From 2c566e2dc9df934fb3884f9d4a9ad7ffc73a4aab Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 17 Mar 2017 23:43:41 +0100 Subject: Provide unit in config.xml and documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit remove urn:AGL:widget:provided-application in favour of urn:AGL:widget:provided-unit. In the same time, the feature urn:AGL:widget:provided-api must be attached to a unit. This will enable to export more than one API for a unit if needed. Change-Id: I17ade3651db2cd61402875333d063ee05cf57a10 Signed-off-by: José Bollo --- conf/afm-unit.conf | 177 +- docs/afm-daemons.md | 248 +- docs/config.xml.md | 392 +- docs/permissions.md | 78 +- docs/pictures/make-units.odp | Bin 0 -> 15429 bytes docs/pictures/make-units.svg | 11787 +++++++++++++++++++++++++++++++++++++++ docs/quick-tutorial.md | 24 +- docs/widgets.md | 14 - src/tests/test-unit/config.xml | 13 +- src/wgt-json.c | 63 +- src/wgt-strings.c | 2 +- src/wgt-strings.h | 2 +- 12 files changed, 12367 insertions(+), 433 deletions(-) create mode 100644 docs/pictures/make-units.odp create mode 100644 docs/pictures/make-units.svg diff --git a/conf/afm-unit.conf b/conf/afm-unit.conf index 4cbfc87..82113ef 100644 --- a/conf/afm-unit.conf +++ b/conf/afm-unit.conf @@ -24,7 +24,7 @@ ; ; Directives: ; -; All directive occopy one whole line starting with % +; Any directive occupy one whole line starting with % ; ; - %nl ; @@ -72,9 +72,13 @@ ; ;--------------------------------------------------------------------------------- {{#targets}} + +;--------------------------------------------------------------------------------- +;---- P R O V I D E D U N I T S ---- +;--------------------------------------------------------------------------------- %begin systemd-unit -# auto generated by wgtpkg-unit for {{id}} version {{version}} target {{:#target}} +# auto generated by wgtpkg-unit for {{id}} version {{version}} target {{:#target}} of {{idaver}} %nl [Unit] @@ -82,7 +86,7 @@ Description={{description}} X-AFM-description={{description}} X-AFM-name={{name.content}} X-AFM-shortname={{name.short}} -X-AFM-id={{idaver}} +X-AFM-id={{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} X-AFM-version={{version}} X-AFM-author={{author.content}} X-AFM-author-email={{author.email}} @@ -124,16 +128,23 @@ WorkingDirectory=-{{&#metadata.app-data-dir}}/{{id}} ExecStartPre=/bin/mkdir -p {{&#metadata.app-data-dir}}/{{id}} Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}} +%systemd-unit user +{{#required-permission.urn:AGL:permission::public:hidden}}\ +%systemd-unit service afm-service-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ +{{^required-permission.urn:AGL:permission::public:hidden}}\ +%systemd-unit service afm-appli-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ +;--------------------------------------------------------------------------------- +;---- text/html ---- ;--------------------------------------------------------------------------------- {{#content.type=text/html}} -%systemd-unit user - -%systemd-unit service afm-appli-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} - X-AFM--http-port={{:#metadata.http-port}} -ExecStart=/usr/bin/afb-daemon --port={{:#metadata.http-port}} --random-token \ +ExecStart=/usr/bin/afb-daemon \ + --port={{:#metadata.http-port}} \ + --random-token \ --rootdir={{:#metadata.install-dir}} \ --workdir={{&#metadata.app-data-dir}}/{{id}} \ {{#required-permission.urn:AGL:permission::public:no-htdocs}}\ @@ -161,66 +172,178 @@ ExecStart=/usr/bin/afb-daemon --port={{:#metadata.http-port}} --random-token \ {{#value=cloud}}\ --cloud-client={{name}} \ {{/value=cloud}}\ + {{#value=local}}\ + --binding={{:#metadata.install-dir}}/{{name}} \ + {{/value=local}}\ {{/required-api}}\ + {{#provided-api}}\ + {{#value=auto}}\ + {{^required-permission.urn:AGL:permission::partner:service:no-ws}}\ + --ws-server=sd:{{name}} \ + {{/required-permission.urn:AGL:permission::partner:service:no-ws}}\ + {{^required-permission.urn:AGL:permission::partner:service:no-dbus}}\ + --dbus-server={{name}} \ + {{/required-permission.urn:AGL:permission::partner:service:no-dbus}}\ + {{/value=auto}}\ + {{#value=ws}}\ + --ws-server=sd:{{name}} \ + {{/value=ws}}\ + {{#value=dbus}}\ + --dbus-server={{name}} \ + {{/value=dbus}}\ + {{/provided-api}}\ --exec /usr/bin/web-runtime http://localhost:@p/{{content.src}}?token=@t {{/content.type=text/html}} +;--------------------------------------------------------------------------------- +;---- application/x-executable ---- ;--------------------------------------------------------------------------------- {{#content.type=application/x-executable}} -%systemd-unit user -%systemd-unit service afm-appli-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} - Environment=LD_LIBRARY_PATH=$ORIGIN/$LIB ExecStart={{:#metadata.install-dir}}/{{content.src}} {{/content.type=application/x-executable}} +;--------------------------------------------------------------------------------- +;---- application/vnd.agl.service ---- ;--------------------------------------------------------------------------------- {{#content.type=application/vnd.agl.service}} -%systemd-unit user -%systemd-unit service afm-service-{{:#target}} - ExecStart=/usr/bin/afb-daemon \ --rootdir={{:#metadata.install-dir}} \ --workdir={{&#metadata.install-dir}}/{{id}} \ - {{^required-permission.urn:AGL:permission::partner:service:no-ws}}\ - --ws-server=sd:{{:#target}} \ - {{/required-permission.urn:AGL:permission::partner:service:no-ws}}\ - {{^required-permission.urn:AGL:permission::partner:service:no-dbus}}\ - --dbus-server={{:#target}} \ - {{/required-permission.urn:AGL:permission::partner:service:no-dbus}}\ + {{#required-api}}\ + {{#value=auto}}\ + --ws-client=unix:%t/apis/ws/{{name}} \ + {{/value=auto}}\ + {{#value=ws}}\ + --ws-client=unix:%t/apis/ws/{{name}} \ + {{/value=ws}}\ + {{#value=dbus}}\ + --dbus-client={{name}} \ + {{/value=dbus}}\ + {{#value=link}}\ + --binding=%t/apis/lib/{{name}} \ + {{/value=link}}\ + {{#value=cloud}}\ + --cloud-client={{name}} \ + {{/value=cloud}}\ + {{#value=local}}\ + --binding={{:#metadata.install-dir}}/{{name}} \ + {{/value=local}}\ + {{/required-api}}\ + {{#provided-api}}\ + {{#value=auto}}\ + {{^required-permission.urn:AGL:permission::partner:service:no-ws}}\ + --ws-server=sd:{{name}} \ + {{/required-permission.urn:AGL:permission::partner:service:no-ws}}\ + {{^required-permission.urn:AGL:permission::partner:service:no-dbus}}\ + --dbus-server={{name}} \ + {{/required-permission.urn:AGL:permission::partner:service:no-dbus}}\ + {{/value=auto}}\ + {{#value=ws}}\ + --ws-server=sd:{{name}} \ + {{/value=ws}}\ + {{#value=dbus}}\ + --dbus-server={{name}} \ + {{/value=dbus}}\ + {{/provided-api}}\ --no-httpd -{{^required-permission.urn:AGL:permission::partner:service:no-ws}} + +{{/content.type=application/vnd.agl.service}} + + +;--------------------------------------------------------------------------------- +; auto start +;--------------------------------------------------------------------------------- +{{#required-permission.urn:AGL:permission::system:run-by-default}} +{{^provided-api}} +%nl +[Install] +WantedBy=default.target +%systemd-unit wanted-by default.target +{{/provided-api}} +{{/required-permission.urn:AGL:permission::system:run-by-default}} %end systemd-unit + + +;--------------------------------------------------------------------------------- +;---- P R O V I D E D A P I S ---- +;--------------------------------------------------------------------------------- + +{{#provided-api}} +{{#value=ws}} + %begin systemd-unit -# auto generated by wgtpkg-unit for {{id}} version {{version}} target {{:#target}} +# auto generated by wgtpkg-unit for {{id}} version {{version}} target {{:#target}} of {{idaver}} # %systemd-unit user -%systemd-unit socket afm-service-{{:#target}} +%systemd-unit socket afm-socket-{{name}} [Socket] SmackLabel=* -ListenStream=%t/bindings/{{:#target}} -FileDescriptorName={{:#target}} +ListenStream=%t/bindings/{{name}} +FileDescriptorName={{name}} -{{/required-permission.urn:AGL:permission::partner:service:no-ws}} +{{#required-permission.urn:AGL:permission::public:hidden}}\ +Service=afm-service-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ +{{^required-permission.urn:AGL:permission::public:hidden}}\ +Service=afm-appli-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ -{{/content.type=application/vnd.agl.service}} +;--------------------------------------------------------------------------------- +{{#required-permission.urn:AGL:permission::system:run-by-default}} +%nl +[Install] +WantedBy=default.target +%systemd-unit wanted-by default.target +{{/required-permission.urn:AGL:permission::system:run-by-default}} +;--------------------------------------------------------------------------------- + +%end systemd-unit + +{{/value=ws}} +{{#value=auto}} + +%begin systemd-unit + +# auto generated by wgtpkg-unit for {{id}} version {{version}} target {{:#target}} of {{idaver}} +# +%systemd-unit user +%systemd-unit socket afm-socket-{{name}} + +[Socket] +SmackLabel=* +ListenStream=%t/bindings/{{name}} +FileDescriptorName={{name}} + +{{#required-permission.urn:AGL:permission::public:hidden}}\ +Service=afm-service-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ +{{^required-permission.urn:AGL:permission::public:hidden}}\ +Service=afm-appli-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} +{{/required-permission.urn:AGL:permission::public:hidden}}\ ;--------------------------------------------------------------------------------- {{#required-permission.urn:AGL:permission::system:run-by-default}} +%nl [Install] WantedBy=default.target %systemd-unit wanted-by default.target {{/required-permission.urn:AGL:permission::system:run-by-default}} ;--------------------------------------------------------------------------------- + %end systemd-unit + +{{/value=auto}} +{{/provided-api}} + {{/targets}} diff --git a/docs/afm-daemons.md b/docs/afm-daemons.md index 0422a2b..018e139 100644 --- a/docs/afm-daemons.md +++ b/docs/afm-daemons.md @@ -308,6 +308,8 @@ optionally a field mode: The field "mode" is a string equal to either "local" or "remote". +[Currently the mode is not available in the systemd version] + **output**: The *runid* of the application launched. *runid* is an integer. --- @@ -362,6 +364,8 @@ Use **org.AGL.afm.user.resume** instead. #### Method org.AGL.afm.user.pause +[Currently not available in the systemd version] + **Description**: Pauses the application attached to *runid* until terminate or resume. **Input**: The *runid* (integer) of the running instance to pause. @@ -372,6 +376,8 @@ Use **org.AGL.afm.user.resume** instead. #### Method org.AGL.afm.user.resume +[Currently not available in the systemd version] + **Description**: Resumes the application attached to *runid* previously paused. **Input**: The *runid* (integer) of the running instance to resume. @@ -458,6 +464,8 @@ The options for launching **afm-user-daemon** are: -a --application directory + [Currently not available in the systemd version] + Includes the given application directory to the database base of applications. @@ -466,6 +474,8 @@ The options for launching **afm-user-daemon** are: -r --root directory + [Currently not available in the systemd version] + Includes root application directory or directories when passing multiple rootdir to applications database. @@ -477,6 +487,8 @@ The options for launching **afm-user-daemon** are: -m --mode (local|remote) + [Currently not available in the systemd version] + Set the default launch mode. The default value is 'local' @@ -521,27 +533,13 @@ given application. ### Launching application -**afm-user-daemon** launches application. Its builds a secure -environment for the application before starting it within a -secured environment. - -Different kind of applications can be launched. - -This is set using a configuration file that describes -how to launch an application of a given kind within a given -mode. - -There is two launching modes: local or remote. - -Launching an application locally means that -the application and its binder are launched together. - -Launching application remotely translates in only launching -the application binder. The UI by itself has to be activated -remotely by the requested (ie: HTML5 homescreen in a browser) +**afm-user-daemon** launches application by using systemd. +Systemd builds a secure environment for the application +before starting it. Once launched, running instances of application receive -a runid that identify them. +a runid that identify them. To make interface with systemd +evident, the pid is the runid. ### Managing instances of running applications @@ -550,8 +548,7 @@ that it launched. When owning the right permissions, a client can get the list of running instances and details about a specific -running instance. It can also terminate, pause or -resume a given application. +running instance. It can also terminate a given application. ### Installing and uninstalling applications @@ -559,207 +556,6 @@ If the client own the right permissions, **afm-user-daemon** delegates that task to **afm-system-daemon**. -Launcher Configuration ----------------------- - -It contains rules for launching applications. -When **afm-user-daemon** has to launch an application, -it looks for launch mode (local or remote), as well as -for the type of application describe in ***config.xml*** -widget configuration file. - -This tuple mode+type allows to select the adequate rule. - -Configuration file is **/etc/afm/afm-launch.conf**. - -It contains sections and rules. It can also contain comments -and empty lines to improve readability. - -The separators are space and tabulation, any other character -should have a meaning. - -The format is line oriented. -The new line character separate the lines. - -Lines having only separators are blank lines and ignored. -Line having character #(sharp) at first position are comment -lines and ignored. - -Lines not starting with a separator are different -from lines starting with a separator character. - -The grammar of the configuration file is defined below: - - CONF: *COMMENT *SECTION - - SECTION: MODE *RULE - - RULE: +TYPE VECTOR ?VECTOR - - MODE: 'mode' +SEP ('local' | 'remote') *SEP EOL - - TYPE: DATA *SEP EOL - - VECTOR: +SEP DATA *(+SEP NDATA) *SEP EOL - - DATA: CHAR *NCHAR - NDATA: +NCHAR - - EOL: NL *COMMENT - COMMENT: *SEP CMT *(SEP | NCHAR) NL - - NL: '\x0a' - SEP: '\x20' | '\x09' - CMT: '#' - CHAR: '\x00'..'\x08' | '\x0b'..'\x1f' | '\x21' | '\x22' | '\x24'..'\xff' - NCHAR: CMT | CHAR - -Here is a sample of configuration file for defining how -to launch an application of types *application/x-executable*, -*text/x-shellscript* and *text/html* in local mode: - - mode local - - application/x-executable - text/x-shellscript - %r/%c - - text/html - /usr/bin/afb-daemon --mode=local --readyfd=%R --alias=/icons:%I --port=%P --rootdir=%r --token=%S --sessiondir=%D/.afb-daemon - /usr/bin/web-runtime http://localhost:%P/%c?token=%S - -This shows that: - - - within a section, several rules can be defined - - within a rule, several types can be defined - - within a rule, one or two vectors can be defined - - vectors are using %substitution - - launched binaries must be defined with their full path - -### mode local - -Within this mode, the launchers have either one or two description vectors. -All of those vectors are treated as programs -and are executed with 'execve' system call. - -The first vector is the leader vector and it defines the process -group. The second vector (if any) is attached to the group -defined by this first vector. - -### mode remote - -Within this mode, the launchers have either one or two vectors -describing them. - -The first vector is process as a program and is executed with -system call 'execve'. - -The second vector (if any) defines a text that is returned -to the caller. This mechanism can be used to return a uri -for remote UI to connect on the newly launched application. - -The daemon ***afm-user-daemon*** allocates a port for each -new remote application. -The current implementation port allocation is incremental. -A smarter (cacheable and discoverable) allocation should be defined. - -### %substitutions - -Vectors can include sequences of 2 characters that have a special -meaning. These sequences are named *%substitution* because their -first character is the percent sign (%) and because each occurrence -of the sequence is replaced, at launch time, by the value associated -to sequences. - -Here is the list of *%substitutions*: - - - ***%%***: %. - - This simply emits the percent sign % - - - ***%a***: appid - - Holds application Id of launched application. - - Defined by the attribute **id** of the element **** - of **config.xml**. - - - ***%b***: bindings - - In the future should represent the list of bindings and bindings directory separated by ','. - Warning: not supported in current version. - - - ***%c***: content - - The file within the widget directory that is the entry point. - - For HTML applications, it represents the relative path to main - page (aka