From 1ac5c704bb4b7fd72d9e382ccf23f4d186da0f86 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 23 Jun 2016 16:00:59 +0000 Subject: add layer meta-app-framework meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main_1.0.bb | 95 ++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 meta-app-framework/recipes-core/af-main/af-main_1.0.bb (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb new file mode 100644 index 000000000..a29b071ac --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -0,0 +1,95 @@ +# NOTE: using libcap-native and setcap in install doesn't work +# NOTE: there is no SYSTEMD_USER_SERVICE_... +# NOTE: maybe setting afm_name to agl-framework is cleaner but has implications +# NOTE: there is a hack of security for using groups and dbus (to be checked) +# NOTE: using ZIP programs creates directories with mode 777 (very bad) + +inherit cmake pkgconfig useradd systemd + +SUMMARY = "AGL Framework Main part" +DESCRIPTION = "\ +This is a core framework component for managing \ +applications, widgets, and components. \ +" + +HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=1.0" +SRC_URI_files = "" +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " + +SRCREV = "d0fdae3af6998efdce4c6ba0c5d650898c9c5b27" + +SECTION = "base" + +S = "${WORKDIR}/git" + +DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" + +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "${datadir}/${afm_name}" +afb_plugin_dir = "${libdir}/afb" + +EXTRA_OECMAKE = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=0 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ + -DUNITDIR_USER=${systemd_user_unitdir} \ + -DUNITDIR_SYSTEM=${systemd_system_unitdir} \ +" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}" +GROUPADD_PARAM_${PN} = "-r ${afm_name}" + +SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" +SYSTEMD_AUTO_ENABLE = "enable" + +FILES_${PN} += "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ +" + +RDEPENDS_${PN}_append_smack = " smack-userspace" +DEPENDS_append_smack = " smack-userspace-native" + +# short hack here +SRC_URI += " file://Hack-to-allow-the-debugging.patch" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants + ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + fi +} + +pkg_postinst_${PN}() { + mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon +} + +pkg_postinst_${PN}_smack() { + mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon +} + +PACKAGES =+ "${PN}-afbplugin ${PN}-afbplugin-dbg" +FILES_${PN}-afbplugin = " ${afb_plugin_dir}/afm-main-plugin.so " +FILES_${PN}-afbplugin-dbg = " ${afb_plugin_dir}/.debug/afm-main-plugin.so " + +PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" +FILES_${PN}-tools = "${bindir}/wgtpkg-*" +FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" + +BBCLASSEXTEND = "native nativesdk" + -- cgit 1.2.3-korg From 511a65caab4172a1071b7814ebb1ea8d79a1108a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 24 Jun 2016 11:01:25 +0200 Subject: upgrade to new namings and bug fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: If7481696d130859e87f3110af2d0c5dde25615d6 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-core/af-binder/af-binder_1.0.bb | 18 +++++++++--------- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 10 +++++----- .../recipes-example/afb-client/afb-client_1.0.bb | 4 ++-- .../recipes-example/afm-client/afm-client_1.0.bb | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 4fcff66e7..3e4a8c6dc 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -1,6 +1,6 @@ SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support" DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \ -interface to various automotive-oriented plugins (sound, radio...), \ +interface to various automotive-oriented bindings (sound, radio...), \ allowing HTML5 UIs to send platform-specific requests in a secure way." HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder" @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "897aa6a130eab1eb716fcc13e650fb5833a7ce32" +SRCREV = "7059e59cddc1c81321639875636e88895bc14309" S = "${WORKDIR}/git" inherit cmake pkgconfig @@ -30,21 +30,21 @@ PACKAGES += "${PN}-meta" ALLOW_EMPTY_${PN}-meta = "1" ############################################# -# setup sample plugin packages +# setup sample binding packages ############################################# -PACKAGES_DYNAMIC = "${PN}-plugin-*" +PACKAGES_DYNAMIC = "${PN}-binding-*" python populate_packages_prepend () { afb_libdir = d.expand('${libdir}/afb') - postinst = d.getVar('plugin_postinst', True) + postinst = d.getVar('binding_postinst', True) pkgs = [] pkgs_dbg = [] - pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) metapkg = d.getVar('PN', True) + '-meta' d.setVar('RDEPENDS_' + metapkg, ' '.join(pkgs)) diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index a29b071ac..dc030e25a 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -22,7 +22,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "d0fdae3af6998efdce4c6ba0c5d650898c9c5b27" +SRCREV = "8753c48ed498805cec5fbc6096cd6fae3afa0da9" SECTION = "base" @@ -33,7 +33,7 @@ DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" afm_datadir = "${datadir}/${afm_name}" -afb_plugin_dir = "${libdir}/afb" +afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ @@ -83,9 +83,9 @@ pkg_postinst_${PN}_smack() { setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon } -PACKAGES =+ "${PN}-afbplugin ${PN}-afbplugin-dbg" -FILES_${PN}-afbplugin = " ${afb_plugin_dir}/afm-main-plugin.so " -FILES_${PN}-afbplugin-dbg = " ${afb_plugin_dir}/.debug/afm-main-plugin.so " +PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" +FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " +FILES_${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so " PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-*" diff --git a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb index 54a8216c4..6201cf485 100644 --- a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb +++ b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb @@ -1,13 +1,13 @@ SUMMARY = "HTML5 demo template for AFB" DESCRIPTION = "afb-client is a sample AngularJS/HTML5 application using \ -Application Framework Binder with token plugin." +Application Framework Binder with token binding." HOMEPAGE = "http://www.iot.bzh" LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" -RDEPENDS_${PN} = "af-binder af-binder-plugin-authlogin" +RDEPENDS_${PN} = "af-binder af-binder-binding-authlogin" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" SRC_URI_files = "file://afb-client \ diff --git a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb index b624b6bab..78f525abe 100644 --- a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb +++ b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb @@ -10,7 +10,7 @@ LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" -RDEPENDS_${PN} = "af-main af-binder af-main-afbplugin af-binder-plugin-demopost af-binder-plugin-authlogin" +RDEPENDS_${PN} = "af-main af-binder af-main-binding af-binder-binding-demopost af-binder-binding-authlogin" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" SRC_URI_files = "file://afm-client \ -- cgit 1.2.3-korg From 97fbb5fae2c06b779576c7c9c3c0e1956e402994 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Tue, 5 Jul 2016 16:04:51 +0000 Subject: meta-app-framework: build master branch Change-Id: I3ce83d0a5cd018d4b77492e4237fc4d297ee312f Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 4 ++-- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 4 ++-- meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb | 2 +- meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 3e4a8c6dc..a8ede9c0a 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -10,13 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" DEPENDS = "file json-c libmicrohttpd systemd util-linux" DEPENDS += "alsa-lib glib-2.0 gssdp gupnp gupnp-av pulseaudio" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=master" SRC_URI_files = "" SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "7059e59cddc1c81321639875636e88895bc14309" +SRCREV = "836b3c0b74accc5494d7877a22b4a45b5450b6f3" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index dc030e25a..5bcfdf9d5 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -16,13 +16,13 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" SRC_URI_files = "" SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "8753c48ed498805cec5fbc6096cd6fae3afa0da9" +SRCREV = "81df68c04dc5e32d5d6d06bc20a7030afdf45f59" SECTION = "base" diff --git a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb index 6201cf485..21605d20b 100644 --- a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb +++ b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" RDEPENDS_${PN} = "af-binder af-binder-binding-authlogin" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=master" SRC_URI_files = "file://afb-client \ " SRC_URI = "${SRC_URI_git} \ diff --git a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb index 78f525abe..4cd80db64 100644 --- a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb +++ b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" RDEPENDS_${PN} = "af-main af-binder af-main-binding af-binder-binding-demopost af-binder-binding-authlogin" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=master" SRC_URI_files = "file://afm-client \ file://afm-client.service \ " -- cgit 1.2.3-korg From 491d35dab07f14229b6d63477fb439fa39f2c869 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Fri, 8 Jul 2016 15:08:25 +0000 Subject: meta-app-framework: add af-main-tools and dependencies in nativesdk-packagegroup-sdk-host This is required to install app framework sdk tools. Change-Id: Iad407420fa734c063926d1883c288af387155668 Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main_1.0.bb | 25 +++------------------- .../recipes-core/af-main/af-main_1.0.inc | 20 +++++++++++++++++ .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 25 ++++++++++++++++++++++ .../nativesdk-packagegroup-sdk-host.bbappend | 2 ++ .../recipes-support/xmlsec1/xmlsec1_1.%.bbappend | 2 ++ 5 files changed, 52 insertions(+), 22 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main_1.0.inc create mode 100644 meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb create mode 100644 meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 5bcfdf9d5..75cdcc3ef 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -1,3 +1,5 @@ +require af-main_${PV}.inc + # NOTE: using libcap-native and setcap in install doesn't work # NOTE: there is no SYSTEMD_USER_SERVICE_... # NOTE: maybe setting afm_name to agl-framework is cleaner but has implications @@ -6,28 +8,8 @@ inherit cmake pkgconfig useradd systemd -SUMMARY = "AGL Framework Main part" -DESCRIPTION = "\ -This is a core framework component for managing \ -applications, widgets, and components. \ -" - -HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" -SRC_URI_files = "" -SRC_URI = "${SRC_URI_git} \ - ${SRC_URI_files} \ - " - -SRCREV = "81df68c04dc5e32d5d6d06bc20a7030afdf45f59" - SECTION = "base" -S = "${WORKDIR}/git" - DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" afm_name = "afm" @@ -38,6 +20,7 @@ afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=0 \ + -DUSE_SDK=0 \ -Dafm_name=${afm_name} \ -Dafm_confdir=${afm_confdir} \ -Dafm_datadir=${afm_datadir} \ @@ -91,5 +74,3 @@ PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-*" FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" -BBCLASSEXTEND = "native nativesdk" - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc new file mode 100644 index 000000000..6880754ac --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -0,0 +1,20 @@ +SUMMARY = "AGL Framework Main part" +DESCRIPTION = "\ +This is a core framework component for managing \ +applications, widgets, and components. \ +" + +HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" +SRC_URI_files = "" +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " + +SRCREV = "0257e4d58a25d328a971423d5fe5289d9985d046" + +S = "${WORKDIR}/git" + diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb new file mode 100644 index 000000000..426e99911 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -0,0 +1,25 @@ +require af-main_${PV}.inc + +inherit nativesdk cmake pkgconfig + +SECTION = "base" + +DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip" + +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "${datadir}/${afm_name}" + +EXTRA_OECMAKE = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=1 \ + -DUSE_SDK=1 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ +" + +PACKAGES = "${PN}-tools ${PN}-tools-dbg" +FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*" +FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" + diff --git a/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend new file mode 100644 index 000000000..ca0b54f73 --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend @@ -0,0 +1,2 @@ +RDEPENDS_${PN} =+ "nativesdk-af-main-tools" + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend index 539a88f1e..8f1972f07 100644 --- a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend @@ -2,3 +2,5 @@ FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" SRC_URI += "file://Only-require-libxslt-in-.pc-files-when-necessary.patch" DEPENDS += "libxml2" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg From e991cf3a068e936f4a49a9dd4973c52a64bc4ac2 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 14 Oct 2016 13:25:07 +0200 Subject: FWK: Adaptations for jethro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. It also includes evolutions of the security model to be synchronized with the deletion of 'User'. The recommended version to use now is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285. Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main_1.0.bb | 20 +++++++-- .../recipes-core/af-main/af-main_1.0.inc | 2 +- .../security-manager/0001-Adapt-rules-to-AGL.patch | 50 ++++++++++++++++++++++ .../security-manager/security-manager_%.bbappend | 4 ++ 4 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 75cdcc3ef..d8d7af46f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -52,18 +52,30 @@ do_install_append() { fi } +do_install_append_smack () { + install -d ${D}/${sysconfdir}/smack/accesses.d + cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < +Date: Wed, 19 Oct 2016 13:45:54 +0200 +Subject: [PATCH] Adapt rules to AGL +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git +as basis for the integration of security framework. The security framework +that it provides is an evolution of the security framework of tizen refited +to the distribution Ostro of Intel. This refit took the decision to simplify +the model by removing the running label "User". More can be viewed here: +https://github.com/01org/meta-intel-iot-security/pull/116 + +This commits adapt the template to the rules that are now needed +after this evolution. + +It also integrates one other evolutions: the shared label becomes User::App-Shared instead +of User::App::Shared to avoid collision with application of id "Shared". + +Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546 +Signed-off-by: José Bollo +--- + policy/app-rules-template.smack | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack +index 1311169..b4cd2e3 100644 +--- a/policy/app-rules-template.smack ++++ b/policy/app-rules-template.smack +@@ -1,12 +1,10 @@ +-System ~APP~ rwx ++System ~APP~ rwxa ++System ~PKG~ rwxat + ~APP~ System wx + ~APP~ System::Shared rx + ~APP~ System::Run rwxat + ~APP~ System::Log rwxa + ~APP~ _ l +-User ~APP~ rwxa +-User ~PKG~ rwxat +-~APP~ User wx + ~APP~ User::Home rxl +-~APP~ User::App::Shared rwxat ++~APP~ User::App-Shared rwxat + ~APP~ ~PKG~ rwxat +-- +2.7.4 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend new file mode 100644 index 000000000..d3a110de5 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" + +SRC_URI += " file://0001-Adapt-rules-to-AGL.patch " + -- cgit 1.2.3-korg From 8f6992c0c44362d2f614c9df8283cb15029f2e8a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 21 Nov 2016 15:37:32 +0100 Subject: Improves places for QT_WAYLAND_SHELL_INTEGRATION MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This define is currently needed by all applications launched by the framework. This commits allows that. Change-Id: Ia56268c1bca58f2da7c0152fa735751603d799bc Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../af-main/add-qt-wayland-shell-integration.patch | 24 ++++++++++++++++++++++ .../recipes-core/af-main/af-main_1.0.bb | 7 +++++-- .../web-runtime/web-runtime/web-runtime | 1 - 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch new file mode 100644 index 000000000..f8940f24a --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch @@ -0,0 +1,24 @@ +diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service +index 6b5c1d8..e0f6799 100644 +--- a/conf/afm-user-daemon.service ++++ b/conf/afm-user-daemon.service +@@ -7,6 +7,7 @@ BusName=org.AGL.afm.user + ExecStart=/usr/bin/afm-user-daemon --user-dbus=unix:path=%t/bus + Environment=AFM_APP_INSTALL_DIR=%%r + Environment=LD_PRELOAD=/usr/lib/libEGL.so ++Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell + Restart=on-failure + RestartSec=5 + +diff --git a/docs/quick-tutorial.md b/docs/quick-tutorial.md +index 081dfe5..f55d4d0 100644 +--- a/docs/quick-tutorial.md ++++ b/docs/quick-tutorial.md +@@ -29,6 +29,7 @@ Using the CLI tool + + ### Setup Environment + Connect your AGL target board to the network and copy some sample widgets on it through SSH (set BOARDIP with your board IP address) : ++ + ``` + $ cd afm-widget-examples + $ BOARDIP=1.2.3.4 diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index d8d7af46f..1b4e2092f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -42,8 +42,11 @@ FILES_${PN} += "\ RDEPENDS_${PN}_append_smack = " smack-userspace" DEPENDS_append_smack = " smack-userspace-native" -# short hack here -SRC_URI += " file://Hack-to-allow-the-debugging.patch" +# short hacks here +SRC_URI += "\ + file://Hack-to-allow-the-debugging.patch \ + file://add-qt-wayland-shell-integration.patch \ +" do_install_append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime index 0b8604439..ca712e155 100755 --- a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime @@ -1,3 +1,2 @@ #!/bin/sh -export QT_WAYLAND_SHELL_INTEGRATION="ivi-shell" exec /usr/bin/qt5/qmlscene "$1" /usr/bin/web-runtime-webkit.qml -- cgit 1.2.3-korg From 83ff9b76129dd6d4c406c77f0a1315516c4a0593 Mon Sep 17 00:00:00 2001 From: Ronan Date: Wed, 7 Dec 2016 19:58:18 +0100 Subject: add native build for af-main Change-Id: If9765fa5dbb5229a511b36cda83505cab75e7785 Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 1b4e2092f..611307fb0 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -7,16 +7,27 @@ require af-main_${PV}.inc # NOTE: using ZIP programs creates directories with mode 777 (very bad) inherit cmake pkgconfig useradd systemd +BBCLASSEXTEND = "native" SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" +DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" afm_datadir = "${datadir}/${afm_name}" afb_binding_dir = "${libdir}/afb" +EXTRA_OECMAKE_class-native = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=1 \ + -DUSE_SDK=1 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ +" + EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=0 \ -- cgit 1.2.3-korg From ed0ec649f38a3044aaf3d36222be0391872cf2f5 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 14 Dec 2016 14:08:16 +0100 Subject: Move all writable data used by security-manager and appfw to /var The purpose of these changes is to make OSTree and AppFw update domains compatible with each other. Some intergation code is also needed to deploy initial data to writable area (see SPEC-359 in Jira). Bug-AGL: SPEC-359 Change-Id: Iccba1e9916c569167df2922ad5e2d90cc33f06fe Signed-off-by: Anton Gerasimov Signed-off-by: Stephane Desneux --- .../af-main/af-main/init-afm-dirs.service | 15 ++ .../recipes-core/af-main/af-main/init-afm-dirs.sh | 7 + .../recipes-core/af-main/af-main_1.0.bb | 22 ++- .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 2 +- .../Removing-tizen-platform-config.patch | 196 +++++++++++++++++++++ .../init-security-manager-db.service | 15 ++ .../security-manager/init-security-manager-db.sh | 6 + .../security-manager/security-manager_%.bbappend | 14 +- .../afm-client/files/afm-client.service | 2 +- 9 files changed, 270 insertions(+), 9 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service create mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service new file mode 100644 index 000000000..7e3b9e4e8 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service @@ -0,0 +1,15 @@ +# +# Install security-manager DB to /var + +[Unit] +Description=Deploy AFM directories to /var +After=sysinit.target +Before=afm-system-daemon.service +Before=afm-user-daemon.service + +[Install] +WantedBy=default.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/init-afm-dirs.sh diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh new file mode 100644 index 000000000..97cf272f2 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ ! -e "/var/lib/afm" ]; then + mkdir -p /var/lib + cp -ra /usr/share/afm /var/lib +fi + diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 611307fb0..834e293fa 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -16,7 +16,8 @@ DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "${datadir}/${afm_name}" +afm_datadir = "/var/lib/${afm_name}" +afm_init_datadir = "${datadir}/${afm_name}" afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE_class-native = "\ @@ -46,8 +47,12 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}" SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" SYSTEMD_AUTO_ENABLE = "enable" +SRC_URI_append = "file://init-afm-dirs.sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://init-afm-dirs.service', '', d)}" + FILES_${PN} += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ + ${bindir}/init-afm-dirs.sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service ${systemd_unitdir}/system/init-afm-dirs.service', '', d)} \ " RDEPENDS_${PN}_append_smack = " smack-userspace" @@ -60,9 +65,14 @@ SRC_URI += "\ " do_install_append() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants + mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service + ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi } @@ -79,15 +89,15 @@ EOF } pkg_postinst_${PN}() { - mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { - mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons - chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons - chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + chown ${afm_name}:${afm_name} $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + chsmack -a 'System::Shared' -t $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index 0169e6b1a..ba70c59ab 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -8,7 +8,7 @@ DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzi afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "${datadir}/${afm_name}" +afm_datadir = "/var/lib/${afm_name}" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch new file mode 100644 index 000000000..4830db2a8 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch @@ -0,0 +1,196 @@ +From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Mon, 16 Nov 2015 14:26:25 +0100 +Subject: [PATCH] Removing tizen-platform-config + +Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121 +--- + policy/security-manager-policy-reload | 2 +- + src/common/file-lock.cpp | 4 +--- + src/common/include/file-lock.h | 1 - + src/common/include/privilege_db.h | 3 +-- + src/common/service_impl.cpp | 39 +++++++++++------------------------ + src/common/smack-rules.cpp | 12 ++++------- + 6 files changed, 19 insertions(+), 42 deletions(-) + +diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload +index 6f211c6..ed8047a 100755 +--- a/policy/security-manager-policy-reload ++++ b/policy/security-manager-policy-reload +@@ -2,7 +2,7 @@ + + POLICY_PATH=/usr/share/security-manager/policy + PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list +-DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db ++DB_FILE=/var/db/security-manager/.security-manager.db + + # Create default buckets + while read bucket default_policy +diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp +index 6f3996c..1dada17 100644 +--- a/src/common/file-lock.cpp ++++ b/src/common/file-lock.cpp +@@ -30,9 +30,7 @@ + + namespace SecurityManager { + +-char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN, +- "lock", +- "security-manager.lock"); ++char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock"; + + FileLocker::FileLocker(const std::string &lockFile, bool blocking) + { +diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h +index 604b019..21a86a0 100644 +--- a/src/common/include/file-lock.h ++++ b/src/common/include/file-lock.h +@@ -29,7 +29,6 @@ + + #include + #include +-#include + + namespace SecurityManager { + +diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h +index 4d73d90..03c6680 100644 +--- a/src/common/include/privilege_db.h ++++ b/src/common/include/privilege_db.h +@@ -34,14 +34,13 @@ + #include + + #include +-#include + + #ifndef PRIVILEGE_DB_H_ + #define PRIVILEGE_DB_H_ + + namespace SecurityManager { + +-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); ++const char *const PRIVILEGE_DB_PATH = "/var/db/security-manager/.security-manager.db"; + + enum class QueryType { + EGetPkgPrivileges, +diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp +index ae305d3..65cc8b5 100644 +--- a/src/common/service_impl.cpp ++++ b/src/common/service_impl.cpp +@@ -32,7 +32,6 @@ + #include + + #include +-#include + + #include "protocols.h" + #include "privilege_db.h" +@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, + + static uid_t getGlobalUserId(void) + { +- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); ++ static uid_t globaluid = 0; ++ if (!globaluid) { ++ struct passwd pw, *p; ++ char buf[4096]; ++ int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p); ++ globaluid = (rc || p == NULL) ? 555 : p->pw_uid; ++ } + return globaluid; + } + +@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir) + + static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) + { +- struct tzplatform_context *tz_ctx = nullptr; +- +- if (tzplatform_context_create(&tz_ctx)) +- return false; +- +- if (tzplatform_context_set_user(tz_ctx, uid)) { +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; ++ struct passwd pw, *p; ++ char buf[4096]; ++ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p); ++ if (rc || p == NULL) + return false; +- } +- +- enum tzplatform_variable id = +- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP; +- const char *appDir = tzplatform_context_getenv(tz_ctx, id); +- if (!appDir) { +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; +- return false; +- } +- +- userAppDir = appDir; +- +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; +- ++ userAppDir = p->pw_dir; + return true; + } + + static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) + { +- std::string userHome; + std::string userAppDir; + std::stringstream correctPath; + +diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp +index d834e42..8b5728b 100644 +--- a/src/common/smack-rules.cpp ++++ b/src/common/smack-rules.cpp +@@ -34,7 +34,6 @@ + #include + + #include +-#include + + #include "smack-labels.h" + #include "smack-rules.h" +@@ -43,7 +42,7 @@ namespace SecurityManager { + + const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~"; + const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~"; +-const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack"); ++const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack"; + const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat"; + + SmackRules::SmackRules() +@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector &pkgCon + + std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId) + { +- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str())); +- return path; ++ return "/etc/smack/accesses.d/pkg_" + pkgId; + } + + std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) + { +- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); +- return path; ++ return "/etc/smack/accesses.d/app_" + appId; + } + void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, + const std::vector &pkgContents, const std::vector &privileges) +@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con + for (auto privilege : privileges) { + if (privilege.empty()) + continue; +- std::string fprivilege ( privilege + "-template.smack"); +- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); ++ std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack"; + if( stat(path.c_str(), &buffer) == 0) + smackRules.addFromTemplateFile(appId, pkgId, path); + } +-- +2.1.4 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service new file mode 100644 index 000000000..8ed5e8601 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service @@ -0,0 +1,15 @@ +# +# Install security-manager DB to /var + +[Unit] +Description=Install Security Manager database +After=sysinit.target +Before=security-manager.service + +[Install] +WantedBy=default.target + +[Service] +Type=oneshot +User=root +ExecStart=/usr/bin/init-security-manager-db.sh diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh new file mode 100644 index 000000000..ef41286c8 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ ! -e "/var/db/security-manager" ]; then + mkdir -p /var/db + cp -ra /usr/dbspace/ /var/db/security-manager +fi diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index d3a110de5..b4b5e01c4 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -1,4 +1,16 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" -SRC_URI += " file://0001-Adapt-rules-to-AGL.patch " +SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \ + file://init-security-manager-db.service \ + file://init-security-manager-db.sh" +SYSTEMD_SERVICE_${PN} = "init-security-manager-db.service" + +FILES_${PN}_append = "${bindir}/init-security-manager-db.sh" + +do_install_append () { + install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service + fi +} diff --git a/meta-app-framework/recipes-example/afm-client/files/afm-client.service b/meta-app-framework/recipes-example/afm-client/files/afm-client.service index 688c91fd8..735717439 100644 --- a/meta-app-framework/recipes-example/afm-client/files/afm-client.service +++ b/meta-app-framework/recipes-example/afm-client/files/afm-client.service @@ -2,7 +2,7 @@ Description=Simplest application manager [Service] -ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/usr/share/afm/icons +ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/var/lib/afm/icons Restart=on-failure RestartSec=5 -- cgit 1.2.3-korg From 802f845b9d31b8b72067930abd2a23f1a321c691 Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Wed, 15 Feb 2017 16:54:11 +0100 Subject: Add afm-install used to install wgt at first boot * afm-install can install wgt app like afm-util but use dbus "system" session instead of "user". #/usr/bin/afm-install install /usr/AGL/apps/$file.wgt Change-Id: Id7361350257347a8db32f539b3bdeb3f2d8f554c Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main/afm-install | 44 ++++++++++++++++++++++ .../recipes-core/af-main/af-main_1.0.bb | 6 +++ 2 files changed, 50 insertions(+) create mode 100755 meta-app-framework/recipes-core/af-main/af-main/afm-install (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install new file mode 100755 index 000000000..6d37baed8 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/afm-install @@ -0,0 +1,44 @@ +#!/bin/sh + +pretty() { + sed \ + -e '/^method return .*/d' \ + -e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \ + -e 's/^ string "\(.*\)"/\1/' \ + -e 's/},/&\n/' +} + +send() { + dbus-send --system --print-reply \ + --dest=org.AGL.afm.system \ + /org/AGL/afm/system \ + org.AGL.afm.system.$1 \ + "string:$2" | + pretty +} + +case "$1" in + + add|install) + f=$(realpath $2) + send install '{"wgt":"'"$f"'","force":true}' + ;; + + -h|--help|help) + cat << EOC + +The commands are: + + add wgt + install wgt install the wgt file + +EOC + ;; + + *) + echo "unknown command $1" >&2 + exit 1 + ;; +esac + + diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 834e293fa..7819bfadf 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -64,6 +64,11 @@ SRC_URI += "\ file://add-qt-wayland-shell-integration.patch \ " +# tools used to install wgt at first boot +SRC_URI += "\ + file://afm-install \ +" + do_install_append() { install -d ${D}${bindir} install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} @@ -74,6 +79,7 @@ do_install_append() { install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi + install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } do_install_append_smack () { -- cgit 1.2.3-korg From 2645ceca2399368af20c1b1222575bcb7c6cb613 Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Thu, 23 Feb 2017 11:03:08 +0100 Subject: Update af-main * Fix wgtpkg-pack * Add json-c for native and nativesdk Change-Id: I9f2f6b55b729099a70e00f53c631e181d19cf1c9 Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 7819bfadf..c7b8ba440 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -12,7 +12,7 @@ BBCLASSEXTEND = "native" SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" -DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" +DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 0d07fc2da..c04661a0e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "c6b2074e18ce7a37a59bc1c3831407b42b18c889" +SRCREV = "7cf2890d871e76c082528565f59e1d0d1055b7f9" S = "${WORKDIR}/git" diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index ba70c59ab..021c9ac00 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -4,7 +4,7 @@ inherit nativesdk cmake pkgconfig SECTION = "base" -DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip" +DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -- cgit 1.2.3-korg From 2af22bf84f7c7b1b1047a6d451aa0ac3a8b35c5c Mon Sep 17 00:00:00 2001 From: Phong Tran Date: Thu, 23 Feb 2017 23:41:45 +0700 Subject: Fix the error of homescreen for QEMU x86-64 libEGL.so is not availabe in QEMU x86-64 env. This make the afm-user-daemon service is loaded failure. This make the homescreen fail to load. Remove