aboutsummaryrefslogtreecommitdiffstats
path: root/conf/unit
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-05-15 20:49:14 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2019-06-14 11:17:53 +0200
commit77bd42075de481ae89f6a5b2bc8a79bf967d95cd (patch)
tree276904b4bc22397f56a6df883763f87fd68acc27 /conf/unit
parent3284913fccd1a8b6e9993eb9676d8d28f02c2151 (diff)
Introduce platform services
The platform services are services that run at the global platform scope as opposite to services that run in the context of the user. Bug-AGL: SPEC-1015 Change-Id: I08c2d47715cbc7436e67781d5e638386be531520 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/unit')
-rw-r--r--conf/unit/afm-unit26
-rw-r--r--conf/unit/binder.inc4
-rw-r--r--conf/unit/macros.inc29
-rw-r--r--conf/unit/provided-api-platform.inc85
-rw-r--r--conf/unit/provided-api-user.inc (renamed from conf/unit/provided-api.inc)7
-rw-r--r--conf/unit/provided-binding-platform.inc48
-rw-r--r--conf/unit/provided-binding-user.inc (renamed from conf/unit/provided-binding.inc)4
-rw-r--r--conf/unit/service.inc71
8 files changed, 234 insertions, 40 deletions
diff --git a/conf/unit/afm-unit b/conf/unit/afm-unit
index 2a91067..342a048 100644
--- a/conf/unit/afm-unit
+++ b/conf/unit/afm-unit
@@ -88,21 +88,39 @@ divert(0)dnl
{{#targets}}
;-------------------------------------------------------------------------------
include(service.inc)
+IF_PERM(:partner:scope-platform)
;-------------------------------------------------------------------------------
-;---- F O R E A C H P R O V I D E D A P I S ----
+;---- F O R E A C H P R O V I D E D A P I S (PLATFORM) ----
;-------------------------------------------------------------------------------
{{#provided-api}}
{{#value=ws|auto}}
-include(provided-api.inc)
+include(provided-api-platform.inc)
{{/value=ws|auto}}
{{/provided-api}}
;-------------------------------------------------------------------------------
-;---- F O R E A C H P R O V I D E D B I N D I N G ----
+;---- F O R E A C H P R O V I D E D B I N D I N G (PLATFORM) ----
;-------------------------------------------------------------------------------
{{#provided-binding}}
-include(provided-binding.inc)
+include(provided-binding-platform.inc)
{{/provided-binding}}
;-------------------------------------------------------------------------------
+ELSE
+;-------------------------------------------------------------------------------
+;---- F O R E A C H P R O V I D E D A P I S (USER) ----
+;-------------------------------------------------------------------------------
+{{#provided-api}}
+{{#value=ws|auto}}
+include(provided-api-user.inc)
+{{/value=ws|auto}}
+{{/provided-api}}
+;-------------------------------------------------------------------------------
+;---- F O R E A C H P R O V I D E D B I N D I N G (USER) ----
+;-------------------------------------------------------------------------------
+{{#provided-binding}}
+include(provided-binding-user.inc)
+{{/provided-binding}}
+;-------------------------------------------------------------------------------
+ENDIF
{{/targets}}
;-------------------------------------------------------------------------------
; End of file afm-unit.conf mode ON_AGL_DEVEL(DEVEL, RELEASE)
