From 1ac5c704bb4b7fd72d9e382ccf23f4d186da0f86 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 23 Jun 2016 16:00:59 +0000 Subject: add layer meta-app-framework meta-app-framework is a layer containing the AGL App Framework recipes 4 new layers are added for application framework: * meta-intel-iot-security/meta-security-smack * meta-intel-iot-security/meta-security-framework * meta-agl/meta-agl-security * meta-agl/meta-app-framework Configuration file changes to support AppFw: * activation of Smack and Cynara * modify the tar command to be used to support Smack extended attributes Change-Id: Idc8abdc8869787feb4b534ee45bf7b5d3dde3632 Signed-off-by: Stephane Desneux --- meta-app-framework/conf/layer.conf | 11 ++ .../recipes-config/agl-users/agl-users_0.1.bb | 65 ++++++++++++ .../recipes-core/af-binder/af-binder_1.0.bb | 73 +++++++++++++ .../af-main/Hack-to-allow-the-debugging.patch | 29 ++++++ .../recipes-core/af-main/af-main_1.0.bb | 95 +++++++++++++++++ .../packagegroup-agl-app-framework-examples.bb | 16 +++ .../packagegroup-agl-app-framework.bb | 17 +++ .../packagegroup-agl-core-security.bbappend | 9 ++ .../packagegroups/packagegroup-agl-core.bbappend | 3 + .../web-runtime/web-runtime/web-runtime | 2 + .../web-runtime/web-runtime/web-runtime-webkit.qml | 13 +++ .../web-runtime/web-runtime/web-runtime.qml | 13 +++ .../recipes-core/web-runtime/web-runtime_0.1.bb | 34 ++++++ .../recipes-example/afb-client/afb-client_1.0.bb | 29 ++++++ .../recipes-example/afb-client/files/afb-client | 7 ++ .../recipes-example/afm-client/afm-client_1.0.bb | 40 +++++++ .../recipes-example/afm-client/files/afm-client | 7 ++ .../afm-client/files/afm-client.service | 11 ++ .../libcap/removing-capability-enforcement.patch | 79 ++++++++++++++ .../recipes-support/libcap/libcap_%.bbappend | 5 + .../libmicrohttpd/allows-upgrade.patch | 14 +++ .../libmicrohttpd/libmicrohttpd_0.9.48.bb | 27 +++++ .../libmicrohttpd/libmicrohttpd_0.9.48.bbappend | 5 + .../recipes-support/libzip/libzip_1.1.1.bb | 32 ++++++ ...quire-libxslt-in-.pc-files-when-necessary.patch | 115 +++++++++++++++++++++ .../recipes-support/xmlsec1/xmlsec1_1.%.bbappend | 4 + 26 files changed, 755 insertions(+) create mode 100644 meta-app-framework/conf/layer.conf create mode 100644 meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb create mode 100644 meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb create mode 100644 meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch create mode 100644 meta-app-framework/recipes-core/af-main/af-main_1.0.bb create mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb create mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb create mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend create mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend create mode 100755 meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime create mode 100644 meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml create mode 100644 meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml create mode 100644 meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb create mode 100644 meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb create mode 100644 meta-app-framework/recipes-example/afb-client/files/afb-client create mode 100644 meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb create mode 100644 meta-app-framework/recipes-example/afm-client/files/afm-client create mode 100644 meta-app-framework/recipes-example/afm-client/files/afm-client.service create mode 100644 meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch create mode 100644 meta-app-framework/recipes-support/libcap/libcap_%.bbappend create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend create mode 100644 meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb create mode 100644 meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch create mode 100644 meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/conf/layer.conf b/meta-app-framework/conf/layer.conf new file mode 100644 index 000000000..f74ebd658 --- /dev/null +++ b/meta-app-framework/conf/layer.conf @@ -0,0 +1,11 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "app-framework" +BBFILE_PATTERN_app-framework = "^${LAYERDIR}/" +BBFILE_PRIORITY_app-framework = "7" + diff --git a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb new file mode 100644 index 000000000..0f61248db --- /dev/null +++ b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb @@ -0,0 +1,65 @@ +inherit allarch useradd + +SUMMARY = "AGL Users Seed" +DESCRIPTION = "This is a core framework component that\ + defines how users are managed and who are the default users." + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + + +SRC_URI = "" + + +RDEPENDS_${PN}_append_smack = " smack-userspace" +DEPENDS_append_smack = " smack-userspace-native" + +ALLOW_EMPTY_${PN} = "1" + +USERADD_PACKAGES = "${PN}" + +USERADD_PARAM_${PN} = "\ + -g users -d /home/agl-driver -m -K PASS_MAX_DAYS=-1 agl-driver ; \ + -g users -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger \ +" + + +do_configure() { + : +} + +do_compile() { + : +} + +do_install() { + : +} + + +pkg_postinst_${PN}() { + #!/bin/sh -e + + # avoid to run on host + [ x"$D" != "x" ] && exit 1 + + # Drops password + passwd -d agl-driver + passwd -d agl-passenger +} + +pkg_postinst_${PN}_smack() { + #!/bin/sh -e + + # avoid to run on host + [ x"$D" != "x" ] && exit 1 + + # Actions to carry out on the device go here + for x in /etc/skel /home/* + do + chsmack -a User::Home $x + done + passwd -d agl-driver + passwd -d agl-passenger +} + diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb new file mode 100644 index 000000000..4fcff66e7 --- /dev/null +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -0,0 +1,73 @@ +SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support" +DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \ +interface to various automotive-oriented plugins (sound, radio...), \ +allowing HTML5 UIs to send platform-specific requests in a secure way." +HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" + +DEPENDS = "file json-c libmicrohttpd systemd util-linux" +DEPENDS += "alsa-lib glib-2.0 gssdp gupnp gupnp-av pulseaudio" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=1.0" +SRC_URI_files = "" +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " + +SRCREV = "897aa6a130eab1eb716fcc13e650fb5833a7ce32" +S = "${WORKDIR}/git" + +inherit cmake pkgconfig + +FILES_${PN} += "${datadir}" + +############################################# +# setup meta package +############################################# +PACKAGES += "${PN}-meta" +ALLOW_EMPTY_${PN}-meta = "1" + +############################################# +# setup sample plugin packages +############################################# +PACKAGES_DYNAMIC = "${PN}-plugin-*" + +python populate_packages_prepend () { + afb_libdir = d.expand('${libdir}/afb') + postinst = d.getVar('plugin_postinst', True) + pkgs = [] + pkgs_dbg = [] + + pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + + metapkg = d.getVar('PN', True) + '-meta' + d.setVar('RDEPENDS_' + metapkg, ' '.join(pkgs)) +} + +############################################# +# setup libafbwsc package +############################################# +PACKAGES =+ "libafbwsc libafbwsc-dev libafbwsc-dbg" + +FILES_libafbwsc = "\ + ${libdir}/libafbwsc.so.* \ +" +FILES_libafbwsc-dev = "\ + ${includedir}/afb/afb-wsj1.h \ + ${includedir}/afb/afb-ws-client.h \ + ${bindir}/afb-client-demo \ + ${libdir}/libafbwsc.so \ + ${libdir}/pkgconfig/libafbwsc.pc \ +" +FILES_libafbwsc-dbg = "\ + ${libdir}/.debug/libafbwsc.so.* \ + ${bindir}/.debug/afb-client-demo \ +" +RDEPENDS_libafbwsc-dbg += "${PN}-dbg libafbwsc-dev" + diff --git a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch new file mode 100644 index 000000000..44e8bce1e --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch @@ -0,0 +1,29 @@ +From a4fbfb88f1b7c4f4287d9279767220fae80d26da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Thu, 21 Jan 2016 15:07:29 +0100 +Subject: [PATCH] Hack to allow the debugging + +This is a temporarily fix to continue debugging +afm-main. This should be removed later. + +Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa +--- + conf/afm-user-daemon.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/conf/afm-user-daemon.conf b/conf/afm-user-daemon.conf +index 801c7ae..98a3152 100644 +--- a/conf/afm-user-daemon.conf ++++ b/conf/afm-user-daemon.conf +@@ -25,7 +25,7 @@ + + + +- ++ + + + +-- +2.1.4 + diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb new file mode 100644 index 000000000..a29b071ac --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -0,0 +1,95 @@ +# NOTE: using libcap-native and setcap in install doesn't work +# NOTE: there is no SYSTEMD_USER_SERVICE_... +# NOTE: maybe setting afm_name to agl-framework is cleaner but has implications +# NOTE: there is a hack of security for using groups and dbus (to be checked) +# NOTE: using ZIP programs creates directories with mode 777 (very bad) + +inherit cmake pkgconfig useradd systemd + +SUMMARY = "AGL Framework Main part" +DESCRIPTION = "\ +This is a core framework component for managing \ +applications, widgets, and components. \ +" + +HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=1.0" +SRC_URI_files = "" +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " + +SRCREV = "d0fdae3af6998efdce4c6ba0c5d650898c9c5b27" + +SECTION = "base" + +S = "${WORKDIR}/git" + +DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" + +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "${datadir}/${afm_name}" +afb_plugin_dir = "${libdir}/afb" + +EXTRA_OECMAKE = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=0 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ + -DUNITDIR_USER=${systemd_user_unitdir} \ + -DUNITDIR_SYSTEM=${systemd_system_unitdir} \ +" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}" +GROUPADD_PARAM_${PN} = "-r ${afm_name}" + +SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" +SYSTEMD_AUTO_ENABLE = "enable" + +FILES_${PN} += "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ +" + +RDEPENDS_${PN}_append_smack = " smack-userspace" +DEPENDS_append_smack = " smack-userspace-native" + +# short hack here +SRC_URI += " file://Hack-to-allow-the-debugging.patch" + +do_install_append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants + ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + fi +} + +pkg_postinst_${PN}() { + mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon +} + +pkg_postinst_${PN}_smack() { + mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + setcap cap_mac_override,cap_dac_override=ie $D${bindir}/afm-system-daemon + setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon +} + +PACKAGES =+ "${PN}-afbplugin ${PN}-afbplugin-dbg" +FILES_${PN}-afbplugin = " ${afb_plugin_dir}/afm-main-plugin.so " +FILES_${PN}-afbplugin-dbg = " ${afb_plugin_dir}/.debug/afm-main-plugin.so " + +PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" +FILES_${PN}-tools = "${bindir}/wgtpkg-*" +FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" + +BBCLASSEXTEND = "native nativesdk" + diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb new file mode 100644 index 000000000..e95b7548b --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework-examples.bb @@ -0,0 +1,16 @@ +SUMMARY = "AGL Application Framework examples" +DESCRIPTION = "The set of examples associated to the AGL Application Framework" +LICENSE = "MIT" + +inherit packagegroup + +PACKAGES = "\ + packagegroup-agl-app-framework-examples \ + " + +ALLOW_EMPTY_${PN} = "1" + +RDEPENDS_${PN} += "\ + afm-client \ + afb-client \ + " diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb new file mode 100644 index 000000000..c5b4b5366 --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb @@ -0,0 +1,17 @@ +SUMMARY = "AGL Application Framework core packages" +DESCRIPTION = "The set of packages required by the AGL Application Framework" +LICENSE = "MIT" + +inherit packagegroup + +PACKAGES = "\ + packagegroup-agl-app-framework \ + " + +ALLOW_EMPTY_${PN} = "1" + +RDEPENDS_${PN} += "\ + af-binder \ + af-main \ + web-runtime \ + " diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend new file mode 100644 index 000000000..0c9efe465 --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core-security.bbappend @@ -0,0 +1,9 @@ +RDEPENDS_${PN} += "\ + xmlsec1 \ + cynara \ + dbus-cynara \ + security-manager \ + security-manager-policy \ + agl-users \ + " + diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend new file mode 100644 index 000000000..ad09e5ddf --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend @@ -0,0 +1,3 @@ +RDEPENDS_${PN} += "\ + packagegroup-agl-app-framework \ + " diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime new file mode 100755 index 000000000..ca712e155 --- /dev/null +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime @@ -0,0 +1,2 @@ +#!/bin/sh +exec /usr/bin/qt5/qmlscene "$1" /usr/bin/web-runtime-webkit.qml diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml new file mode 100644 index 000000000..d18b672cd --- /dev/null +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime-webkit.qml @@ -0,0 +1,13 @@ +import QtQuick 2.1 +import QtQuick.Controls 1.1 +import QtWebKit 3.0 + +ApplicationWindow { + width: 1024 + height: 768 + visible: true + WebView { + url: Qt.application.arguments[1] + anchors.fill: parent + } +} diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml new file mode 100644 index 000000000..afe8a77d0 --- /dev/null +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime.qml @@ -0,0 +1,13 @@ +import QtQuick 2.1 +import QtQuick.Controls 1.1 +import QtWebEngine 1.1 + +ApplicationWindow { + width: 1024 + height: 768 + visible: true + WebEngineView { + url: Qt.application.arguments[1] + anchors.fill: parent + } +} diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb new file mode 100644 index 000000000..9df4dff2d --- /dev/null +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb @@ -0,0 +1,34 @@ +inherit allarch + +SUMMARY = "Provides the 'web-runtime' command" +DESCRIPTION = "The command 'web-runtime' is an abstraction that allows to " + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +SRC_URI = "\ + file://web-runtime;md5sum=00cdb6980e03cf8c8f7d60dd978c61d7 \ + file://web-runtime.qml;md5sum=5d6a379e9b7e5654319e5ba638824a58 \ + file://web-runtime-webkit.qml;md5sum=4daf9df39078634c27a7923d37e82e3d \ +" + +RDEPENDS_${PN} = "qtwebkit-qmlplugins" + +do_configure() { + : +} + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/web-runtime ${D}${bindir}/web-runtime + install -m 0644 ${WORKDIR}/web-runtime.qml ${D}${bindir}/web-runtime.qml + install -m 0644 ${WORKDIR}/web-runtime-webkit.qml ${D}${bindir}/web-runtime-webkit.qml +} + +do_install_append_rcar-gen2() { + # workaround for porter board: force the use of libEGL provided by mesa at runtime + # otherwise, the proprietary libEGL is used and a problem then occurs due to a missing EGL function + sed -i 's|^\(exec /usr/bin/qt5/qmlscene\)|LD_PRELOAD=/usr/lib/libEGL.so \1|g' ${D}${bindir}/web-runtime +} + + diff --git a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb new file mode 100644 index 000000000..54a8216c4 --- /dev/null +++ b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb @@ -0,0 +1,29 @@ +SUMMARY = "HTML5 demo template for AFB" +DESCRIPTION = "afb-client is a sample AngularJS/HTML5 application using \ +Application Framework Binder with token plugin." +HOMEPAGE = "http://www.iot.bzh" + +LICENSE = "GPLv3+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" + +#DEPENDS = "nodejs-native" +RDEPENDS_${PN} = "af-binder af-binder-plugin-authlogin" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_files = "file://afb-client \ + " +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " +SRCREV = "9e9b459fa27d7a359a060024c9639b99b45813d5" +S = "${WORKDIR}/git/afb-client" + +do_install () { + mkdir -p ${D}/${datadir}/agl/afb-client + cp -ra ${S}/dist.prod/* ${D}/${datadir}/agl/afb-client/ + + mkdir -p ${D}/${bindir} + install -m 0755 ${WORKDIR}/afb-client ${D}/${bindir}/afb-client +} + +FILES_${PN} += "${datadir}" diff --git a/meta-app-framework/recipes-example/afb-client/files/afb-client b/meta-app-framework/recipes-example/afb-client/files/afb-client new file mode 100644 index 000000000..99e6aa968 --- /dev/null +++ b/meta-app-framework/recipes-example/afb-client/files/afb-client @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -z "${XDG_RUNTIME_DIR+1}" ]; then + export XDG_RUNTIME_DIR=/run/user/$UID +fi +LD_PRELOAD=/usr/lib/libEGL.so /usr/bin/qt5/qmlscene http://localhost:1234/opa /usr/share/agl/afb-viewer.qml + diff --git a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb new file mode 100644 index 000000000..b624b6bab --- /dev/null +++ b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb @@ -0,0 +1,40 @@ +SUMMARY = "Sample client for AFM to install/start/stop/remove applications" +DESCRIPTION = "afm-client is a sample AngularJS/HTML5 application using \ +Application Framework Manager to install, start, stop, or remove \ +applications provided as .wgt widget packages." +HOMEPAGE = "http://www.iot.bzh" + +inherit systemd + +LICENSE = "GPLv3+" +LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" + +#DEPENDS = "nodejs-native" +RDEPENDS_${PN} = "af-main af-binder af-main-afbplugin af-binder-plugin-demopost af-binder-plugin-authlogin" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_files = "file://afm-client \ + file://afm-client.service \ + " +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " +SRCREV = "9e9b459fa27d7a359a060024c9639b99b45813d5" +S = "${WORKDIR}/git/afm-client" + +do_install () { + mkdir -p ${D}/${datadir}/agl/afm-client + cp -ra ${S}/dist.prod/* ${D}/${datadir}/agl/afm-client/ + + mkdir -p ${D}/${bindir} + install -m 0755 ${WORKDIR}/afm-client ${D}/${bindir}/afm-client + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_user_unitdir} + install -d ${D}${sysconfdir}/systemd/user/default.target.wants + install -m 0644 ${WORKDIR}/afm-client.service ${D}/${systemd_user_unitdir}/afm-client.service + ln -sf ${systemd_user_unitdir}/afm-client.service ${D}${sysconfdir}/systemd/user/default.target.wants + fi +} + +FILES_${PN} += "${datadir} ${systemd_user_unitdir}" diff --git a/meta-app-framework/recipes-example/afm-client/files/afm-client b/meta-app-framework/recipes-example/afm-client/files/afm-client new file mode 100644 index 000000000..ba868e93d --- /dev/null +++ b/meta-app-framework/recipes-example/afm-client/files/afm-client @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ -z "${XDG_RUNTIME_DIR+1}" ]; then + export XDG_RUNTIME_DIR=/run/user/$UID +fi +LD_PRELOAD=/usr/lib/libEGL.so /usr/bin/web-runtime http://localhost:1236/opa + diff --git a/meta-app-framework/recipes-example/afm-client/files/afm-client.service b/meta-app-framework/recipes-example/afm-client/files/afm-client.service new file mode 100644 index 000000000..688c91fd8 --- /dev/null +++ b/meta-app-framework/recipes-example/afm-client/files/afm-client.service @@ -0,0 +1,11 @@ +[Unit] +Description=Simplest application manager + +[Service] +ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/usr/share/afm/icons +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=default.target + diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch new file mode 100644 index 000000000..fd01c19e9 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -0,0 +1,79 @@ +From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Fri, 22 Jan 2016 16:23:59 +0100 +Subject: [PATCH] removing capability enforcement + +Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 +--- + progs/setcap.c | 43 ------------------------------------------- + 1 file changed, 43 deletions(-) + +diff --git a/progs/setcap.c b/progs/setcap.c +index 83090ae..01faa17 100644 +--- a/progs/setcap.c ++++ b/progs/setcap.c +@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer) + + int main(int argc, char **argv) + { +- int tried_to_cap_setfcap = 0; + char buffer[MAXCAP+1]; + int retval, quiet=0, verify=0; + cap_t mycaps; +@@ -150,53 +149,11 @@ int main(int argc, char **argv) + printf("%s: OK\n", *argv); + } + } else { +- if (!tried_to_cap_setfcap) { +- capflag = CAP_SETFCAP; +- +- /* +- * Raise the effective CAP_SETFCAP. +- */ +- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) +- != 0) { +- perror("unable to manipulate CAP_SETFCAP - " +- "try a newer libcap?"); +- exit(1); +- } +- if (cap_set_proc(mycaps) != 0) { +- perror("unable to set CAP_SETFCAP effective capability"); +- exit(1); +- } +- tried_to_cap_setfcap = 1; +- } + retval = cap_set_file(*++argv, cap_d); + if (retval != 0) { +- int explained = 0; +-#ifdef linux +- cap_value_t cap; +- cap_flag_value_t per_state; +- +- for (cap = 0; +- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1; +- cap++) { +- cap_flag_value_t inh_state, eff_state; +- +- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state); +- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state); +- if ((inh_state | per_state) != eff_state) { +- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n" +- " exactly match the union of selected permitted and inheritable bits.\n"); +- explained = 1; +- break; +- } +- } +-#endif /* def linux */ +- + fprintf(stderr, + "Failed to set capabilities on file `%s' (%s)\n", + argv[0], strerror(errno)); +- if (!explained) { +- usage(); +- } + } + } + if (cap_d) { +-- +2.1.4 + diff --git a/meta-app-framework/recipes-support/libcap/libcap_%.bbappend b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend new file mode 100644 index 000000000..fbe893501 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_append_class-native := ":${THISDIR}/${PN}" +SRC_URI_append_class-native = " file://removing-capability-enforcement.patch" +PACKAGECONFIG_class-native ?= "attr" +DEPENDS_append_class-native = " attr-native" + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch new file mode 100644 index 000000000..b35d9705e --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch @@ -0,0 +1,14 @@ +diff -Naur a/src/microhttpd/connection.c b/src/microhttpd/connection.c +--- a/src/microhttpd/connection.c 2016-04-20 11:35:50.259534537 +0000 ++++ b/src/microhttpd/connection.c 2016-04-20 11:29:46.291569583 +0000 +@@ -733,8 +733,7 @@ + { + if (NULL == end) + return MHD_YES; +- if ( (MHD_str_equal_caseless_ (end, "close")) || +- (MHD_str_equal_caseless_ (end, "upgrade")) ) ++ if ( (MHD_str_equal_caseless_ (end, "close")) ) + return MHD_NO; + return MHD_YES; + } + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb new file mode 100644 index 000000000..892009e3e --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb @@ -0,0 +1,27 @@ +DESCRIPTION = "A small C library that is supposed to make it easy to run an HTTP server as part of another application" +HOMEPAGE = "http://www.gnu.org/software/libmicrohttpd/" +LICENSE = "LGPL-2.1+" +LIC_FILES_CHKSUM = "file://COPYING;md5=9331186f4f80db7da0e724bdd6554ee5" +SECTION = "net" +DEPENDS = "libgcrypt gnutls file" + +SRC_URI = "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz" +SRC_URI[md5sum] = "9c298c890088a91fe0d7ac3fec9d0097" +SRC_URI[sha256sum] = "87667e158f2bf8c691a002e256ffe30885d4121a9ee4143af0320c47cdf8a2a4" + +inherit autotools lib_package + +# disable spdy, because it depends on openssl +EXTRA_OECONF += "--disable-static --with-gnutls=${STAGING_LIBDIR}/../" + +PACKAGECONFIG ?= "curl" +PACKAGECONFIG_append_class-target = "\ + ${@base_contains('DISTRO_FEATURES', 'largefile', 'largefile', '', d)} \ +" +PACKAGECONFIG[largefile] = "--enable-largefile,--disable-largefile,," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," + +do_compile_append() { + sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc +} + diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend new file mode 100644 index 000000000..c26b8119f --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend @@ -0,0 +1,5 @@ + +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += " file://allows-upgrade.patch" + + diff --git a/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb b/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb new file mode 100644 index 000000000..450971176 --- /dev/null +++ b/meta-app-framework/recipes-support/libzip/libzip_1.1.1.bb @@ -0,0 +1,32 @@ +inherit autotools + +SUMMARY = "Library providing support for handling zip files" +DESCRIPTION = "\ + This library is wrapping zlib and allows \ + to easily create, browse, inflate of deflate \ + the zip files. \ + It also provides tools for zip comparing, merging or browsing.\ +" + +HOMEPAGE = "http://nih.at/libzip/index.html" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=23ebf7ca347ed9703b4ef40824d0ef66" + +SRC_URI = "http://nih.at/libzip/libzip-1.1.1.tar.xz;md5sum=0c86a1a94fbc3ec6724801036726ae1f" + +#SRC_URI = "hg://hg.nih.at/libzip;module=libzip;protocol=http" +#SRCREV = "5895e34af7f9" +#S = "${HGDIR}" + +SECTION = "base" + +DEPENDS = "zlib" + +RDEPENDS_${PN} = "zlib" + +PROVIDES += "${PN}-tools" +RDEPENDS_${PN}-tools = "${PN}" +FILES_${PN}-tools = "${bindir}/zipcmp ${bindir}/zipmerge ${bindir}/ziptool" + +BBCLASSEXTEND = "native nativesdk" + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch b/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch new file mode 100644 index 000000000..c92df77f0 --- /dev/null +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1/Only-require-libxslt-in-.pc-files-when-necessary.patch @@ -0,0 +1,115 @@ +From 1e39acf581ef47876b058da41774cbc92560d797 Mon Sep 17 00:00:00 2001 +From: Manuel Bachmann +Date: Wed, 27 Jan 2016 14:16:40 +0100 +Subject: [PATCH] Only require libxslt in .pc files when necessary + +If we build xmlsec without libxslt ("--without-libxslt" at +configure time), dependent packages will still require it +because it is unconditionally mentioned in .pc files (used +by pkg-config). + +We now make sure that this dependency is mentioned only if +the configure script validates libxslt presence. + +Signed-off-by: Manuel Bachmann +--- + configure.in | 4 ++++ + xmlsec-gcrypt.pc.in | 2 +- + xmlsec-gnutls.pc.in | 2 +- + xmlsec-nss.pc.in | 2 +- + xmlsec-openssl.pc.in | 2 +- + xmlsec.pc.in | 2 +- + 6 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/configure.in b/configure.in +index 7d976d0..a8350a9 100644 +--- a/configure.in ++++ b/configure.in +@@ -255,6 +255,7 @@ dnl ========================================================================== + dnl find libxslt + dnl ========================================================================== + XMLSEC_NO_LIBXSLT="1" ++LIBXSLT_COND="libxslt >=" + LIBXSLT_MIN_VERSION=1.0.20 + LIBXSLT_CONFIG="xslt-config" + LIBXSLT_CFLAGS="" +@@ -324,6 +325,8 @@ fi + if test "z$LIBXSLT_FOUND" = "zyes" ; then + XMLSEC_NO_LIBXSLT="0" + else ++ LIBXSLT_COND="" ++ LIBXSLT_MIN_VERSION="" + XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1" + fi + +@@ -332,6 +335,7 @@ AC_SUBST(LIBXSLT_CFLAGS) + AC_SUBST(LIBXSLT_LIBS) + AC_SUBST(LIBXSLT_CONFIG) + AC_SUBST(LIBXSLT_MIN_VERSION) ++AC_SUBST(LIBXSLT_COND) + + dnl ========================================================================== + dnl See if we can find a crypto library +diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in +index 1c00496..33bc2ff 100644 +--- a/xmlsec-gcrypt.pc.in ++++ b/xmlsec-gcrypt.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-gcrypt + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"gcrypt\" @XMLSEC_GCRYPT_CFLAGS@ + Libs: @XMLSEC_GCRYPT_LIBS@ +diff --git a/xmlsec-gnutls.pc.in b/xmlsec-gnutls.pc.in +index e538cd4..d01cf82 100644 +--- a/xmlsec-gnutls.pc.in ++++ b/xmlsec-gnutls.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-gnutls + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"gnutls\" @XMLSEC_GNUTLS_CFLAGS@ + Libs: @XMLSEC_GNUTLS_LIBS@ +diff --git a/xmlsec-nss.pc.in b/xmlsec-nss.pc.in +index a6d6c5c..75f0232 100644 +--- a/xmlsec-nss.pc.in ++++ b/xmlsec-nss.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-nss + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"nss\" -DXMLSEC_CRYPTO_NSS=1 @XMLSEC_CORE_CFLAGS@ + Libs: -L${libdir} -lxmlsec1-nss @XMLSEC_CORE_LIBS@ +diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in +index 85ee2b0..e9d0651 100644 +--- a/xmlsec-openssl.pc.in ++++ b/xmlsec-openssl.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1-openssl + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"openssl\" @XMLSEC_OPENSSL_CFLAGS@ + Libs: @XMLSEC_OPENSSL_LIBS@ +diff --git a/xmlsec.pc.in b/xmlsec.pc.in +index a750ab8..14ea670 100644 +--- a/xmlsec.pc.in ++++ b/xmlsec.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: xmlsec1 + Version: @VERSION@ + Description: XML Security Library implements XML Signature and XML Encryption standards +-Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ ++Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_COND@ @LIBXSLT_MIN_VERSION@ + Cflags: -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@ + Libs: -L${libdir} @XMLSEC_CORE_LIBS@ +-- +2.6.2 + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend new file mode 100644 index 000000000..539a88f1e --- /dev/null +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += "file://Only-require-libxslt-in-.pc-files-when-necessary.patch" + +DEPENDS += "libxml2" -- cgit 1.2.3-korg From 511a65caab4172a1071b7814ebb1ea8d79a1108a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 24 Jun 2016 11:01:25 +0200 Subject: upgrade to new namings and bug fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: If7481696d130859e87f3110af2d0c5dde25615d6 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-core/af-binder/af-binder_1.0.bb | 18 +++++++++--------- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 10 +++++----- .../recipes-example/afb-client/afb-client_1.0.bb | 4 ++-- .../recipes-example/afm-client/afm-client_1.0.bb | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 4fcff66e7..3e4a8c6dc 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -1,6 +1,6 @@ SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support" DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \ -interface to various automotive-oriented plugins (sound, radio...), \ +interface to various automotive-oriented bindings (sound, radio...), \ allowing HTML5 UIs to send platform-specific requests in a secure way." HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder" @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "897aa6a130eab1eb716fcc13e650fb5833a7ce32" +SRCREV = "7059e59cddc1c81321639875636e88895bc14309" S = "${WORKDIR}/git" inherit cmake pkgconfig @@ -30,21 +30,21 @@ PACKAGES += "${PN}-meta" ALLOW_EMPTY_${PN}-meta = "1" ############################################# -# setup sample plugin packages +# setup sample binding packages ############################################# -PACKAGES_DYNAMIC = "${PN}-plugin-*" +PACKAGES_DYNAMIC = "${PN}-binding-*" python populate_packages_prepend () { afb_libdir = d.expand('${libdir}/afb') - postinst = d.getVar('plugin_postinst', True) + postinst = d.getVar('binding_postinst', True) pkgs = [] pkgs_dbg = [] - pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s'), 'AFB plugin for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs += do_split_packages(d, afb_libdir, '(.*)-api\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs += do_split_packages(d, afb_libdir, '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s'), 'AFB binding for %s', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) - pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-plugin-%s-dbg'), 'AFB plugin for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*)-api\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) + pkgs_dbg += do_split_packages(d, oe.path.join(afb_libdir, ".debug"), '(.*(?!-api))\.so$', d.expand('${PN}-binding-%s-dbg'), 'AFB binding for %s, debug info', postinst=postinst, extra_depends=d.expand('${PN}')) metapkg = d.getVar('PN', True) + '-meta' d.setVar('RDEPENDS_' + metapkg, ' '.join(pkgs)) diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index a29b071ac..dc030e25a 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -22,7 +22,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "d0fdae3af6998efdce4c6ba0c5d650898c9c5b27" +SRCREV = "8753c48ed498805cec5fbc6096cd6fae3afa0da9" SECTION = "base" @@ -33,7 +33,7 @@ DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" afm_datadir = "${datadir}/${afm_name}" -afb_plugin_dir = "${libdir}/afb" +afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ @@ -83,9 +83,9 @@ pkg_postinst_${PN}_smack() { setcap cap_mac_override,cap_mac_admin,cap_setgid=ie $D${bindir}/afm-user-daemon } -PACKAGES =+ "${PN}-afbplugin ${PN}-afbplugin-dbg" -FILES_${PN}-afbplugin = " ${afb_plugin_dir}/afm-main-plugin.so " -FILES_${PN}-afbplugin-dbg = " ${afb_plugin_dir}/.debug/afm-main-plugin.so " +PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" +FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " +FILES_${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so " PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-*" diff --git a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb index 54a8216c4..6201cf485 100644 --- a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb +++ b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb @@ -1,13 +1,13 @@ SUMMARY = "HTML5 demo template for AFB" DESCRIPTION = "afb-client is a sample AngularJS/HTML5 application using \ -Application Framework Binder with token plugin." +Application Framework Binder with token binding." HOMEPAGE = "http://www.iot.bzh" LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" -RDEPENDS_${PN} = "af-binder af-binder-plugin-authlogin" +RDEPENDS_${PN} = "af-binder af-binder-binding-authlogin" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" SRC_URI_files = "file://afb-client \ diff --git a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb index b624b6bab..78f525abe 100644 --- a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb +++ b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb @@ -10,7 +10,7 @@ LICENSE = "GPLv3+" LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" -RDEPENDS_${PN} = "af-main af-binder af-main-afbplugin af-binder-plugin-demopost af-binder-plugin-authlogin" +RDEPENDS_${PN} = "af-main af-binder af-main-binding af-binder-binding-demopost af-binder-binding-authlogin" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" SRC_URI_files = "file://afm-client \ -- cgit 1.2.3-korg From 97fbb5fae2c06b779576c7c9c3c0e1956e402994 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Tue, 5 Jul 2016 16:04:51 +0000 Subject: meta-app-framework: build master branch Change-Id: I3ce83d0a5cd018d4b77492e4237fc4d297ee312f Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 4 ++-- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 4 ++-- meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb | 2 +- meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 3e4a8c6dc..a8ede9c0a 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -10,13 +10,13 @@ LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" DEPENDS = "file json-c libmicrohttpd systemd util-linux" DEPENDS += "alsa-lib glib-2.0 gssdp gupnp gupnp-av pulseaudio" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=master" SRC_URI_files = "" SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "7059e59cddc1c81321639875636e88895bc14309" +SRCREV = "836b3c0b74accc5494d7877a22b4a45b5450b6f3" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index dc030e25a..5bcfdf9d5 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -16,13 +16,13 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" SRC_URI_files = "" SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "8753c48ed498805cec5fbc6096cd6fae3afa0da9" +SRCREV = "81df68c04dc5e32d5d6d06bc20a7030afdf45f59" SECTION = "base" diff --git a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb index 6201cf485..21605d20b 100644 --- a/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb +++ b/meta-app-framework/recipes-example/afb-client/afb-client_1.0.