summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core/applaunchd
AgeCommit message (Collapse)AuthorFilesLines
2022-10-08meta-app-framework: applaunchd: run under a separate userDenys Dmytriyenko1-1/+1
Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system. - add new applaunchd user and group - switch applaunchd (gRPC) service to be started under new user - since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API, applaunchd-dbus gets activated by agl-session and runs under agl-driver - temporarily add agl-driver user into the applaunchd group and switch PolKit policy to check for applaunchd group, instead of the user - once D-Bus API is completely deprecated, agl-driver user can be removed from applaunchd group Bug-AGL: SPEC-4579 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-09-21meta-app-framework: applaunchd: update for gRPC additionScott Murray2-2/+21
Changes to facilitate building gRPC enabled versionm of applaunchd: - Bump SRCREV to pick up gRPC changes - Add required protobuf and gRPC dependencies to DEPENDS - Add new systemd unit for standalone gRPC API daemon Bug-AGL: SPEC-4559 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I21778f27b2eabd952e983b4571de05ad5d6c5af2 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27984 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-08-04meta-app-framework: update Flutter app templateScott Murray1-1/+1
Update systemd template unit for Flutter based applications for the embedder binary rename (to flutter-auto) and a required rename of the application id command-line option (to --xdg-shell-app-id). Bug-AGL: SPEC-4485 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Icb03775f379929a852d3b270d52b3e88277aa3cc Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27862 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> ci-image-boot-test: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-07-29meta-app-framework: add Flutter app templateScott Murray2-1/+15
Add a systemd template unit for Flutter based applications to the applaunchd recipe. Bug-AGL: SPEC-4466 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia7cb24d27beebf7c7e4bcfb7a256bd45ffa432ce Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27838 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> ci-image-boot-test: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-07-29meta-app-framework: Update app template schemeScott Murray3-9/+31
Changes to support the move to systemd unit based app enumeration in applaunchd: - Bump applaunchd SRCREV to pick up enumeration changes. - Tweak the polkit rule to match agl-app* instead of agl-app@* to allow more flexibility with respect to different app templates. - Tweak the Description field definition in the agl-app service template to just use the instance name, as that field is now used for the application display name by applaunchd. - Add a agl-app-web service template for web apps. - Add a agl-app.bbclass for use in application recipes to simplify installation of the now required systemd template instances and potential generation of override files to tweak application configuration. - Split the agl-app and agl-app-web templates into their own packages in the applaunchd recipe so they can be depended on by applications as required. - Move applaunchd installed systemd units and override files to /lib/systemd/system since that matches the upstream recommendation for units installed as part of the system installation. Bug-AGL: SPEC-4466 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I32ff6c9624850662856b79a2b14b33a05e7f9a65 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27835 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jose Dapena Paz <jdapena@igalia.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2022-07-13applaunchd: update and install agl-app@ template and sandboxing configsDenys Dmytriyenko4-5/+33
The new applaunchd adds systemd_manager that allows launching apps as systemd services in a sandboxed environment. And dbus_activation_manager is deprecated. * Update SRCREV for the new code * Bump version to indicate a major change * Install supporting config files * Add build dependency on systemd * Add runtime dependency on polkit rule to manage agl-app@ services Bug-AGL: SPEC-4466 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Change-Id: I01b0247d18be8d97b4ea2866d161cffbda8f9155 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27752 Reviewed-by: Marius Vlad <marius.vlad@collabora.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Reviewed-by: Scott Murray <scott.murray@konsulko.com> Tested-by: Jenkins Job builder account
2022-06-29Remove use of AGL_APP_REVISIONJan-Simon Moeller1-1/+1
We did use the variable AGL_APP_REVISION to change between the HEAD of the branch via to the fixed tag at release time (regs/tags/xyz) . While this worked well previously, it turns out that bitbake will query git every time it runs for either or tags likewise. For tags it cannot trust whatever is known locally is actually the latest tags as there can be force pushed tags. To fix this we use a well-defined SRCREV for apps/* in the same way as we do it for src/* . Bug-AGL: SPEC-4455 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Change-Id: I54bad2ef6c8b171b1ae1270b4adb951fb180b260 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27693 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account
2022-05-26applaunchd: Correct "HOMEPAGE" in applaunchd_git.bbduerpei1-1/+1
The originally link in homepage cannot be opened when copied to the browser. Replace it with link that can be opened Bug-AGL: SPEC-4368 Signed-off-by: duerpei <duep.fnst@fujitsu.com> Change-Id: I33fccf7711527a657b6b4a0170c85a6f4b6d3767 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27500 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-12-17meta-app-framework: recipes-core: add applaunchd recipeArnaud Ferraris1-0/+28
Bug-AGL: SPEC-4160 Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com> Change-Id: I7b2d5e660625091d665727d48a45eb1b7958904e Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27015 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>