summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core/af-main/af-main_git.bb
blob: 8e72e4572a818dcb547c7176f082b6dfee343dbf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
require af-main_${PV}.inc 

# NOTE: using libcap-native and setcap in install doesn't work
# NOTE: maybe setting afm_name to agl-framework is cleaner but has implications
# NOTE: there is a hack of security for using groups and dbus (to be checked)
# NOTE: using ZIP programs creates directories with mode 777 (very bad)

inherit cmake pkgconfig useradd systemd
BBCLASSEXTEND = "native"

SECTION = "base"

DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager af-binder sed m4"
DEPENDS:class-native = "openssl libxml2 xmlsec1 libzip json-c"
RDEPENDS:${PN}:class-target += "af-binder-tools nss-localuser cynagoauth"

PACKAGE_WRITE_DEPS:append:with-lsm-smack = " smack-native libcap-native"

EXTRA_OECMAKE:append:class-native  = "\
	-DUSE_LIBZIP=1 \
	-DUSE_SIMULATION=1 \
	-DUSE_SDK=1 \
	-DAGLVERSION=${AGLVERSION} \
	-Dafm_name=${afm_name} \
	-Dafm_confdir=${afm_confdir} \
	-Dafm_datadir=${afm_datadir} \
"

EXTRA_OECMAKE:append:class-target = "\
	-DUSE_LIBZIP=1 \
	-DUSE_SIMULATION=0 \
	-DUSE_SDK=0 \
	-DAGLVERSION=${AGLVERSION} \
	-Dafm_name=${afm_name} \
	-Dafm_confdir=${afm_confdir} \
	-Dafm_datadir=${afm_datadir} \
	-Dsystemd_units_root=${systemd_units_root} \
	-DUNITDIR_USER=${systemd_user_unitdir} \
	-DUNITDIR_SYSTEM=${systemd_system_unitdir} \
"

# ------------------------ WARNING WARNING WARNNING ---------------------------
#
# ATM (FF.rc2), forcing all apps to be signed is an issue when building without
# agl-devel feature. A workaround is to define ALLOW_NO_SIGNATURE=ON for all
# builds but this must be removed later. See SPEC-1614 for more details.
#
# A variable AGL_FORBID_UNSIGNED_APPS is introduced to enable/disable this 
# workaround in local.conf and allow transition to signed apps:
# * forbid unsigned apps by setting: AGL_FORBID_UNSIGNED_APPS="1"
# * [DEFAULT] allow unsigned apps: do nothing (or set: AGL_FORBID_UNSIGNED_APPS="0")
AGL_FORBID_UNSIGNED_APPS ?= "0"
#
# WORKAROUND:
EXTRA_OECMAKE:append:agl-devel = " -DAGL_DEVEL=1"
EXTRA_OECMAKE:append = " ${@bb.utils.contains('AGL_FORBID_UNSIGNED_APPS','1','','-DALLOW_NO_SIGNATURE=ON', d)}"
#
# Correct version (IMPORTANT TODO: to be restored later):
#EXTRA_OECMAKE:append:agl-devel = " -DAGL_DEVEL=1 -DALLOW_NO_SIGNATURE=ON"
#
# ------------------------ WARNING WARNING WARNNING ---------------------------


USERADD_PACKAGES = "${PN}"
USERADD_PARAM:${PN} = "--system --gid ${afm_name} --home-dir ${afm_datadir} ${afm_name}"
GROUPADD_PARAM:${PN} = "--system ${afm_name}"

RDEPENDS:${PN}:append:with-lsm-smack = " smack bash"
DEPENDS:append:with-lsm-smack = " smack-native"

do_install:append:class-target() {
    install -d ${D}${bindir}
    install -d -m 0775 ${D}${systemd_units_root}/system
    install -d -m 0775 "${D}${systemd_units_root}/system/multi-user.target.wants"
    install -d -m 0775 "${D}${systemd_units_root}/system/afm-user-session@.target.wants"
    install -d -m 0775 ${D}${systemd_units_root}/user
    install -d -m 0775 ${D}${systemd_units_root}/user/default.target.wants
    install -d -m 0775 ${D}${systemd_units_root}/user/sockets.target.wants
    install -d ${D}${afm_datadir}/applications
    install -d ${D}${afm_datadir}/icons
    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
        install -d -m 0755 ${D}${systemd_system_unitdir}/multi-user.target.wants
        install -d -m 0755 ${D}${systemd_system_unitdir}/sockets.target.wants
        ln -sf ../afm-system-setup.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-system-setup.service
        ln -sf ../afm-system-daemon.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-system-daemon.service
        ln -sf ../afm-system-daemon.socket ${D}${systemd_system_unitdir}/sockets.target.wants/afm-system-daemon.socket
    fi
}

pkg_postinst_ontarget:${PN}() {
    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
        chgrp ${afm_name} $D${systemd_units_root}/system
        chgrp ${afm_name} $D${systemd_units_root}/system/afm-user-session@.target.wants
        chgrp ${afm_name} $D${systemd_units_root}/user/default.target.wants
        chgrp ${afm_name} $D${systemd_units_root}/user/sockets.target.wants
    fi
    chown ${afm_name}:${afm_name} $D${afm_datadir}
    chown ${afm_name}:${afm_name} $D${afm_datadir}/applications
    chown ${afm_name}:${afm_name} $D${afm_datadir}/icons
}

pkg_postinst_ontarget:${PN}:append:with-lsm-smack() {
    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system
        chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants
        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/default.target.wants
        chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/sockets.target.wants
    fi
    chsmack -a 'System::Shared' -t $D${afm_datadir}
    chsmack -a 'System::Shared' -t $D${afm_datadir}/applications
    chsmack -a 'System::Shared' -t $D${afm_datadir}/icons
}
FILES:${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}"
FILES:${PN}:append:agl-sign-wgts = " ${datadir}/afm"

PACKAGES =+ "${PN}-binding ${PN}-binding-dbg"
FILES:${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so "
FILES:${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so "

PACKAGES =+ "${PN}-tools ${PN}-tools-dbg"
FILES:${PN}-tools = "${bindir}/wgtpkg-*"
FILES:${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*"