diff --git a/meta-flatpak/classes/flatpak-config.bbclass b/meta-flatpak/classes/flatpak-config.bbclass new file mode 100644 index 0000000000..094d76316c --- /dev/null +++ b/meta-flatpak/classes/flatpak-config.bbclass @@ -0,0 +1,65 @@ +# We expect to find our scripts here, in the scripts subdirectory. +FLATPAKBASE = "${FLATPAK_LAYERDIR}" + +# Flatpak image base. We need to use this often in path names to avoid +# conflicts for repos of different ${MACHINES}. Although flatpak uses +# ostree as the backend for its repositories, the runtime branch naming +# conventions for flatpak ostree repositories is strict. Branches names +# must be of the form +# +# runtime/ID/ARCH/VERSION +# +# Any other branches are silently ignored by flatpak. Therefore we cannot +# easily reuse (primary) repositories across multiple ${MACHINES} wihtout +# running into branch-naming conflicts. It is technically possible to share +# a primary bare-user repository if we teach the repository-exporting bits +# to do clever branch-name translations when pulling to the destination +# (exported, archive-z2) repository. However, since the exported repos anyway +# cannot be shared in this way there is not much point in doing so. +# +# As an additional restriction, ARCH must be from a known set, which is the +# one commonly used by the kernel, package managers, etc (although there is +# a slight chance that non-standard ARCHs work if explicitly overridden from +# the command-line... needs to be either tested or checked from the sources). +# +# Therefore, we translate ${MACHINE} to ${BUILD_ARCH} a.k.a ${FLATPAK_ARCH} +# in branch names while use ${MACHINE} as such in repository names. +# +FLATPAK_PN ?= "${@d.getVar('PN').split('-flatpak-')[0]}" + +# Canonical ARCH flatpak will understand. +FLATPAK_ARCH ?= "${BUILD_ARCH}" + +# Per-build per-${MACHINE} per-image primary bare-user flatpak repository. +FLATPAK_REPO = "${WORKDIR}/${FLATPAK_PN}.flatpak.${MACHINE}.bare-user" + +# This is an archive-z2 repository where we export our builds for testing. +# This can be exposed over HTTP for consumption by flatpak. Among other +# things, this can be used to pull in the generated BaseSdk and BasePlatform +# repository branches to a development host for building flatpak applications +# against the corresponding flatpak-enabled image. Set this to empty if you +# don't want to automatically publish to such a repository. +FLATPAK_EXPORT ?= "${DEPLOY_DIR}/${FLATPAK_PN}.flatpak.${MACHINE}.archive-z2" + +# We use the domain and the (canonical) branch together with ${MACHINE} to +# construct the full flatpak REFs of our base and SDK runtimes. The full REF +# is considered the canonical branch and is constructed as: +# +# runtime/${FLATPAK_DOMAIN}.Base{Platform,Sdk}/${FLATPAK_ARCH}/${FLATPAK_BRANCH} +# +# Optionally we publish builds as two additional branches: +# +# - an optional rolling 'latest' corresponding to the last build +# - an optional rolling 'build' tagged with the ${BUILD_ID} +# +# Setting the corresponding variables for the optional branches to empty +# disables publishing/creating those branches. +# +FLATPAK_DOMAIN ?= "org.example" +FLATPAK_BRANCH ?= "${DISTRO_VERSION}" +FLATPAK_LATEST ?= "${DISTRO}/${FLATPAK_PN}/latest" +FLATPAK_BUILD ?= "${DISTRO}/${FLATPAK_PN}/build/${BUILD_ID}" + +# This is the GPG key id of our repository signing key. If you set this to +# empty, signing is disabled altogether. +FLATPAK_GPGID ?