LD_PRELOAD of libEGL.so for QEMU x86-64. Change-Id: Iba9a904cc7e4000861ec0e0d6f5c22f48428b954 Signed-off-by: Phong Tran Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index c7b8ba440..6a1d36a99 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -82,6 +82,10 @@ do_install_append() { install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } +do_install_append_qemux86-64() { + sed -i -e '/LD_PRELOAD=\/usr\/lib\/libEGL.so/d' ${D}${systemd_user_unitdir}/afm-user-daemon.service +} + do_install_append_smack () { install -d ${D}/${sysconfdir}/smack/accesses.d cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < Date: Wed, 8 Mar 2017 13:15:58 +0100 Subject: Removes systemd warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Systemd was complaining that the service files were executable. This patch removes that issue. Change-Id: I77183bb142956fec84b3ca727f7084e8f652c292 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 2 +- .../recipes-core/security-manager/security-manager_%.bbappend | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 6a1d36a99..e229cd22f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -76,7 +76,7 @@ do_install_append() { mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants - install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service + install -m 644 -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index 90f69eb47..23ceb2937 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -16,7 +16,7 @@ do_install_append () { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then mkdir -p ${D}${systemd_unitdir}/system mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants - install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service + install -m 644 -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants fi } -- cgit 1.2.3-korg From e94977765987776d7959258cec4b66c809a7b1e8 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 8 Mar 2017 14:19:42 +0100 Subject: base-files for the framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This setting is introduced primarily to allow the recipe agl-users to run in a correct environment. Change-Id: Ib0bd7c8e6520bd87dbb26d9c011f5cb4672f44c7 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-config/agl-users/agl-users_0.1.bb | 44 ---------------------- .../recipes-core/af-main/af-main_1.0.bb | 12 ------ .../recipes-core/base-files/base-files_%.bbappend | 22 +++++++++++ 3 files changed, 22 insertions(+), 56 deletions(-) create mode 100644 meta-app-framework/recipes-core/base-files/base-files_%.bbappend (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb index 0f61248db..832c51c99 100644 --- a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb +++ b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb @@ -10,10 +10,6 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 SRC_URI = "" - -RDEPENDS_${PN}_append_smack = " smack-userspace" -DEPENDS_append_smack = " smack-userspace-native" - ALLOW_EMPTY_${PN} = "1" USERADD_PACKAGES = "${PN}" @@ -23,43 +19,3 @@ USERADD_PARAM_${PN} = "\ -g users -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger \ " - -do_configure() { - : -} - -do_compile() { - : -} - -do_install() { - : -} - - -pkg_postinst_${PN}() { - #!/bin/sh -e - - # avoid to run on host - [ x"$D" != "x" ] && exit 1 - - # Drops password - passwd -d agl-driver - passwd -d agl-passenger -} - -pkg_postinst_${PN}_smack() { - #!/bin/sh -e - - # avoid to run on host - [ x"$D" != "x" ] && exit 1 - - # Actions to carry out on the device go here - for x in /etc/skel /home/* - do - chsmack -a User::Home $x - done - passwd -d agl-driver - passwd -d agl-passenger -} - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index e229cd22f..86b5d34e2 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -86,18 +86,6 @@ do_install_append_qemux86-64() { sed -i -e '/LD_PRELOAD=\/usr\/lib\/libEGL.so/d' ${D}${systemd_user_unitdir}/afm-user-daemon.service } -do_install_append_smack () { - install -d ${D}/${sysconfdir}/smack/accesses.d - cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < Date: Tue, 14 Mar 2017 13:07:12 +0100 Subject: Move to AGL framework on top of systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This new version of the framework leverages systemd features to launch its applications. Some of the advantages are: - possible use of systemd features (namespace, cgroups, autostart, dependency resolution, socket activation, ...) - more feature are let open to integrator's design Some of the drawbacks are: - not more possible to launch an other instance of an application already launched - pause/resume is no more available by the framework - the remote mode is to be redefined This commit integrates the first version of the framework on top of systemd. More work is to come. None of the current drawback is definitive. Bug-AGL: SPEC-138, SPEC-425, SPEC-426, SPEC-427 Change-Id: Idfb98761c0db23562bb783bed1b03aeb956fc587 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../af-main/add-qt-wayland-shell-integration.patch | 21 +++++------ .../af-main/af-main/init-afm-dirs.service | 15 -------- .../recipes-core/af-main/af-main/init-afm-dirs.sh | 7 ---- .../recipes-core/af-main/af-main_1.0.bb | 42 ++++++++++------------ .../recipes-core/af-main/af-main_1.0.inc | 8 ++++- .