af-main: Handle users from the system scope

To simplify the management of users while keeping
systemd as launcher, this evolution anchors the
framework in the system level.

This also introduce a new version of afm-system-daemon
that is 100% a binding of the binder and that
consequently offers natively a websocket API.

Change-Id: I1bbb48d0c01d0f6fd3c8dfca90febbe8147cf204
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/12139
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>

8 files changed, 37 insertions, 128 deletions

diff --git a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
index 44a4fd36a..22f52c4ec 100644
--- a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
+++ b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
@@ -8,18 +8,14 @@ inherit agl-graphical
 SRC_URI += " \
     file://user-config.service \
     file://user-config.path \
-    file://agl-user-session.pamd \
-    file://agl-user-session@.service \
 "
 
 LOGIN_USER ??="1001 1002"
 
-do_install_append() {
+RDEPENDS_${PN} += "af-main"
 
-    install -d ${D}${sysconfdir}/pam.d/
-    install -m 0644 ${WORKDIR}/agl-user-session.pamd ${D}${sysconfdir}/pam.d/agl-user-session
+do_install_append() {
 
-    install -d ${D}${systemd_user_unitdir}
     install -d ${D}${systemd_user_unitdir}/default.target.wants
     install -m 0644 ${WORKDIR}/user-config.service ${D}${systemd_user_unitdir}
     install -m 0644 ${WORKDIR}/user-config.path ${D}${systemd_user_unitdir}
@@ -29,19 +25,13 @@ do_install_append() {
     sed -e 's,@DISPLAY_XDG_RUNTIME_DIR@,${DISPLAY_XDG_RUNTIME_DIR},g' \
         -i ${D}${systemd_user_unitdir}/user-config.path
 
-    ln -sf ${systemd_user_unitdir}/user-config.path ${D}${systemd_user_unitdir}/default.target.wants
+    ln -s ../user-config.path ${D}${systemd_user_unitdir}/default.target.wants/user-config.path
 
-    install -d ${D}${systemd_unitdir}/system/
-    install -d ${D}${systemd_unitdir}/system/multi-user.target.wants/
-    install -m 0644 ${WORKDIR}/agl-user-session@.service ${D}${systemd_unitdir}/system/
+    install -d ${D}${systemd_system_unitdir}/multi-user.target.wants/
 
     for AGL_USER in ${LOGIN_USER};do
-        ln -sf ${systemd_system_unitdir}/agl-user-session@.service ${D}${systemd_unitdir}/system/multi-user.target.wants/agl-user-session@${AGL_USER}.service;
+        ln -s ../afm-user-session@.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-user-session@${AGL_USER}.service
     done
 }
 
-FILES_${PN} += "${sysconfdir}/pam.d/agl-user-session"
-FILES_${PN} += "${systemd_user_unitdir}/*"
-FILES_${PN} += "${libdir}/systemd/user/default.target.wants/*"
-FILES_${PN} += "${systemd_unitdir}/system/agl-user-session@.service"
-FILES_${PN} += "${systemd_unitdir}/system/multi-user.target.wants/*"
+FILES_${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir}"
diff --git a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd b/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd
deleted file mode 100644
index 462c3648b..000000000
--- a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd
+++ /dev/null
@@ -1,3 +0,0 @@
-account  include common-account
-session  required pam_loginuid.so
-session  include common-session
diff --git a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service b/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service
deleted file mode 100644
index b128a40c8..000000000
--- a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service
+++ /dev/null
@@ -1,18 +0,0 @@
-#  This file is part of systemd.
-#
-#  systemd is free software; you can redistribute it and/or modify it
-#  under the terms of the GNU Lesser General Public License as published by
-#  the Free Software Foundation; either version 2.1 of the License, or
-#  (at your option) any later version.
-
-[Unit]
-Description=User Manager for UID %i
-After=systemd-user-sessions.service
-
-[Service]
-User=%i
-PAMName=agl-user-session
-ExecStart=-/bin/sleep 2147483648
-KillMode=mixed
-Delegate=yes
-TasksMax=infinity
diff --git a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts
index 87ec0e13b..1d1a5a059 100755
--- a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts
+++ b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts
@@ -40,6 +40,7 @@ exec_postinst_scriptlets() {
 
 remove_agl_pi_dir=1
 exec_postinst_scriptlets
+systemctl daemon-reload
 
 # since all postinstalls executed successfully, remove the postinstalls directory
 if [ $remove_agl_pi_dir = 1 ]; then
diff --git a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
index 44e8bce1e..14a26fbe2 100644
--- a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
+++ b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch
@@ -11,10 +11,10 @@ Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa
  conf/afm-user-daemon.conf | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/conf/afm-user-daemon.conf b/conf/afm-user-daemon.conf
+diff --git a/conf/user/afm-user-daemon.conf b/conf/user/afm-user-daemon.conf
 index 801c7ae..98a3152 100644
---- a/conf/afm-user-daemon.conf
-+++ b/conf/afm-user-daemon.conf
+--- a/conf/user/afm-user-daemon.conf
++++ b/conf/user/afm-user-daemon.conf
 @@ -25,7 +25,7 @@
          </policy>
  
diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install
deleted file mode 100755
index 83744ebae..000000000
--- a/meta-app-framework/recipes-core/af-main/af-main/afm-install
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-
-pretty() {
-	sed \
-		-e '/^method return .*/d' \
-		-e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \
-		-e 's/^   string "\(.*\)"/\1/' \
-		-e 's/},/&\n/'
-}
-
-send() {
-	dbus-send --system --print-reply \
-		--dest=org.AGL.afm.system \
-		/org/AGL/afm/system \
-		org.AGL.afm.system.$1 \
-		"string:$2" |
-	pretty
-	return ${PIPESTATUS[0]}
-}
-
-case "$1" in
-
-  add|install)
-    f=$(realpath $2)
-    send install '{"wgt":"'"$f"'","force":true,"reload":false}'
-    ;;
-
-  -h|--help|help)
-    cat << EOC
-
-The commands are:
-
-  add wgt
-  install wgt    install the wgt file
-
-EOC
-    ;;
-
-  *)
-    echo "unknown command $1" >&2
-    exit 1
-    ;;
-esac
-
-
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
index 52a8fe29d..9da5d088e 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb
@@ -1,7 +1,6 @@
 require af-main_${PV}.inc 
 