= "refkit-signing@key" diff --git a/meta-flatpak/classes/flatpak-image-variants.bbclass b/meta-flatpak/classes/flatpak-image-variants.bbclass new file mode 100644 index 0000000000..153088e78a --- /dev/null +++ b/meta-flatpak/classes/flatpak-image-variants.bbclass @@ -0,0 +1,39 @@ +IMAGE_FEATURES[validitems] += " \ + flatpak \ + tools-sdk \ + dev-pkgs \ + tools-debug \ + tools-profile \ +" + +FEATURE_PACKAGES_flatpak = " \ + packagegroup-flatpak \ +" + +# +# Define two flatpak-related image variants. +# +# - flatpak runtime image variant 'flatpak-runtime': +# This variant corresponds to a flatpak BasePlatform runtime. In +# addition to the content of its base image, this variant has the +# necessary runtime bits for flatpak. Using this image on a device +# enables one to pull in, update and run applications as flatpaks +# from flatpak remotes/repositories. +# +# - flatpak SDK image variant 'flatpak-sdk': +# This variant corresponds to a flatpak BaseSdk runtime. It has the +# necessary bits for compiling applications and publishing them as +# flatpaks in flatpak repositories. +# +# When building these images variants, a flatpak repository will also be +# populated with the contents of these images. This repository can be used +# to flatpak-install the runtime and SDK runtimes on a development machine +# for generating flatpaks for the flatpak-runtime image variant. + +# 'flatpak-runtime' variant (runtime image for a device) +IMAGE_VARIANT[flatpak-runtime] = "flatpak" + +# 'flatpak-sdk' variant (SDK image for a development host) +IMAGE_VARIANT[flatpak-sdk] = "flatpak tools-develop tools-debug dev-pkgs" + +BBCLASSEXTEND += "imagevariant:flatpak-runtime imagevariant:flatpak-sdk" diff --git a/meta-flatpak/classes/flatpak-repository.bbclass b/meta-flatpak/classes/flatpak-repository.bbclass new file mode 100644 index 0000000000..357519aae4 --- /dev/null +++ b/meta-flatpak/classes/flatpak-repository.bbclass @@ -0,0 +1,139 @@ +# Check we have the necessary distro features enabled. +inherit distro_features_check +REQUIRED_DISTRO_FEATURES_append = " usrmerge systemd pam" + +inherit flatpak-config + +REFKIT_SIGNING_KEYS += "${FLATPAK_GPGID}" +inherit refkit-signing-keys + +# +# Create and populate a primary flatpak repository from/for an image. +# +fakeroot do_flatpak_populate_repository () { + echo "Flatpak repository population:" + echo " * FLATPAKBASE: ${FLATPAKBASE}" + echo " * IMAGE_BASENAME: ${IMAGE_BASENAME}" + + # Bail out early if flatpak is not enabled for this image. + case ${IMAGE_BASENAME} in + *-flatpak-runtime) RUNTIME_TYPE=BasePlatform;; + *-flatpak-sdk) RUNTIME_TYPE=BaseSdk;; + *) + echo "${IMAGE_BASENAME} is not a flatpak-enabled image..." + return 0 + ;; + esac + + echo "${IMAGE_BASENAME} is a flatpak $RUNTIME_TYPE image" + + if [ -n "${FLATPAK_GPGID}" ]; then + GPG_SIGN="--gpg-home ${REFKIT_SIGNING_GPGDIR} \ + --gpg-id ${FLATPAK_GPGID}" + else + GPG_SIGN="" + fi + + # Hmm... it might be a better idea to either preconstruct this in + # flatpak-config and just be a postman for it here, or pass these + # separately to the backend script and let that construct these. + # XXX TODO: We'll need to revisit this and decide... + + _base="runtime/${FLATPAK_DOMAIN}.$RUNTIME_TYPE/${FLATPAK_ARCH}" + _t="" + for _b in ${FLATPAK_BRANCH} ${FLATPAK_LATEST} ${FLATPAK_BUILD}; do + BRANCHES="$BRANCHES$_t$_base/$_b" + _t="," + done + + echo "Using flatpak branches $BRANCHES for ${IMAGE_ROOTFS}..." + + # Generate/populate flatpak/OSTree repository + ${FLATPAKBASE}/scripts/flatpak-populate-repo.sh \ + --repo-path ${FLATPAK_REPO} \ + --repo-mode bare-user \ + $GPG_SIGN \ + --branches "$BRANCHES" \ + --image-sysroot ${IMAGE_ROOTFS} \ + --tmp-dir ${TMPDIR} +} + +do_flatpak_populate_repository[depends] += " \ + ostree-native:do_populate_sysroot \ + flatpak-native:do_populate_sysroot \ + gnupg1-native:do_populate_sysroot \ +" + +do_flatpak_populate_repository[vardeps] += " \ + FLATPAK_REPO \ + FLATPAK_EXPORT \ + FLATPAK_DOMAIN \ + FLATPAK_BRANCH \ + FLATPAK_LATEST \ + FLATPAK_BUILD \ + FLATPAK_GPGID \ +" + +# +# Export an image (well the bare-user repo, really) to an archive-z2 repo. +# +fakeroot do_flatpak_export_repository () { + # Bail out early if no export repository is defined. + if [ -z "${FLATPAK_EXPORT}" ]; then + echo "Flatpak repository for export not specified, skip export..." + return 0 + fi + + # Bail out early if flatpak is not enabled for this image. + case ${IMAGE_BASENAME} in + *-flatpak-runtime) RUNTIME_TYPE=BasePlatform;; + *-flatpak-sdk) RUNTIME_TYPE=BaseSdk;; + *) + echo "${IMAGE_BASENAME} is not a flatpak-enabled image..." + return 0 + ;; + esac + + echo "${IMAGE_BASENAME} is a flatpak $RUNTIME_TYPE image" + + if [ -n "${FLATPAK_GPGID}" ]; then + GPG_SIGN="--gpg-home ${REFKIT_SIGNING_GPGDIR} \ + --gpg-id ${FLATPAK_GPGID}" + else + GPG_SIGN="" + fi + + # Export to archive-z2 flatpak/OSTree repository + ${FLATPAKBASE}/scripts/flatpak-populate-repo.sh \ + --repo-path ${FLATPAK_REPO} \ + --repo-export ${FLATPAK_EXPORT} \ + --machine ${MACHINE} \ + $GPG_SIGN \ + --tmp-dir ${TMPDIR} +} + +do_flatpak_export_repository[depends] += " \ + ostree-native:do_populate_sysroot \ + flatpak-native:do_populate_sysroot \ + gnupg1-native:do_populate_sysroot \ +" + +do_flatpak_export_repository[vardeps] += " \ + FLATPAK_REPO \ + FLATPAK_EXPORT \ + FLATPAK_DOMAIN \ + FLATPAK_BRANCH \ + FLATPAK_LATEST \ + FLATPAK_BUILD \ + FLATPAK_GPGID \ + MACHINE \ +" + +addtask flatpak_populate_repository \ + after do_rootfs \ + before do_image_complete + +addtask flatpak_export_repository \ + after do_flatpak_populate_repository \ + before do_image_complete + diff --git a/meta-flatpak/classes/refkit-signing-keys.bbclass b/meta-flatpak/classes/refkit-signing-keys.bbclass new file mode 100644 index 0000000000..b795407f4c --- /dev/null +++ b/meta-flatpak/classes/refkit-signing-keys.bbclass @@ -0,0 +1,84 @@ +# +# This class can be used to generate (or import) a set of signing keys, +# for whatever purpose the build might need those. Once such purpose is +# the signing of base OS and flatpak ostree repositories. +# +# To make sure all the necessary keys get generated list them in your +# local.conf (or some other global configuration file) by setting +# REFKIT_SIGNING_KEYS to necessary key IDs. + +# Signing keys to generate, a list of key IDs. +REFKIT_SIGNING_KEYS ?= "" + +# This is where we put our GPG homedir, export keys to, etc. +REFKIT_SIGNING_GPGDIR ?= "${DEPLOY_DIR}/gnupg" + +# How long we let two parallel key generation tasks clash. +REFKIT_SIGNING_TIMEOUT ?= "60" + +# task to generate/check all requested signing keys +fakeroot do_generate_signing_keys () { + # Bail out early if we have no keys to generate. + if [ -z "${REFKIT_SIGNING_KEYS}" -o -z "${REFKIT_SIGNING_GPGDIR}" ]; then + echo "No GPG key IDs or directory set, nothing to do..." + return 0 + fi + + # When building several images in parallel (e.g. in CI), we have to + # make sure we don't let two tasks start generating the same signing + # key into the keyring. While GPG itself seems to semi-gracefully + # survive a keyring with duplicate key ids, gpgme (or maybe just ostree, + # I did not bother checking it) segfaults in such a case. + # Therefore, we have this unholy kludge where we use mkdir(2) as a + # lock, and let the task getting there first do the deed, while the + # second one just waits for the first to finish (and consequently causes + # its own dependent tasks to properly wait for the keys to get generated). + # Yuck... + + dir="${REFKIT_SIGNING_GPGDIR}" + mkdir -p "${dir%/*}" + mkdir "${dir}.lock" || { # Forgive me Thompson&Dijkstra, for I have sinned... + slept=0 + for id in ${REFKIT_SIGNING_KEYS}; do + while [ $slept -lt ${REFKIT_SIGNING_TIMEOUT} ]; do + if [ ! -e ${dir}/$id.sec ]; then + echo "Waiting for generation of signing key $id..." + sleep 1 + let slept=$slept+1 + else + echo "Got signing key $id..." + break + fi + done + done + if [ $slept -ge ${REFKIT_SIGNING_TIMEOUT} ]; then + echo "Signing key generation timed out..." + return 1 + else + return 0 + fi + } + + dir="${REFKIT_SIGNING_GPGDIR}" + for id in ${REFKIT_SIGNING_KEYS}; do + pubkey="$dir/$id.pub" + seckey="$dir/$id.sec" + + # Generate repository signing GPG keys, if we don't have them yet. + echo "Generating/checking signing key $id..." + + ${FLATPAKBASE}/scripts/gpg-keygen.sh \ + --home $dir \ + --id $id \ + --pub $pubkey \ + --sec $seckey + done + + rmdir "${dir}.lock" +} + +do_generate_signing_keys[depends] += " \ + gnupg1-native:do_populate_sysroot \ +" + +addtask generate_signing_keys before do_rootfs diff --git a/meta-flatpak/classes/requires-systemd.bbclass b/meta-flatpak/classes/requires-systemd.bbclass new file mode 100644 index 0000000000..0dd56d3b47 --- /dev/null +++ b/meta-flatpak/classes/requires-systemd.bbclass @@ -0,0 +1,11 @@ +# Same as systemd.bbclass but should be used by recipes which require +# systemd (as opposed to just support systemd). + + +SYSTEMD_FEATURE_class-target = "systemd" +SYSTEMD_FEATURE_class-native = "" + +REQUIRED_DISTRO_FEATURES = "${SYSTEMD_FEATURE}" +inherit distro_features_check + +inherit systemd diff --git a/meta-flatpak/conf/distro/include/flatpak.inc b/meta-flatpak/conf/distro/include/flatpak.inc new file mode 100644 index 0000000000..dc1323ed65 --- /dev/null +++ b/meta-flatpak/conf/distro/include/flatpak.inc @@ -0,0 +1,9 @@ +REFKIT_DEFAULT_DISTRO_FEATURES += " \ + usrmerge \ + systemd \ + pam \ + flatpak \ +" + +# Enable D-Bus session bus support, needed by flatpak. +PACKAGECONFIG_append_pn-dbus_refkit-config = " user-session" diff --git a/meta-flatpak/conf/layer.conf b/meta-flatpak/conf/layer.conf new file mode 100644 index 0000000000..607087c2f8 --- /dev/null +++ b/meta-flatpak/conf/layer.conf @@ -0,0 +1,16 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += " \ + ${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "flatpak-layer" +BBFILE_PATTERN_flatpak-layer = "^${LAYERDIR}/" +BBFILE_PRIORITY_flatpak-layer = "6" + +LAYERDEPENDS_flatpak-layer = "core openembedded-layer filesystems-layer" + +# Set a variable for easy access to the top directory of the flatpak layer. +FLATPAK_LAYERDIR = '${@os.path.normpath("${LAYERDIR}")}' diff --git a/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend b/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend new file mode 100644 index 0000000000..789120d5aa --- /dev/null +++ b/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend @@ -0,0 +1,33 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +# Make sure we compile with ca-certificates support enabled. +PACKAGECONFIG_append = " ca-certificates" + +DEPENDS += "ca-certificates" +RDEPENDS_${PN} += "ca-certificates" + +# We need native version for ostree-/flatpak-native. +BBCLASSEXTEND = "native" + +# OE-core's relocatable.bbclass assumes that every package which +# ends up creating a ${libdir}/pkgconfig directory in its sysroot +# will always also install .pc-files there and tries to uncondi- +# tionally update paths in those files using globbing that fails +# if no such files are present. This presumption is not true for +# glib-networking which happens to create a directory by dereferencing +# a GIO pkgconfig variable which in turn is defined relative to +# the pkgconfig directory (${pcfiledir}/../...), causing pkgconfig +# to get created. +# +# Could be worked around in the upatream recipe but since that +# does not provide/create native versions of the package and since +# this problem is related to native packages, we work around it here. +# +do_install_append_class-native () { + for _pc in ${D}${libdir}/pkgconfig/*.pc; do + case $_pc in + *'*.pc') rm -fr ${D}${libdir}/pkgconfig;; + *.pc) break;; + esac + done +} diff --git a/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb b/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb new file mode 100644 index 0000000000..abe86784c3 --- /dev/null +++ b/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb @@ -0,0 +1,9 @@ +SUMMARY = "IoT Reference OS Kit Basic Flatpak Support" +LICENSE = "MIT" + +inherit packagegroup + +RDEPENDS_${PN} = "\ + flatpak \ + flatpak-image-runtime \ +" diff --git a/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb b/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb new file mode 100644 index 0000000000..941e5c878b --- /dev/null +++ b/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb @@ -0,0 +1,26 @@ +DESCRIPTION = "Helper binary for running applications sandboxed." +HOMEPAGE = "https://github.com/projectatomic/bubblewrap" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "libcap" + +SRC_URI = " \ + git://git@github.com/projectatomic/bubblewrap;protocol=https \ +" +SRCREV = "3ebe54af1b2acb702381ec9b5610b60758d3d163" + +PV = "2016.8+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit autotools pkgconfig requires-systemd + +AUTO_LIBNAME_PKGS = "" + +# possible package configurations +PACKAGECONFIG ??= "" + +EXTRA_OECONF_class-target += "--disable-man --without-bash-completion-dir" +EXTRA_OECONF_class-native += "--disable-man --without-bash-completion-dir" + +BBCLASSEXTEND = "native" diff --git a/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb b/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb new file mode 100644 index 0000000000..adc9e63ef5 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb @@ -0,0 +1,43 @@ +SUMMARY = "A systemd service to set up a fake flatpak runtime for the image." +DESCRIPTION = "This package provides a systemd service that fakes a flatpak \ +runtime for the currently running image, using read-only bind mounts." +HOMEPAGE = "https://github.com/klihub/flatpak-image-runtime" +SECTION = "misc" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE-BSD;md5=f9f435c1bd3a753365e799edf375fc42" + +SRC_URI = " \ + git://git@github.com/klihub/flatpak-image-runtime.git;protocol=http;branch=master \ +" + +SRCREV = "d4cc5bbbe8be1a1cef4eecb1df656e60d8ad18de" + +DEPENDS = "systemd" + +inherit autotools pkgconfig requires-systemd flatpak-config + +S = "${WORKDIR}/git" + +FILES_${PN} = " \ + ${datadir}/flatpak-image-runtime \ + ${systemd_unitdir}/system/flatpak-image-runtime.service \ +" + +SYSTEMD_SERVICE_${PN} = " \ + flatpak-image-runtime.service \ +" + +EXTRA_OECONF += " \ + --with-systemdunitdir=${systemd_unitdir} \ + --with-domain=${FLATPAK_DOMAIN} \ + --with-arch=${FLATPAK_ARCH} \ + --with-branch=${FLATPAK_BRANCH} \ +" + +do_configure_prepend () { + cd ${S} + NOCONFIGURE=1 ./bootstrap + cd - +} + diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch new file mode 100644 index 0000000000..98db980016 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch @@ -0,0 +1,32 @@ +From 448424558b9cd3978fd61801172d76fa334d9a53 Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Sat, 10 Sep 2016 22:35:06 +0300 +Subject: [PATCH 1/3] autogen.sh: fall back to no gtkdocize if it is there but + fails. + +--- + autogen.