From 97b29fd1c5339ea1590051fb1216d57fe52d345a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jos=C3=A9=20Bollo?= Date: Thu, 12 Oct 2017 23:10:07 +0200 Subject: [PATCH] af-main: Handle users from the system scope MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit To simplify the management of users while keeping systemd as launcher, this evolution anchors the framework in the system level. This also introduce a new version of afm-system-daemon that is 100% a binding of the binder and that consequently offers natively a websocket API. Change-Id: I1bbb48d0c01d0f6fd3c8dfca90febbe8147cf204 Signed-off-by: José Bollo Reviewed-on: https://gerrit.automotivelinux.org/gerrit/12139 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account Reviewed-by: Stéphane Desneux Reviewed-by: Jan-Simon Moeller --- .../agl-login-manager/agl-login-manager_0.1.bb | 22 +++----- .../agl-login-manager/files/agl-user-session.pamd | 3 -- .../files/agl-user-session@.service | 18 ------- .../run-agl-postinsts/run-agl-postinsts | 1 + .../af-main/Hack-to-allow-the-debugging.patch | 6 +-- .../recipes-core/af-main/af-main/afm-install | 45 ---------------- .../recipes-core/af-main/af-main_1.0.bb | 62 +++++++++------------- .../recipes-core/af-main/af-main_1.0.inc | 8 +-- 8 files changed, 37 insertions(+), 128 deletions(-) delete mode 100644 meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd delete mode 100644 meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service delete mode 100755 meta-app-framework/recipes-core/af-main/af-main/afm-install diff --git a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb index 44a4fd36a..22f52c4ec 100644 --- a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb +++ b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb @@ -8,18 +8,14 @@ inherit agl-graphical SRC_URI += " \ file://user-config.service \ file://user-config.path \ - file://agl-user-session.pamd \ - file://agl-user-session@.service \ " LOGIN_USER ??="1001 1002" -do_install_append() { +RDEPENDS_${PN} += "af-main" - install -d ${D}${sysconfdir}/pam.d/ - install -m 0644 ${WORKDIR}/agl-user-session.pamd ${D}${sysconfdir}/pam.d/agl-user-session +do_install_append() { - install -d ${D}${systemd_user_unitdir} install -d ${D}${systemd_user_unitdir}/default.target.wants install -m 0644 ${WORKDIR}/user-config.service ${D}${systemd_user_unitdir} install -m 0644 ${WORKDIR}/user-config.path ${D}${systemd_user_unitdir} @@ -29,19 +25,13 @@ do_install_append() { sed -e 's,@DISPLAY_XDG_RUNTIME_DIR@,${DISPLAY_XDG_RUNTIME_DIR},g' \ -i ${D}${systemd_user_unitdir}/user-config.path - ln -sf ${systemd_user_unitdir}/user-config.path ${D}${systemd_user_unitdir}/default.target.wants + ln -s ../user-config.path ${D}${systemd_user_unitdir}/default.target.wants/user-config.path - install -d ${D}${systemd_unitdir}/system/ - install -d ${D}${systemd_unitdir}/system/multi-user.target.wants/ - install -m 0644 ${WORKDIR}/agl-user-session@.service ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_system_unitdir}/multi-user.target.wants/ for AGL_USER in ${LOGIN_USER};do - ln -sf ${systemd_system_unitdir}/agl-user-session@.service ${D}${systemd_unitdir}/system/multi-user.target.wants/agl-user-session@${AGL_USER}.service; + ln -s ../afm-user-session@.service ${D}${systemd_system_unitdir}/multi-user.target.wants/afm-user-session@${AGL_USER}.service done } -FILES_${PN} += "${sysconfdir}/pam.d/agl-user-session" -FILES_${PN} += "${systemd_user_unitdir}/*" -FILES_${PN} += "${libdir}/systemd/user/default.target.wants/*" -FILES_${PN} += "${systemd_unitdir}/system/agl-user-session@.service" -FILES_${PN} += "${systemd_unitdir}/system/multi-user.target.wants/*" +FILES_${PN} += "${systemd_user_unitdir} ${systemd_system_unitdir}" diff --git a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd b/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd deleted file mode 100644 index 462c3648b..000000000 --- a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session.pamd +++ /dev/null @@ -1,3 +0,0 @@ -account include common-account -session required pam_loginuid.so -session include common-session diff --git a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service b/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service deleted file mode 100644 index b128a40c8..000000000 --- a/meta-agl/recipes-config/agl-login-manager/files/agl-user-session@.service +++ /dev/null @@ -1,18 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=User Manager for UID %i -After=systemd-user-sessions.service - -[Service] -User=%i -PAMName=agl-user-session -ExecStart=-/bin/sleep 2147483648 -KillMode=mixed -Delegate=yes -TasksMax=infinity diff --git a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts index 87ec0e13b..1d1a5a059 100755 --- a/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts +++ b/meta-agl/recipes-devtools/run-agl-postinsts/run-agl-postinsts/run-agl-postinsts @@ -40,6 +40,7 @@ exec_postinst_scriptlets() { remove_agl_pi_dir=1 exec_postinst_scriptlets +systemctl daemon-reload # since all postinstalls executed successfully, remove the postinstalls directory if [ $remove_agl_pi_dir = 1 ]; then diff --git a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch index 44e8bce1e..14a26fbe2 100644 --- a/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch +++ b/meta-app-framework/recipes-core/af-main/af-main/Hack-to-allow-the-debugging.patch @@ -11,10 +11,10 @@ Change-Id: I2f10f0cb1fce2ee30bd0754ad2e7bc8e2f6513aa conf/afm-user-daemon.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/conf/afm-user-daemon.conf b/conf/afm-user-daemon.conf +diff --git a/conf/user/afm-user-daemon.conf b/conf/user/afm-user-daemon.conf index 801c7ae..98a3152 100644 ---- a/conf/afm-user-daemon.conf -+++ b/conf/afm-user-daemon.conf +--- a/conf/user/afm-user-daemon.conf ++++ b/conf/user/afm-user-daemon.conf @@ -25,7 +25,7 @@ diff --git a/meta-app-framework/recipes-core/af-main/af-main/afm-install b/meta-app-framework/recipes-core/af-main/af-main/afm-install deleted file mode 100755 index 83744ebae..000000000 --- a/meta-app-framework/recipes-core/af-main/af-main/afm-install +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -pretty() { - sed \ - -e '/^method return .*/d' \ - -e 's/^Error org.freedesktop.DBus.Error.Failed: "\?\(.*\)"\?$/ERROR: \1/' \ - -e 's/^ string "\(.*\)"/\1/' \ - -e 's/},/&\n/' -} - -send() { - dbus-send --system --print-reply \ - --dest=org.AGL.afm.system \ - /org/AGL/afm/system \ - org.AGL.afm.system.$1 \ - "string:$2" | - pretty - return ${PIPESTATUS[0]} -} - -case "$1" in - - add|install) - f=$(realpath $2) - send install '{"wgt":"'"$f"'","force":true,"reload":false}' - ;; - - -h|--help|help) - cat << EOC - -The commands are: - - add wgt - install wgt install the wgt file - -EOC - ;; - - *) - echo "unknown command $1" >&2 - exit 1 - ;; -esac - - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 52a8fe29d..9da5d088e 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -1,7 +1,6 @@ require af-main_${PV}.inc # NOTE: using libcap-native and setcap in install doesn't work -# NOTE: there is no SYSTEMD_USER_SERVICE_... # NOTE: maybe setting afm_name to agl-framework is cleaner but has implications # NOTE: there is a hack of security for using groups and dbus (to be checked) # NOTE: using ZIP programs creates directories with mode 777 (very bad) @@ -13,6 +12,7 @@ SECTION = "base" DEPENDS = "openssl libxml2 xmlsec1 systemd libzip json-c systemd security-manager af-binder" DEPENDS_class-native = "openssl libxml2 xmlsec1 libzip json-c" +RDEPENDS_${PN}_class-target += "af-binder-tools" PACKAGE_WRITE_DEPS_append_smack = " smack-userspace-native libcap-native" @@ -43,9 +43,6 @@ USERADD_PACKAGES = "${PN}" USERADD_PARAM_${PN} = "-g ${afm_name} -d ${afm_datadir} -r ${afm_name}" GROUPADD_PARAM_${PN} = "-r ${afm_name}" -SYSTEMD_SERVICE_${PN} = "afm-system-daemon.service" -SYSTEMD_AUTO_ENABLE = "enable" - FILES_${PN} += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '${systemd_user_unitdir}/afm-user-daemon.service', '', d)} \ " @@ -57,27 +54,24 @@ SRC_URI += "\ file://Hack-to-allow-the-debugging.patch \ " -# tools used to install wgt at first boot -SRC_URI += "\ - file://afm-install \ -" - do_install_append_class-target() { install -d ${D}${bindir} install -d -m 0775 ${D}${systemd_units_root}/system + install -d -m 0775 "${D}${systemd_units_root}/system/afm-user-session@.target.wants" install -d -m 0775 ${D}${systemd_units_root}/user - install -d -m 0775 ${D}${systemd_units_root}/system/default.target.wants install -d -m 0775 ${D}${systemd_units_root}/user/default.target.wants - install -d -m 0775 ${D}${systemd_units_root}/system/sockets.target.wants install -d -m 0775 ${D}${systemd_units_root}/user/sockets.target.wants install -d ${D}${afm_datadir}/applications install -d ${D}${afm_datadir}/icons if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - mkdir -p ${D}${sysconfdir}/systemd/system/default.target.wants - mkdir -p ${D}${sysconfdir}/systemd/user/default.target.wants - ln -sf ${systemd_user_unitdir}/afm-user-daemon.service ${D}${sysconfdir}/systemd/user/default.target.wants + install -d -m 0755 ${D}${systemd_user_unitdir}/default.target.wants + ln -s ../afm-user-daemon.