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" RDEPENDS_${PN} = "af-binder af-binder-binding-authlogin" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=master" SRC_URI_files = "file://afb-client \ " SRC_URI = "${SRC_URI_git} \ diff --git a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb index 78f525abe..4cd80db64 100644 --- a/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb +++ b/meta-app-framework/recipes-example/afm-client/afm-client_1.0.bb @@ -12,7 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6cb04bdb88e11107e3af4d8e3f301be5" #DEPENDS = "nodejs-native" RDEPENDS_${PN} = "af-main af-binder af-main-binding af-binder-binding-demopost af-binder-binding-authlogin" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=1.0" +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-demo;protocol=https;branch=master" SRC_URI_files = "file://afm-client \ file://afm-client.service \ " -- cgit 1.2.3-korg From 7289a1e7edc0a42e0070cd425608b037ea3aaf2b Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Fri, 8 Jul 2016 14:24:51 +0000 Subject: meta-app-framework: af-binder source code update Change-Id: Ia9c5d33defc23612fda34c01a1f1e7d789c961ad Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index a8ede9c0a..4ab96bd42 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "836b3c0b74accc5494d7877a22b4a45b5450b6f3" +SRCREV = "bca90021828565bddb8624e8f6370bf4959cbfbf" S = "${WORKDIR}/git" inherit cmake pkgconfig -- cgit 1.2.3-korg From 491d35dab07f14229b6d63477fb439fa39f2c869 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Fri, 8 Jul 2016 15:08:25 +0000 Subject: meta-app-framework: add af-main-tools and dependencies in nativesdk-packagegroup-sdk-host This is required to install app framework sdk tools. Change-Id: Iad407420fa734c063926d1883c288af387155668 Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main_1.0.bb | 25 +++------------------- .../recipes-core/af-main/af-main_1.0.inc | 20 +++++++++++++++++ .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 25 ++++++++++++++++++++++ .../nativesdk-packagegroup-sdk-host.bbappend | 2 ++ .../recipes-support/xmlsec1/xmlsec1_1.%.bbappend | 2 ++ 5 files changed, 52 insertions(+), 22 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main_1.0.inc create mode 100644 meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb create mode 100644 meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 5bcfdf9d5..75cdcc3ef 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -1,3 +1,5 @@ +require af-main_${PV}.inc + # NOTE: using libcap-native and setcap in install doesn't work # NOTE: there is no SYSTEMD_USER_SERVICE_... # NOTE: maybe setting afm_name to agl-framework is cleaner but has implications @@ -6,28 +8,8 @@ inherit cmake pkgconfig useradd systemd -SUMMARY = "AGL Framework Main part" -DESCRIPTION = "\ -This is a core framework component for managing \ -applications, widgets, and components. \ -" - -HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" - -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" -SRC_URI_files = "" -SRC_URI = "${SRC_URI_git} \ - ${SRC_URI_files} \ - " - -SRCREV = "81df68c04dc5e32d5d6d06bc20a7030afdf45f59" - SECTION = "base" -S = "${WORKDIR}/git" - DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" afm_name = "afm" @@ -38,6 +20,7 @@ afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=0 \ + -DUSE_SDK=0 \ -Dafm_name=${afm_name} \ -Dafm_confdir=${afm_confdir} \ -Dafm_datadir=${afm_datadir} \ @@ -91,5 +74,3 @@ PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-*" FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" -BBCLASSEXTEND = "native nativesdk" - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc new file mode 100644 index 000000000..6880754ac --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -0,0 +1,20 @@ +SUMMARY = "AGL Framework Main part" +DESCRIPTION = "\ +This is a core framework component for managing \ +applications, widgets, and components. \ +" + +HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=master" +SRC_URI_files = "" +SRC_URI = "${SRC_URI_git} \ + ${SRC_URI_files} \ + " + +SRCREV = "0257e4d58a25d328a971423d5fe5289d9985d046" + +S = "${WORKDIR}/git" + diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb new file mode 100644 index 000000000..426e99911 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -0,0 +1,25 @@ +require af-main_${PV}.inc + +inherit nativesdk cmake pkgconfig + +SECTION = "base" + +DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip" + +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "${datadir}/${afm_name}" + +EXTRA_OECMAKE = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=1 \ + -DUSE_SDK=1 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ +" + +PACKAGES = "${PN}-tools ${PN}-tools-dbg" +FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*" +FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" + diff --git a/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend new file mode 100644 index 000000000..ca0b54f73 --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bbappend @@ -0,0 +1,2 @@ +RDEPENDS_${PN} =+ "nativesdk-af-main-tools" + diff --git a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend index 539a88f1e..8f1972f07 100644 --- a/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend +++ b/meta-app-framework/recipes-support/xmlsec1/xmlsec1_1.%.bbappend @@ -2,3 +2,5 @@ FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" SRC_URI += "file://Only-require-libxslt-in-.pc-files-when-necessary.patch" DEPENDS += "libxml2" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg From f771fef763a7306efebb40a3980ee848f143d2cf Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Sun, 10 Jul 2016 17:53:06 +0000 Subject: meta-app-framework: af-binder must create ${libdir}/afb at postinst time Change-Id: I8d2c85d67eec3c697c6abb072955d5e2de8c5e5f Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 4ab96bd42..99ea24389 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -23,6 +23,10 @@ inherit cmake pkgconfig FILES_${PN} += "${datadir}" +pkg_postinst_${PN}() { + mkdir -p "$D${libdir}/afb" +} + ############################################# # setup meta package ############################################# -- cgit 1.2.3-korg From 6b981cf7e9429c33b4e7c495b5334d488fd2967b Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Mon, 11 Jul 2016 21:05:55 +0000 Subject: meta-app-framework: add missing dependency between af-binder-dev and libafbwsc-dev Change-Id: If0ce85a3a6ef1e715681c1011e12dad278735e04 Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 99ea24389..385882c0d 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -75,3 +75,5 @@ FILES_libafbwsc-dbg = "\ " RDEPENDS_libafbwsc-dbg += "${PN}-dbg libafbwsc-dev" +RDEPENDS_${PN}-dev += "libafbwsc-dev" + -- cgit 1.2.3-korg From ae7bbae688d4587fcde2f3e67b1dd05b535097a2 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Tue, 12 Jul 2016 14:17:37 +0000 Subject: meta-app-framework: sync with latest af-binder sources This solves a problem with libafbwsc (Websocket Client library) when used from SDK to build clients (internal dependency fixed). Change-Id: I137931c72d895679892523a6bd66cc4ecd4ea1a0 Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 385882c0d..5fe301522 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "bca90021828565bddb8624e8f6370bf4959cbfbf" +SRCREV = "404f24c13cb45bd3e9ca837bc033fd6840cbf669" S = "${WORKDIR}/git" inherit cmake pkgconfig -- cgit 1.2.3-korg From c13498294dcd92b5f412aca4abb65035b9184fd7 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Fri, 15 Jul 2016 11:56:18 +0000 Subject: meta-app-framework: sync with latest af-main sources also add base bindings needed for most appfw clients: * af-binder-binding-afb-dbus-binding * af-binder-binding-authlogin Change-Id: I19e5da9490ad9316ed172591f4ebd5755934143a Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- .../recipes-core/packagegroups/packagegroup-agl-app-framework.bb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 6880754ac..720b2bb73 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "0257e4d58a25d328a971423d5fe5289d9985d046" +SRCREV = "526aaf57e6766bf5d0a2919ead36ae94546c0f13" S = "${WORKDIR}/git" diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb index c5b4b5366..79c602068 100644 --- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb @@ -14,4 +14,6 @@ RDEPENDS_${PN} += "\ af-binder \ af-main \ web-runtime \ + af-binder-binding-afb-dbus-binding \ + af-binder-binding-authlogin \ " -- cgit 1.2.3-korg From aa05e4321726ce778ddd8c3bec9f9a391962cde5 Mon Sep 17 00:00:00 2001 From: Manuel Bachmann Date: Mon, 18 Jul 2016 15:48:59 +0000 Subject: meta-app-framework: install missing libafbwsc library libafbwsc is a C WebSockets helper library needed for most native apffw clients, such as the default provided one, "afb-client-demo". Change-Id: I321f62cbd6a04bc3e4b91e4de544865c83397979 Signed-off-by: Manuel Bachmann Signed-off-by: Stephane Desneux --- .../recipes-core/packagegroups/packagegroup-agl-app-framework.bb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb index 79c602068..231d9c9cb 100644 --- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb @@ -12,8 +12,9 @@ ALLOW_EMPTY_${PN} = "1" RDEPENDS_${PN} += "\ af-binder \ - af-main \ - web-runtime \ af-binder-binding-afb-dbus-binding \ af-binder-binding-authlogin \ + libafbwsc \ + af-main \ + web-runtime \ " -- cgit 1.2.3-korg From b685ed48aea8e2535d3e2c7382899a9ef2e26359 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 10 Aug 2016 18:44:15 +0200 Subject: app-framework: fix minor bugs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - fix event propagation to services - fix memory leaks Change-Id: I73432fd9f4a144d2790a7a67d471045048b5e537 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 5fe301522..3b70fecb5 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "404f24c13cb45bd3e9ca837bc033fd6840cbf669" +SRCREV = "b0d9ff9157f188a32d46c7a583b5b2e35ca26343" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 720b2bb73..e89f61636 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "526aaf57e6766bf5d0a2919ead36ae94546c0f13" +SRCREV = "373b10369b60cf2bfa54388197c05a09ef32de41" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From e9079c8e3cbf8e4f056df66be9d497b7df4f84fd Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 29 Aug 2016 23:25:25 +0200 Subject: Improves the handling of upgrade for websockets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous implmentation wasn't enough good to allow the websocket handshake by any client. In particular, the Qt client wasn't able to connect to binder's websockets. Also upgrade to MHD 0.9.49 (compatible with krogoth) Change-Id: Ib5800a4ff6c3d5e6bb11359266867fde52c06dce Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../libmicrohttpd/allows-upgrade.patch | 91 +++++++++++++++++++--- .../libmicrohttpd/libmicrohttpd_0.9.48.bb | 27 ------- .../libmicrohttpd/libmicrohttpd_0.9.48.bbappend | 5 -- .../libmicrohttpd/libmicrohttpd_0.9.49.bb | 25 ++++++ .../libmicrohttpd/libmicrohttpd_0.9.49.bbappend | 5 ++ 5 files changed, 109 insertions(+), 44 deletions(-) delete mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb delete mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bb create mode 100644 meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch index b35d9705e..19601a537 100644 --- a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd/allows-upgrade.patch @@ -1,14 +1,81 @@ diff -Naur a/src/microhttpd/connection.c b/src/microhttpd/connection.c ---- a/src/microhttpd/connection.c 2016-04-20 11:35:50.259534537 +0000 -+++ b/src/microhttpd/connection.c 2016-04-20 11:29:46.291569583 +0000 -@@ -733,8 +733,7 @@ - { - if (NULL == end) - return MHD_YES; -- if ( (MHD_str_equal_caseless_ (end, "close")) || -- (MHD_str_equal_caseless_ (end, "upgrade")) ) +--- a/src/microhttpd/connection.c 2016-04-08 21:02:26.000000000 +0200 ++++ b/src/microhttpd/connection.c 2016-08-29 22:41:53.790560238 +0200 +@@ -708,6 +708,8 @@ + * "keep-alive", we proceed to use the default for the respective HTTP + * version (which is conservative for HTTP 1.0, but might be a bit + * optimistic for HTTP 1.1). ++ * In the case of Upgrade, the header Connection should not be set ++ * to keep-alive. + * + * @param connection the connection to check for keepalive + * @return #MHD_YES if (based on the request), a keepalive is +@@ -750,6 +752,59 @@ + + + /** ++ * Should we try to keep the given connection alive? We can use the ++ * TCP stream for a second request if the connection is HTTP 1.1 and ++ * the "Connection" header either does not exist or is not set to ++ * "close", or if the connection is HTTP 1.0 and the "Connection" ++ * header is explicitly set to "keep-alive". If no HTTP version is ++ * specified (or if it is not 1.0 or 1.1), we definitively close the ++ * connection. If the "Connection" header is not exactly "close" or ++ * "keep-alive", we proceed to use the default for the respective HTTP ++ * version (which is conservative for HTTP 1.0, but might be a bit ++ * optimistic for HTTP 1.1). ++ * In the case of Upgrade, the connection should be kept alive even if ++ * the header Connection is not keep-alive. ++ * ++ * @param connection the connection to check for keepalive ++ * @return #MHD_YES if (based on the request), a keepalive is ++ * legal ++ */ ++static int ++should_keepalive (struct MHD_Connection *connection) ++{ ++ const char *end; ++ ++ if (NULL == connection->version) ++ return MHD_NO; ++ if ( (NULL != connection->response) && ++ (0 != (connection->response->flags & MHD_RF_HTTP_VERSION_1_0_ONLY) ) ) ++ return MHD_NO; ++ end = MHD_lookup_connection_value (connection, ++ MHD_HEADER_KIND, ++ MHD_HTTP_HEADER_CONNECTION); ++ if (MHD_str_equal_caseless_(connection->version, ++ MHD_HTTP_VERSION_1_1)) ++ { ++ if (NULL == end) ++ return MHD_YES; + if ( (MHD_str_equal_caseless_ (end, "close")) ) - return MHD_NO; - return MHD_YES; - } - ++ return MHD_NO; ++ return MHD_YES; ++ } ++ if (MHD_str_equal_caseless_(connection->version, ++ MHD_HTTP_VERSION_1_0)) ++ { ++ if (NULL == end) ++ return MHD_NO; ++ if (MHD_str_equal_caseless_(end, "Keep-Alive")) ++ return MHD_YES; ++ return MHD_NO; ++ } ++ return MHD_NO; ++} ++ ++ ++/** + * Produce HTTP "Date:" header. + * + * @param date where to write the header, with +@@ -2795,7 +2850,7 @@ + } + if (((MHD_YES == connection->read_closed) && + (0 == connection->read_buffer_offset)) || +- (MHD_NO == keepalive_possible (connection))) ++ (MHD_NO == should_keepalive (connection))) + { + /* have to close for some reason */ + MHD_connection_close_ (connection, diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb deleted file mode 100644 index 892009e3e..000000000 --- a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bb +++ /dev/null @@ -1,27 +0,0 @@ -DESCRIPTION = "A small C library that is supposed to make it easy to run an HTTP server as part of another application" -HOMEPAGE = "http://www.gnu.org/software/libmicrohttpd/" -LICENSE = "LGPL-2.1+" -LIC_FILES_CHKSUM = "file://COPYING;md5=9331186f4f80db7da0e724bdd6554ee5" -SECTION = "net" -DEPENDS = "libgcrypt gnutls file" - -SRC_URI = "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz" -SRC_URI[md5sum] = "9c298c890088a91fe0d7ac3fec9d0097" -SRC_URI[sha256sum] = "87667e158f2bf8c691a002e256ffe30885d4121a9ee4143af0320c47cdf8a2a4" - -inherit autotools lib_package - -# disable spdy, because it depends on openssl -EXTRA_OECONF += "--disable-static --with-gnutls=${STAGING_LIBDIR}/../" - -PACKAGECONFIG ?= "curl" -PACKAGECONFIG_append_class-target = "\ - ${@base_contains('DISTRO_FEATURES', 'largefile', 'largefile', '', d)} \ -" -PACKAGECONFIG[largefile] = "--enable-largefile,--disable-largefile,," -PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," - -do_compile_append() { - sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc -} - diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend deleted file mode 100644 index c26b8119f..000000000 --- a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.48.bbappend +++ /dev/null @@ -1,5 +0,0 @@ - -FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" -SRC_URI += " file://allows-upgrade.patch" - - diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bb b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bb new file mode 100644 index 000000000..9abb2004e --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bb @@ -0,0 +1,25 @@ +DESCRIPTION = "A small C library that is supposed to make it easy to run an HTTP server as part of another application" +HOMEPAGE = "http://www.gnu.org/software/libmicrohttpd/" +LICENSE = "LGPL-2.1+" +LIC_FILES_CHKSUM = "file://COPYING;md5=9331186f4f80db7da0e724bdd6554ee5" +SECTION = "net" +DEPENDS = "libgcrypt gnutls file" + +SRC_URI = "http://ftp.gnu.org/gnu/libmicrohttpd/${BPN}-${PV}.tar.gz" +SRC_URI[md5sum] = "3209aa2ac6199b874a6325342b86edbc" +SRC_URI[sha256sum] = "9407d8252548ab97ace3276e0032f073820073c0599d43baff832902a8dab11c" + +inherit autotools lib_package pkgconfig + +EXTRA_OECONF += "--disable-static --with-gnutls=${STAGING_LIBDIR}/../" + +PACKAGECONFIG ?