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 4 --- 6 files changed, 37 insertions(+), 60 deletions(-) delete mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service delete mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh (limited to 'meta-app-framework/recipes-core/af-main/af-main_1.0.bb') diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch index 8e21678be..c92415b80 100644 --- a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch +++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch @@ -1,11 +1,12 @@ -diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service -index 6b5c1d8..e0f6799 100644 ---- a/conf/afm-user-daemon.service -+++ b/conf/afm-user-daemon.service -@@ -7,6 +7,7 @@ BusName=org.AGL.afm.user - ExecStart=/usr/bin/afm-user-daemon --user-dbus=unix:path=%t/bus - Environment=AFM_APP_INSTALL_DIR=%%r - Environment=LD_PRELOAD=/usr/lib/libEGL.so +diff --git a/conf/afm-unit.conf b/conf/afm-unit.conf +index 82113ef..2fbc9e2 100644 +--- a/conf/afm-unit.conf ++++ b/conf/afm-unit.conf +@@ -127,6 +127,7 @@ SuccessExitStatus=0 SIGKILL + WorkingDirectory=-{{&#metadata.app-data-dir}}/{{id}} + ExecStartPre=/bin/mkdir -p {{&#metadata.app-data-dir}}/{{id}} + Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}} +Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell - Restart=on-failure - RestartSec=5 + + %systemd-unit user + {{#required-permission.urn:AGL:permission::public:hidden}}\ diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service deleted file mode 100644 index 7e3b9e4e8..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service +++ /dev/null @@ -1,15 +0,0 @@ -# -# Install security-manager DB to /var - -[Unit] -Description=Deploy AFM directories to /var -After=sysinit.target -Before=afm-system-daemon.service -Before=afm-user-daemon.service - -[Install] -WantedBy=default.target - -[Service] -Type=oneshot -ExecStart=/usr/bin/init-afm-dirs.sh diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh deleted file mode 100644 index 97cf272f2..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if [ ! -e "/var/lib/afm" ]; then - mkdir -p /var/lib - cp -ra /usr/share/afm /var/lib -fi - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 86b5d34e2..3c1b692f3 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -11,15 +11,9 @@ BBCLASSEXTEND = "native" SECTION = "base" -DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" +DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager libcap-native af-binder" DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" -afm_name = "afm" -afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "/var/lib/${afm_name}" -afm_init_datadir = "${datadir}/${afm_name}" -afb_binding_dir = "${libdir}/afb" - EXTRA_OECMAKE_class-native = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=1 \ @@ -36,6 +30,7 @@ EXTRA_OECMAKE = "\ -Dafm_name=${afm_name} \ -Dafm_confdir=${afm_confdir} \ -Dafm_datadir=${afm_datadir} \ + -Dsystemd_units_root=${systemd_units_root} \ -DUNITDIR_USER=${systemd_user_unitdir} \ -DUNITDIR_SYSTEM=${systemd_system_unitdir} \ " @@ -47,37 +42,31 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}" SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" SYSTEMD_AUTO_ENABLE = "enable" -SRC_URI_append = "file://init-afm-dirs.sh \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://init-afm-dirs.service', '', d)}" - FILES_${PN} += "\ - ${bindir}/init-afm-dirs.sh \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service ${systemd_unitdir}/system/init-afm-dirs.service', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ " - RDEPENDS_${PN}_append_smack = " smack-userspace" DEPENDS_append_smack = " smack-userspace-native" # short hacks here SRC_URI += "\ file://Hack-to-allow-the-debugging.patch \ - file://add-qt-wayland-shell-integration.patch \ " # tools used to install wgt at first boot SRC_URI += "\ file://afm-install \ + file://add-qt-wayland-shell-integration.patch \ " do_install_append() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} + install -d -m 0775 ${D}${systemd_units_root}/{system,user} + install -d -m 0775 ${D}${systemd_units_root}/{system,user}/default.target.wants + install -d ${D}${afm_datadir}/{applications,icons} if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants - mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants + mkdir -p ${D}${sysconfdir}/systemd/{system,user}/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants - install -m 644 -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service - ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } @@ -87,18 +76,25 @@ do_install_append_qemux86-64() { } pkg_postinst_${PN}() { - mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} + fi + chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { - mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons - chown ${afm_name}:${afm_name} $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons - chsmack -a 'System::Shared' -t $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} + chsmack -a 'System::Shared' -t $D${systemd_units_root}/{system,user}/{default.target.wants,.} + fi + chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} + chsmack -a 'System::Shared' -t $D${afm_datadir}/{applications,icons,.} setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } +FILES_${PN} += " ${systemd_units_root} " PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index c38dad4d4..6ce87ed71 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,13 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "863bf1c6b4e10176edf8b26a9703109ab8db2c43" +SRCREV = "255c83029f56e8d90e7ce185b007c4ca65afec1e" S = "${WORKDIR}/git" +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "/var/local/lib/${afm_name}" +afb_binding_dir = "${libdir}/afb" +systemd_units_root = "/usr/local/lib/systemd" + diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index 021c9ac00..8d044345f 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -6,10 +6,6 @@ SECTION = "base" DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c" -afm_name = "afm" -afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "/var/lib/${afm_name}" - EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=1 \ -- cgit 1.2.3-korg