index.html). - - Defined by attribute **src** of the element **** within **config.xml**. - - - ***%D***: datadir - - Path of the directory where the application runs (cwd) - and stores its data. - - It is equal to %h/%a. - - - ***%H***: height - - Requested height for the widget. - - Defined by the attribute **height** of the element **** - of **config.xml**. - - - ***%h***: homedir - - Path of the home directory for all applications. - - It is generally equal to $HOME/app-data - - - ***%I***: icondir - - Path of the directory were the icons of the applications can be found. - - - ***%m***: mime-type - - Mime type of the launched application. - - Defined by the attribute **type** of the element **** - of **config.xml**. - - - ***%n***: name - - Name of the application as defined by the content of the - element **** of **config.xml**. - - - ***%P***: port - - A port to use. It is currently a kind of random port. The precise - model is to be defined later. - - - ***%R***: readyfd - - Number of file descriptor to use for signaling - readiness of launched process. - - - ***%r***: rootdir - - Path of directory containing the widget and its data. - - - ***%S***: secret - - An hexadecimal number that can be used to initialize pairing of client - and application binder. - - - ***%W***: width - - Requested width for the widget. - - Defined by the attribute **width** of the element **** - of **config.xml**. - Using ***afm-util*** -------------------- @@ -804,14 +600,6 @@ Here is the summary of ***afm-util***: terminate the running instance rid - - **afm-util pause rid **: - - pause the running instance rid - - - **afm-util resume rid **: - - resume the previously paused rid - - **afm-util state rid **: get status of the running instance rid diff --git a/docs/config.xml.md b/docs/config.xml.md index 7eac552..7939ebe 100644 --- a/docs/config.xml.md +++ b/docs/config.xml.md @@ -61,7 +61,7 @@ The attribute *id* is mandatory (for version 2.x, blowfish) and must be unique. Values for *id* are any non empty string containing only latin letters, arabic digits, and the three characters '.' (dot), '-' (dash) and -'_' (underscore). +'\_' (underscore). Authors can use a mnemonic id or can pick a unique id using command **uuid** or **uuidgen**. @@ -72,7 +72,7 @@ The attribute *version* is mandatory (for version 2.x, blowfish). Values for *version* are any non empty string containing only latin letters, arabic digits, and the three characters '.' (dot), '-' (dash) and -'_' (underscore). +'\_' (underscore). Version values are dot separated fields MAJOR.MINOR.REVISION. Such version would preferabily follow guidelines of @@ -96,10 +96,26 @@ AGL features The AGL framework uses the feature tag for specifying security and binding requirement of the widget. -The current version of AGL (up to 2.0.1, blowfish) has no fully implemented -features. +Since the migration of the framework to leverage systemd power, +the features are of important use to: -The features planned to be implemented are described below. + - declare more than just an application + - declare the expected dependencies + - declare the expected permissions + - declare the exported apis + +The specification of [widgets][widgets] is intentded to describe +only one application. In the present case, we expect to describe +more than just an application. For example, a publisher could +provide a widget containing a service, an application for tuning +that service, an application that leverage the service. +Here, the term of service means a background application that +runs without IHM and whose public api can be accessed by other +applications. + +So the features are used to describe each of the possible +units of widgets. The "standard" unit in the +meaning of [widgets][widgets] is called the "main" unit. ### feature name="urn:AGL:widget:required-api" @@ -110,48 +126,105 @@ Each required api must be explicited using a entry. Example: ```xml - - + > + + ``` This will be *virtually* translated for mustaches to the JSON ```json -"required-api": { - "param": [ - { "name": "urn:AGL:permission:A", "value": "required", "required": true }, - { "name": "urn:AGL:permission:A", "value": "optional", "optional": true } - ], - "urn:AGL:permission:A": { "name": "urn:AGL:permission:A", "value": "required", "required": true }, - "urn:AGL:permission:B": { "name": "urn:AGL:permission:B", "value": "optional", "optional": true } -} +"required-api": [ + { "name": "gps", "value": "auto" }, + { "name": "afm-main", "value": "link" } + ] ``` #### param name="#target" -Declares the name of the component requiring the listed bindings. -Only one instance of the param "#target" is allowed. -When there is not instance of the param -The value is either: +OPTIONAL -- required: the binding is mandatorily needed except if the feature -isn't required (required="false") and in that case it is optional. -- optional: the binding is optional +Declares the name of the unit requiring the listed apis. +Only one instance of the param "#target" is allowed. +When there is not instance of this param, it behave as if +the target main was specified. #### param name=[required api name] -The value is either: +The name is the name of the required API. -- required: the binding is mandatorily needed except if the feature -isn't required (required="false") and in that case it is optional. -- optional: the binding is optional +The value describes how to connect to the required api. +It is either: + + - local: + + The binding is a local shared object. + In that case, the name is the relative path of the + shared object to be loaded. + + - auto: + + The framework set automatically the kind of + the connection to the API + + - ws: + + The framework connect using internal websockets + + - dbus: + + The framework connect using internal dbus + + - link: + + The framework connect in memory by dinamically linking + + - cloud: [PROPOSAL - NOT IMPLEMENTED] + + The framework connect externally using websock. + In that case, the name includes data to access the service. + Example: `` ### feature name="urn:AGL:widget:required-permission" -List of the permissions required by the widget. +List of the permissions required by the unit. Each required permission must be explicited using a entry. +Example: + +```xml + + + + + +``` + +This will be *virtually* translated for mustaches to the JSON + +```json +"required-permission":{ + "urn:AGL:permission:real-time":{ + "name":"urn:AGL:permission:real-time", + "value":"required" + }, + "urn:AGL:permission:syscall:*":{ + "name":"urn:AGL:permission:syscall:*", + "value":"required" + } +} +``` + +#### param name="#target" + +OPTIONAL + +Declares the name of the unit requiring the listed permissions. +Only one instance of the param "#target" is allowed. +When there is not instance of this param, it behave as if +the target main was specified. + #### param name=[required permission name] The value is either: @@ -160,79 +233,139 @@ The value is either: isn't required (required="false") and in that case it is optional. - optional: the permission is optional -### feature name="urn:AGL:widget:provided-api" -Use this feature for each provided api of the widget. -The parameters are: +### feature name="urn:AGL:widget:provided-unit" -#### param name="subid" +This feature is made for declaring new units +for the widget. Using this feature, a software publisher +can provide more than one application in the same widget. -REQUIRED +Example: +```xml + + + + + + +``` -The value is the string that must match the binding prefix. -It must be unique. +This will be *virtually* translated for mustaches to the JSON +```json + { + "#target":"geoloc", + "description":"binding of name geoloc", + "content":{ + "src":"index.html", + "type":"application\/vnd.agl.service" + }, + ... + } +``` -#### param name="name" +#### param name="#target" REQUIRED -The value is the string that must match the binding prefix. -It must be unique. +Declares the name of the unit. The default unit, the unit +of the main of the widget, has the name "main". The value +given here must be unique within the widget file. It will +be used in other places of the widget config.xml file to +designate the unit. -#### param name="src" +Only one instance of the param "#target" is allowed. +The value can't be "main". + +#### param name="content.type" REQUIRED -The value is the path of the shared library for the binding. +The mimetype of the provided unit. -#### param name="type" +#### param name="content.src" -REQUIRED +A path to the -Currently it must be ***application/vnd.agl.binding.v1***. +#### other parameters +The items that can be set for the main unit +can also be set using the params if needed. -#### param name="scope" + - description + - name.content + - name.short + - ... -REQUIRED -The value indicate the availability of the binidng: +### feature name="urn:AGL:widget:provided-api" + +Use this feature for exporting one or more API of a unit +to other widgets of the platform. -- private: used only by the widget -- public: available to allowed clients as a remote service (requires permission+) -- inline: available to allowed clients inside their binding (unsafe, requires permission+++) +This feature is an important feature of the framework. + +Example: + +```xml + + + + + +``` + +This will be *virtually* translated for mustaches to the JSON + +```json + "provided-api":[ + { + "name":"geoloc", + "value":"auto" + }, + { + "name":"moonloc", + "value":"auto" + } + ], +``` + +#### param name="#target" -#### param name="needed-binding" OPTIONAL -The value is a space separated list of binding's names that the binding needs. +Declares the name of the unit exporting the listed apis. +Only one instance of the param "#target" is allowed. +When there is not instance of this param, it behave as if +the target main was specified. + -### feature name="urn:AGL:widget:defined-permission" +#### param name=[name of exported api] -Each required permission must be explicited using a entry. +The name give the name of the api that is exported. + +The value is one of the following values: -#### param name=[defined permission name] + - ws: -The value is the level of the defined permission. -Standard levels are: + export the api using UNIX websocket -- system -- platform -- partner -- tiers -- public + - dbus: + + export the API using dbus + + - auto: + + export the api using the default method(s). -This level defines the level of accreditation required to get the given -permission. The accreditions are given by signatures of widgets. Known content types ------------------- -The configuration file ***/etc/afm/afm-unit.conf*** defines the types -of widget known and how to launch it. +The configuration file ***/etc/afm/afm-unit.conf*** defines +how to create systemd units for widgets. -Known types for the type of content are (for version 2.x, blowfish): +Known types for the type of content are: - ***text/html***: HTML application, @@ -242,41 +375,108 @@ Known types for the type of content are (for version 2.x, blowfish): Native application, content.src designates the relative path of the binary -- ***application/vnd.agl.url***: - Internet url, - content.src designates the url to be used - - ***application/vnd.agl.service***: - AGL service defined as a binder, - content.src designates the directory of provided binders, - http content, if any, must be put in the subdirectory ***htdocs*** of