= "curl" +PACKAGECONFIG_append_class-target = "\ + ${@bb.utils.contains('DISTRO_FEATURES', 'largefile', 'largefile', '', d)} \ +" +PACKAGECONFIG[largefile] = "--enable-largefile,--disable-largefile,," +PACKAGECONFIG[curl] = "--enable-curl,--disable-curl,curl," + +do_compile_append() { + sed -i s:-L${STAGING_LIBDIR}::g libmicrohttpd.pc +} diff --git a/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bbappend b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bbappend new file mode 100644 index 000000000..c26b8119f --- /dev/null +++ b/meta-app-framework/recipes-support/libmicrohttpd/libmicrohttpd_0.9.49.bbappend @@ -0,0 +1,5 @@ + +FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +SRC_URI += " file://allows-upgrade.patch" + + -- cgit 1.2.3-korg From 9179d9cfca976a54ccd4cd1eea542d177d08702c Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 5 Sep 2016 17:13:10 +0200 Subject: app-framework: improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Adds the handling of a root for HTTP files with the option --roothttp - Improves API for openning localized data - Adds the handling of language Change-Id: Ia0c6e840265595b6e0415e8ea7a9e6585d8bb88d Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 3b70fecb5..5c47e3a3f 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "b0d9ff9157f188a32d46c7a583b5b2e35ca26343" +SRCREV = "dc011f99aed9407c8319b1b70a81f56ad2f02bc8" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index e89f61636..141ae463c 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "373b10369b60cf2bfa54388197c05a09ef32de41" +SRCREV = "628dc10767d95436538391534dc3c95f45fe9a3a" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From 7c78310bbf21d3e94e673434df393d669c4ef882 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 20 Sep 2016 14:40:51 +0200 Subject: app-framework: Improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Within app-framework-binder: - fixes read and write lock (EAGAIN) - fixes SIGPIPE handling - improves the documentation Within app-framework-main: - improves documentation (for config.xml) - fixes setting of permissions Signed-off-by: José Bollo Change-Id: If860d00204f82ee85ed1fd4ca9ac9820b844085f Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index 5c47e3a3f..c50d49aae 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -16,7 +16,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "dc011f99aed9407c8319b1b70a81f56ad2f02bc8" +SRCREV = "dcdb2427f80a325fad889586c8696a2b684d6a61" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 141ae463c..aff685f0d 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "628dc10767d95436538391534dc3c95f45fe9a3a" +SRCREV = "970a20a55d3a7dba32360ce596e61a2b32c9f4ee" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From e991cf3a068e936f4a49a9dd4973c52a64bc4ac2 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 14 Oct 2016 13:25:07 +0200 Subject: FWK: Adaptations for jethro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. It also includes evolutions of the security model to be synchronized with the deletion of 'User'. The recommended version to use now is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285. Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main_1.0.bb | 20 +++++++-- .../recipes-core/af-main/af-main_1.0.inc | 2 +- .../security-manager/0001-Adapt-rules-to-AGL.patch | 50 ++++++++++++++++++++++ .../security-manager/security-manager_%.bbappend | 4 ++ 4 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/0001-Adapt-rules-to-AGL.patch create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 75cdcc3ef..d8d7af46f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -52,18 +52,30 @@ do_install_append() { fi } +do_install_append_smack () { + install -d ${D}/${sysconfdir}/smack/accesses.d + cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < +Date: Wed, 19 Oct 2016 13:45:54 +0200 +Subject: [PATCH] Adapt rules to AGL +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +AGL distribution uses the repository https://github.com/01org/meta-intel-iot-security.git +as basis for the integration of security framework. The security framework +that it provides is an evolution of the security framework of tizen refited +to the distribution Ostro of Intel. This refit took the decision to simplify +the model by removing the running label "User". More can be viewed here: +https://github.com/01org/meta-intel-iot-security/pull/116 + +This commits adapt the template to the rules that are now needed +after this evolution. + +It also integrates one other evolutions: the shared label becomes User::App-Shared instead +of User::App::Shared to avoid collision with application of id "Shared". + +Change-Id: Ieb566b63f8c8e691b5f75e06499a3b576d042546 +Signed-off-by: José Bollo +--- + policy/app-rules-template.smack | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/policy/app-rules-template.smack b/policy/app-rules-template.smack +index 1311169..b4cd2e3 100644 +--- a/policy/app-rules-template.smack ++++ b/policy/app-rules-template.smack +@@ -1,12 +1,10 @@ +-System ~APP~ rwx ++System ~APP~ rwxa ++System ~PKG~ rwxat + ~APP~ System wx + ~APP~ System::Shared rx + ~APP~ System::Run rwxat + ~APP~ System::Log rwxa + ~APP~ _ l +-User ~APP~ rwxa +-User ~PKG~ rwxat +-~APP~ User wx + ~APP~ User::Home rxl +-~APP~ User::App::Shared rwxat ++~APP~ User::App-Shared rwxat + ~APP~ ~PKG~ rwxat +-- +2.7.4 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend new file mode 100644 index 000000000..d3a110de5 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" + +SRC_URI += " file://0001-Adapt-rules-to-AGL.patch " + -- cgit 1.2.3-korg From 532f6ad992ae7631dd44a74d0a0bd43126ce3bdf Mon Sep 17 00:00:00 2001 From: Ronan Date: Tue, 1 Nov 2016 15:52:09 +0100 Subject: Allow build without meta-agl-demo Change-Id: Ic78464d6e9c07e205b222b3f0f3d49ed1b928ed6 Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- .../recipes-core/packagegroups/packagegroup-agl-app-framework.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb index 231d9c9cb..9eaf2fc2d 100644 --- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb @@ -16,5 +16,5 @@ RDEPENDS_${PN} += "\ af-binder-binding-authlogin \ libafbwsc \ af-main \ - web-runtime \ + ${@bb.utils.contains('DISTRO_FEATURES', 'AGL_WEBRUNTIME', 'web-runtime', '', d)} \ " -- cgit 1.2.3-korg From 827d7c1c4819737ca5442330c24588a83b72b87b Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 3 Nov 2016 11:26:17 +0100 Subject: Smack: fixup of bluetooth socket labelling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sockets created by kernel thread will now be tagged @ instead of _. This problem was occuring during creation of AF_BLUETOOTH (but is also latent AF_ALG, AF_IUCV, AF_SCTP, AF_TIPC as they don't go through the normal socket creation process within linux). Having the tag @ allows read/write to sockets without special rules and tus solve the problem. This solution from upstream linux patches backported and from a patch made by Samsung for Tizen and that is currently discussed within kernel lists. Also add some improvements of the LSM Smack (valid caching and signal 0). These improvements are backports of patches already available for linux 4.9-rc3. AGL-bug: SPEC-293 (https://jira.automotivelinux.org/browse/SPEC-293) Change-Id: I5999a951a4bbeba7947ebfe5df091de07d59e57e Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-kernel/linux/linux-yocto_4.1.bbappend | 12 ++++ .../recipes-kernel/linux/linux-yocto_4.4.bbappend | 12 ++++ .../0001-Smack-File-receive-for-sockets.patch | 62 +++++++++++++++++++++ .../0002-smack-fix-cache-of-access-labels.patch | 43 ++++++++++++++ ...ack-ignore-null-signal-in-smack_task_kill.patch | 39 +++++++++++++ ...n-smack_known_web-label-for-kernel-thread.patch | 49 ++++++++++++++++ .../0001-Smack-File-receive-for-sockets.patch | 65 ++++++++++++++++++++++ .../0002-smack-fix-cache-of-access-labels.patch | 43 ++++++++++++++ ...ack-ignore-null-signal-in-smack_task_kill.patch | 39 +++++++++++++ ...n-smack_known_web-label-for-kernel-thread.patch | 49 ++++++++++++++++ 10 files changed, 413 insertions(+) create mode 100644 meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend create mode 100644 meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch create mode 100644 meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend new file mode 100644 index 000000000..c1c657201 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.1.bbappend @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.1:" + +#------------------------------------------------------------------------- +# smack patches for handling bluetooth + +SRC_URI_append_smack = "\ + file://0001-Smack-File-receive-for-sockets.patch \ + file://0002-smack-fix-cache-of-access-labels.patch \ + file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ + file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ +" + diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend new file mode 100644 index 000000000..66c37400f --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend @@ -0,0 +1,12 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.4:" + +#------------------------------------------------------------------------- +# smack patches for handling bluetooth + +SRC_URI_append_smack = "\ + file://0001-Smack-File-receive-for-sockets.patch \ + file://0002-smack-fix-cache-of-access-labels.patch \ + file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ + file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ +" + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch new file mode 100644 index 000000000..b0c5ee8f4 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0001-Smack-File-receive-for-sockets.patch @@ -0,0 +1,62 @@ +From 2e65b888820ea372984d412cee3bd7dcba05d7d2 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler +Date: Mon, 7 Dec 2015 14:34:32 -0800 +Subject: [PATCH 1/4] Smack: File receive for sockets + +The existing file receive hook checks for access on +the file inode even for UDS. This is not right, as +the inode is not used by Smack to make access checks +for sockets. This change checks for an appropriate +access relationship between the receiving (current) +process and the socket. If the process can't write +to the socket's send label or the socket's receive +label can't write to the process fail. + +This will allow the legitimate cases, where the +socket sender and socket receiver can freely communicate. +Only strangly set socket labels should cause a problem. + +Signed-off-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b644757..487b2f3 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1672,9 +1672,31 @@ static int smack_file_receive(struct file *file) + int may = 0; + struct smk_audit_info ad; + struct inode *inode = file_inode(file); ++ struct socket *sock; ++ struct task_smack *tsp; ++ struct socket_smack *ssp; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ ++ if (S_ISSOCK(inode->i_mode)) { ++ sock = SOCKET_I(inode); ++ ssp = sock->sk->sk_security; ++ tsp = current_security(); ++ /* ++ * If the receiving process can't write to the ++ * passed socket or if the passed socket can't ++ * write to the receiving process don't accept ++ * the passed socket. ++ */ ++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ if (rc < 0) ++ return rc; ++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ return rc; ++ } + /* + * This code relies on bitmasks. + */ +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..51c3b31ec --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 5bcea0fc4e5360deca133e211fdc76717a1693a4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 487b2f3..b9393e3 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1256,9 +1256,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..67761ae46 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From aa63c4f8ece0c54a9be735ac38667f11fcd6f44a Mon Sep 17 00:00:00 2001 +From: Rafal Krypa +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b9393e3..c916f58 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2056,6 +2056,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch new file mode 100644 index 000000000..4281c201c --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.1/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch @@ -0,0 +1,49 @@ +From b2b9e7ec8e79ede841104f76464f4b77c057b011 Mon Sep 17 00:00:00 2001 +From: jooseong lee +Date: Thu, 3 Nov 2016 10:55:43 +0100 +Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook + +Creating struct sock by sk_alloc function in various kernel subsystems +like bluetooth dosen't call smack_socket_post_create(). In such case, +received sock label is the floor('_') label and makes access deny. + +Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 + +Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 +Signed-off-by: jooseong lee +Signed-off-by: José Bollo +--- + security/smack/smack_lsm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index c916f58..cc6769b 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2138,8 +2138,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) + if (ssp == NULL) + return -ENOMEM; + +- ssp->smk_in = skp; +- ssp->smk_out = skp; ++ /* ++ * Sockets created by kernel threads receive web label. ++ */ ++ if (unlikely(current->flags & PF_KTHREAD)) { ++ ssp->smk_in = &smack_known_web; ++ ssp->smk_out = &smack_known_web; ++ } else { ++ ssp->smk_in = skp; ++ ssp->smk_out = skp; ++ } + ssp->smk_packet = NULL; + + sk->sk_security = ssp; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch new file mode 100644 index 000000000..4021e5d38 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0001-Smack-File-receive-for-sockets.patch @@ -0,0 +1,65 @@ +From 2b206c36b16e72cfe41cd22448d8527359ffd962 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler +Date: Mon, 7 Dec 2015 14:34:32 -0800 +Subject: [PATCH 1/4] Smack: File receive for sockets + +The existing file receive hook checks for access on +the file inode even for UDS. This is not right, as +the inode is not used by Smack to make access checks +for sockets. This change checks for an appropriate +access relationship between the receiving (current) +process and the socket. If the process can't write +to the socket's send label or the socket's receive +label can't write to the process fail. + +This will allow the legitimate cases, where the +socket sender and socket receiver can freely communicate. +Only strangly set socket labels should cause a problem. + +Signed-off-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index ff81026..b20ef06 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1860,12 +1860,34 @@ static int smack_file_receive(struct file *file) + int may = 0; + struct smk_audit_info ad; + struct inode *inode = file_inode(file); ++ struct socket *sock; ++ struct task_smack *tsp; ++ struct socket_smack *ssp; + + if (unlikely(IS_PRIVATE(inode))) + return 0; + + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); + smk_ad_setfield_u_fs_path(&ad, file->f_path); ++ ++ if (S_ISSOCK(inode->i_mode)) { ++ sock = SOCKET_I(inode); ++ ssp = sock->sk->sk_security; ++ tsp = current_security(); ++ /* ++ * If the receiving process can't write to the ++ * passed socket or if the passed socket can't ++ * write to the receiving process don't accept ++ * the passed socket. ++ */ ++ rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ if (rc < 0) ++ return rc; ++ rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad); ++ rc = smk_bu_file(file, may, rc); ++ return rc; ++ } + /* + * This code relies on bitmasks. + */ +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch new file mode 100644 index 000000000..c516f3aa5 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0002-smack-fix-cache-of-access-labels.patch @@ -0,0 +1,43 @@ +From 99267706991ab84bd44ceaea9a7ec886bbdd58e0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Tue, 12 Jan 2016 21:23:40 +0100 +Subject: [PATCH 2/4] smack: fix cache of access labels +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Before this commit, removing the access property of +a file, aka, the extended attribute security.SMACK64 +was not effictive until the cache had been cleaned. + +This patch fixes that problem. + +Signed-off-by: José Bollo +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b20ef06..b2bcb14 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -1444,9 +1444,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) + * Don't do anything special for these. + * XATTR_NAME_SMACKIPIN + * XATTR_NAME_SMACKIPOUT +- * XATTR_NAME_SMACKEXEC + */ +- if (strcmp(name, XATTR_NAME_SMACK) == 0) ++ if (strcmp(name, XATTR_NAME_SMACK) == 0) { ++ struct super_block *sbp = d_backing_inode(dentry)->i_sb; ++ struct superblock_smack *sbsp = sbp->s_security; ++ ++ isp->smk_inode = sbsp->smk_default; ++ } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) + isp->smk_task = NULL; + else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) + isp->smk_mmap = NULL; +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch new file mode 100644 index 000000000..c9180bb9f --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0003-Smack-ignore-null-signal-in-smack_task_kill.patch @@ -0,0 +1,39 @@ +From ec4eb03af07b0fbc330aecca6ac4ebd6accd8825 Mon Sep 17 00:00:00 2001 +From: Rafal Krypa +Date: Mon, 4 Apr 2016 11:14:53 +0200 +Subject: [PATCH 3/4] Smack: ignore null signal in smack_task_kill + +Kill with signal number 0 is commonly used for checking PID existence. +Smack treated such cases like any other kills, although no signal is +actually delivered when sig == 0. + +Checking permissions when sig == 0 didn't prevent an unprivileged caller +from learning whether PID exists or not. When it existed, kernel returned +EPERM, when it didn't - ESRCH. The only effect of policy check in such +case is noise in audit logs. + +This change lets Smack silently ignore kill() invocations with sig == 0. + +Signed-off-by: Rafal Krypa +Acked-by: Casey Schaufler +--- + security/smack/smack_lsm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index b2bcb14..cf8a93f 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2239,6 +2239,9 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, + struct smack_known *tkp = smk_of_task_struct(p); + int rc; + ++ if (!sig) ++ return 0; /* null signal; existence test */ ++ + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); + smk_ad_setfield_u_tsk(&ad, p); + /* +-- +2.7.4 + diff --git a/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch new file mode 100644 index 000000000..a1eeac3d7 --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/linux-yocto-4.4/0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch @@ -0,0 +1,49 @@ +From c8bbb0f916de54610513e376070aea531af19dd6 Mon Sep 17 00:00:00 2001 +From: jooseong lee +Date: Thu, 3 Nov 2016 10:55:43 +0100 +Subject: [PATCH 4/4] Smack: Assign smack_known_web label for kernel thread's +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Assign smack_known_web label for kernel thread's socket in the sk_alloc_security hook + +Creating struct sock by sk_alloc function in various kernel subsystems +like bluetooth dosen't call smack_socket_post_create(). In such case, +received sock label is the floor('_') label and makes access deny. + +Refers-to: https://review.tizen.org/gerrit/#/c/80717/4 + +Change-Id: I2e5c9359bfede84a988fd4d4d74cdb9dfdfc52d8 +Signed-off-by: jooseong lee +Signed-off-by: José Bollo +--- + security/smack/smack_lsm.