summaryrefslogtreecommitdiffstats
path: root/conf
AgeCommit message (Collapse)AuthorFilesLines
2019-02-07Update date in copyrightssandbox/scottrif29/scottdocsJosé Bollo4-4/+4
Change-Id: Ie2ff321f78c59913373e2ffb2820297fd423d6f4 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2019-02-06Revert "afm-unit: Restore removal of capabilities"halibut_7.90.0halibut/7.90.07.90.0Stephane Desneux3-9/+6
This reverts commit f2a2f1357a5268b614528feeba0a91f4ea04a7aa. Change-Id: I7ff68f27b75c9ddb887470c5579e7b9277aa3613 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2019-01-06afm-user-setup service: disable start rate limitguppy_6.99.4guppy/6.99.46.99.4Stephane Desneux1-0/+2
The service afm-user-setup is invoked each time an app is started. If the user starts apps too quickly (3 apps in less than 10secs by default), then afm-user-setup will fail and the last app is not started. This patch removes the rate limitation coming from systemd default config. Change-Id: Ief6af726c58866e2fc6d3fa170e5f6c6afbee987 Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2018-12-20Merge "Revert "afm-unit: add autoapi in required-api feature""guppy_6.99.3guppy/6.99.36.99.3Jan-Simon Moeller3-3/+0
2018-12-20Revert "afm-unit: add autoapi in required-api feature"José Bollo3-3/+0
This reverts commit 2b6e13bd5812dc1d7efe338a163f6dd253bbe15b. Change-Id: I5e2493669da8d45150ed46257b06a5dae005e0bd
2018-12-20Merge "afm-unit: add autoapi in required-api feature"Jan-Simon Moeller3-0/+3
2018-12-18afm-unit: Restore removal of capabilitiesJosé Bollo3-6/+9
This removes capabilities to any application installed and launched. Also applications are added by default to the display group, meaning that it can be displayed. Bug-AGL: SPEC-2006 Change-Id: Ia0b2d0df3ec1c74f37ca176fc9f0e8db96de3566 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-18afm-unit: Fix http port multi allocationJosé Bollo3-8/+8
When serveral targets were set in the widget file, the framework allocated the same HTTP port to each. This lead to impossibility to run all targets or to a systemd conflict. This should fix the issue by allocating an HTTP port for each target installed by the widget. To achieves that goal, the afm-unit.conf tag for the port is moved from '#metadata.http-port' to '#metatarget.http-port'. Bug-AGL: SPEC-2068 Change-Id: I5376d6f052e0ffc5c77cc80041528637777aed1e Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-12-14afm-unit: add autoapi in required-api featureClément Bénier3-0/+3
- required-api feature: add autoapi value - start the daemon with --auto-api option to the websocket directory Change-Id: Ia36d0edb4bfa22d07feafed580373cda21dd5b35 Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
2018-11-08afm-unit: Export new variablesJosé Bollo7-6/+16
Export the new variables: - AFM_ID: the identifier of the application - AFM_WORKDIR: the workdir of the application - AFM_WSAPI_DIR: the directory where APIs can be accessed Change-Id: I79b46754f84161a36d9a13dd79bc94e777c854fe Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-10-19afm-unit.conf: Enforce starting after networkJose Bollo3-0/+3
This solves issues encountered when starting remote services. It delays all services until completion of network initialisation. Delaying every services is not selective. Further optimisation may improve that issue. Bug-AGL: SPEC-1650 Change-Id: I5742a4cd514c86c724a8e7a86c7e0a5dde6a8c67 Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2018-10-19afm-unit.conf: Restrict service for APIsJose Bollo3-3/+3
Forbids exportation of service apis for apis that are not exported as 'ws' or 'auto'. Bug-AGL: SPEC-1650 Change-Id: I0681bdb0632d9f331036abc1ff1e1b2bb37933cd Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
2018-10-19Add the ability to access binding through tcpJosé Bollo3-0/+6
This commit introduce "tcp", a new type of provided/required api. It appears in the config.xml as below: <urn:AGL:widget:provided-api> <param "name"="HOST:PORT/API" "value"="tcp"> <urn:AGL:widget:required-api> <param "name"="HOST:PORT/API" "value"="tcp"> This implementation is a draft. The service exposed can not start automatically. Use it with the permission urn:AGL:permission::system:run-by-default. Change-Id: Ic593f0d891692ca0c777c49057ec54c37fc55cc0 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-10-05afm-unit.conf: force symbolic link on updateRomain Forlot3-3/+3