diff --git a/conf/unit/binder.inc b/conf/unit/binder.inc
index 30c25d5..58f877f 100644
--- a/conf/unit/binder.inc
+++ b/conf/unit/binder.inc
@@ -12,7 +12,7 @@ Type=notify
ExecStart=/usr/bin/afb-daemon \
--name afbd-TARGET \
--rootdir={{:#metadata.install-dir}} \
- --workdir=APP_DATA_DIR/{{id}} \
+ --workdir=APP_WORK_DIR \
IF_AGL_DEVEL \
--verbose \
--verbose \
@@ -48,4 +48,4 @@ ENDIF \
{{/provided-api}} \
ON_CONTENT(text/html, --exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t) \
ON_CONTENT(application/vnd.agl.native, --exec {{:#metadata.install-dir}}/{{content.src}} @p @t)
-
+%nl
diff --git a/conf/unit/macros.inc b/conf/unit/macros.inc
index a764765..ca72b95 100644
--- a/conf/unit/macros.inc
+++ b/conf/unit/macros.inc
@@ -25,6 +25,7 @@ define( `PERM', `@afm_prefix@permission:$1')
define( `REQPERM', `required-permission.PERM($1)')
define( `ON_PERM', `MUSTACH_ON(REQPERM($1),$2,$3)')
+define( `ON_NOT_PERM', `MUSTACH_ON(REQPERM($1),$3,$2)')
define( `IF_PERM', `MUSTACH_IF(REQPERM($1))')
define( `IF_NOT_PERM', `MUSTACH_IF_NOT(REQPERM($1))')
@@ -43,21 +44,36 @@ define( `IF_NOT_VALUE', `MUSTACH_IF_NOT(value=$1)')
-- use TARGET={{:id}}--{{:ver}}--{{:#target}}
-- instead of TARGET={{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}
--------------------------------------------------------------------------------
+define( `SMACKLABEL', `User::App::{{:id}}')
define( `TARGET', `{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}')
define( `NEWTARGET', `{{:id}}--{{:ver}}--{{:#target}}')
+define( `UNITSUFFIX', `ON_NOT_PERM(`:partner:scope-platform', `@%i')')
define( `UNIT_NAME_BASE', `afm-ON_PERM(`:public:hidden', `service', `appli')-NEWTARGET')
-define( `UNIT_NAME_SERVICE', `UNIT_NAME_BASE@%i.service')
define( `UNIT_NAME_API_BASE', `afm-api-$1')
-define( `UNIT_NAME_API_SERVICE', `UNIT_NAME_API_BASE($1)@$2.service')
-define( `UNIT_NAME_API_SOCKET', `UNIT_NAME_API_BASE($1)@$2.socket')
+define( `UNIT_NAME_API_SERVICE', `UNIT_NAME_API_BASE($1)UNITSUFFIX.service')
+define( `UNIT_NAME_API_SOCKET', `UNIT_NAME_API_BASE($1)UNITSUFFIX.socket')
define( `UNIT_NAME_BINDING_BASE', `afm-link-$1')
-define( `UNIT_NAME_BINDING_SERVICE', `UNIT_NAME_BINDING_BASE($1)@$2.service')
-define( `APP_DATA_DIR', `/home/%i/app-data')
+define( `UNIT_NAME_BINDING_SERVICE', `UNIT_NAME_BINDING_BASE($1)UNITSUFFIX.service')
+
define( `USER_RUN_DIR', `@afm_users_rundir@/%i')
define( `DEBUGGING_DIR', `@afm_platform_rundir@/debug')
-define( `API_PATH', `USER_RUN_DIR/apis')
+define( `PLATFORM_RUN_DIR', `@afm_platform_rundir@')
+
+define( `APP_DATA_DIR', `ON_PERM(`:partner:scope-platform', `/tmp', `/home/%i/app-data')')
+define( `APP_WORK_DIR', `ON_PERM(`:partner:scope-platform', `/tmp', `APP_DATA_DIR/{{:id}}')')
+define( `RUN_DIR', `ON_PERM(`:partner:scope-platform', `PLATFORM_RUN_DIR', `USER_RUN_DIR')')
+
+define( `API_PATH', `RUN_DIR/apis')
define( `API_PATH_WS', `API_PATH/ws')
define( `API_PATH_LINK', `API_PATH/link')
+
+define( `PLATFORM_API_PATH', `PLATFORM_RUN_DIR/apis')
+define( `PLATFORM_API_PATH_WS', `PLATFORM_API_PATH/ws')
+define( `PLATFORM_API_PATH_LINK', `PLATFORM_API_PATH/link')
+
+define( `USER_API_PATH', `USER_RUN_DIR/apis')