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index cf8a93f..21651bc 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2321,8 +2321,16 @@ static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags) + if (ssp == NULL) + return -ENOMEM; + +- ssp->smk_in = skp; +- ssp->smk_out = skp; ++ /* ++ * Sockets created by kernel threads receive web label. ++ */ ++ if (unlikely(current->flags & PF_KTHREAD)) { ++ ssp->smk_in = &smack_known_web; ++ ssp->smk_out = &smack_known_web; ++ } else { ++ ssp->smk_in = skp; ++ ssp->smk_out = skp; ++ } + ssp->smk_packet = NULL; + + sk->sk_security = ssp; +-- +2.7.4 + -- cgit 1.2.3-korg From 3bab57271818f51dbb1341c70f9b6d6eb1e84ebf Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 8 Nov 2016 17:27:51 +0100 Subject: af-main: update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Include features for HomeScreen: - returns pids - renamed verbs: stop -> pause & continue -> resume - dbus manifests Change-Id: I24ea59f376f57182c7060aca1c96539866cdcaba Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 880654e8c..32f595e50 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "c31038db1cff938d7fa1f12f757c1c57ab51c0bd" +SRCREV = "cdcf4b4caa5d02a626c2e7075126e395a72f58a0" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From 6dbefa1e2b6aa9ab52353360405905515793a3a3 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 8 Nov 2016 11:38:51 +0100 Subject: web-runtime: provide IVI tuning for porter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added to the environment: export QT_WAYLAND_SHELL_INTEGRATION="ivi-shell" This allows HTML5 applications to run on top of the IVI-shell. Note to AGL integrators: this is a temporary patch that can be removed at the end. Change-Id: Ic2b5f75327af6cbd1af4c7bd1eeb5cc3a2b743fd Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime | 1 + meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime index ca712e155..0b8604439 100755 --- a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime @@ -1,2 +1,3 @@ #!/bin/sh +export QT_WAYLAND_SHELL_INTEGRATION="ivi-shell" exec /usr/bin/qt5/qmlscene "$1" /usr/bin/web-runtime-webkit.qml diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb index 9df4dff2d..fa149875c 100644 --- a/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime_0.1.bb @@ -7,7 +7,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" SRC_URI = "\ - file://web-runtime;md5sum=00cdb6980e03cf8c8f7d60dd978c61d7 \ + file://web-runtime;md5sum=6114c0bdd20290912a423fa01beb50f0 \ file://web-runtime.qml;md5sum=5d6a379e9b7e5654319e5ba638824a58 \ file://web-runtime-webkit.qml;md5sum=4daf9df39078634c27a7923d37e82e3d \ " -- cgit 1.2.3-korg From a9eccd3dd68af01188f3f8d3d7104cf23a4f49e7 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 3 Nov 2016 11:30:25 +0100 Subject: Smack: add audit when smack is active MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is important for developement process and for monitoring hacking to track violations and to monitor wrong uses or problems. By activating audit with Smack we ensure that detection and reporting of hazardous or malicious violations will be possible. Change-Id: I7808ff17b5b8ba1fb09742fd273f46f06917d26b Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-kernel/linux/linux-%.bbappend | 3 +++ meta-app-framework/recipes-kernel/linux/linux/audit.cfg | 2 ++ 2 files changed, 5 insertions(+) create mode 100644 meta-app-framework/recipes-kernel/linux/linux-%.bbappend create mode 100644 meta-app-framework/recipes-kernel/linux/linux/audit.cfg (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-kernel/linux/linux-%.bbappend b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend new file mode 100644 index 000000000..02595efdf --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux-%.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" +SRC_URI_append_smack = " file://audit.cfg" + diff --git a/meta-app-framework/recipes-kernel/linux/linux/audit.cfg b/meta-app-framework/recipes-kernel/linux/linux/audit.cfg new file mode 100644 index 000000000..214dbe33f --- /dev/null +++ b/meta-app-framework/recipes-kernel/linux/linux/audit.cfg @@ -0,0 +1,2 @@ +CONFIG_AUDIT=y +CONFIG_AUDITSYSCALL=y -- cgit 1.2.3-korg From b4ab95010b9d8deedbd3b2b369a214a9fe4065b7 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Thu, 10 Nov 2016 12:46:59 +0100 Subject: meta-app-framework: fix unpackaged files in nativesdk-af-main Recent changes in af-main now generate .pc (pkgconfig) files. These files shouldn't be packaged for nativesdk-af-main: they are just removed at the end of the install task to avoid the 'unpackaged files' error. Change-Id: I61364c430c0272e8e8a398e1e5640c856c668c1b Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index 426e99911..0169e6b1a 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -19,6 +19,11 @@ EXTRA_OECMAKE = "\ -Dafm_datadir=${afm_datadir} \ " +do_install_append() { + # remove unused .pc file we don't want to package + rm -rf ${D}/${libdir} +} + PACKAGES = "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-* ${afm_confdir}/*" FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" -- cgit 1.2.3-korg From a3dcf69ade673afb0b340f0864b443192d58b7f8 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 16 Nov 2016 13:27:36 +0100 Subject: appfwk: improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds the following improvements to the application framework: - "once" method to launch applications at most one time - minor warning fixes when compiling - allowing % substitution in environment variables - export of the variable AFM_APP_INSTALL_DIR - set the execute flag on installed binaries Change-Id: I729d3b882089473c627e166c35bd0d96e70c9c53 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 32f595e50..b98c52e2e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "cdcf4b4caa5d02a626c2e7075126e395a72f58a0" +SRCREV = "f8ac4a3d0132968d06855177da630e8e788baee6" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From 38673a77ef9f41d363c480db56116f054f7955bf Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 17 Nov 2016 16:26:32 +0100 Subject: smack: removed already applied patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch is already applied to linux-yocto_4.4.26 Change-Id: Icc58ac2f2d14589c5318286b487f0e13e5ff93f2 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend | 1 - 1 file changed, 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend index 66c37400f..51df08719 100644 --- a/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend +++ b/meta-app-framework/recipes-kernel/linux/linux-yocto_4.4.bbappend @@ -4,7 +4,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux/linux-yocto-4.4:" # smack patches for handling bluetooth SRC_URI_append_smack = "\ - file://0001-Smack-File-receive-for-sockets.patch \ file://0002-smack-fix-cache-of-access-labels.patch \ file://0003-Smack-ignore-null-signal-in-smack_task_kill.patch \ file://0004-Smack-Assign-smack_known_web-label-for-kernel-thread.patch \ -- cgit 1.2.3-korg From 8f6992c0c44362d2f614c9df8283cb15029f2e8a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 21 Nov 2016 15:37:32 +0100 Subject: Improves places for QT_WAYLAND_SHELL_INTEGRATION MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This define is currently needed by all applications launched by the framework. This commits allows that. Change-Id: Ia56268c1bca58f2da7c0152fa735751603d799bc Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../af-main/add-qt-wayland-shell-integration.patch | 24 ++++++++++++++++++++++ .../recipes-core/af-main/af-main_1.0.bb | 7 +++++-- .../web-runtime/web-runtime/web-runtime | 1 - 3 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch new file mode 100644 index 000000000..f8940f24a --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch @@ -0,0 +1,24 @@ +diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service +index 6b5c1d8..e0f6799 100644 +--- a/conf/afm-user-daemon.service ++++ b/conf/afm-user-daemon.service +@@ -7,6 +7,7 @@ BusName=org.AGL.afm.user + ExecStart=/usr/bin/afm-user-daemon --user-dbus=unix:path=%t/bus + Environment=AFM_APP_INSTALL_DIR=%%r + Environment=LD_PRELOAD=/usr/lib/libEGL.so ++Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell + Restart=on-failure + RestartSec=5 + +diff --git a/docs/quick-tutorial.md b/docs/quick-tutorial.md +index 081dfe5..f55d4d0 100644 +--- a/docs/quick-tutorial.md ++++ b/docs/quick-tutorial.md +@@ -29,6 +29,7 @@ Using the CLI tool + + ### Setup Environment + Connect your AGL target board to the network and copy some sample widgets on it through SSH (set BOARDIP with your board IP address) : ++ + ``` + $ cd afm-widget-examples + $ BOARDIP=1.2.3.4 diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index d8d7af46f..1b4e2092f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -42,8 +42,11 @@ FILES_${PN} += "\ RDEPENDS_${PN}_append_smack = " smack-userspace" DEPENDS_append_smack = " smack-userspace-native" -# short hack here -SRC_URI += " file://Hack-to-allow-the-debugging.patch" +# short hacks here +SRC_URI += "\ + file://Hack-to-allow-the-debugging.patch \ + file://add-qt-wayland-shell-integration.patch \ +" do_install_append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then diff --git a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime index 0b8604439..ca712e155 100755 --- a/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime +++ b/meta-app-framework/recipes-core/web-runtime/web-runtime/web-runtime @@ -1,3 +1,2 @@ #!/bin/sh -export QT_WAYLAND_SHELL_INTEGRATION="ivi-shell" exec /usr/bin/qt5/qmlscene "$1" /usr/bin/web-runtime-webkit.qml -- cgit 1.2.3-korg From 83ff9b76129dd6d4c406c77f0a1315516c4a0593 Mon Sep 17 00:00:00 2001 From: Ronan Date: Wed, 7 Dec 2016 19:58:18 +0100 Subject: add native build for af-main Change-Id: If9765fa5dbb5229a511b36cda83505cab75e7785 Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 1b4e2092f..611307fb0 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -7,16 +7,27 @@ require af-main_${PV}.inc # NOTE: using ZIP programs creates directories with mode 777 (very bad) inherit cmake pkgconfig useradd systemd +BBCLASSEXTEND = "native" SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" +DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" afm_datadir = "${datadir}/${afm_name}" afb_binding_dir = "${libdir}/afb" +EXTRA_OECMAKE_class-native = "\ + -DUSE_LIBZIP=1 \ + -DUSE_SIMULATION=1 \ + -DUSE_SDK=1 \ + -Dafm_name=${afm_name} \ + -Dafm_confdir=${afm_confdir} \ + -Dafm_datadir=${afm_datadir} \ +" + EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=0 \ -- cgit 1.2.3-korg From f947f34b2acab8fb55007c5bf5ddc677338e7c12 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 14 Dec 2016 11:26:23 +0100 Subject: af-main: fix exec flag and case sensitive ids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The execute flags is now set for widgets of type application/vnd.agl.native. The ids of the applications are now enforced to lowercase for their storing and their smack label. Conversely, the id is no more case sensitive for launching or uninstalling widgets. Change-Id: I8857b10860acf464cc56939b4acc026319d65736 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../af-main/af-main/add-qt-wayland-shell-integration.patch | 13 ------------- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 2 files changed, 1 insertion(+), 14 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch index f8940f24a..8e21678be 100644 --- a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch +++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch @@ -9,16 +9,3 @@ index 6b5c1d8..e0f6799 100644 +Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell Restart=on-failure RestartSec=5 - -diff --git a/docs/quick-tutorial.md b/docs/quick-tutorial.md -index 081dfe5..f55d4d0 100644 ---- a/docs/quick-tutorial.md -+++ b/docs/quick-tutorial.md -@@ -29,6 +29,7 @@ Using the CLI tool - - ### Setup Environment - Connect your AGL target board to the network and copy some sample widgets on it through SSH (set BOARDIP with your board IP address) : -+ - ``` - $ cd afm-widget-examples - $ BOARDIP=1.2.3.4 diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index b98c52e2e..797f60784 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "f8ac4a3d0132968d06855177da630e8e788baee6" +SRCREV = "dfd49d8fe0bcbc4d794b5a8d56447dd7129aa853" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From ed0ec649f38a3044aaf3d36222be0391872cf2f5 Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Wed, 14 Dec 2016 14:08:16 +0100 Subject: Move all writable data used by security-manager and appfw to /var The purpose of these changes is to make OSTree and AppFw update domains compatible with each other. Some intergation code is also needed to deploy initial data to writable area (see SPEC-359 in Jira). Bug-AGL: SPEC-359 Change-Id: Iccba1e9916c569167df2922ad5e2d90cc33f06fe Signed-off-by: Anton Gerasimov Signed-off-by: Stephane Desneux --- .../af-main/af-main/init-afm-dirs.service | 15 ++ .../recipes-core/af-main/af-main/init-afm-dirs.sh | 7 + .../recipes-core/af-main/af-main_1.0.bb | 22 ++- .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 2 +- .../Removing-tizen-platform-config.patch | 196 +++++++++++++++++++++ .../init-security-manager-db.service | 15 ++ .../security-manager/init-security-manager-db.sh | 6 + .../security-manager/security-manager_%.bbappend | 14 +- .../afm-client/files/afm-client.service | 2 +- 9 files changed, 270 insertions(+), 9 deletions(-) create mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service create mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service new file mode 100644 index 000000000..7e3b9e4e8 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service @@ -0,0 +1,15 @@ +# +# Install security-manager DB to /var + +[Unit] +Description=Deploy AFM directories to /var +After=sysinit.target +Before=afm-system-daemon.service +Before=afm-user-daemon.service + +[Install] +WantedBy=default.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/init-afm-dirs.sh diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh new file mode 100644 index 000000000..97cf272f2 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ ! -e "/var/lib/afm" ]; then + mkdir -p /var/lib + cp -ra /usr/share/afm /var/lib +fi + diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 611307fb0..834e293fa 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -16,7 +16,8 @@ DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "${datadir}/${afm_name}" +afm_datadir = "/var/lib/${afm_name}" +afm_init_datadir = "${datadir}/${afm_name}" afb_binding_dir = "${libdir}/afb" EXTRA_OECMAKE_class-native = "\ @@ -46,8 +47,12 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}" SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" SYSTEMD_AUTO_ENABLE = "enable" +SRC_URI_append = "file://init-afm-dirs.sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://init-afm-dirs.service', '', d)}" + FILES_${PN} += "\ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ + ${bindir}/init-afm-dirs.sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service ${systemd_unitdir}/system/init-afm-dirs.service', '', d)} \ " RDEPENDS_${PN}_append_smack = " smack-userspace" @@ -60,9 +65,14 @@ SRC_URI += "\ " do_install_append() { + install -d ${D}${bindir} + install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants + mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service + ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi } @@ -79,15 +89,15 @@ EOF } pkg_postinst_${PN}() { - mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons + mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { - mkdir -p $D${afm_datadir}/applications $D${afm_datadir}/icons - chown ${afm_name}:${afm_name} $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons - chsmack -a 'System::Shared' -t $D${afm_datadir} $D${afm_datadir}/applications $D${afm_datadir}/icons + mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + chown ${afm_name}:${afm_name} $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + chsmack -a 'System::Shared' -t $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index 0169e6b1a..ba70c59ab 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -8,7 +8,7 @@ DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzi afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "${datadir}/${afm_name}" +afm_datadir = "/var/lib/${afm_name}" EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch new file mode 100644 index 000000000..4830db2a8 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/Removing-tizen-platform-config.patch @@ -0,0 +1,196 @@ +From 72e66d0e42f3bb6efd689ce33b1df407d94b3c60 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Mon, 16 Nov 2015 14:26:25 +0100 +Subject: [PATCH] Removing tizen-platform-config + +Change-Id: Ic832a2b75229517b09faba969c27fb1a4b490121 +--- + policy/security-manager-policy-reload | 2 +- + src/common/file-lock.cpp | 4 +--- + src/common/include/file-lock.h | 1 - + src/common/include/privilege_db.h | 3 +-- + src/common/service_impl.cpp | 39 +++++++++++------------------------ + src/common/smack-rules.cpp | 12 ++++------- + 6 files changed, 19 insertions(+), 42 deletions(-) + +diff --git a/policy/security-manager-policy-reload b/policy/security-manager-policy-reload +index 6f211c6..ed8047a 100755 +--- a/policy/security-manager-policy-reload ++++ b/policy/security-manager-policy-reload +@@ -2,7 +2,7 @@ + + POLICY_PATH=/usr/share/security-manager/policy + PRIVILEGE_GROUP_MAPPING=$POLICY_PATH/privilege-group.list +-DB_FILE=`tzplatform-get TZ_SYS_DB | cut -d= -f2`/.security-manager.db ++DB_FILE=/var/db/security-manager/.security-manager.db + + # Create default buckets + while read bucket default_policy +diff --git a/src/common/file-lock.cpp b/src/common/file-lock.cpp +index 6f3996c..1dada17 100644 +--- a/src/common/file-lock.cpp ++++ b/src/common/file-lock.cpp +@@ -30,9 +30,7 @@ + + namespace SecurityManager { + +-char const * const SERVICE_LOCK_FILE = tzplatform_mkpath3(TZ_SYS_RUN, +- "lock", +- "security-manager.lock"); ++char const * const SERVICE_LOCK_FILE = "/var/run/lock/security-manager.lock"; + + FileLocker::FileLocker(const std::string &lockFile, bool blocking) + { +diff --git a/src/common/include/file-lock.h b/src/common/include/file-lock.h +index 604b019..21a86a0 100644 +--- a/src/common/include/file-lock.h ++++ b/src/common/include/file-lock.h +@@ -29,7 +29,6 @@ + + #include + #include +-#include + + namespace SecurityManager { + +diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h +index 4d73d90..03c6680 100644 +--- a/src/common/include/privilege_db.h ++++ b/src/common/include/privilege_db.h +@@ -34,14 +34,13 @@ + #include + + #include +-#include + + #ifndef PRIVILEGE_DB_H_ + #define PRIVILEGE_DB_H_ + + namespace SecurityManager { + +-const char *const PRIVILEGE_DB_PATH = tzplatform_mkpath(TZ_SYS_DB, ".security-manager.db"); ++const char *const PRIVILEGE_DB_PATH = "/var/db/security-manager/.security-manager.db"; + + enum class QueryType { + EGetPkgPrivileges, +diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp +index ae305d3..65cc8b5 100644 +--- a/src/common/service_impl.cpp ++++ b/src/common/service_impl.cpp +@@ -32,7 +32,6 @@ + #include + + #include +-#include + + #include "protocols.h" + #include "privilege_db.h" +@@ -131,7 +130,13 @@ static inline int validatePolicy(policy_entry &policyEntry, std::string uidStr, + + static uid_t getGlobalUserId(void) + { +- static uid_t globaluid = tzplatform_getuid(TZ_SYS_GLOBALAPP_USER); ++ static uid_t globaluid = 0; ++ if (!globaluid) { ++ struct passwd pw, *p; ++ char buf[4096]; ++ int rc = getpwnam_r("userapp", &pw, buf, sizeof buf, &p); ++ globaluid = (rc || p == NULL) ? 