the widget - -- ***application/vnd.agl.native***: - Native application with AGL service defined as a binder, - content.src designates the relative path of the binary, - bindings, if any must be put in the subdirectory ***lib*** of the widget, - http content, if any, must be put in the subdirectory ***htdocs*** of the widget - -- ***text/vnd.qt.qml***, ***application/vnd.agl.qml***: - QML application, - content.src designate the relative path of the QML root, - imports must be put in the subdirectory ***imports*** of the widget - -- ***application/vnd.agl.qml.hybrid***: - QML application with bindings, - content.src designate the relative path of the QML root, - bindings, if any must be put in the subdirectory ***lib*** of the widget, - imports must be put in the subdirectory ***imports*** of the widget - -- ***application/vnd.agl.html.hybrid***: - HTML application, - content.src designates the home page of the application, - bindings, if any must be put in the subdirectory ***lib*** of the widget, - http content must be put in the subdirectory ***htdocs*** of the widget + AGL service, content.src is not used. + +Adding more types is easy, it just need to edit the configuration +file ***afm-unit.conf***. + +### Older content type currently not supported at the moment. + +This types were defined previously when the framework was not +leveraging systemd. The transition to systemd let these types +out at the moment. + +- ***application/vnd.agl.url*** +- ***application/vnd.agl.native*** +- ***text/vnd.qt.qml***, ***application/vnd.agl.qml*** +- ***application/vnd.agl.qml.hybrid*** +- ***application/vnd.agl.html.hybrid*** + + +The configuration file afm-unit.conf +==================================== + +The integration of the framework with systemd +mainly consists of creating the systemd unit +files corresponding to the need and requirements +of the installed widgets. + +This configuration file named `afm-unit.conf` installed +on the system wiht the path `/etc/afm/afm-unit.conf` +describes how to generate all units from the *config.xml* +configuration files of widgets. The description uses an extended +version of the templating formalism of [mustache][] +to describes all the units. + +Let present how it works using the following diagram that +describes graphically the workflow of creating the unit +files for systemd `afm-unit.conf` from the configuration +file of the widget `config.xml`: + +![make-units][make-units] + +In a first step, and because [mustache][] is intended +to work on JSON representations, the configuration file is +translated to an internal JSON representation. This +representation is shown along the examples of the documentation +of the config files of widgets. + +In a second step, the mustache template `afm-unit.conf` +is instanciated using the C library [mustach][] that follows +the rules of [mustache][mustache] and with all its available +extensions: + + - use of colon (:) for explicit substitution + - test of values with = or =! + +In a third step, the result of instanciating `afm-unit.conf` +for the widget is splited in units. To achieve that goal, +the lines containing specific directives are searched. +Any directive occupy one full line. The directives are: + + - %nl + + Produce an empty line at the end + + - %begin systemd-unit + - %end systemd-unit + + Delimit the produced unit, its begin and its end + + - %systemd-unit user + - %systemd-unit system + + Tells the kind of unit (user/system) + + - %systemd-unit service NAME + - %systemd-unit socket NAME + + Gives the name and type (service or socket) of the unit. + The extension is automatically computed from the type + and must not be set in the name. + + - %systemd-unit wanted-by NAME + + Tells to install a link to the unit in the wants of NAME + +Then the computed units are then written to the filesystem +and inserted in systemd. + +The generated unit files will contain variables for internal +use of the framework. These variables are starting with `X-AFM-`. +The variables starting with `X-AFM-` but not with `X-AFM--` are +the public variables. These variables will be returned by the +framework as the details of an application (see **afm-util detail ...**). ---- +Variables starting with `X-AFM--` are private to the framework. +By example, the variable `X-AFM--http-port` is used to +record the allocated port for applications. +[mustach]: https://gitlab.com/jobol/mustach "basic C implementation of mustache" +[mustache]: http://mustache.github.io/mustache.5.html "mustache - Logic-less templates" +[make-units]: pictures/make-units.svg [widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps" [widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets" [libxml2]: http://xmlsoft.org/html/index.html "libxml2" diff --git a/docs/permissions.md b/docs/permissions.md index 09f68a3..0c18180 100644 --- a/docs/permissions.md +++ b/docs/permissions.md @@ -37,9 +37,15 @@ the characters colon and star (:*). This field designates the api providing the permission. This scheme is used to deduce binding requirements from permission requirements. The field `` can be the empty string when the permission is defined by the AGL system itself. -The field `` if starting with the character "@" represents + +[PROPOSAL 1] The field `` if starting with the character "@" represents a transversal/cross permission not bound to any binding. +[PROPOSAL 2]The field `` if starting with the 2 characters "@@" +in addition to a permission not bound to any binding, represents a +permission that must be set at installation and that can not be +revoked later. + ::= 1* The field `` is made only of letters in lower case. @@ -62,5 +68,75 @@ names at right. This