+define( `USER_API_PATH_WS', `USER_API_PATH/ws')
+define( `USER_API_PATH_LINK', `USER_API_PATH/link')
--------------------------------------------------------------------------------
-- AGL_DEVEL SPECIFIC PARTS
--------------------------------------------------------------------------------
@@ -65,3 +81,4 @@ define( `ON_AGL_DEVEL', `ifdef(`AGL_DEVEL', $1, $2)')
define( `ON_NOT_AGL_DEVEL', `ifdef(`AGL_DEVEL', $2, $1)')
define( `IF_AGL_DEVEL', `IF(ON_AGL_DEVEL(1,0))')
define( `IF_NOT_AGL_DEVEL', `IF(ON_AGL_DEVEL(0,1))')
+--------------------------------------------------------------------------------
diff --git a/conf/unit/provided-api-platform.inc b/conf/unit/provided-api-platform.inc
new file mode 100644
index 0000000..d169d9a
--- /dev/null
+++ b/conf/unit/provided-api-platform.inc
@@ -0,0 +1,85 @@
+dnl vim: set filetype=sysctl.conf.m4 syntax=sysctl.conf.m4:
+;-------------------------------------------------------------------------------
+;---- T H E S E R V I C E O F T H E A P I (USER) ----
+;-------------------------------------------------------------------------------
+%begin systemd-unit
+
+# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
+
+%systemd-unit system
+%systemd-unit service UNIT_NAME_API_BASE({{name}})@
+
+[Unit]
+Description=Provides api {{name}} for user %i
+X-AFM-API-TYPE={{value}}
+
+Requires=afm-user-setup@%i.service
+After=afm-user-setup@%i.service
+
+Requires=UNIT_NAME_API_BASE({{name}}).socket
+After=UNIT_NAME_API_BASE({{name}}).socket
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/ln -sf PLATFORM_API_PATH_WS/{{name}} USER_API_PATH_WS/{{name}}
+
+%end systemd-unit
+
+;-------------------------------------------------------------------------------
+;---- T H E S E R V I C E O F T H E A P I (PLATFORM) ----
+;-------------------------------------------------------------------------------
+%begin systemd-unit
+
+# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
+
+%systemd-unit system
+%systemd-unit service UNIT_NAME_API_BASE({{name}})
+
+[Unit]
+Description=Provides api {{name}} for platform
+X-AFM-API-TYPE={{value}}
+
+Requires=afm-system-setup.service
+After=afm-system-setup.service
+
+Requires=UNIT_NAME_API_BASE({{name}}).socket
+After=UNIT_NAME_API_BASE({{name}}).socket
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+
+%end systemd-unit
+
+;-------------------------------------------------------------------------------
+;---- T H E S O C K E T O F T H E A P I (PLATFORM) ----
+;-------------------------------------------------------------------------------
+
+%begin systemd-unit
+
+# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
+
+%systemd-unit system
+%systemd-unit socket UNIT_NAME_API_BASE({{name}})
+[Unit]
+Description=Provides websocket api {{name}} for platform
+Requires=afm-system-setup.service
+After=afm-system-setup.service
+DefaultDependencies=no
+
+[Socket]
+SmackLabel=*
+SmackLabelIPIn=System
+SmackLabelIPOut=System
+ListenStream=PLATFORM_API_PATH_WS/{{name}}
+FileDescriptorName={{name}}
+Service=UNIT_NAME_BASE.service
+
+%end systemd-unit
diff --git a/conf/unit/provided-api.inc b/conf/unit/provided-api-user.inc
index bdee6c9..77478c8 100644
--- a/conf/unit/provided-api.inc
+++ b/conf/unit/provided-api-user.inc