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-daemon.service + install -d -m 0755 ${D}${systemd_system_unitdir}/default.target.wants + install -d -m 0755 ${D}${systemd_system_unitdir}/sockets.target.wants + ln -sf ../afm-system-daemon.service ${D}${systemd_system_unitdir}/default.target.wants/afm-system-daemon.service + ln -sf ../afm-system-daemon.socket ${D}${systemd_system_unitdir}/sockets.target.wants/afm-system-daemon.socket + ln -s ../afm-user-session@.service ${D}${systemd_user_unitdir}/default.target.wants/afm-user-session@0.service fi - install -m 0755 ${WORKDIR}/afm-install ${D}${bindir} echo "QT_WAYLAND_SHELL_INTEGRATION=ivi-shell" > ${D}${afm_confdir}/unit.env.d/qt-for-ivi-shell } @@ -87,34 +81,28 @@ do_install_append_porter() { pkg_postinst_${PN}() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - for SYS in "system" "user";do - for DEST in "sockets.target.wants" "default.target.wants" ".";do - chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; - done - done + chgrp ${afm_name} $D${systemd_units_root}/system + chgrp ${afm_name} $D${systemd_units_root}/system/afm-user-session@.target.wants + chgrp ${afm_name} $D${systemd_units_root}/user/default.target.wants + chgrp ${afm_name} $D${systemd_units_root}/user/sockets.target.wants fi - for DEST in "applications" "icons" ".";do - chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; - done - setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + chown ${afm_name}:${afm_name} $D${afm_datadir} + chown ${afm_name}:${afm_name} $D${afm_datadir}/applications + chown ${afm_name}:${afm_name} $D${afm_datadir}/icons } -pkg_postinst_${PN}_smack() { +pkg_postinst_${PN}_append_smack() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - for SYS in "system" "user";do - for DEST in "sockets.target.wants" "default.target.wants" ".";do - chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; - chsmack -a 'System::Shared' -t $D${systemd_units_root}/${SYS}/${DEST}; - done - done + chsmack -a 'System::Shared' -t $D${systemd_units_root}/system + chsmack -a 'System::Shared' -t $D${systemd_units_root}/system/afm-user-session@.target.wants + chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/default.target.wants + chsmack -a 'System::Shared' -t $D${systemd_units_root}/user/sockets.target.wants fi - for DEST in "applications" "icons" ".";do - chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; - chsmack -a 'System::Shared' -t $D${afm_datadir}/${DEST}; - done - setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon + chsmack -a 'System::Shared' -t $D${afm_datadir} + chsmack -a 'System::Shared' -t $D${afm_datadir}/applications + chsmack -a 'System::Shared' -t $D${afm_datadir}/icons } -FILES_${PN} += " ${systemd_units_root} " +FILES_${PN} += "${systemd_units_root}/* ${systemd_system_unitdir} ${systemd_user_unitdir}" PACKAGES =+ "${PN}-binding ${PN}-binding-dbg" FILES_${PN}-binding = " ${afb_binding_dir}/afm-main-binding.so " diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc index 472bb55f1..13736aee3 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.inc +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.inc @@ -8,13 +8,9 @@ HOMEPAGE = "https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-f LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI_git = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}" -SRC_URI_files = "" -SRC_URI = "${SRC_URI_git} \ - ${SRC_URI_files} \ - " +SRC_URI = "git://gerrit.automotivelinux.org/gerrit/src/app-framework-main;protocol=https;branch=${AGL_BRANCH}" -SRCREV = "2bbe66dda7fadf2d08a57e2b0e0fa8841a118c81" +SRCREV = "1bec325ee85192eba57673750b9e4a77a1a970c8" PV = "${AGL_BRANCH}+git${SRCPV}" S = "${WORKDIR}/git" -- 2.16.6