1 # Configuration file - config.xml
3 The widgets are described by the W3C's technical recommendations
4 [Packaged Web Apps (Widgets)][widgets] and [XML Digital Signatures for Widgets][widgets-digsig]
5 that specifies the configuration file **config.xml**.
9 The file **config.xml** describes important data of the application
12 - the unique identifier of the application
13 - the name of the application
14 - the type of the application
15 - the icon of the application
16 - the permissions linked to the application
17 - the services and dependencies of the application
19 The file MUST be at the root of the widget and MUST be case sensitively name
22 The file **config.xml** is a XML file described by the document
25 Here is the example of the config file for the QML application SmartHome.
28 <?xml version="1.0" encoding="UTF-8"?>
29 <widget xmlns="http://www.w3.org/ns/widgets" id="smarthome" version="0.1">
30 <name>SmartHome</name>
31 <icon src="smarthome.png"/>
32 <content src="qml/smarthome/smarthome.qml" type="text/vnd.qt.qml"/>
33 <description>This is the Smarthome QML demo application. It shows some user interfaces for controlling an
34 automated house. The user interface is completely done with QML.</description>
35 <author>Qt team</author>
36 <license>GPL</license>
40 The most important items are:
42 - **<widget id="......"\>**: gives the id of the widget. It must be unique.
44 - **<widget version="......"\>**: gives the version of the widget
46 - **<icon src="..."\>**: gives a path to the icon of the application
47 (can be repeated with different sizes)
49 - **<content src="..." type="..."\>**: this indicates the entry point and its type.
51 ## Standard elements of "config.xml"
53 ### The element widget
55 #### the attribute id of widget
57 The attribute *id* is mandatory (for version 2.x, blowfish) and must be unique.
59 Values for *id* are any non empty string containing only latin letters,
60 arabic digits, and the three characters '.' (dot), '-' (dash) and
63 Authors can use a mnemonic id or can pick a unique id using
64 command **uuid** or **uuidgen**.
66 ### the attribute version of widget
68 The attribute *version* is mandatory (for version 2.x, blowfish).
70 Values for *version* are any non empty string containing only latin letters,
71 arabic digits, and the three characters '.' (dot), '-' (dash) and
74 Version values are dot separated fields MAJOR.MINOR.REVISION.
75 Such version would preferably follow guidelines of
76 [semantic versioning][semantic-version].
78 ### The element content
80 The element *content* is mandatory (for version 2.x, blowfish) and must designate a file
81 (subject to localization) with its attribute *src*.
83 The content designed depends on its type. See below for the known types.
87 The element *icon* is mandatory (for version 2.x, blowfish) and must
88 be unique. It must designate an image file with its attribute *src*.
92 The AGL framework uses the feature tag for specifying security and binding
93 requirement of the widget.
95 Since the migration of the framework to leverage systemd power,
96 the features are of important use to:
98 - declare more than just an application
99 - declare the expected dependencies
100 - declare the expected permissions
101 - declare the exported apis
103 The specification of [widgets][widgets] is intended to describe
104 only one application.
105 In the present case, we expect to describe more than just an application.
106 For example, a publisher could provide a widget containing a service,
107 an application for tuning that service, an application that
108 leverage the service.
109 Here, the term of service means a background application that
110 runs without IHM and whose public api can be accessed by other
113 So the features are used to describe each of the possible
115 The "standard" unit in the meaning of [widgets][widgets]
116 is called the "main" unit.
118 ### required-api: feature name="urn:AGL:widget:required-api"
120 List of the api required by the widget.
122 Each required api must be explicit using a `<param>` entry.
127 <feature name="urn:AGL:widget:required-api">
128 <param name="#target" value="main" />
129 <param name="gps" value="auto" />
130 <param name="afm-main" value="link" />
134 This will be *virtually* translated for mustaches to the JSON
138 { "name": "gps", "value": "auto" },
139 { "name": "afm-main", "value": "link" }
143 #### required-api: param name="#target"
147 Declares the name of the unit requiring the listed apis.
148 Only one instance of the param "#target" is allowed.
149 When there is not instance of this param, it behave as if
150 the target main was specified.
152 #### required-api: param name=[required api name]
154 The name is the name of the required API.
156 The value describes how to connect to the required api.
159 - local: OBSOLETE SINCE FF (AGL6), PROVIDED FOR COMPATIBILITY
160 Use the feature **urn:AGL:widget:required-binding** instead.
161 The binding is a local shared object.
162 In that case, the name is the relative path of the
163 shared object to be loaded.