@@ -46,11 +46,8 @@ DefaultDependencies=no
SmackLabel=*
SmackLabelIPIn=System
SmackLabelIPOut=System
-ListenStream=API_PATH_WS/{{name}}
+ListenStream=USER_API_PATH_WS/{{name}}
FileDescriptorName={{name}}
-Service=UNIT_NAME_SERVICE
+Service=UNIT_NAME_BASE@%i.service
%end systemd-unit
-
-
-
diff --git a/conf/unit/provided-binding-platform.inc b/conf/unit/provided-binding-platform.inc
new file mode 100644
index 0000000..375a636
--- /dev/null
+++ b/conf/unit/provided-binding-platform.inc
@@ -0,0 +1,48 @@
+dnl vim: set filetype=sysctl.conf.m4 syntax=sysctl.conf.m4:
+;-------------------------------------------------------------------------------
+;---- T H E S E R V I C E O F T H E B I N D I N G (USER) ----
+;-------------------------------------------------------------------------------
+%begin systemd-unit
+
+# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
+
+%systemd-unit system
+%systemd-unit service UNIT_NAME_BINDING_BASE({{name}})@
+
+[Unit]
+Description=Provides binding {{name}} for user %i
+
+Requires=afm-user-setup@%i.service
+After=afm-user-setup@%i.service
+Requires=UNIT_NAME_BINDING_BASE({{name}}).service
+After=UNIT_NAME_BINDING_BASE({{name}}).service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/ln -sf PLATFORM_API_PATH_LINK/{{name}} USER_API_PATH_LINK/{{name}}
+
+%end systemd-unit
+
+;-------------------------------------------------------------------------------
+;---- T H E S E R V I C E O F T H E B I N D I N G (PLATFORM) ----
+;-------------------------------------------------------------------------------
+%begin systemd-unit
+
+# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
+
+%systemd-unit system
+%systemd-unit service UNIT_NAME_BINDING_BASE({{name}})
+
+[Unit]
+Description=Provides binding {{name}} for platform
+
+Requires=afm-system-setup.service
+After=afm-system-setup.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/ln -sf {{:#metadata.install-dir}}/{{value}} PLATFORM_API_PATH_LINK/{{name}}
+
+%end systemd-unit
diff --git a/conf/unit/provided-binding.inc b/conf/unit/provided-binding-user.inc
index 3737126..5a53735 100644
--- a/conf/unit/provided-binding.inc
+++ b/conf/unit/provided-binding-user.inc
@@ -18,8 +18,6 @@ After=afm-user-setup@%i.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=/bin/ln -sf {{:#metadata.install-dir}}/{{value}} API_PATH_LINK/{{name}}
+ExecStart=/bin/ln -sf {{:#metadata.install-dir}}/{{value}} USER_API_PATH_LINK/{{name}}
%end systemd-unit
-
-
diff --git a/conf/unit/service.inc b/conf/unit/service.inc
index 88c1454..bebf25a 100644
--- a/conf/unit/service.inc
+++ b/conf/unit/service.inc
@@ -8,7 +8,11 @@ dnl vim: set filetype=sysctl.conf.m4 syntax=sysctl.conf.m4:
%nl
%systemd-unit system
+IF_PERM(:partner:scope-platform)
+%systemd-unit service UNIT_NAME_BASE
+ELSE
%systemd-unit service UNIT_NAME_BASE@
+ENDIF
[Unit]
Description={{description}}
@@ -29,12 +33,19 @@ X-AFM--target-name={{:#target}}
X-AFM--content={{content.src}}
X-AFM--type={{content.type}}
X-AFM--wgtdir={{:#metadata.install-dir}}
-X-AFM--workdir=APP_DATA_DIR/{{:id}}
+X-AFM--workdir=APP_WORK_DIR
X-AFM--visibility=ON_PERM(`:public:hidden', `hidden', `visible')
%nl
+IF_PERM(:partner:scope-platform)
