summaryrefslogtreecommitdiffstats
path: root/meta-agl-core/files/group
AgeCommit message (Collapse)AuthorFilesLines
2023-04-28files/group: add sgx group with static ID for new systemdDenys Dmytriyenko1-0/+1
Yocto Project 4.0.9 now comes with systemd v250, which uses sgx group: https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=3fd47697df858d4093d9cb4c6a378fc07aa4d064 Note: here sgx is not related to Imagination PowerVR GPU, but rather means Intel Software Guard Extensions: https://en.wikipedia.org/wiki/Software_Guard_Extensions Bug-AGL: SPEC-4768 Change-Id: I3f8656b5e859f1126388f52d9f8b54bfac0734a7 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28720 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-01-07files/group: add render group with static ID for new systemdDenys Dmytriyenko1-0/+1
Yocto Project 4.0.6 now comes with systemd v236, which uses render group: https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=f902338f312cf5c55b2857e5c7e980cb11a26a9c https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ba1db7f9189526b02e3d75d375ece53953c2e942 Bug-AGL: SPEC-4668 Change-Id: I473644f4b9e57663f036b43a48a8319e4d664d65 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28369 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-11-21Enable qemu and kvm user and groupJan-Simon Moeller1-0/+2
This supports the meta-virtualization layer. Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I919f9669c0c9aff83d6f0b961d892eb6077902a6 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28055 Tested-by: Jenkins Job builder account
2022-10-08meta-app-framework: applaunchd: run under a separate userDenys Dmytriyenko1-0/+1
Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system. - add new applaunchd user and group - switch applaunchd (gRPC) service to be started under new user - since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API, applaunchd-dbus gets activated by agl-session and runs under agl-driver - temporarily add agl-driver user into the applaunchd group and switch PolKit policy to check for applaunchd group, instead of the user - once D-Bus API is completely deprecated, agl-driver user can be removed from applaunchd group Bug-AGL: SPEC-4579 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-05-30meta-agl-core: add kuksa user and groupScott Murray1-0/+1
Add a kuksa user and group to the static passwd and group files to facilitate running the KUKSA.val Vehicle Information Service (VIS) server as non-root and control access to some of its configuration files. Bug-AGL: SPEC-4405 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I199d79df42a6e5ea032ccfa084a1d38625b508f0 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27557 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit 9363f1c67fe97a0c47cf44985ce0fb7f879bf7ac) Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27538
2021-12-22meta-app-framework: tweak agl-driver definitionScott Murray1-0/+1
Tweak agl-driver user definition in agl-session recipe to ensure it is a member of the video and display groups (the latter has been added back to the static group file). This is required to avoid agl-compositor startup failures on rcar3. The display group membership potentially could be dropped if we were to bbappend rcar3's gles-user-module recipe to tweak its udev rules. For now, take the most straightforward approach. Bug-AGL: SPEC-4161 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I7237ade5d8680655f17716ac048349a476eb5f29 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27060 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account
2021-11-04meta-agl-core: Update weston/agl-compositor initScott Murray1-1/+2
Changes/rework to get weston and agl-compositor starting again: - Since an upgrade to a newer Yocto release is in the near future, update weston-init and associated files to effectively backport the new weston startup behavior added in 3.3/Hardknott as our new base. The changes mean weston or agl-compositor will by default start as a "weston" user that replaces the "display" user that had been added previously in AGL. The goal is that any new work done on top of this base should hopefully work on 3.5/Kirkstone without further substantial rework. - Add new agl-compositor-init recipe that replaces the previous weston-init bbappend in meta-agl-demo. Having it as a separate recipe in core so weston or agl-compositor "just work" in simple test images seems like a better approach. - As part of the above, drop the --log option to agl-compositor in its command-line to address SPEC-4112. - Add SYSTEMD_DEFAULT_TARGET definition to agl-image-weston and in a new core-image-weston bbappend to result in agl-compositor and weston starting automatically in the corresponding images. This is required with the new weston-init behavior until we upgrade past 3.3/Hardknott, when "weston" in IMAGE_FEATURES can be used instead. Bug-AGL: SPEC-4121, SPEC-4112 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia64894416846569abf8e744006ef26637279a895 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26782 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-04-26meta-pipewire: update to pipewire 0.3.25 and wireplumber masterGeorge Kiagiadakis1-0/+1
Bug-AGL: SPEC-3844 Change-Id: Ie32bfa43bf078c7d218d3150dc616501b8848bd0 Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26094 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2020-12-17SPEC-3723: restructure meta-aglJan-Simon Moeller1-0/+92
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769