166 The framework set automatically the kind of
167 the connection to the API
170 The framework connect using internal websockets
173 The framework connect using internal dbus
175 - cloud: [PROPOSAL - NOT IMPLEMENTED]
176 The framework connect externally using websock.
177 In that case, the name includes data to access the service.
178 Example: `<param name="log:https://oic@agl.iot.bzh/cloud/log" value="cloud" />`
180 ### required-binding: feature name="urn:AGL:widget:required-binding"
182 List of the bindings required by the widget.
184 Note: Since AGL 6 (FF - Funky Flounder),
185 the binder implements bindings version 3 that allow the declaration
186 of 0, 1 or more APIs by one binding. In other words, the equivalency
187 one binding = one API is lost. At the same time the framework added
188 the ability to use bindings exported by other widgets.
190 Each required binding must be explicit using a `<param>` entry.
195 <feature name="urn:AGL:widget:required-binding">
196 <param name="libexec/binding-gps.so" value="local" />
197 <param name="extra" value="extern" />
201 This will be *virtually* translated for mustaches to the JSON
204 "required-binding": [
205 { "name": "libexec/binding-gps.so", "value": "local" },
206 { "name": "extra", "value": "extern" }
210 #### required-binding: param name=[name or path]
212 The name or the path of the required BINDING.
214 The value describes how to connect to the required binding.
218 The binding is a local shared object.
219 In that case, the name is the relative path of the
220 shared object to be loaded.
223 The binding is external. The name is the exported binding name.
224 See provided-binding.
226 ### provided-binding: feature name="urn:AGL:widget:provided-binding"
228 This feature allows to export a binding to other binders.
229 The bindings whose relative name is given as value is exported to
230 other binders under the given name.
232 Each provided binding must be explicit using a `<param>` entry.
237 <feature name="urn:AGL:widget:provided-binding">
238 <param name="extra" value="export/binding-gps.so" />
242 This will be *virtually* translated for mustaches to the JSON
245 "provided-binding": [
246 { "name": "extra", "value": "export/binding-gps.so" }
250 #### provided-binding: param name=[exported name]
252 Exports a local binding to other applications.
254 The value must contain the path to the exported binding.
256 ### required-permission: feature name="urn:AGL:widget:required-permission"
258 List of the permissions required by the unit.
260 Each required permission must be explicit using a `<param>` entry.
265 <feature name="urn:AGL:widget:required-permission">
266 <param name="#target" value="geoloc" />
267 <param name="urn:AGL:permission:real-time" value="required" />
268 <param name="urn:AGL:permission:syscall:*" value="required" />
272 This will be *virtually* translated for mustaches to the JSON
275 "required-permission":{
276 "urn:AGL:permission:real-time":{
277 "name":"urn:AGL:permission:real-time",
280 "urn:AGL:permission:syscall:*":{
281 "name":"urn:AGL:permission:syscall:*",
287 #### required-permission: param name="#target"
291 Declares the name of the unit requiring the listed permissions.
292 Only one instance of the param "#target" is allowed.
293 When there is not instance of this param, it behave as if
294 the target main was specified.
296 #### required-permission: param name=[required permission name]
300 - required: the permission is mandatorily needed except if the feature
301 isn't required (required="false") and in that case it is optional.
302 - optional: the permission is optional
304 ### provided-unit: feature name="urn:AGL:widget:provided-unit"
306 This feature is made for declaring new units
308 Using this feature, a software publisher
309 can provide more than one application in the same widget.
314 <feature name="urn:AGL:widget:provided-unit">
315 <param name="#target" value="geoloc" />
316 <param name="description" value="binding of name geoloc" />
317 <param name="content.src" value="index.html" />
318 <param name="content.type" value="application/vnd.agl.service" />
322 This will be *virtually* translated for mustaches to the JSON
327 "description":"binding of name geoloc",
330 "type":"application\/vnd.agl.service"
336 #### provided-unit: param name="#target"
340 Declares the name of the unit. The default unit, the unit
341 of the main of the widget, has the name "main".
342 The value given here must be unique within the widget file.
343 It will be used in other places of the widget config.xml file to
346 Only one instance of the param "#target" is allowed.
347 The value can't be "main".
349 #### provided-unit: param name="content.type"
353 The mimetype of the provided unit.
355 #### provided-unit: param name="content.src"
359 #### other parameters
361 The items that can be set for the main unit
362 can also be set using the params if needed.
369 ### provided-api: feature name="urn:AGL:widget:provided-api"
371 Use this feature for exporting one or more API of a unit
372 to other widgets of the platform.
374 This feature is an important feature of the framework.
379 <feature name="urn:AGL:widget:provided-api">
380 <param name="#target" value="geoloc" />
381 <param name="geoloc" value="auto" />
382 <param name="moonloc" value="auto" />
386 This will be *virtually* translated for mustaches to the JSON
401 #### provided-api: param name="#target"
405 Declares the name of the unit exporting the listed apis.
406 Only one instance of the param "#target" is allowed.
407 When there is not instance of this param, it behave as if
408 the target main was specified.