555 : p->pw_uid; ++ } + return globaluid; + } + +@@ -161,37 +166,17 @@ static inline bool isSubDir(const char *parent, const char *subdir) + + static bool getUserAppDir(const uid_t &uid, std::string &userAppDir) + { +- struct tzplatform_context *tz_ctx = nullptr; +- +- if (tzplatform_context_create(&tz_ctx)) +- return false; +- +- if (tzplatform_context_set_user(tz_ctx, uid)) { +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; ++ struct passwd pw, *p; ++ char buf[4096]; ++ int rc = getpwuid_r(uid, &pw, buf, sizeof buf, &p); ++ if (rc || p == NULL) + return false; +- } +- +- enum tzplatform_variable id = +- (uid == getGlobalUserId()) ? TZ_SYS_RW_APP : TZ_USER_APP; +- const char *appDir = tzplatform_context_getenv(tz_ctx, id); +- if (!appDir) { +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; +- return false; +- } +- +- userAppDir = appDir; +- +- tzplatform_context_destroy(tz_ctx); +- tz_ctx = nullptr; +- ++ userAppDir = p->pw_dir; + return true; + } + + static inline bool installRequestAuthCheck(const app_inst_req &req, uid_t uid, bool &isCorrectPath, std::string &appPath) + { +- std::string userHome; + std::string userAppDir; + std::stringstream correctPath; + +diff --git a/src/common/smack-rules.cpp b/src/common/smack-rules.cpp +index d834e42..8b5728b 100644 +--- a/src/common/smack-rules.cpp ++++ b/src/common/smack-rules.cpp +@@ -34,7 +34,6 @@ + #include + + #include +-#include + + #include "smack-labels.h" + #include "smack-rules.h" +@@ -43,7 +42,7 @@ namespace SecurityManager { + + const char *const SMACK_APP_LABEL_TEMPLATE = "~APP~"; + const char *const SMACK_PKG_LABEL_TEMPLATE = "~PKG~"; +-const char *const APP_RULES_TEMPLATE_FILE_PATH = tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", "app-rules-template.smack"); ++const char *const APP_RULES_TEMPLATE_FILE_PATH = "/usr/share/security-manager/policy/app-rules-template.smack"; + const char *const SMACK_APP_IN_PACKAGE_PERMS = "rwxat"; + + SmackRules::SmackRules() +@@ -237,14 +236,12 @@ void SmackRules::generatePackageCrossDeps(const std::vector &pkgCon + + std::string SmackRules::getPackageRulesFilePath(const std::string &pkgId) + { +- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("pkg_" + pkgId).c_str())); +- return path; ++ return "/etc/smack/accesses.d/pkg_" + pkgId; + } + + std::string SmackRules::getApplicationRulesFilePath(const std::string &appId) + { +- std::string path(tzplatform_mkpath3(TZ_SYS_SMACK, "accesses.d", ("app_" + appId).c_str())); +- return path; ++ return "/etc/smack/accesses.d/app_" + appId; + } + void SmackRules::installApplicationPrivilegesRules(const std::string &appId, const std::string &pkgId, + const std::vector &pkgContents, const std::vector &privileges) +@@ -256,8 +253,7 @@ void SmackRules::installApplicationPrivilegesRules(const std::string &appId, con + for (auto privilege : privileges) { + if (privilege.empty()) + continue; +- std::string fprivilege ( privilege + "-template.smack"); +- std::string path(tzplatform_mkpath4(TZ_SYS_SHARE, "security-manager", "policy", fprivilege.c_str())); ++ std::string path = "/usr/share/security-manager/policy/" + privilege + "-template.smack"; + if( stat(path.c_str(), &buffer) == 0) + smackRules.addFromTemplateFile(appId, pkgId, path); + } +-- +2.1.4 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service new file mode 100644 index 000000000..8ed5e8601 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.service @@ -0,0 +1,15 @@ +# +# Install security-manager DB to /var + +[Unit] +Description=Install Security Manager database +After=sysinit.target +Before=security-manager.service + +[Install] +WantedBy=default.target + +[Service] +Type=oneshot +User=root +ExecStart=/usr/bin/init-security-manager-db.sh diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh new file mode 100644 index 000000000..ef41286c8 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/init-security-manager-db.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ ! -e "/var/db/security-manager" ]; then + mkdir -p /var/db + cp -ra /usr/dbspace/ /var/db/security-manager +fi diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index d3a110de5..b4b5e01c4 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -1,4 +1,16 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" -SRC_URI += " file://0001-Adapt-rules-to-AGL.patch " +SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \ + file://init-security-manager-db.service \ + file://init-security-manager-db.sh" +SYSTEMD_SERVICE_${PN} = "init-security-manager-db.service" + +FILES_${PN}_append = "${bindir}/init-security-manager-db.sh" + +do_install_append () { + install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service + fi +} diff --git a/meta-app-framework/recipes-example/afm-client/files/afm-client.service b/meta-app-framework/recipes-example/afm-client/files/afm-client.service index 688c91fd8..735717439 100644 --- a/meta-app-framework/recipes-example/afm-client/files/afm-client.service +++ b/meta-app-framework/recipes-example/afm-client/files/afm-client.service @@ -2,7 +2,7 @@ Description=Simplest application manager [Service] -ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/usr/share/afm/icons +ExecStart=/usr/bin/afb-daemon --mode=remote --port=1234 --token='' --sessiondir=/home/root/.afb-daemon --rootdir=/usr/share/agl/afm-client --alias=/icons:/var/lib/afm/icons Restart=on-failure RestartSec=5 -- cgit 1.2.3-korg From 7a544ca5822f378ef26cde8528fea6c2e8eff096 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Wed, 14 Dec 2016 16:34:29 +0100 Subject: af-main: remove --roothttp option from afm-launch.conf For all application types except HTML5 (application/vnd.agl.html.hybrid), there's no need to specify a root http directory. Moreover, If such directory is not present in the packaging, launching the application will fail. Change-Id: Ib0b25f3d8bb9f63dde8610d96126639b846e245d Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 797f60784..6b58cf7ad 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "dfd49d8fe0bcbc4d794b5a8d56447dd7129aa853" +SRCREV = "fd61febe4d3275e02d15440d6632327aa69ce636" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From 583ab502cb7006e4083203df65ce4d388feeabdc Mon Sep 17 00:00:00 2001 From: Anton Gerasimov Date: Fri, 16 Dec 2016 12:37:44 +0100 Subject: Don't override SYSTEMD_SERVICE of original recipe. Latest change for compatibility with OSTree introduced this bug, fix. Change-Id: Ib9c7fe624fbbd722abe07ca08ff56f4334dbf13e Signed-off-by: Anton Gerasimov Signed-off-by: Stephane Desneux --- .../recipes-core/security-manager/security-manager_%.bbappend | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index b4b5e01c4..a4cd6075e 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -4,13 +4,16 @@ SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \ file://init-security-manager-db.service \ file://init-security-manager-db.sh" -SYSTEMD_SERVICE_${PN} = "init-security-manager-db.service" - -FILES_${PN}_append = "${bindir}/init-security-manager-db.sh" +FILES_${PN}_append = "${bindir}/init-security-manager-db.sh \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/init-security-manager-db.service', '', d)} \ +" do_install_append () { install -p -D ${WORKDIR}/init-security-manager-db.sh ${D}${bindir}/init-security-manager-db.sh if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + mkdir -p ${D}${systemd_unitdir}/system + mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service + ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants fi } -- cgit 1.2.3-korg From 065566a2dcfa683591e189fd06c9aa997a40ed81 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 20 Dec 2016 15:45:34 +0100 Subject: Authorize the requested permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Normally, the permissions of installed applications are subject to authorization and filtering. This patch removes that control and allows to set the requested permissions. It will allow to write correct config.xml and start using permissions and cynara. Related to SPEC-367. Change-Id: I92b366eaeaf0d452062752296848c04833bc87b1 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 6b58cf7ad..0d07fc2da 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "fd61febe4d3275e02d15440d6632327aa69ce636" +SRCREV = "c6b2074e18ce7a37a59bc1c3831407b42b18c889" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From c0c8c5875ca159a81d017082c472126b0f020523 Mon Sep 17 00:00:00 2001 From: Jan-Simon Möller Date: Wed, 28 Dec 2016 14:54:42 +0100 Subject: Add aglwgt class MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change adds a aglwgt.bbclass which does: - simplify the application (wrapper) recipes within AGL - enforces that 'make package' is present to guarantee the SDK workflow works - places the wgt in the standard location of the AGL reference distro /usr/AGL/apps/ Later the following features will be added to the class: - automatic generation of a wrapper for smoke-test of install/uninstall operations (ptest script) - build-time format checks Change-Id: Ie4f8281061febf3495d33bb1483f8c64b54ed8e9 Signed-off-by: Jan-Simon Möller Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 37 +++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 meta-app-framework/classes/aglwgt.bbclass (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass new file mode 100644 index 000000000..f7da1e401 --- /dev/null +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -0,0 +1,37 @@ +# +# aglwgt bbclass +# +# Jan-Simon Moeller, jsmoeller@linuxfoundation.org +# +# This class expects a "make package" target in the makefile +# which creates the wgt files in the package/ subfolder. +# The makefile needs to use wgtpkg-pack. +# + + +# 'wgtpkg-pack' in af-main-native is required. +DEPENDS_append = " af-main-native" + +# for bindings af-binder is required. +DEPENDS_append = " af-binder" + +do_aglwgt_package() { + cd ${B} + make package || ( \ + bbwarn "Your makefile must support the 'make package' target" ; \ + bbwarn "and generate a .wgt file using wgtpack in the"; \ + bbwarn "subfolder ./package/ !" ; \ + bbwarn "Fix your package as it will not work within the SDK" ; \ + bbwarn "See: https://wiki.automotivelinux.org/troubleshooting/app-recipes" \ + ) +} + +do_aglwgt_deploy() { + install -d ${D}/usr/AGL/apps + install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ +} + +FILES_${PN} += " /usr/AGL/apps/*.wgt " + +addtask aglwgt_package before do_build after do_compile +addtask aglwgt_deploy before do_build after do_install \ No newline at end of file -- cgit 1.2.3-korg From 2a3bbd117220b55682f95dd527f9971f3efdcd82 Mon Sep 17 00:00:00 2001 From: Jan-Simon Möller Date: Wed, 28 Dec 2016 19:15:54 +0100 Subject: Fix whitespace in aglwgt bbclass MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change fixes an issue in the aglwgt bbclass use of FILES_${PN} that lead to a missing inclusion of the *.wgt file. Change-Id: I4ec8485e9f375f3e9278310381b270b0d3647f62 Signed-off-by: Jan-Simon Möller Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass index f7da1e401..734e979c5 100644 --- a/meta-app-framework/classes/aglwgt.bbclass +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -31,7 +31,7 @@ do_aglwgt_deploy() { install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ } -FILES_${PN} += " /usr/AGL/apps/*.wgt " +FILES_${PN} += "/usr/AGL/apps/*.wgt" addtask aglwgt_package before do_build after do_compile addtask aglwgt_deploy before do_build after do_install \ No newline at end of file -- cgit 1.2.3-korg From 115ecf63ed97c79b1b1055d76dee835135277030 Mon Sep 17 00:00:00 2001 From: Jan-Simon Möller Date: Wed, 28 Dec 2016 20:45:11 +0100 Subject: Be more precise in addtask MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This changeset fixes a timing issue on parallel builds when using the aglwgt bbclass. It turns out that we need to make sure our steps finish before do_package is being called. Change-Id: Ib3bc0d39562c6a0d9ba4c55352c61ce1b57d5409 Signed-off-by: Jan-Simon Möller Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass index 734e979c5..97fb6ff8d 100644 --- a/meta-app-framework/classes/aglwgt.bbclass +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -33,5 +33,5 @@ do_aglwgt_deploy() { FILES_${PN} += "/usr/AGL/apps/*.wgt" -addtask aglwgt_package before do_build after do_compile -addtask aglwgt_deploy before do_build after do_install \ No newline at end of file +addtask aglwgt_deploy before do_package after do_install +addtask aglwgt_package before do_aglwgt_deploy after do_compile -- cgit 1.2.3-korg From dfd78e0100e23391b1a3d74e639940a1efee7474 Mon Sep 17 00:00:00 2001 From: Ronan Date: Mon, 2 Jan 2017 17:10:24 +0100 Subject: add fakeroot to aglwgt_deploy task * we need to have pseudo env when we deploy agl app, if not developer id is use instead of pseudo id (root), and a QA issue is rise "host contamination". BB-must-fix Change-Id: I65c61cf1f5318b9cb9afe942da662863389f28b9 Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass index 97fb6ff8d..94f75f2a7 100644 --- a/meta-app-framework/classes/aglwgt.bbclass +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -26,6 +26,10 @@ do_aglwgt_package() { ) } +python () { + d.setVarFlag('do_aglwgt_deploy', 'fakeroot', '1') +} + do_aglwgt_deploy() { install -d ${D}/usr/AGL/apps install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ -- cgit 1.2.3-korg From a589515377149448834425e53ea71645a73f77ef Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 3 Jan 2017 11:46:04 +0100 Subject: Activates threading and hook features MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Activation of threading was delayed until CES demo. Now that CES demo is on, threading can be activated and tested in real. This also enables new features: - Compiler fixes - Hooking of requests (for debugging) - Change in handling option --roothttp - Documentation improvements - Minor internal improvements and cleanup Change-Id: I4c7052697a83c3d49a283970c502c62a5d3ddd64 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index c50d49aae..cf5b46538 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -1,6 +1,6 @@ SUMMARY = "HTTP REST interface to automotive backends for HTML5 UI support" DESCRIPTION = "Automotive-Framework-Binder Daemon provides a HTTP REST \ -interface to various automotive-oriented bindings (sound, radio...), \ +interface to various automotive-oriented bindings, \ allowing HTML5 UIs to send platform-specific requests in a secure way." HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder" @@ -8,7 +8,6 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" DEPENDS = "file json-c libmicrohttpd systemd util-linux" -DEPENDS += "alsa-lib glib-2.0 gssdp gupnp gupnp-av pulseaudio" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=master" SRC_URI_files = "" @@ -16,7 +15,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "dcdb2427f80a325fad889586c8696a2b684d6a61" +SRCREV = "2db7c92c0b4f5840884481fa4c95facbdea63bb6" S = "${WORKDIR}/git" inherit cmake pkgconfig -- cgit 1.2.3-korg From cbca8a09594c90392b2bf87437daa4b9a9db9bff Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Fri, 14 Oct 2016 14:21:15 +0200 Subject: fix libcap patch Change-Id: I49d42748c6dcb1927d1370b0706a085a17aa8a2b Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../libcap/removing-capability-enforcement.patch | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch index fd01c19e9..fa359fa87 100644 --- a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -3,16 +3,18 @@ From: =?UTF-8?q?Jos=C3=A9=20Bollo?