Forcing symbolic link update ensures that if the value changes the link will be overwriten. Otherwise the link always keeps the old path until a system reboot or a manual removal of the link file. Change-Id: Ib9d8f267a8665edd75ce04f77eb70c4b0a4b8e9f Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
2018-08-16Add the external binding featureflounder_5.99.3flounder/5.99.35.99.3José Bollo9-19/+118
This commit introduce two new features: <urn:AGL:widget:provided-binding> <param "name"="public-name" "value"="relative-path-to-the-binding"/> <urn:AGL:widget:required-binding> <param "name"="public-name" "value"="extern"> <param "name"="relative-path-to-the-binding" "value"="local"> TODO: manage security by setting correct Smack label to the exported files Bugs-AGL: SPEC-1439 Bugs-AGL: SPEC-1663 Change-Id: I70aad7d523ece7a2ae0058b79708a02ef81144e2 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-07-19Creates systemd service for APIsJosé Bollo7-43/+142
Before this change, APIs were only provided as binder's exported websockets. This forbade ability to use symbolic links. Allowing links is interesting for having platform sockets and for linked api (not using socket). The API afm-main is a platform API. It must run at system level and must be available for all user clients. To achieve it, we use a link. Bug-AGL: SPEC-1592 Change-Id: I8753f83373755eb7fc2d2cc50251b8f738b61b03 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-05-24afm-system-daemon.service: Fix a typoJosé Bollo1-1/+1
Change-Id: If9dcd49edad5a34ea9c7bdfcba7d7bc44bbafbeb Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28Refactor user session managementJosé Bollo9-15/+70
Change-Id: Ib6ba886df110d8a23e3760e1818263ec757b9c7c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28provided.inc: Fix smack label of socketsJosé Bollo3-6/+6
Change-Id: I53d3cac7136e4d169acd8e3e3de5ea8439dd0192 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28afm-user-session: Start target from user sessionJosé Bollo3-0/+27
Start the afm-user-session@%i.target from the user session after pam_sytemd session started. Change-Id: I5aeb8f01426b3cee2cbfad6ba30ecf37fe21abca Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28Update date of copyright noticesJosé Bollo4-4/+4
Change-Id: Ia4ef2a6e3c07616ccd756933a82f0806844c4faf Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-28Add configuration variables for runtime socket dirsJosé Bollo7-19/+20
2 new configuration variables: - afm_platform_rundir (default /run/platform) Path to location of platform runtime sockets - afm_users_rundir (default /run/user) Path to location of users runtime sockets Change-Id: I65007fee1ca2ce6f1247a67ba0b121f97c08f209 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-12-11unit.conf: Fix Smack permission on api wsJosé Bollo3-0/+6
The Smack permission to write on the websocket of the API must be set to something that allows the communication! Here the chosen value is * Change-Id: Ia276219b232e33bd35353d8feb333513b340e75c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-12-07unit.cont: Refactor PATH and LD_LIBRARY_PATHjobol3-6/+6
Change-Id: Ic6da02c0039421fd5656238f5fa812574af1c268 Signed-off-by: jobol <jose.bollo@iot.bzh>
2017-11-24simplify afm-user-session processJosé Bollo11-50/+10
Change-Id: If2739fd2c5a19d7cd31e117e1e79c0b51451552b Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Improve afm-user-session setupJosé Bollo2-9/+3
Change-Id: I4dfb0939afc871e93874cf021548db2e85d3656c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Avoid implicit Before socket.targetJosé Bollo4-0/+22
Change-Id: I493c49a80ebb1fa85f586d0b0704b5682f0c3613 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Config for afm-user-sessionJosé Bollo8-9/+15
Change-Id: I6567b58fa0a6dd17deba4c7cccbf3b9f441730eb Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-user-startup.service: Fix typeJosé Bollo1-0/+1
