From 97b29fd1c5339ea1590051fb1216d57fe52d345a Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 12 Oct 2017 23:10:07 +0200 Subject: af-main: Handle users from the system scope MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To simplify the management of users while keeping systemd as launcher, this evolution anchors the framework in the system level. This also introduce a new version of afm-system-daemon that is 100% a binding of the binder and that consequently offers natively a websocket API. Change-Id: I1bbb48d0c01d0f6fd3c8dfca90febbe8147cf204 Signed-off-by: José Bollo Reviewed-on: https://gerrit.automotivelinux.org/gerrit/12139 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account Reviewed-by: Stéphane Desneux Reviewed-by: Jan-Simon Moeller --- .../af-main/Hack-to-allow-the-debugging.patch | 6 +-- .../recipes-core/af-main/af-main/afm-install | 45 ---------------- .../recipes-core/af-main/af-main_1.0.bb | 62 +++++++++------------- .../recipes-core/af-main/af-main_1.0.inc | 8 +-- 4 files changed, 30 insertions(+), 91 deletions(-) delete mode 100755 meta-app-framework/recipes-core/af-main/af-main/afm-install (limited to 'meta-app-framework') diff --git a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch index 44e8bce1e..14a26fbe2 100644 --- a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch +++ b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch @@ -11,10 +11,10 @@ Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa conf/afm-user-daemon.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/conf/afm-user-daemon.conf b/conf/afm-user-daemon.conf +diff --git a/conf/user/afm-user-daemon.conf b/conf/user/afm-user-daemon.conf index 801c7ae..98a3152 100644 ---- a/conf/afm-user-daemon.conf -+++ b/conf/afm-user-daemon.conf +--- a/conf/user/afm-user-daemon.conf ++++ b/conf/user/afm-user-daemon.conf @@ -25,7 +25,7 @@ diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install deleted file mode 100755 index 83744ebae..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/afm-install +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -pretty() { - sed \ - -e '/^method return .*/d' \ - -e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \ - -e 's/^ string "\(.*\)"/\1/' \ - -e 's/},/&\n/' -} - -send() { - dbus-send --system --print-reply \ - --dest=org.AGL.afm.system \ - /org/AGL/afm/system \ - org.AGL.afm.system.$1 \ - "string:$2" | - pretty - return ${PIPESTATUS[0]} -} - -case "$1" in - - add|install) - f=$(realpath $2) - send install '{"wgt":"'"$f"'","force":true,"reload":false}' - ;; - - -h|--help|help) - cat << EOC - -The commands are: - - add wgt - install wgt install the wgt file - -EOC - ;; - - *) - echo "unknown command $1" >&2 - exit 1 - ;; -esac - - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 52a8fe29d..9da5d088e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -1,7 +1,6 @@ require af-main_${PV}.inc # NOTE: using libcap-native and setcap in install doesn't work -# NOTE: there is no SYSTEMD_USER_SERVICE_... # NOTE: maybe setting afm_name to agl-framework is cleaner but has implications # NOTE: there is a hack of security for using groups and dbus (to be checked) # NOTE: using ZIP programs creates directories with mode 777 (very bad) @@ -13,6 +12,7 @@ SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager af-binder" DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" +RDEPENDS_${PN}_class-target += "af-binder-tools" PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native libcap-native" @@ -43,9 +43,6 @@ USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}" GROUPADD_PARAM_${PN} = "-r ${afm_name}" -SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" -SYSTEMD_AUTO_ENABLE = "enable" - FILES_${PN} += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ " @@ -57,27 +54,24 @@ SRC_URI += "\ file://Hack-to-allow-the-debugging.patch \ " -# tools used to install wgt at first boot -SRC_URI += "\ - file://afm-install \ -" - do_install_append_class-target() { install -d ${D}${bindir} install -d -m 0775 ${D}${systemd_units_root}/system + install -d -m 0775 "${D}${systemd_units_root}/system/afm-user-session@.target.wants" install -d -m 0775 ${D}${systemd_units_root}/user - install -d -m 0775 ${D}${systemd_units_root}/system/default.target.wants install -d -m 0775 ${D}${systemd_units_root}/user/default.target.wants - install -d -m 0775 ${D}${systemd_units_root}/system/sockets.target.wants install -d -m 0775 ${D}${systemd_units_root}/user/sockets.target.wants install -d ${D}${afm_datadir}/applications install -d ${D}${afm_datadir}/icons if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants - mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants - ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + install -d -m 0755 ${D}${systemd_user_unitdir}/default.target.wants + ln -s ../afm-user-daemon.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-daemon.service + install -d -m 0755 ${D}${systemd_system_unitdir}/default.target.wants + install -d -m 0755 ${D}${systemd_system_unitdir}/sockets.target.wants + ln -sf ../afm-system-daemon.service ${D}${systemd_system_unitdir}/default.target.wants/afm-system-daemon.service + ln -sf ../afm-system-daemon.socket ${D}${systemd_system_unitdir}/sockets.target.wants/afm-system-daemon.socket + ln -s ../afm-user-session@.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-session@0.service fi - install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} echo "QT_WAYLAND_SHELL_INTEGRATION=ivi-shell" > ${D}${afm_confdir}/unit.env.d/qt-for-ivi-shell } @@ -87,34 +81,28 @@ do_install_append_porter() { pkg_postinst_${PN}() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - for SYS in "system" "user";do - for DEST in "sockets.target.wants" "default.target.wants" ".";do - chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; - done - done + chgrp ${afm_name} $D${systemd_units_root}/system + chgrp ${afm_name} $D${systemd_units_root}/system/afm-user-session@.target.wants + chgrp ${afm_name} $D${systemd_units_root}/user/default.target.wants + chgrp ${afm_name} $D${systemd_units_root}/user/sockets.target.wants fi - for DEST in "applications" "icons" ".";do - chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; - done - setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + chown ${afm_name}:${afm_name} $D${afm_datadir} + chown ${afm_name}:${afm_name} $D${afm_datadir}/applications + chown ${afm_name}:${afm_name} $D${afm_datadir}/icons } -pkg_postinst_${PN}_smack() { +pkg_postinst_${PN}_append_smack() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - for SYS in "system" "user";do - for DEST in "sockets.target.wants" "default.target.wants" ".";do - chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; - chsmack -a 'System::Shared' -t $D${systemd_units_root}/${SYS}/${DEST}; - done - done + chsmack -a 'System::Shared' -t $D${systemd_units_root}/system + chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants + chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/default.target.wants + chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/sockets.target.wants fi - for DEST in "applications" "icons" ".";do - chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; - chsmack -a 'System::Shared' -t $D${afm_datadir}/${DEST}; - done - setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + chsmack -a 'System::Shared' -t $D${afm_datadir} + chsmack -a 'System::Shared' -t $D${afm_datadir}/applications + chsmack -a 'System::Shared' -t $D${afm_datadir}/icons } -FILES_${PN} += " ${systemd_units_root} " +FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}" PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 472bb55f1..13736aee3 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -8,13 +8,9 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}" -SRC_URI_files = "" -SRC_URI = "${SRC_URI_git} \ - ${SRC_URI_files} \ - " +SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}" -SRCREV = "2bbe66dda7fadf2d08a57e2b0e0fa8841a118c81" +SRCREV = "1bec325ee85192eba57673750b9e4a77a1a970c8" PV = "${AGL_BRANCH}+git${SRCPV}" S = "${WORKDIR}/git" -- cgit 1.2.3-korg