= Date: Fri, 22 Jan 2016 16:23:59 +0100 Subject: [PATCH] removing capability enforcement +Signed-off-by: ronan + Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 --- - progs/setcap.c | 43 ------------------------------------------- - 1 file changed, 43 deletions(-) + progs/setcap.c | 45 +-------------------------------------------- + 1 file changed, 1 insertion(+), 44 deletions(-) diff --git a/progs/setcap.c b/progs/setcap.c -index 83090ae..01faa17 100644 +index 7304343..71999b6 100644 --- a/progs/setcap.c +++ b/progs/setcap.c -@@ -58,7 +58,6 @@ static int read_caps(int quiet, const char *filename, char *buffer) +@@ -58,11 +58,9 @@ static int read_caps(int quiet, const char *filename, char *buffer) int main(int argc, char **argv) { @@ -20,7 +22,11 @@ index 83090ae..01faa17 100644 char buffer[MAXCAP+1]; int retval, quiet=0, verify=0; cap_t mycaps; -@@ -150,53 +149,11 @@ int main(int argc, char **argv) +- cap_value_t capflag; + + if (argc < 3) { + usage(); +@@ -150,54 +148,13 @@ int main(int argc, char **argv) printf("%s: OK\n", *argv); } } else { @@ -45,6 +51,7 @@ index 83090ae..01faa17 100644 retval = cap_set_file(*++argv, cap_d); if (retval != 0) { - int explained = 0; + int oerrno = errno; -#ifdef linux - cap_value_t cap; - cap_flag_value_t per_state; @@ -67,13 +74,14 @@ index 83090ae..01faa17 100644 - fprintf(stderr, "Failed to set capabilities on file `%s' (%s)\n", - argv[0], strerror(errno)); + argv[0], strerror(oerrno)); - if (!explained) { - usage(); - } ++ } } if (cap_d) { -- -2.1.4 +2.6.6 -- cgit 1.2.3-korg From 795cc7ddb4feab5595c25b616a7e4726112bcf61 Mon Sep 17 00:00:00 2001 From: Ronan Date: Tue, 25 Oct 2016 16:11:27 +0200 Subject: fix for gcc6 build Change-Id: Iea4f0ba83e1d93ea2e7cc5950dced714b65dd251 Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- .../0001-Fix-Cmake-conf-for-gcc6-build.patch | 40 ++++++++++++++++++++++ .../security-manager/0001-Fix-gcc6-build.patch | 38 ++++++++++++++++++++ .../security-manager/security-manager_%.bbappend | 5 ++- 3 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch create mode 100644 meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch new file mode 100644 index 000000000..43a3ee103 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-Cmake-conf-for-gcc6-build.patch @@ -0,0 +1,40 @@ +From 19c99315a5dcba3b696c30d1fdd42a1dcd574a80 Mon Sep 17 00:00:00 2001 +From: Ronan +Date: Thu, 13 Oct 2016 11:37:47 +0200 +Subject: [PATCH] Fix Cmake conf for gcc6 build + +Signed-off-by: Ronan +--- + src/cmd/CMakeLists.txt | 4 +--- + src/server/CMakeLists.txt | 1 - + 2 files changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/cmd/CMakeLists.txt b/src/cmd/CMakeLists.txt +index ee9a160..aa7a12c 100644 +--- a/src/cmd/CMakeLists.txt ++++ b/src/cmd/CMakeLists.txt +@@ -1,8 +1,6 @@ + FIND_PACKAGE(Boost REQUIRED COMPONENTS program_options) + +-INCLUDE_DIRECTORIES(SYSTEM +- ${Boost_INCLUDE_DIRS} +- ) ++ + + INCLUDE_DIRECTORIES( + ${INCLUDE_PATH} +diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt +index 753eb96..8eef25d 100644 +--- a/src/server/CMakeLists.txt ++++ b/src/server/CMakeLists.txt +@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED) + + INCLUDE_DIRECTORIES(SYSTEM + ${SERVER_DEP_INCLUDE_DIRS} +- ${Boost_INCLUDE_DIRS} + ${Threads_INCLUDE_DIRS} + ) + +-- +2.6.6 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch new file mode 100644 index 000000000..1b3c8c427 --- /dev/null +++ b/meta-app-framework/recipes-core/security-manager/security-manager/0001-Fix-gcc6-build.patch @@ -0,0 +1,38 @@ +From cb9acc2b723b297ee373bf814282711f02657aa5 Mon Sep 17 00:00:00 2001 +From: Ronan +Date: Wed, 12 Oct 2016 17:48:55 +0200 +Subject: [PATCH] Fix gcc6 build + +Signed-off-by: ronan +--- + src/client/client-security-manager.cpp | 1 + + src/common/include/privilege_db.h | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp +index 74a6b30..347cddd 100644 +--- a/src/client/client-security-manager.cpp ++++ b/src/client/client-security-manager.cpp +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + static const char *EMPTY = ""; + +diff --git a/src/common/include/privilege_db.h b/src/common/include/privilege_db.h +index 03c6680..8dd39a1 100644 +--- a/src/common/include/privilege_db.h ++++ b/src/common/include/privilege_db.h +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + #include + +-- +2.6.6 + diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index a4cd6075e..90f69eb47 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -2,7 +2,10 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/security-manager:" SRC_URI += " file://0001-Adapt-rules-to-AGL.patch \ file://init-security-manager-db.service \ - file://init-security-manager-db.sh" + file://init-security-manager-db.sh \ + file://0001-Fix-gcc6-build.patch \ + file://0001-Fix-Cmake-conf-for-gcc6-build.patch \ +" FILES_${PN}_append = "${bindir}/init-security-manager-db.sh \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_unitdir}/system/init-security-manager-db.service', '', d)} \ -- cgit 1.2.3-korg From 2de30e26d06251cb50aff482f0c729c316b8fad0 Mon Sep 17 00:00:00 2001 From: Jan-Simon Möller Date: Mon, 16 Jan 2017 19:43:03 +0100 Subject: Add missing DEPENDS to af-binder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To fix WARNING: af-binder-1.0-r0 do_package_qa: QA Issue: af-binder rdepends on libcrypto, but it isn't a build dependency, missing openssl in DEPENDS or PACKAGECONFIG? [build-deps] openssl is added to DEPENDS. Change-Id: Ib1d38f8041e053f7c706fcb2cc187aad765aa9c4 Signed-off-by: Jan-Simon Möller Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index cf5b46538..cb1d53e45 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -7,7 +7,7 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE-2.0.txt;md5=3b83ef96387f14655fc854ddc3c6bd57" -DEPENDS = "file json-c libmicrohttpd systemd util-linux" +DEPENDS = "file json-c libmicrohttpd systemd util-linux openssl" SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-binder;protocol=https;branch=master" SRC_URI_files = "" -- cgit 1.2.3-korg From a9fd01093b3feda9a5f71484c1934c890da8cb52 Mon Sep 17 00:00:00 2001 From: Ronan Date: Fri, 20 Jan 2017 16:30:39 +0100 Subject: Move feature code into the meta recipes * Having a minimlal local.conf serving the only purpose of user customization is the "Yocto" way of doing things * After a source synchronization (repo sync), feature code must be update without regenerate local.conf * move feature/agl-demo to meta-agl-demo Change-Id: I6db3956da8091bf583b20fce7dc184bfe622a85a Signed-off-by: Ronan Signed-off-by: Stephane Desneux --- meta-app-framework/conf/include/agl-appfw-smack.inc | 12 ++++++++++++ templates/feature/agl-appfw-smack/50_local.conf.inc | 14 ++------------ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 meta-app-framework/conf/include/agl-appfw-smack.inc (limited to 'meta-app-framework') diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc new file mode 100644 index 000000000..90862cb09 --- /dev/null +++ b/meta-app-framework/conf/include/agl-appfw-smack.inc @@ -0,0 +1,12 @@ +# enable security features (smack, cynara) - required by Application Framework +OVERRIDES .= ":smack" +DISTRO_FEATURES_append = " smack dbus-cynara" + +# use tar-native to support SMACK extended attributes independently of host config +IMAGE_CMD_TAR = "tar --xattrs-include='*'" +IMAGE_DEPENDS_tar_append = " tar-replacement-native" +EXTRANATIVEPATH += "tar-native" + +# security: enable ssh server in place of dropbear to support PAM on user sessions +IMAGE_FEATURES += "ssh-server-openssh" + diff --git a/templates/feature/agl-appfw-smack/50_local.conf.inc b/templates/feature/agl-appfw-smack/50_local.conf.inc index 90862cb09..add62a30b 100644 --- a/templates/feature/agl-appfw-smack/50_local.conf.inc +++ b/templates/feature/agl-appfw-smack/50_local.conf.inc @@ -1,12 +1,2 @@ -# enable security features (smack, cynara) - required by Application Framework -OVERRIDES .= ":smack" -DISTRO_FEATURES_append = " smack dbus-cynara" - -# use tar-native to support SMACK extended attributes independently of host config -IMAGE_CMD_TAR = "tar --xattrs-include='*'" -IMAGE_DEPENDS_tar_append = " tar-replacement-native" -EXTRANATIVEPATH += "tar-native" - -# security: enable ssh server in place of dropbear to support PAM on user sessions -IMAGE_FEATURES += "ssh-server-openssh" - +#see meta-agl-extra/meta-app-framework/conf/include/agl-appfw-smack.inc +require conf/include/agl-appfw-smack.inc -- cgit 1.2.3-korg From 802f845b9d31b8b72067930abd2a23f1a321c691 Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Wed, 15 Feb 2017 16:54:11 +0100 Subject: Add afm-install used to install wgt at first boot * afm-install can install wgt app like afm-util but use dbus "system" session instead of "user". #/usr/bin/afm-install install /usr/AGL/apps/$file.wgt Change-Id: Id7361350257347a8db32f539b3bdeb3f2d8f554c Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../recipes-core/af-main/af-main/afm-install | 44 ++++++++++++++++++++++ .../recipes-core/af-main/af-main_1.0.bb | 6 +++ 2 files changed, 50 insertions(+) create mode 100755 meta-app-framework/recipes-core/af-main/af-main/afm-install (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install new file mode 100755 index 000000000..6d37baed8 --- /dev/null +++ b/meta-app-framework/recipes-core/af-main/af-main/afm-install @@ -0,0 +1,44 @@ +#!/bin/sh + +pretty() { + sed \ + -e '/^method return .*/d' \ + -e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \ + -e 's/^ string "\(.*\)"/\1/' \ + -e 's/},/&\n/' +} + +send() { + dbus-send --system --print-reply \ + --dest=org.AGL.afm.system \ + /org/AGL/afm/system \ + org.AGL.afm.system.$1 \ + "string:$2" | + pretty +} + +case "$1" in + + add|install) + f=$(realpath $2) + send install '{"wgt":"'"$f"'","force":true}' + ;; + + -h|--help|help) + cat << EOC + +The commands are: + + add wgt + install wgt install the wgt file + +EOC + ;; + + *) + echo "unknown command $1" >&2 + exit 1 + ;; +esac + + diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 834e293fa..7819bfadf 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -64,6 +64,11 @@ SRC_URI += "\ file://add-qt-wayland-shell-integration.patch \ " +# tools used to install wgt at first boot +SRC_URI += "\ + file://afm-install \ +" + do_install_append() { install -d ${D}${bindir} install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} @@ -74,6 +79,7 @@ do_install_append() { install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi + install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } do_install_append_smack () { -- cgit 1.2.3-korg From 3051f4733706d78b31356cd8c3464f25613996eb Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Wed, 15 Feb 2017 17:02:52 +0100 Subject: Allowed wgt app to auto-install at the first boot * link to gerrit review 8467 (meta-agl) Change-Id: I87832b52dde60134908d29261ca8f8049338e815 Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass index 94f75f2a7..14f00a74c 100644 --- a/meta-app-framework/classes/aglwgt.bbclass +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -30,12 +30,32 @@ python () { d.setVarFlag('do_aglwgt_deploy', 'fakeroot', '1') } + +POST_INSTALL_LEVEL ?= "10" +POST_INSTALL_SCRIPT ?= "${POST_INSTALL_LEVEL}-${PN}.sh" + +EXTRA_WGT_POSTINSTALL ?= "" + do_aglwgt_deploy() { - install -d ${D}/usr/AGL/apps - install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ + install -d ${D}/usr/AGL/apps + install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ + APP_FILES="" + for file in ${D}/usr/AGL/apps/*.wgt;do + APP_FILES+=" "$(basename $file); + done + install -d ${D}/${sysconfdir}/agl-postinsts + cat > ${D}/${sysconfdir}/agl-postinsts/${POST_INSTALL_SCRIPT} < Date: Thu, 16 Feb 2017 18:03:32 +0100 Subject: Add dependency to images * [SPEC-424] Change-Id: I50704658bd7970b5638d7f4f7fe6167e342e9b4b Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../recipes-core/packagegroups/packagegroup-agl-core.bbappend | 3 --- .../recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend create mode 100644 meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend deleted file mode 100644 index ad09e5ddf..000000000 --- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-core.bbappend +++ /dev/null @@ -1,3 +0,0 @@ -RDEPENDS_${PN} += "\ - packagegroup-agl-app-framework \ - " diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend new file mode 100644 index 000000000..ad09e5ddf --- /dev/null +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-image-minimal.bbappend @@ -0,0 +1,3 @@ +RDEPENDS_${PN} += "\ + packagegroup-agl-app-framework \ + " -- cgit 1.2.3-korg From 1c4beeed432eabb0e8f2083b0340a35989262d61 Mon Sep 17 00:00:00 2001 From: Stephane Desneux Date: Fri, 17 Feb 2017 14:35:31 +0100 Subject: aglwgt.bbclass: fix bashism Depending on the host shell, the class may fail due to specific bash syntax. Change-Id: I59938b009b27e8fbdc533e8b58c80a36864723bb Signed-off-by: Stephane Desneux --- meta-app-framework/classes/aglwgt.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/classes/aglwgt.bbclass b/meta-app-framework/classes/aglwgt.bbclass index 14f00a74c..afe9a5516 100644 --- a/meta-app-framework/classes/aglwgt.bbclass +++ b/meta-app-framework/classes/aglwgt.bbclass @@ -41,7 +41,7 @@ do_aglwgt_deploy() { install -m 0644 ${B}/package/*.wgt ${D}/usr/AGL/apps/ APP_FILES="" for file in ${D}/usr/AGL/apps/*.wgt;do - APP_FILES+=" "$(basename $file); + APP_FILES="${APP_FILES} $(basename $file)"; done install -d ${D}/${sysconfdir}/agl-postinsts cat > ${D}/${sysconfdir}/agl-postinsts/${POST_INSTALL_SCRIPT} < Date: Thu, 23 Feb 2017 11:03:08 +0100 Subject: Update af-main * Fix wgtpkg-pack * Add json-c for native and nativesdk Change-Id: I9f2f6b55b729099a70e00f53c631e181d19cf1c9 Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 7819bfadf..c7b8ba440 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -12,7 +12,7 @@ BBCLASSEXTEND = "native" SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" -DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip" +DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 0d07fc2da..c04661a0e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "c6b2074e18ce7a37a59bc1c3831407b42b18c889" +SRCREV = "7cf2890d871e76c082528565f59e1d0d1055b7f9" S = "${WORKDIR}/git" diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index ba70c59ab..021c9ac00 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -4,7 +4,7 @@ inherit nativesdk cmake pkgconfig SECTION = "base" -DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip" +DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c" afm_name = "afm" afm_confdir = "${sysconfdir}/${afm_name}" -- cgit 1.2.3-korg From 2af22bf84f7c7b1b1047a6d451aa0ac3a8b35c5c Mon Sep 17 00:00:00 2001 From: Phong Tran Date: Thu, 23 Feb 2017 23:41:45 +0700 Subject: Fix the error of homescreen for QEMU x86-64 libEGL.so is not availabe in QEMU x86-64 env. This make the afm-user-daemon service is loaded failure. This make the homescreen fail to load. Remove LD_PRELOAD of libEGL.so for QEMU x86-64. Change-Id: Iba9a904cc7e4000861ec0e0d6f5c22f48428b954 Signed-off-by: Phong Tran Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index c7b8ba440..6a1d36a99 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -82,6 +82,10 @@ do_install_append() { install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } +do_install_append_qemux86-64() { + sed -i -e '/LD_PRELOAD=\/usr\/lib\/libEGL.so/d' ${D}${systemd_user_unitdir}/afm-user-daemon.service +} + do_install_append_smack () { install -d ${D}/${sysconfdir}/smack/accesses.d cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < Date: Mon, 6 Mar 2017 17:11:33 +0100 Subject: Add service dependency on run-agl-postinsts * if we add meta-app-framework you should add dependency on afm-system-daemon for run-agl-postinsts service [SPEC-431] Change-Id: I17ac918c0880aa46ba01e78257aacac390a50aba Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../recipes-devtools/run-agl-postinsts/run-agl-postinsts_1.0.bbappend | 1 + 1 file changed, 1 insertion(+) create mode 100644 meta-app-framework/recipes-devtools/run-agl-postinsts/run-agl-postinsts_1.0.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-devtools/run-agl-postinsts/run-agl-postinsts_1.0.bbappend b/meta-app-framework/recipes-devtools/run-agl-postinsts/run-agl-postinsts_1.0.bbappend new file mode 100644 index 000000000..590ab708a --- /dev/null +++ b/meta-app-framework/recipes-devtools/run-agl-postinsts/run-agl-postinsts_1.0.bbappend @@ -0,0 +1 @@ +SYSTEMD_SERVICE_AFTER_append = " afm-system-daemon.service" -- cgit 1.2.3-korg From 953167ff715a932338ce55c63b6115cb7352157f Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 8 Mar 2017 13:15:58 +0100 Subject: Removes systemd warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Systemd was complaining that the service files were executable. This patch removes that issue. Change-Id: I77183bb142956fec84b3ca727f7084e8f652c292 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-main/af-main_1.0.bb | 2 +- .../recipes-core/security-manager/security-manager_%.bbappend | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 6a1d36a99..e229cd22f 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -76,7 +76,7 @@ do_install_append() { mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants - install -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service + install -m 644 -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} diff --git a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend index 90f69eb47..23ceb2937 100644 --- a/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend +++ b/meta-app-framework/recipes-core/security-manager/security-manager_%.bbappend @@ -16,7 +16,7 @@ do_install_append () { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then mkdir -p ${D}${systemd_unitdir}/system mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants - install -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service + install -m 644 -p -D ${WORKDIR}/init-security-manager-db.service ${D}${systemd_unitdir}/system/init-security-manager-db.service ln -sf ${systemd_unitdir}/system/init-security-manager-db.service ${D}${sysconfdir}/systemd/system/default.target.wants fi } -- cgit 1.2.3-korg From 91ee2f30326ae626b40f6a80dc47eac1085051b9 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 7 Mar 2017 17:30:18 +0100 Subject: shadow: 'useradd' copies root's extended attributes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The copy of extended attributes is interesting for Smack systems because it allows to set the security template of the user's home directories without modifying the tools (useradd here). But the version of useradd that copies the extended attributes doesn't copy the extended attributes of the root. This can make use of homes impossible! This patch corrects the issue by copying the extended attributes of the root. This includes 2 patches to implement the behaviour: one for the target and one for the native. The patch for the target was submitted upstream (see below) The patch for the native couldn't be submitted upstream because it applies on a patch specific to open-embedded (that was refused upstream). Upstream-Status: Submitted (http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html) Change-Id: I7ced318a02206fd3f15a6995f59bb82b6c6453d5 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- ...d-copy-extended-attributes-of-home-native.patch | 45 ++++++++++++++++++++++ ...-useradd-copy-extended-attributes-of-home.patch | 45 ++++++++++++++++++++++ .../recipes-extended/shadow/shadow_%.bbappend | 4 ++ 3 files changed, 94 insertions(+) create mode 100644 meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch create mode 100644 meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch create mode 100644 meta-app-framework/recipes-extended/shadow/shadow_%.