hierarchical behaviour is intended to be used to request permissions using hierarchical grouping. +Permission value +---------------- + +In some case, it could be worth to add a value to a permission. + +Currently, the framework allows it for permissions linked to +systemd. But this not currently used. + +Conversely, permissions linked to cynara can't carry data +except in their name. + +Thus to have a simple and cleaner model, it is better to forbid +attachement of value to permission. + + +Example of permissions +---------------------- + +Here is a list of some possible permissions. These +permissions are available the 17th of March 2017. + + - urn:AGL:permission::platform:no-oom + + Set OOMScoreAdjust=-500 to keep the out-of-memory + killer away. + + - urn:AGL:permission::partner:real-time + + Set IOSchedulingClass=realtime to give to the process + realtime scheduling. + + Conversely, not having this permission set RestrictRealtime=on + to forbid realtime features. + + - urn:AGL:permission::public:display + + Adds the group "display" to the list of supplementary groups + of the process. + + - urn:AGL:permission::public:syscall:clock + + Without this permission SystemCallFilter=~@clock is set to + forfid call to clock. + + - urn:AGL:permission::public:no-htdocs + + The http directory served is not "htdocs" but "." + + - urn:AGL:permission::public:applications:read + + Allows to read data of installed applications (and to + access icons). + + - urn:AGL:permission::partner:service:no-ws + + Forbids services to provide its API through websocket. + + - urn:AGL:permission::partner:service:no-dbus + + Forbids services to provide its API through D-Bus. + + - urn:AGL:permission::system:run-by-default + + Starts automatically the application. Example: home-screen. + + - http://tizen.org/privilege/internal/dbus + + Permission to use D-Bus. + + [URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax" diff --git a/docs/pictures/make-units.odp b/docs/pictures/make-units.odp new file mode 100644 index 0000000..73219a7 Binary files /dev/null and b/docs/pictures/make-units.odp differ diff --git a/docs/pictures/make-units.svg b/docs/pictures/make-units.svg new file mode 100644 index 0000000..e998f3e --- /dev/null +++ b/docs/pictures/make-units.svg @@ -0,0 +1,11787 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <date/time> + + + + + + <footer> + + + + + + <number> + + + + + + + + + + + + + + + + + + + + + + config.xml + + + + + + + /etc/afm/afm-unit.conf + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + json description + + + + + + + + + Mustache engine + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + units description + + + + + + + *.service + + + + + + + *.socket + + + + + + virtualdata + + + + + + + + + + + + + + + + + + + + + + + Unit installer + + + + + + + + + Config engine + + + + + + + ... + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + configurationfile + + + + + + systemdunits + + + + + + + + + \ No newline at end of file diff --git a/docs/quick-tutorial.md b/docs/quick-tutorial.md index 5fc07f1..c8122d4 100644 --- a/docs/quick-tutorial.md +++ b/docs/quick-tutorial.md @@ -80,12 +80,6 @@ To begin, run '**afm-util help**' to get a quick help on commands: kill rid terminate rid terminate the running instance rid - stop rid - pause rid pause the running instance rid - - resume rid - continue rid resume the previously rid - status rid state rid get status of the running instance rid @@ -149,18 +143,6 @@ To check for running applications, just run: The 'runid' is the application instance ID and is used as an argument for the subcommands controlling the application runtime state (kill/pause/resume/status) -### Pause application -To pause the application that was just started (the one with RUNID 1), just run the pause command: - - root@porter:~# afm-util terminate 1 - true - -The application is now paused, as confirmed by a list of running apps: - - root@porter:~# afm-util ps - [ ] - - ### Uninstall application To uninstall an application, simply use its ID: @@ -196,10 +178,6 @@ In the toolbar, click on the button representing the Rabbit application. You'll Click on the 'start' item: the application starts and should be visible as a webview on the target board display. Note that at this point, we could also run the application remotely, that is in the same browser as the Homescreen app. By default, the application framework is configured to run applications 'locally' on the board display. -### Pausing an application - -In the Homescreen application, click again on the Rabbit application button, then select 'pause': the application then pauses. - ### Uninstalling an application From the same popup menu, you can select 'uninstall' to remove the application from the system. As a consequence, the application icon should disappear from the toolbar. @@ -212,7 +190,7 @@ This is a sample HTML5 application demonstrating various basic capabilities of t This application is not available as WGT file yet and it should be started manually without any specific security context: - root@porter:~# /usr/bin/afb-daemon --mode=remote --port=1235 --token='' --sessiondir=/home/root/.afm-daemon --rootdir=/usr/share/agl/afb-client --alias=/icons:/usr/share/afm/icons + root@porter:~# /usr/bin/afb-daemon --port=1235 --token='' --sessiondir=/home/root/.afm-daemon --rootdir=/usr/share/agl/afb-client --alias=/icons:/usr/share/afm/icons Then you can access it from a browser: http://[board_ip]:1235/opa/?token=132456789 diff --git a/docs/widgets.md b/docs/widgets.md index 2acc92a..3966eab 100644 --- a/docs/widgets.md +++ b/docs/widgets.md @@ -87,20 +87,6 @@ $ wgtpkg-pack DIRECTORY -o file.wgt Writing a widget ---------------- -### What kind of application? - -The file **/etc/afm/afm-launch.conf** explain how to launch applications. -(It is the current state that use afm-user-daemon. In a future, it may be -replace by systemd features.) - -Currently the applications that can be run are: - -- binary applications: their type is ***application/x-executable*** - -- HTML5 applications: their type is ***text/html*** - -- QML applications: their type is ***text/vnd.qt.qml*** - ### The steps for writing a widget 1. make your application diff --git a/src/tests/test-unit/config.xml b/src/tests/test-unit/config.xml index 48a7e3c..65fa43e 100644 --- a/src/tests/test-unit/config.xml +++ b/src/tests/test-unit/config.xml @@ -23,21 +23,30 @@ + - + - + + + + + + + + + diff --git a/src/wgt-json.c b/src/wgt-json.c index 258f151..e0ff08b 100644 --- a/src/wgt-json.c +++ b/src/wgt-json.c @@ -35,26 +35,6 @@ #include "wgt-strings.h" #include "verbose.h" -/* -{ - permissions: { - dict: { - ID: { name: ID, level: LEVEL, index: INDEX }, - ... - }, - list: [ - { name: ID, level: LEVEL, index: 0 }, - ... - } - }, - targets: [ - { name: ID, level: LEVEL, index: 0 }, - ... - ] - } -} -*/ - struct paramaction { const char *name; @@ -258,12 +238,13 @@ static int add_param_simple(struct json_object *obj, const struct wgt_desc_param static int add_param_array(struct json_object *obj, const struct wgt_desc_param *param, void *closure) { + const char *array_name = closure; struct json_object *array, *value; - if (!closure) + if (!array_name) array = obj; - else if (!json_object_object_get_ex(obj, closure, &array)) { - array = j_add_new_array(obj, closure); + else if (!json_object_object_get_ex(obj, array_name, &array)) { + array = j_add_new_array(obj, array_name); if (!array) return -ENOMEM; } @@ -305,7 +286,7 @@ static int add_targeted_params(struct json_object *targets, const struct wgt_des return rc < 0 ? rc : apply_params(obj, feat->params, actions); } -static int add_provided(struct json_object *targets, const struct wgt_desc_feature *feat) +static int add_provided_unit(struct json_object *targets, const struct wgt_desc_feature *feat) { static struct paramaction actions[] = { { .name = string_sharp_target, .action = NULL, .closure = NULL }, @@ -314,6 +295,15 @@ static int add_provided(struct json_object *targets, const struct wgt_desc_featu return add_targeted_params(targets, feat, actions); } +static int add_provided_api(struct json_object *targets, const struct wgt_desc_feature *feat) +{ + static struct paramaction actions[] = { + { .name = string_sharp_target, .action = NULL, .closure = NULL }, + { .name = NULL, .action = add_param_array, .closure = (void*)string_provided_api } + }; + return add_targeted_params(targets, feat, actions); +} + static int add_required_api(struct json_object *targets, const struct wgt_desc_feature *feat) { static struct paramaction actions[] = { @@ -323,7 +313,6 @@ static int add_required_api(struct json_object *targets, const struct wgt_desc_f return add_targeted_params(targets, feat, actions); } - static int add_required_permission(struct json_object *targets, const struct wgt_desc_feature *feat) { static struct paramaction actions[] = { @@ -370,8 +359,7 @@ static struct json_object *to_json(const struct wgt_desc *desc) rc = -EINVAL; } featname += prefixlen; - if (!strcmp(featname, string_provided_api) - || !strcmp(featname, string_provided_application)) { + if (!strcmp(featname, string_provided_unit)) { rc2 = make_target(targets, feat); if (rc2 < 0 && !rc) rc = rc2; @@ -386,25 +374,24 @@ static struct json_object *to_json(const struct wgt_desc *desc) featname += prefixlen; if (!strcmp(featname, string_defined_permission)) { rc2 = add_defined_permission(permissions, feat); - if (rc2 < 0 && !rc) - rc = rc2; } - else if (!strcmp(featname, string_provided_application) - || !strcmp(featname, string_provided_api)) { - rc2 = add_provided(targets, feat); - if (rc2 < 0 && !rc) - rc = rc2; + else if (!strcmp(featname, string_provided_unit)) { + rc2 = add_provided_unit(targets, feat); + } + else if (!strcmp(featname, string_provided_api)) { + rc2 = add_provided_api(targets, feat); } else if (!strcmp(featname, string_required_api)) { rc2 = add_required_api(targets, feat); - if (rc2 < 0 && !rc) - rc = rc2; } else if (!strcmp(featname, string_required_permission)) { rc2 = add_required_permission(targets, feat); - if (rc2 < 0 && !rc) - rc = rc2; + } else { + /* gently ignore other features */ + rc2 = 0; } + if (rc2 < 0 && !rc) + rc = rc2; } } diff --git a/src/wgt-strings.c b/src/wgt-strings.c index f9fe01e..12e5ba5 100644 --- a/src/wgt-strings.c +++ b/src/wgt-strings.c @@ -56,8 +56,8 @@ const char string_level[] = "level"; const char string_list[] = "list"; const char string_main[] = "main"; const char string_optional[] = "optional"; -const char string_provided_application[] = "provided-application"; const char string_provided_api[] = "provided-api"; +const char string_provided_unit[] = "provided-unit"; const char string_required_api[] = "required-api"; const char string_required_permission[] = "required-permission"; const char string_targets[] = "targets"; diff --git a/src/wgt-strings.h b/src/wgt-strings.h index 504bd16..25bfa02 100644 --- a/src/wgt-strings.h +++ b/src/wgt-strings.h @@ -54,8 +54,8 @@ extern const char string_level[]; extern const char string_list[]; extern const char string_main[]; extern const char string_optional[]; -extern const char string_provided_application[]; extern const char string_provided_api[]; +extern const char string_provided_unit[]; extern const char string_required_api[]; extern const char string_required_permission[]; extern const char string_sharp_target[]; -- cgit 1.2.3-korg