410 #### provided-api: param name=[name of exported api]
412 The name give the name of the api that is exported.
414 The value is one of the following values:
417 export the api using UNIX websocket
420 export the API using dbus
423 export the api using the default method(s).
425 ### file-properties: feature name="urn:AGL:widget:file-properties"
427 Use this feature for setting properties to files of the widget.
428 At this time, this feature only allows to set executable flag
429 for making companion program executable explicitly.
434 <feature name="urn:AGL:widget:file-properties">
435 <param name="flite" value="executable" />
436 <param name="jtalk" value="executable" />
440 #### file-properties: param name="path"
442 The name is the relative path of the file whose property
445 The value must be "executable" to make the file executable.
447 ## Known content types
449 The configuration file ***/etc/afm/afm-unit.conf*** defines
450 how to create systemd units for widgets.
452 Known types for the type of content are:
456 content.src designates the home page of the application
458 - ***application/vnd.agl.native***
459 AGL compatible native,
460 content.src designates the relative path of the binary.
462 - ***application/vnd.agl.service***:
463 AGL service, content.src is not used.
465 - ***application/x-executable***:
467 content.src designates the relative path of the binary.
468 For such application, only security setup is made.
470 Adding more types is easy, it just need to edit the configuration
471 file ***afm-unit.conf***.
473 ### Older content type currently not supported at the moment
475 This types were defined previously when the framework was not
477 The transition to systemd let these types out at the moment.
479 - ***application/vnd.agl.url***
480 - ***text/vnd.qt.qml***, ***application/vnd.agl.qml***
481 - ***application/vnd.agl.qml.hybrid***
482 - ***application/vnd.agl.html.hybrid***
486 ## The configuration file afm-unit.conf
488 The integration of the framework with systemd
489 mainly consists of creating the systemd unit
490 files corresponding to the need and requirements
491 of the installed widgets.
493 This configuration file named `afm-unit.conf` installed
494 on the system with the path `/etc/afm/afm-unit.conf`
495 describes how to generate all units from the *config.xml*
496 configuration files of widgets.
497 The description uses an extended version of the templating
498 formalism of [mustache][] to describes all the units.
500 Let present how it works using the following diagram that
501 describes graphically the workflow of creating the unit
502 files for systemd `afm-unit.conf` from the configuration
503 file of the widget `config.xml`:
505 ![make-units](pictures/make-units.svg)
507 In a first step, and because [mustache][] is intended
508 to work on JSON representations, the configuration file is
509 translated to an internal JSON representation.
510 This representation is shown along the examples of the documentation
511 of the config files of widgets.
513 In a second step, the mustache template `afm-unit.conf`
514 is instantiated using the C library [mustach][] that follows
515 the rules of [mustache][mustache] and with all its available
518 - use of colon (:) for explicit substitution
519 - test of values with = or =!
521 In a third step, the result of instantiating `afm-unit.conf`
522 for the widget is split in units.
523 To achieve that goal, the lines containing specific directives are searched.
524 Any directive occupy one full line.
528 Produce an empty line at the end
529 - %begin systemd-unit
531 Delimit the produced unit, its begin and its end
533 - %systemd-unit system
534 Tells the kind of unit (user/system)
535 - %systemd-unit service NAME
536 - %systemd-unit socket NAME
537 Gives the name and type (service or socket) of the unit.
538 The extension is automatically computed from the type
539 and must not be set in the name.
540 - %systemd-unit wanted-by NAME
541 Tells to install a link to the unit in the wants of NAME
543 Then the computed units are then written to the filesystem
544 and inserted in systemd.
546 The generated unit files will contain variables for internal
547 use of the framework.
548 These variables are starting with `X-AFM-`.
549 The variables starting with `X-AFM-` but not with `X-AFM--` are
550 the public variables.
551 These variables will be returned by the
552 framework as the details of an application (see **afm-util detail ...**).
554 Variables starting with `X-AFM--` are private to the framework.
555 By example, the variable `X-AFM--http-port` is used to
556 record the allocated port for applications.
558 [mustach]: https://gitlab.com/jobol/mustach "basic C implementation of mustache"
559 [mustache]: http://mustache.github.io/mustache.5.html "mustache - Logic-less templates"
560 [widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
561 [widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
562 [libxml2]: http://xmlsoft.org/html/index.html "libxml2"
563 [app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
564 [meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
565 [openssl]: https://www.openssl.org "OpenSSL"
566 [xmlsec]: https://www.aleksey.com/xmlsec "XMLSec"
567 [json-c]: https://github.com/json-c/json-c "JSON-c"
568 [d-bus]: http://www.freedesktop.org/wiki/Software/dbus "D-Bus"
569 [libzip]: http://www.nih.at/libzip "libzip"
570 [cmake]: https://cmake.org "CMake"
571 [security-manager]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Security_Manager "Security-Manager"
572 [tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
573 [tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
574 [semantic-version]: http://semver.org/ "Semantic versioning"