm with a temporary key for testers (How to sign a package (in Russian)) only to get this error:

[root@R570E TEST]# mc
mc: error while loading shared libraries: libslang.so.2: failed to map segment from shared object

A qml-only app NewsAPI installs and runs fine in Aurora 4.0.2 after signing the rpm with the “regular” key.

It’s more likely that, but I was going to say: @sdiconov if you do have root then nothing can stop you.
Btw, I’m glad you are sharing all this info about Aurora OS, I am also glad that this is still going on even if it branched paths from Sfos.

How do you sign a qml file, or are you signing desktop files? Regular key??? Edit: at least great news silica components have not been renamed? (unless signing app is just translating all Jolla./Sailfish. into Aurora. No idea what signing signifies)

I have to sign the rpm package in order to make it installable
[root@R570E NewsAPI]# rpmsign-external sign --key regular_key.pem --cert regular_cert.pem harbour-newsapi-0.2-2.armv7hl.rpm
The regular key is a provisional key&certificate pair created for testing proof-of-concept packages and available for download here.

Not quite! Certain packages with minimal external dependencies can still work.
I managed to sign, install and run the GPSInfo. It works!

[root@R570E TEST]# rpmsign-external sign --key regular_key.pem --cert regular_cert.pem harbour-gpsinfo-0.15.1-1.armv7hl.rpm 
[I] unknown:0 - Signed ( 1 / 1 ) "harbour-gpsinfo-0.15.1-1.armv7hl.rpm"
[root@R570E TEST]# rpm -ihv ./harbour-gpsinfo-0.15.1-1.armv7hl.rpm 
691 blocks
(WARNING)	Package name should follow reverse domain notation (e.g. "org.example.app"). It will be mandatory in future versions.
(WARNING)	[sailjail] OrganizationName and ApplicationName pair should form a package name (e.g. for package "com.example.app" ApplicationName must be "app" and OrganizationName must be "com.example")
(WARNING)	[sailjail] OrganizationName should follow reverse domain notation (at least up to second-level domain), e.g.: "org.example"
(WARNING)		[sailjail] ExecDBus and/or ExecSystemService will not work, remove "-" from Application name
Подготовка...               ################################# [100%]
Обновление / установка...
   1:harbour-gpsinfo-0.15.1-1         ################################# [100%]

WiFi Analyser works too.

You have root, you should be able to just modify a signing requiring policy somewhere, there’s gotta be a way

I am afraid it’s much worse than that. In addition to signing there is enforced validation of packages, which cannot be turned off. The libslang rpm from openrepos would not pass it and could not be installed even with the signature. Modifying rpm will most likely break the OS and compatibility with officially distributed apps.

Of course it can when you have root. It may not be easy; but you do have full access.

You can just extract rpm and copy files manually??? Are elf binaries that can run signed too, maybe it’s just very bad selinux policy