| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove the use of a systemd user session to align with how upstream
runs Weston, and to allow using all systemd sandboxing features with
the compositor and homescreen, launcher, etc. applications. The
changes for this touched enough packagegroups and images that further
rework was done to address some of the cleanup described in SPEC-4813,
see below for details.
Changes:
- Remove agl-session and update various recipes that were manually
adding dependencies to the user session it created. The compositor
(be it weston or agl-compositor) and Wayland clients now run in the
system session as non-root users.
- Revive agl-users recipe, this time living in meta-agl-core, with
the purpose of creating the agl-driver user. For simplicity,
agl-compositor is always run as the agl-driver user, as opposed to
trying to wrangle running it as different users depending on build
configuration. This can potentially be made more configurable if a
downstream user has a usecase to be able to specify another user.
- Fully split agl-compositor's systemd unit with a tweaked fork of the
weston-init recipe and unit which lives in meta-agl-core. This will
be easier to maintain than the attempt to reuse weston-init for
builds without meta-app-framework that was done previously.
- Create packagegroup-agl-graphical-compositor, distinct from the
weston packagegroup. This should make it more straightforward for
downstreams that want agl-compositor or weston.
- Rename agl-image-agl-compositor to agl-image-compositor to remove
redundancy.
- Tweak the logic for the inclusion of a few debug packages (e.g.
agl-shell-activator) to ensure they only show up in images when
agl-devel is enabled.
- Split weston-terminal and the required icon resources into separate
packages in our weston bbappend to avoid pulling in weston just to
get the terminal for testing.
- Add a agl-core-image.bbclass to use as a base for images.
- Move our cross-SDK configuration to a agl-crosssdk.bbclass to ease
reuse.
- Remove various empty packagegroups.
- Unify image .inc files with their .bb files as a simplification,
and to move towards more how upstream Yocto Project does things.
- Split pipewire tools into their own -devel packagegroup.
- Remove rcar3 additions to packagegroup-agl-graphical-multimedia, as
that packagegroup is not machine-specific. They will be added back
in via a change in meta-agl-demo. If a downstream user desires a
platform-specific packagegroup for such packages in meta-agl-core,
this can be revisited, though a different implementation should be
used.
- Replace some :append usage with += to avoid creating problems
for downstream users.
Bug-AGL: SPEC-4714, SPEC-4813
Change-Id: I55b29bf749f0d5d50993a362c665bce62b785f67
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28996
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
Previously agl-driver user was part of applaunchd group for D-Bus activation
to work woth the correct access rights. Now that D-Bus activation has been
removed from applaunchd, agl-driver user no longer needs to be in the same
group with applaunchd.
Bug-AGL: SPEC-4801
Change-Id: Ia473b391432d8c797cd38c0841f7fe655dcdb8e6
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28930
Reviewed-by: Scott Murray <scott.murray@konsulko.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
|
|
Since applaunchd needs to start/stop systemd units, the user is granted
elevated systemd unit-management permissions via PolKit policy. If applaunchd
and all the apps run under the same agl-driver user, all the apps have these
elevated systemd permissions too. Separating them into different users allows
removing elevated systemd unit-management permission from individual apps, but
leaving such permission for applaunchd, which enhances overall security of
the system.
- add new applaunchd user and group
- switch applaunchd (gRPC) service to be started under new user
- since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API,
applaunchd-dbus gets activated by agl-session and runs under agl-driver
- temporarily add agl-driver user into the applaunchd group and switch
PolKit policy to check for applaunchd group, instead of the user
- once D-Bus API is completely deprecated, agl-driver user can be removed
from applaunchd group
Bug-AGL: SPEC-4579
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
- Update agl-session recipe to add agl-driver to pipewire
group
- Apps in the new framework can access pipewire services
if agl-driver is a part of pipewire group.
Bug-AGL: SPEC-4210
Signed-off-by: Ashok Sidipotu <ashok.sidipotu@collabora.com>
Change-Id: Iba3856006b36c0182aaa0e36e8e98f85d9c49af3
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27100
Reviewed-by: Georgios Kiagiadakis <george.kiagiadakis@collabora.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
|
|
Tweak agl-driver user definition in agl-session recipe to ensure
it is a member of the video and display groups (the latter has
been added back to the static group file). This is required to
avoid agl-compositor startup failures on rcar3. The display
group membership potentially could be dropped if we were to
bbappend rcar3's gles-user-module recipe to tweak its udev rules.
For now, take the most straightforward approach.
Bug-AGL: SPEC-4161
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I7237ade5d8680655f17716ac048349a476eb5f29
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27060
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
|
|
Add installation of a systemd user-environment-generator scriptlet
to the agl-session recipe to ensure that XDG_DATA_DIRS is set to a
reasonable default value. This is required for locating D-Bus
activation .service files and icons.
Bug-AGL: SPEC-4182
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I5d1a72022ca97f25a915b64205bf70ab33516ec6
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27048
Reviewed-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
For the new App FW, we want to create a systemd user session, to be
started on boot, which will be used to start the compositor and all user
background services.
This commit adds the corresponding target and service file (enabled by
default) so the session is started on boot.
Bug-AGL: SPEC-4161
Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
Change-Id: I51ca7e0c1a994c6798b20b2592bec56a07f41c98
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26974
ci-image-build: Jenkins Job builder account
Tested-by: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
Scott Murray
Denys Dmytriyenko
Ashok Sidipotu
Arnaud Ferraris