Turning a Nexus 7 FHD Tablet into an eBook Reader With Ubuntu Touch

October 5th, 2015 Permalink

If you have a pile of ebook files, want an handheld ebook reader to read them in comfort, but don't want every action you undertake transmitted to one of the databases masquerading as companies that infest the world these days, then your choices are fairly limited. Amazon's offerings are out, as is near any other dedicated reader device: they are all built on the principle of hoovering up as much data as they can, and maybe showing you ads along the way just to rub it in. If you take the alternative route of an iOS or Android device and an ebook reader application then you are stuck with an app store and a different set of data being sent off to be stored forever, associated with your permanent record.

While exploring the bounds of the possible, I took a look at what can be done with Ubuntu Touch. This is a tablet-focused variant of the Ubuntu Linux distribution, at present the only way to get Ubuntu onto any of the smaller and reasonably priced devices. Ubuntu Touch is very much still in development, and the playing field of devices and their components and drivers changes constantly, so it is far from the case that you can pick up any arbitrary tablet and be able to install it. There is a list, but if you stray far from the very few reference devices then you will find that nothing works - in fact even using one of the reference devices I found that you can't install Ubuntu Touch without availing yourself of Google searches and the kindness of internet strangers.

Ubuntu of course has its share of data collection and phoning home, but it can be turned off. There is an app store, but it is also possible to install applications without using it. Applications for Ubuntu Touch are packaged using click rather than debian package management. It is possible to set up Ubuntu Touch to allow installation via apt-get, but this will only work for non-GUI applications. There is no X11 in Ubuntu Touch. Thus at this time the variety of available applications is pretty anemic, but enough exists to get the job done for the purposes of generating a reader tablet with a few extra functions. Note that there is no disk encryption in Ubuntu Touch at this point in time, so the result will not be a secure device: don't put anything on it that must be kept secret, and use a password distinct from any others you might have.

Obtain the Tablet

The instructions provided here work for a Nexus 7 FHD, and will probably work for other Nexus 7 and Nexus 10 tablets. These are not expensive devices, and in theory Ubuntu is trying to keep Ubuntu Touch up to date and working for all of the variants. You'll also want to buy some form of screen protector and either a case or a shell. Sooner or later you will drop it.

Prepare an Ubuntu Machine

The installation instructions provided by Ubuntu are fairly clear. You will need an Ubuntu desktop or server machine that can be connected to the tablet via USB. Install the following tools, after ensuing that the universe archives are enabled:

sudo add-apt-repository ppa:ubuntu-sdk-team/ppa
sudo apt-get update
sudo apt-get install ubuntu-device-flash phablet-tools

This will add the adb and fastboot tools in addition to ubuntu-device-flash, all of which will be needed. The former two are worth reading up on; they are quite useful in general for working with phones and tablets.

Prepare the Nexus 7 Tablet

The installation instructions detail the steps needed to obtain data and back up your device to ensure you can replace the Android OS if so desired. I'll skip that here in favor of forging ahead, but note that you'll have to do more if you want a way back.

1) Firstly enable developer mode. View Settings -> About Tablet, where the Build Number is listed. Tap the Build Number seven times and confirm developer mode in the resulting prompt.

2) Next navigate to Settings -> Developer options and enable USB Debugging.

3) Connect the tablet to your Ubuntu machine, and then confirm the USB debugging prompt.

4) Now that it is connected with USB debugging enabled, you can use the command line in the Ubuntu machine to control the tablet. First reboot it into the bootloader:

adb reboot bootloader

This will take a few moments, and the result will be the screen with a menu and an image of an Android robot on its back with an open panel.

5) Now unlock the device, again from the command line. Accept any dialog that appears on the tablet as you run these commands:

sudo fastboot oem unlock
fastboot reboot

Install Ubuntu Touch

Reboot to the bootloader again, and install Ubuntu Touch from the devel channel. This recipe worked for the 14.04-based Touch in Q4 2015, and remarkably still works for the 16.04-based Touch in Q2 2016. The process will take some time and involve a further restart.

adb reboot bootloader
ubuntu-device-flash touch --channel=ubuntu-touch/devel/ubuntu --bootstrap

Note that most of the rebooting can be done via command line, but it is still useful to know how to power off and boot to the bootloader using the tablet buttons. In the case of the Nexus 7 FHD, after powering off hold down the reduce volume button and then the power on button to boot into the bootloader. The bootloader menu then includes the option to boot to recovery.

What to Do When the Installation Fails

Hopefully the installation will work for you as the Ubuntu developers will have caught up, or the particular tablet you use is fully supported and fixed. As of Q2 2016 the Nexus 7 FHD requires some special handling, however. Installation will fail with errors along the lines of the following in the Ubuntu machine:

error pushing: failed to copy '/home/user/.cache/ubuntuimages/gpg/image-master.tar.xz' to '/cache/recovery/': Is a directory

If this happens, follow the instructions provided by a helpful internet stranger, which include links to patched boot.img and recovery.img for this particular version of the Nexus 7. Note that using patched images without care is a great way to brick your device. These work for this case for the Nexus 7 FHD, however. The portion of the instructions to follow are these:

1) Boot to the bootloader again.

adb reboot bootloader

2) Apply the images:

fastboot flash boot boot.img
fastboot flash recovery recovery.img

3) Reboot the tablet to recovery mode; this can be done from the menu in the bootloader.

