aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDenys Dmytriyenko <denys@konsulko.com>2022-07-05 19:11:37 +0000
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2022-07-13 15:26:46 +0000
commit2c5377c107dde03951f3ed4dc541246fba019695 (patch)
tree74fe3d03122d66ba7931162484025a16db326cad
parent9ee284eb961ca51d8dc1f2822b2bf30de9d940da (diff)
applaunchd: update and install agl-app@ template and sandboxing configs
The new applaunchd adds systemd_manager that allows launching apps as systemd services in a sandboxed environment. And dbus_activation_manager is deprecated. * Update SRCREV for the new code * Bump version to indicate a major change * Install supporting config files * Add build dependency on systemd * Add runtime dependency on polkit rule to manage agl-app@ services Bug-AGL: SPEC-4466 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Change-Id: I01b0247d18be8d97b4ea2866d161cffbda8f9155 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27752 Reviewed-by: Marius Vlad <marius.vlad@collabora.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Reviewed-by: Scott Murray <scott.murray@konsulko.com> Tested-by: Jenkins Job builder account
-rw-r--r--meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service8
-rw-r--r--meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf2
-rw-r--r--meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf2
-rw-r--r--meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb26
4 files changed, 33 insertions, 5 deletions
diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service
new file mode 100644
index 000000000..c8361fa0a
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Sandboxed %I
+
+[Service]
+Type=simple
+User=agl-driver
+ExecStart=%i
+Environment=XDG_RUNTIME_DIR=/run/user/1001/
diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf
new file mode 100644
index 000000000..c7c4f8a31
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf
@@ -0,0 +1,2 @@
+[Service]
+PrivateNetwork=true
diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf
new file mode 100644
index 000000000..0bdba7c99
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf
@@ -0,0 +1,2 @@
+[Service]
+PrivateTmp=yes
diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
index 2457b67d1..5c2036a78 100644
--- a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
@@ -8,21 +8,37 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ae6497158920d9524cf208c09cc4c984"
DEPENDS = " \
glib-2.0 \
glib-2.0-native \
+ systemd \
"
-PV = "1.0+git${SRCPV}"
+PV = "2.0+git${SRCPV}"
SRC_URI = " \
- git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH} \
- "
-SRCREV = "c84836ec5ddaf2d0e91c46713475c35652bb540f"
+ git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH} \
+ file://agl-app@.service \
+ file://no-network.conf \
+ file://private-tmp.conf \
+"
+SRCREV = "efbd734aca8b813710d7564d79696b1cf150a88c"
-S = "${WORKDIR}/git"
+S = "${WORKDIR}/git"
inherit meson pkgconfig
+do_install:append() {
+ # Install generic template for all agl-app services
+ mkdir -p ${D}${sysconfdir}/systemd/system/
+ install -m 644 ${WORKDIR}/agl-app@.service ${D}${sysconfdir}/systemd/system/
+
+ # Install individual sandboxing overrides/drop-ins to be used by apps
+ mkdir -p ${D}${sysconfdir}/systemd/sandboxing/
+ install -m 644 ${WORKDIR}/no-network.conf ${D}${sysconfdir}/systemd/sandboxing/
+ install -m 644 ${WORKDIR}/private-tmp.conf ${D}${sysconfdir}/systemd/sandboxing/
+}
+
FILES:${PN} += " ${datadir}/dbus-1/"
RDEPENDS:${PN} += " \
agl-session \
+ polkit-rule-agl-app \
"