Change-Id: I8ecddbc5be346441f002ef8c50dd733fec0e6ef2 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24unit.conf: Fix target nameJosé Bollo4-12/+12
Change-Id: I144bcd47b65b86dd07ca5de71514a0032166b3a6 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Add a PAM config fileJosé Bollo3-2/+8
Change-Id: I27f726cd3cec7c0e499086c5ac3de1a736ef108c Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Rework on systemd start of user sessionsJosé Bollo21-55/+189
Change-Id: Iad46596435eebdc5c521b572fd8320b52a61d197 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24unit.conf: Bound start to agl-user-sessionJosé Bollo4-6/+6
Change-Id: Ic9731dbc9ee71872198ad70995dbaced8a7aa683 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24unit.conf: Remove unset of capabilitiesJosé Bollo3-6/+6
Remove the unsetting of capabilities because it currently breaks the image. To be reworked. Change-Id: I69a1d9c23f463a36edebb7993aa94fae14fb60e8 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24unit.conf: binder's service of type notifyJosé Bollo3-0/+3
Change-Id: Ibb80974c65f48d7473b8aa56604154bf70a49e14 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24unit.conf: Fix remaining %tJosé Bollo5-9/+12
Change-Id: If9c1c0d8b805e7de6490c75f0465d3455e84eb36 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24genconf: set filetype and syntaxJosé Bollo4-0/+4
Change-Id: Ibcff5a513c4559c84ddfca1ef9449b1eff544006 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-unit.conf: Fix missing @ in service nameJosé Bollo4-20/+9
Regression introduced by commit: c7db705 Generate afm-unit.conf using m4 Change-Id: Ibeeaf14b697e79cb2a95154b50b2ac775f93d529 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24wgtpkg-unit: remove metadata.app-data-dir variableJosé Bollo5-21/+22
Change-Id: I51cbbad8ecdc371f457a008808c8c0f63501ac2b Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Generate afm-unit.conf using m4José Bollo7-239/+431
The use of m4 to generate the afm-unit.conf and afm-unit-debug.conf files has benefits: - the sync between debug versus not debug is mechanical - it allows easier maintainance by improving readability and writability (ex: macros TARGET or UNIT_NAME_BASE) Change-Id: Ic0427bedf4f8a5b174318562336603077f174fa5 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-unit.conf: remove invocation of PAMJosé Bollo2-2/+2
Change-Id: I2b446907b0c68b3bdb1c59227427e237f429ed8e Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-unit.conf: Add XDG dirs definitionsJosé Bollo2-0/+6
Change-Id: I40d73de059e955256d90ca7831870815c7d90481 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-unit.conf: Add slice indicationJosé Bollo2-0/+2
Change-Id: I50c2166ffab106988fa4ac1e68c14ea56c5b3145 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Don't rely on features available for user unitsJosé Bollo2-0/+4
Change-Id: I117b8de2eec6cba9f475e18b794f90347bc184f8 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Avoid polkit and bugJosé Bollo1-2/+2
Accessing systemd/system with DBUS from a user not root make systemd use polkit. It doesn't work for us because: - at the end systemd crashes (sigsegv) - we don't want polkit here Change-Id: I206edd108b8b659c8c6a3a68f61500cb114995d4 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24remove secure-bit directivesJosé Bollo2-2/+0
Doesn't work after dropping capabilities! Change-Id: I748a8de9bb04006c14cba09cc6c4469da06c1b5d Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24bug fixes and improvementsJosé Bollo2-2/+3
Change-Id: I2fc3de0a84e471e8e87f43170c20f8d6d0d05fdc Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24provide access to systemd systemJosé Bollo2-9/+6
Change-Id: I1e3d2dc780a1449f2bfc894baa1f26a94be61cd8 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24Remove afm-system-daemonJosé Bollo3-4/+16
Change-Id: I1e6c0488b7183724a65fcc06fd3cf6909e0efd53 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-24afm-unit.conf: Removes capabilities of applicationsJosé Bollo2-0/+8
Change-Id: I081e8a8f9ea344d47ae007a4d6c9e72663f82fcf Signed-off-by: José Bollo <jose.bollo@iot.bzh>