4) Install Ubuntu Touch again. After this the tablet should reboot automatically and start spinning the Ubuntu logo. Wait this out, as it may take 5 to 10 minutes.

ubuntu-device-flash touch --channel=ubuntu-touch/devel/ubuntu

5) After this the tablet will reboot and get stuck on the Google logo. Power it off and boot into the bootloader (for a Nexus 7 FHD, hold down the reduce volume button then the power button to do this).

6) Repeat step 2 to reflash the boot and recovery images.

7) Power off and start the device. Ubuntu should start booting.

Set Up For SSH Access

Now that Ubuntu Touch is installed, the next step is to set up SSH access for the local network so that you can disconnect the tablet from the Ubuntu machine and still be able to run commands on it.

1) Start by enabling developer mode under System Settings -> About this Phone -> Developer mode. In order to do this you will have to set a password. This will be the password of the phablet user, which you will need for further steps.

2) While we are here, enable read/write mode. This will be necessary for a variety of tweaks and installations later on. In the Ubuntu machine connected to the tablet, run the following command to reboot the Nexus 7 into read/write mode. Note that this disables automatic updates.

phablet-config writable-image

3) Next enable the ssh service, which is disabled by default. In the Ubuntu machine, run the following to set up the phablet user for SSH key pair login using your keys:

adb shell android-gadget-service enable ssh
adb shell mkdir /home/phablet/.ssh
adb push ~/.ssh/id_rsa.pub /home/phablet/.ssh/authorized_keys
adb shell chown -R phablet.phablet /home/phablet/.ssh
adb shell chmod 700 /home/phablet/.ssh
adb shell chmod 600 /home/phablet/.ssh/authorized_keys

This will start the ssh service and enable it to restart on reboot.

abd shell
sudo service ssh start
sudo android-gadget-service enable ssh

You can now disconnect the tablet from the Ubuntu machine and disable developer mode. Log in via SSH on the local network for further command line usage:

ssh -i ~/.ssh/id_rsa phablet@<ip address>

You can also use SSH as a channel to load files such as ebooks into the tablet, of course, via SCP.

4) Edit /etc/ssh/sshd_config to turn off root login by setting the following property:

PermitRootLogin no

5) Optionally you can further harden things from a security perspective. There is more you can do here with /etc/ssh/sshd_config, but given the lack of disk encryption there are diminishing returns on making SSH absolutely bulletproof. If you want to take this path it may also be useful to lock down the network access via /etc/hosts.deny and /etc/hosts.allow. Use the former to deny everything, and the latter to open up SSH to selected hosts, such as the Ubuntu machine on your local network.

For /etc/hosts.deny:

ALL: PARANOID

For /etc/hosts.allow:

ALL : localhost
# Or whatever the prefix of your local network, or machines might be.
# From the perspective of protection while taking the tablet onto 
# other networks, this is really only useful if your network has a
# less usual IP space
sshd: 172.16.0.

You might also consider setting up a simple firewall such as UFW as another alternative option.

Clear Out the Junk, Lock Down Privacy

1) Remove the useless applications. Long press on each in the UI provides an option to uninstall. This can also be done on the command line via the click command, but via the UI is easier.

2) Toggle off all of the settings for music and video searches. Remove music and video searches from the list of active applications.

3) The Ubuntu browser used in Touch has no adblock support at this time. A stopgap alternative is to add a comprehensive list of tracker hostnames to /etc/hosts. Something like someonewhocares.org/hosts/ is a good start.

Install OpenStore and Beru

OpenStore is an alternative to the Ubuntu store for Ubuntu Touch applications, a way to publish applications with fewer restrictions and more flexibility for the end user. Beru is a no-frills ebook reader packaged for Ubuntu Touch. Install both via the command line on the tablet as follows:

wget http://notyetthere.org/openstore/v1/openstore.mzanetti_0.5_armhf.click
wget https://open.uappexplorer.com/api/download/com.ubuntu.developer.rschroll.beru/com.ubuntu.developer.rschroll.beru_1.1.3_armhf.click
sudo pkcon install-local --allow-untrusted *.click
sudo click register --user=phablet openstore.mzanetti 0.5
sudo click register --user=phablet com.ubuntu.developer.rschroll.beru 1.1.3

You will need to create a directory to hold the ebook files making up Beru's library. The application will prompt you to select one when it runs, but won't create the directory itself. So first run this on the command line; this is the default location Beru suggests.

mkdir /home/phablet/Books

If you have a stack of ebook files of a format supported by Beru, then copy them into this directory via SCP.

Troubleshooting Beru

Beru can get stuck sometimes, if its view of files falls out of sync with what is actually in the filesystem. Typically this will manifest as eternal loading when trying to view the list of ebooks. This can usually be solved by deleting the cache directory for the phablet user, then restarting the tablet:

rm -Rf /home/phablet/.cache

Done! Maybe.

At this point you have a basically functional combined ebook reader, browser, and somewhat general purpose computer with a command line. Ubuntu Touch is a work in progress, but flexible. You can probably get a fair amount of use out of it even at this stage of its development if you are prepared to set read/write mode and give up on the automatic updates in favor of being able to install non-GUI applications via apt-get. Be aware that you can certainly break everything that way.

Security still has a way to go. The tablet is password protected, but the hard storage is not encrypted, so it's certainly not safe for any sort of secret material. There is also more that could be done to shut down functionality that talked to Ubuntu servers, such as the app store. But if you don't care about that, the store is right there, and a fair number of applications are available even now.