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch new file mode 100644 index 000000000..ff420d8a2 --- /dev/null +++ b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch @@ -0,0 +1,45 @@ +From 008637fc8bd7f601eb6554d572bba025613913b7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Wed, 8 Mar 2017 14:10:10 +0100 +Subject: [PATCH] useradd: copy extended attributes of home (native) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The Home directory wasn't getting the extended attributes +of /etc/skel. This patch fixes that issue and adds the copy +of the extended attributes of the root of the home directory. + +Change-Id: Ib6836e1b18c4c7f73e02c1f1fc9558dc749ba9da +Signed-off-by: José Bollo +--- + src/useradd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/useradd.c b/src/useradd.c +index 4c418af..8ba8af6 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -55,6 +55,9 @@ + #include + #include + #include ++#ifdef WITH_ATTR ++#include ++#endif + #include "chkname.h" + #include "defines.h" + #include "faillog.h" +@@ -1950,6 +1953,9 @@ static void create_home (void) + chown (user_home, user_id, user_gid); + chmod (user_home, + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); ++#ifdef WITH_ATTR ++ attr_copy_file (def_template, user_home, NULL, NULL); ++#endif + home_added = true; + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, +-- +2.9.3 + diff --git a/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch new file mode 100644 index 000000000..f231c3cfe --- /dev/null +++ b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch @@ -0,0 +1,45 @@ +From acec93540eba6899661c607408498ac72ab07a47 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= +Date: Tue, 7 Mar 2017 16:03:03 +0100 +Subject: [PATCH] useradd: copy extended attributes of home +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The Home directory wasn't getting the extended attributes +of /etc/skel. This patch fixes that issue and adds the copy +of the extended attributes of the root of the home directory. + +Change-Id: Icd633f7c6c494efd2a30cb8f04c306f749ad0c3b +Signed-off-by: José Bollo +--- + src/useradd.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/useradd.c b/src/useradd.c +index a8a1f76..8aefb9c 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -52,6 +52,9 @@ + #include + #include + #include ++#ifdef WITH_ATTR ++#include ++#endif + #include "chkname.h" + #include "defines.h" + #include "faillog.h" +@@ -1915,6 +1918,9 @@ static void create_home (void) + chown (user_home, user_id, user_gid); + chmod (user_home, + 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); ++#ifdef WITH_ATTR ++ attr_copy_file (def_template, user_home, NULL, NULL); ++#endif + home_added = true; + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, +-- +2.9.3 + diff --git a/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend b/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend new file mode 100644 index 000000000..f08435502 --- /dev/null +++ b/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI_append_class-target = " file://0001-useradd-copy-extended-attributes-of-home.patch " +SRC_URI_append_class-native = " file://0001-useradd-copy-extended-attributes-of-home-native.patch " -- cgit 1.2.3-korg From 84359dab292d9cfc2ad66800c8d1765ce32c717b Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 6 Mar 2017 17:19:16 +0100 Subject: Ensure that eXtended Attributes are managed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Common tools like 'useradd' work better in a Smacked context when the extended attributes are correctly managed. This is achieved by enforcing extended attributes "xattr" to be in DISTRO_FEATURES. When the commit 1c3eae5e654b7942b3ffd0b53426ca77219cec03 of poky will be integrated in the upstream of AGL (pyro), it will be possible to removes the 3 last lines of meta-app-framework/conf/include/agl-appfw-smack.inc that explicitely activate the handling of extended attributes for the package "shadow". See SPEC-475. Change-Id: I299e68a34e7e49b33f1046aa99d255655fa2ffcc Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/conf/include/agl-appfw-smack.inc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc index 90862cb09..133f6b04c 100644 --- a/meta-app-framework/conf/include/agl-appfw-smack.inc +++ b/meta-app-framework/conf/include/agl-appfw-smack.inc @@ -1,12 +1,16 @@ # enable security features (smack, cynara) - required by Application Framework OVERRIDES .= ":smack" -DISTRO_FEATURES_append = " smack dbus-cynara" +DISTRO_FEATURES_append = " smack dbus-cynara xattr" # use tar-native to support SMACK extended attributes independently of host config -IMAGE_CMD_TAR = "tar --xattrs-include='*'" +IMAGE_CMD_TAR = "tar --xattrs --xattrs-include='*'" IMAGE_DEPENDS_tar_append = " tar-replacement-native" EXTRANATIVEPATH += "tar-native" # security: enable ssh server in place of dropbear to support PAM on user sessions IMAGE_FEATURES += "ssh-server-openssh" +# enforce copy of xattrs (to be removed, see SPEC-475) +PACKAGECONFIG_append_pn-shadow = " attr" +PACKAGECONFIG_append_pn-shadow-native = " attr" + -- cgit 1.2.3-korg From e94977765987776d7959258cec4b66c809a7b1e8 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 8 Mar 2017 14:19:42 +0100 Subject: base-files for the framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This setting is introduced primarily to allow the recipe agl-users to run in a correct environment. Change-Id: Ib0bd7c8e6520bd87dbb26d9c011f5cb4672f44c7 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../recipes-config/agl-users/agl-users_0.1.bb | 44 ---------------------- .../recipes-core/af-main/af-main_1.0.bb | 12 ------ .../recipes-core/base-files/base-files_%.bbappend | 22 +++++++++++ 3 files changed, 22 insertions(+), 56 deletions(-) create mode 100644 meta-app-framework/recipes-core/base-files/base-files_%.bbappend (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb index 0f61248db..832c51c99 100644 --- a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb +++ b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb @@ -10,10 +10,6 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 SRC_URI = "" - -RDEPENDS_${PN}_append_smack = " smack-userspace" -DEPENDS_append_smack = " smack-userspace-native" - ALLOW_EMPTY_${PN} = "1" USERADD_PACKAGES = "${PN}" @@ -23,43 +19,3 @@ USERADD_PARAM_${PN} = "\ -g users -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger \ " - -do_configure() { - : -} - -do_compile() { - : -} - -do_install() { - : -} - - -pkg_postinst_${PN}() { - #!/bin/sh -e - - # avoid to run on host - [ x"$D" != "x" ] && exit 1 - - # Drops password - passwd -d agl-driver - passwd -d agl-passenger -} - -pkg_postinst_${PN}_smack() { - #!/bin/sh -e - - # avoid to run on host - [ x"$D" != "x" ] && exit 1 - - # Actions to carry out on the device go here - for x in /etc/skel /home/* - do - chsmack -a User::Home $x - done - passwd -d agl-driver - passwd -d agl-passenger -} - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index e229cd22f..86b5d34e2 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -86,18 +86,6 @@ do_install_append_qemux86-64() { sed -i -e '/LD_PRELOAD=\/usr\/lib\/libEGL.so/d' ${D}${systemd_user_unitdir}/afm-user-daemon.service } -do_install_append_smack () { - install -d ${D}/${sysconfdir}/smack/accesses.d - cat > ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < ${D}/${sysconfdir}/smack/accesses.d/default-access-domains-no-user < Date: Tue, 14 Mar 2017 12:50:03 +0100 Subject: Upgrade application framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the last upgrade of the application framework before the switch to the systemd integrated application framework. Changes for AF-BINDER: ---------------------- - removal of legacy file include/afb/afb-plugin.h - removal of legacy call to readdir_r - allowing to repeat option --ldpaths - new options: --no-httpd, --exec, --random-token - reintegration of libmagic for content-types - fix crash on unhandled request - capable of socket activation by systemd Changes in AF-MAIN: ------------------- - handling of JSON-pointers in template unit - fix a bug in mustach evaluation - error message improvement - added afm-util commands: run-remote and start-remote - switch to cmake 3.4.3 - fix bug in file content helper - fix bug of labelling files that made issue when uninstalling Change-Id: Id18c5ff1edb2a7dee3813e996aed6300bcd97036 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb | 2 +- meta-app-framework/recipes-core/af-main/af-main_1.0.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb index cb1d53e45..2ecb2aa94 100644 --- a/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb +++ b/meta-app-framework/recipes-core/af-binder/af-binder_1.0.bb @@ -15,7 +15,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "2db7c92c0b4f5840884481fa4c95facbdea63bb6" +SRCREV = "e85e5d8ffe242f826b5f98e2834407b5d4c46690" S = "${WORKDIR}/git" inherit cmake pkgconfig diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index c04661a0e..c38dad4d4 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,7 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "7cf2890d871e76c082528565f59e1d0d1055b7f9" +SRCREV = "863bf1c6b4e10176edf8b26a9703109ab8db2c43" S = "${WORKDIR}/git" -- cgit 1.2.3-korg From 9c4109e9a477d52de86cac22c5b1e62edfd93795 Mon Sep 17 00:00:00 2001 From: Ronan Le Martret Date: Fri, 24 Mar 2017 16:15:04 +0100 Subject: Rename webruntime DISTRO_FEATURES * use virtual/webruntime to anticipate multi provider of web-runtime Change-Id: I6606a23248eb4ad91398f04fd943ec5242b244f1 Signed-off-by: Ronan Le Martret Signed-off-by: Stephane Desneux --- .../recipes-core/packagegroups/packagegroup-agl-app-framework.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb index 9eaf2fc2d..0fdaabc91 100644 --- a/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb +++ b/meta-app-framework/recipes-core/packagegroups/packagegroup-agl-app-framework.bb @@ -16,5 +16,5 @@ RDEPENDS_${PN} += "\ af-binder-binding-authlogin \ libafbwsc \ af-main \ - ${@bb.utils.contains('DISTRO_FEATURES', 'AGL_WEBRUNTIME', 'web-runtime', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'webruntime', 'virtual/webruntime', '', d)} \ " -- cgit 1.2.3-korg From 685a4613bcfc3231066d66263e198399d78cea44 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 14 Mar 2017 13:07:12 +0100 Subject: Move to AGL framework on top of systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This new version of the framework leverages systemd features to launch its applications. Some of the advantages are: - possible use of systemd features (namespace, cgroups, autostart, dependency resolution, socket activation, ...) - more feature are let open to integrator's design Some of the drawbacks are: - not more possible to launch an other instance of an application already launched - pause/resume is no more available by the framework - the remote mode is to be redefined This commit integrates the first version of the framework on top of systemd. More work is to come. None of the current drawback is definitive. Bug-AGL: SPEC-138, SPEC-425, SPEC-426, SPEC-427 Change-Id: Idfb98761c0db23562bb783bed1b03aeb956fc587 Signed-off-by: José Bollo Signed-off-by: Stephane Desneux --- .../af-main/add-qt-wayland-shell-integration.patch | 21 +++++------ .../af-main/af-main/init-afm-dirs.service | 15 -------- .../recipes-core/af-main/af-main/init-afm-dirs.sh | 7 ---- .../recipes-core/af-main/af-main_1.0.bb | 42 ++++++++++------------ .../recipes-core/af-main/af-main_1.0.inc | 8 ++++- .../recipes-core/af-main/nativesdk-af-main_1.0.bb | 4 --- 6 files changed, 37 insertions(+), 60 deletions(-) delete mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service delete mode 100644 meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch index 8e21678be..c92415b80 100644 --- a/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch +++ b/meta-app-framework/recipes-core/af-main/af-main/add-qt-wayland-shell-integration.patch @@ -1,11 +1,12 @@ -diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service -index 6b5c1d8..e0f6799 100644 ---- a/conf/afm-user-daemon.service -+++ b/conf/afm-user-daemon.service -@@ -7,6 +7,7 @@ BusName=org.AGL.afm.user - ExecStart=/usr/bin/afm-user-daemon --user-dbus=unix:path=%t/bus - Environment=AFM_APP_INSTALL_DIR=%%r - Environment=LD_PRELOAD=/usr/lib/libEGL.so +diff --git a/conf/afm-unit.conf b/conf/afm-unit.conf +index 82113ef..2fbc9e2 100644 +--- a/conf/afm-unit.conf ++++ b/conf/afm-unit.conf +@@ -127,6 +127,7 @@ SuccessExitStatus=0 SIGKILL + WorkingDirectory=-{{&#metadata.app-data-dir}}/{{id}} + ExecStartPre=/bin/mkdir -p {{&#metadata.app-data-dir}}/{{id}} + Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}} +Environment=QT_WAYLAND_SHELL_INTEGRATION=ivi-shell - Restart=on-failure - RestartSec=5 + + %systemd-unit user + {{#required-permission.urn:AGL:permission::public:hidden}}\ diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service deleted file mode 100644 index 7e3b9e4e8..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.service +++ /dev/null @@ -1,15 +0,0 @@ -# -# Install security-manager DB to /var - -[Unit] -Description=Deploy AFM directories to /var -After=sysinit.target -Before=afm-system-daemon.service -Before=afm-user-daemon.service - -[Install] -WantedBy=default.target - -[Service] -Type=oneshot -ExecStart=/usr/bin/init-afm-dirs.sh diff --git a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh b/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh deleted file mode 100644 index 97cf272f2..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/init-afm-dirs.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if [ ! -e "/var/lib/afm" ]; then - mkdir -p /var/lib - cp -ra /usr/share/afm /var/lib -fi - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 86b5d34e2..3c1b692f3 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -11,15 +11,9 @@ BBCLASSEXTEND = "native" SECTION = "base" -DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c security-manager libcap-native af-binder" +DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager libcap-native af-binder" DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" -afm_name = "afm" -afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "/var/lib/${afm_name}" -afm_init_datadir = "${datadir}/${afm_name}" -afb_binding_dir = "${libdir}/afb" - EXTRA_OECMAKE_class-native = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=1 \ @@ -36,6 +30,7 @@ EXTRA_OECMAKE = "\ -Dafm_name=${afm_name} \ -Dafm_confdir=${afm_confdir} \ -Dafm_datadir=${afm_datadir} \ + -Dsystemd_units_root=${systemd_units_root} \ -DUNITDIR_USER=${systemd_user_unitdir} \ -DUNITDIR_SYSTEM=${systemd_system_unitdir} \ " @@ -47,37 +42,31 @@ GROUPADD_PARAM_${PN} = "-r ${afm_name}" SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" SYSTEMD_AUTO_ENABLE = "enable" -SRC_URI_append = "file://init-afm-dirs.sh \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://init-afm-dirs.service', '', d)}" - FILES_${PN} += "\ - ${bindir}/init-afm-dirs.sh \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service ${systemd_unitdir}/system/init-afm-dirs.service', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ " - RDEPENDS_${PN}_append_smack = " smack-userspace" DEPENDS_append_smack = " smack-userspace-native" # short hacks here SRC_URI += "\ file://Hack-to-allow-the-debugging.patch \ - file://add-qt-wayland-shell-integration.patch \ " # tools used to install wgt at first boot SRC_URI += "\ file://afm-install \ + file://add-qt-wayland-shell-integration.patch \ " do_install_append() { install -d ${D}${bindir} - install -m 0755 ${WORKDIR}/init-afm-dirs.sh ${D}${bindir} + install -d -m 0775 ${D}${systemd_units_root}/{system,user} + install -d -m 0775 ${D}${systemd_units_root}/{system,user}/default.target.wants + install -d ${D}${afm_datadir}/{applications,icons} if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants - mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants + mkdir -p ${D}${sysconfdir}/systemd/{system,user}/default.target.wants ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants - install -m 644 -p -D ${WORKDIR}/init-afm-dirs.service ${D}${systemd_unitdir}/system/init-afm-dirs.service - ln -sf ${systemd_unitdir}/system/init-afm-dirs.service ${D}${sysconfdir}/systemd/system/default.target.wants fi install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} } @@ -87,18 +76,25 @@ do_install_append_qemux86-64() { } pkg_postinst_${PN}() { - mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} + fi + chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { - mkdir -p $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons - chown ${afm_name}:${afm_name} $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons - chsmack -a 'System::Shared' -t $D${afm_init_datadir} $D${afm_init_datadir}/applications $D${afm_init_datadir}/icons + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} + chsmack -a 'System::Shared' -t $D${systemd_units_root}/{system,user}/{default.target.wants,.} + fi + chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} + chsmack -a 'System::Shared' -t $D${afm_datadir}/{applications,icons,.} setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } +FILES_${PN} += " ${systemd_units_root} " PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index c38dad4d4..6ce87ed71 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -14,7 +14,13 @@ SRC_URI = "${SRC_URI_git} \ ${SRC_URI_files} \ " -SRCREV = "863bf1c6b4e10176edf8b26a9703109ab8db2c43" +SRCREV = "255c83029f56e8d90e7ce185b007c4ca65afec1e" S = "${WORKDIR}/git" +afm_name = "afm" +afm_confdir = "${sysconfdir}/${afm_name}" +afm_datadir = "/var/local/lib/${afm_name}" +afb_binding_dir = "${libdir}/afb" +systemd_units_root = "/usr/local/lib/systemd" + diff --git a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb index 021c9ac00..8d044345f 100644 --- a/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/nativesdk-af-main_1.0.bb @@ -6,10 +6,6 @@ SECTION = "base" DEPENDS = "nativesdk-openssl nativesdk-libxml2 nativesdk-xmlsec1 nativesdk-libzip nativesdk-json-c" -afm_name = "afm" -afm_confdir = "${sysconfdir}/${afm_name}" -afm_datadir = "/var/lib/${afm_name}" - EXTRA_OECMAKE = "\ -DUSE_LIBZIP=1 \ -DUSE_SIMULATION=1 \ -- cgit 1.2.3-korg