 # NOTE: using libcap-native and setcap in install doesn't work
-# NOTE: there is no SYSTEMD_USER_SERVICE_...
 # NOTE: maybe setting afm_name to agl-framework is cleaner but has implications
 # NOTE: there is a hack of security for using groups and dbus (to be checked)
 # NOTE: using ZIP programs creates directories with mode 777 (very bad)
@@ -13,6 +12,7 @@ SECTION = "base"
 
 DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager af-binder"
 DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c"
+RDEPENDS_${PN}_class-target += "af-binder-tools"
 
 PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native libcap-native"
 
@@ -43,9 +43,6 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}"
 GROUPADD_PARAM_${PN} = "-r ${afm_name}"
 
-SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service"
-SYSTEMD_AUTO_ENABLE = "enable"
-
 FILES_${PN} += "\
 	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \
 "
@@ -57,27 +54,24 @@ SRC_URI += "\
 	file://Hack-to-allow-the-debugging.patch \
 "
 
-# tools used to install wgt at first boot
-SRC_URI += "\
-	file://afm-install \
-"
-
 do_install_append_class-target() {
     install -d ${D}${bindir}
     install -d -m 0775 ${D}${systemd_units_root}/system
+    install -d -m 0775 "${D}${systemd_units_root}/system/afm-user-session@.target.wants"
     install -d -m 0775 ${D}${systemd_units_root}/user
-    install -d -m 0775 ${D}${systemd_units_root}/system/default.target.wants
     install -d -m 0775 ${D}${systemd_units_root}/user/default.target.wants
-    install -d -m 0775 ${D}${systemd_units_root}/system/sockets.target.wants
     install -d -m 0775 ${D}${systemd_units_root}/user/sockets.target.wants
     install -d ${D}${afm_datadir}/applications
     install -d ${D}${afm_datadir}/icons
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants
-        mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants
-        ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants
+        install -d -m 0755 ${D}${systemd_user_unitdir}/default.target.wants
+        ln -s ../afm-user-daemon.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-daemon.service
+        install -d -m 0755 ${D}${systemd_system_unitdir}/default.target.wants
+        install -d -m 0755 ${D}${systemd_system_unitdir}/sockets.target.wants
+        ln -sf ../afm-system-daemon.service ${D}${systemd_system_unitdir}/default.target.wants/afm-system-daemon.service
+        ln -sf ../afm-system-daemon.socket ${D}${systemd_system_unitdir}/sockets.target.wants/afm-system-daemon.socket
+        ln -s ../afm-user-session@.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-session@0.service
     fi
-    install -m 0755 ${WORKDIR}/afm-install ${D}${bindir}
     echo "QT_WAYLAND_SHELL_INTEGRATION=ivi-shell" > ${D}${afm_confdir}/unit.env.d/qt-for-ivi-shell
 }
 
@@ -87,34 +81,28 @@ do_install_append_porter() {
 
 pkg_postinst_${PN}() {
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        for SYS in "system" "user";do
-           for DEST in "sockets.target.wants" "default.target.wants" ".";do
-              chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST};
-           done
-        done
+        chgrp ${afm_name} $D${systemd_units_root}/system
+        chgrp ${afm_name} $D${systemd_units_root}/system/afm-user-session@.target.wants
+        chgrp ${afm_name} $D${systemd_units_root}/user/default.target.wants
+        chgrp ${afm_name} $D${systemd_units_root}/user/sockets.target.wants
     fi
-    for DEST in "applications" "icons" ".";do
-        chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST};
-    done
-    setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+    chown ${afm_name}:${afm_name} $D${afm_datadir}
+    chown ${afm_name}:${afm_name} $D${afm_datadir}/applications
+    chown ${afm_name}:${afm_name} $D${afm_datadir}/icons
 }
 
-pkg_postinst_${PN}_smack() {
+pkg_postinst_${PN}_append_smack() {
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        for SYS in "system" "user";do
-           for DEST in "sockets.target.wants" "default.target.wants" ".";do
-              chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST};
-              chsmack -a 'System::Shared' -t $D${systemd_units_root}/${SYS}/${DEST};
-           done
-        done
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/default.target.wants
+        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/sockets.target.wants
     fi
-    for DEST in "applications" "icons" ".";do
-        chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST};
-        chsmack -a 'System::Shared' -t $D${afm_datadir}/${DEST};
-    done
-    setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon
+    chsmack -a 'System::Shared' -t $D${afm_datadir}
+    chsmack -a 'System::Shared' -t $D${afm_datadir}/applications
+    chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
 }
-FILES_${PN} += " ${systemd_units_root} "
+FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
 
 PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
 FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
index 472bb55f1..13736aee3 100644
--- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
+++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc
@@ -8,13 +8,9 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
-SRC_URI_files = ""
-SRC_URI = "${SRC_URI_git} \
-           ${SRC_URI_files} \
-          "
+SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}"
 
-SRCREV = "2bbe66dda7fadf2d08a57e2b0e0fa8841a118c81"
+SRCREV = "1bec325ee85192eba57673750b9e4a77a1a970c8"
 PV = "${AGL_BRANCH}+git${SRCPV}"
 
 S = "${WORKDIR}/git"