+X-AFM--scope=platform
+After=afm-system-setup.service
+ELSE
+X-AFM--scope=user
Requires=afm-user-session@%i.target
After=user@%i.service
+ENDIF
+
After=Network.target
# Adds check to smack
@@ -44,56 +55,71 @@ ConditionSecurity=smack
# Automatic bound to required api
{{#required-binding}}
{{#value=extern}}
-BindsTo=UNIT_NAME_BINDING_SERVICE({{name}},%i)
-After=UNIT_NAME_BINDING_SERVICE({{name}},%i)
+BindsTo=UNIT_NAME_BINDING_SERVICE({{name}})
+After=UNIT_NAME_BINDING_SERVICE({{name}})
{{/value=extern}}
{{/required-binding}}
+
{{#required-api}}
{{#value=auto|ws}}
-BindsTo=UNIT_NAME_API_SERVICE({{name}},%i)
-After=UNIT_NAME_API_SERVICE({{name}},%i)
+BindsTo=UNIT_NAME_API_SERVICE({{name}})
+After=UNIT_NAME_API_SERVICE({{name}})
{{/value=auto|ws}}
{{/required-api}}
+
{{#provided-api}}
{{#value=ws|auto}}
-Requires=UNIT_NAME_API_SOCKET({{name}},%i)
-After=UNIT_NAME_API_SOCKET({{name}},%i)
+Requires=UNIT_NAME_API_SOCKET({{name}})
+After=UNIT_NAME_API_SOCKET({{name}})
{{/value=ws|auto}}
{{/provided-api}}
%nl
[Service]
+
EnvironmentFile=-@afm_confdir@/unit.env.d/*
EnvironmentFile=-@afm_confdir@/widget.env.d/{{:id}}/*
-SmackProcessLabel=User::App::{{:id}}
+SmackProcessLabel=SMACKLABEL
SuccessExitStatus=0 SIGKILL
-
+UMask=0077
+
+IF_PERM(:partner:scope-platform)
+#DynamicUser=true
+User=daemon
+Group=nobody
+Slice=platform.slice
+ELSE
User=%i
Slice=user-%i.slice
-
+WorkingDirectory=-APP_WORK_DIR
+ExecStartPre=/bin/mkdir -p APP_WORK_DIR
+Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=USER_RUN_DIR/bus
+ENDIF
+IF_PERM(:system:capability:keep-all)
+CapabilityBoundingSet=~
+AmbientCapabilities=~
+ELSE
CapabilityBoundingSet=
-#AmbientCapabilities=
+ENDIF
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
ON_PERM(:public:display, SupplementaryGroups=display)
-ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
+ON_PERM(:public:audio, SupplementaryGroups=audio)
+ON_NOT_PERM(:public:syscall:clock, SystemCallFilter=~@clock)
%nl
-WorkingDirectory=-APP_DATA_DIR/{{:id}}
-ExecStartPre=/bin/mkdir -p APP_DATA_DIR/{{:id}}
Environment=AFM_ID=TARGET
Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
-Environment=AFM_WORKDIR=APP_DATA_DIR/{{:id}}
+Environment=AFM_WORKDIR=APP_WORK_DIR
Environment=AFM_WSAPI_DIR=API_PATH_WS
Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}/bin
Environment=LD_LIBRARY_PATH={{:#metadata.install-dir}}/lib
-Environment=XDG_DATA_HOME=APP_DATA_DIR/{{:id}}
-Environment=XDG_CONFIG_HOME=APP_DATA_DIR/{{:id}}
-Environment=XDG_CACHE_HOME=APP_DATA_DIR/{{:id}}
-Environment=XDG_RUNTIME_DIR=USER_RUN_DIR
-Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=USER_RUN_DIR/bus
+Environment=XDG_DATA_HOME=APP_WORK_DIR
+Environment=XDG_CONFIG_HOME=APP_WORK_DIR
+Environment=XDG_CACHE_HOME=APP_WORK_DIR
+Environment=XDG_RUNTIME_DIR=RUN_DIR
IF_AGL_DEVEL
; Needed to enable debug
@@ -124,9 +150,14 @@ IF_PERM(:system:run-by-default)
; auto start
;-------------------------------------------------------------------------------
[Install]
+IF_PERM(:partner:scope-platform)
+WantedBy=multi-user.target
+%systemd-unit wanted-by multi-user.target
+ELSE
WantedBy=afm-user-session@.target
%systemd-unit wanted-by afm-user-session@.target
ENDIF
+ENDIF
%end systemd-unit