applaunchd: update and install agl-app@ template and sandboxing configs

The new applaunchd adds systemd_manager that allows launching apps as systemd
services in a sandboxed environment. And dbus_activation_manager is deprecated.

* Update SRCREV for the new code
* Bump version to indicate a major change
* Install supporting config files
* Add build dependency on systemd
* Add runtime dependency on polkit rule to manage agl-app@ services

Bug-AGL: SPEC-4466
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Change-Id: I01b0247d18be8d97b4ea2866d161cffbda8f9155
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27752
Reviewed-by: Marius Vlad <marius.vlad@collabora.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Reviewed-by: Scott Murray <scott.murray@konsulko.com>
Tested-by: Jenkins Job builder account

diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service
new file mode 100644 (file)
index 0000000..c8361fa
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Sandboxed %I
+
+[Service]
+Type=simple
+User=agl-driver
+ExecStart=%i
+Environment=XDG_RUNTIME_DIR=/run/user/1001/

diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf
new file mode 100644 (file)
index 0000000..c7c4f8a
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf
@@ -0,0 +1,2 @@
+[Service]
+PrivateNetwork=true

diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf
new file mode 100644 (file)
index 0000000..0bdba7c
--- /dev/null
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf
@@ -0,0 +1,2 @@
+[Service]
+PrivateTmp=yes

diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
index 2457b67..5c2036a 100644 (file)
--- a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
+++ b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb
@@ -8,21 +8,37 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ae6497158920d9524cf208c09cc4c984"
 DEPENDS = " \
     glib-2.0 \
     glib-2.0-native \
+    systemd \
 "
 
-PV      = "1.0+git${SRCPV}"
+PV = "2.0+git${SRCPV}"
 
 SRC_URI = " \
-        git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH}  \
-        "
-SRCREV = "c84836ec5ddaf2d0e91c46713475c35652bb540f"
+    git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH}  \
+    file://agl-app@.service \
+    file://no-network.conf \
+    file://private-tmp.conf \
+"
+SRCREV = "efbd734aca8b813710d7564d79696b1cf150a88c"
 
-S       = "${WORKDIR}/git"
+S = "${WORKDIR}/git"
 
 inherit meson pkgconfig
 
+do_install:append() {
+    # Install generic template for all agl-app services
+    mkdir -p ${D}${sysconfdir}/systemd/system/
+    install -m 644 ${WORKDIR}/agl-app@.service ${D}${sysconfdir}/systemd/system/
+
+    # Install individual sandboxing overrides/drop-ins to be used by apps
+    mkdir -p ${D}${sysconfdir}/systemd/sandboxing/
+    install -m 644 ${WORKDIR}/no-network.conf ${D}${sysconfdir}/systemd/sandboxing/
+    install -m 644 ${WORKDIR}/private-tmp.conf ${D}${sysconfdir}/systemd/sandboxing/
+}
+
 FILES:${PN} += " ${datadir}/dbus-1/"
 
 RDEPENDS:${PN} += " \
     agl-session \
+    polkit-rule-agl-app \
 "