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/autogen.sh b/autogen.sh +index 1cd3cee..c3a7bd4 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -37,7 +37,13 @@ else + # gtkdocize needs the macro directory to exist before + # we call autoreconf + mkdir -p m4 +- gtkdocize || exit $? ++ gtkdocize || { ++ rm -f gtk-doc.make ++ cat > gtk-doc.make < +Date: Fri, 4 Nov 2016 10:38:50 +0200 +Subject: [PATCH 2/3] common: Allow command to include command line + options/arguments. + +Allow command from the command line or from a metadata file to +contain options and arguments. Split the command by space and +add all the resulting arguments to the real argument array. + +Signed-off-by: Krisztian Litkey +--- + common/flatpak-run.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/common/flatpak-run.c b/common/flatpak-run.c +index 0cef78a..03e98f9 100644 +--- a/common/flatpak-run.c ++++ b/common/flatpak-run.c +@@ -4498,6 +4498,7 @@ flatpak_run_app (const char *app_ref, + g_autoptr(GPtrArray) real_argv_array = NULL; + g_auto(GStrv) envp = NULL; + const char *command = "/bin/sh"; ++ gchar **argv, *arg; + g_autoptr(GError) my_error = NULL; + g_auto(GStrv) runtime_parts = NULL; + int i; +@@ -4687,7 +4688,14 @@ flatpak_run_app (const char *app_ref, + NULL); + } + +- g_ptr_array_add (real_argv_array, g_strdup (command)); ++ argv = g_strsplit (command, " ", -1); ++ for (i = 0; (arg = argv[i]); i++) ++ g_ptr_array_add (real_argv_array, g_strdup (arg)); ++ g_strfreev(argv); ++ ++ for (i = 0; i < n_args; i++) ++ g_ptr_array_add (real_argv_array, g_strdup (args[i])); ++ + if (!add_rest_args (app_ref_parts[1], exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0, + doc_mount_path, + real_argv_array, args, n_args, error)) +-- +2.7.4 + diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch new file mode 100644 index 0000000000..c30dd64339 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch @@ -0,0 +1,135 @@ +From 559597e3687bd1cebb70ebcd55e674e0df9a9390 Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Fri, 4 Nov 2016 10:38:22 +0200 +Subject: [PATCH 3/3] lib: Allow passing command line argument through launch. + +Added a new function flatpak_installation_launch_with_args which is +actually a copy of the original flatpak_installation_launch slightly +modified to allow passing argument to the launched application. Also +changed the original flatpak_installation_launch to call this new +function with 0, NULL as the argument list. + +Signed-off-by: Krisztian Litkey +--- + lib/flatpak-installation.c | 58 ++++++++++++++++++++++++++++++++++++++-------- + lib/flatpak-installation.h | 9 +++++++ + 2 files changed, 57 insertions(+), 10 deletions(-) + +diff --git a/lib/flatpak-installation.c b/lib/flatpak-installation.c +index 12803d7..370c854 100644 +--- a/lib/flatpak-installation.c ++++ b/lib/flatpak-installation.c +@@ -492,16 +492,18 @@ flatpak_installation_get_storage_type (FlatpakInstallation *self) + } + + /** +- * flatpak_installation_launch: ++ * flatpak_installation_launch_with_args: + * @self: a #FlatpakInstallation + * @name: name of the app to launch + * @arch: (nullable): which architecture to launch (default: current architecture) + * @branch: (nullable): which branch of the application (default: "master") + * @commit: (nullable): the commit of @branch to launch ++ * @argc: number of command line arguments to pass to the application ++ * @argv: (nullable): command line arguments to pass to the application + * @cancellable: (nullable): a #GCancellable + * @error: return location for a #GError + * +- * Launch an installed application. ++ * Launch an installed application with the given arguments. + * + * You can use flatpak_installation_get_installed_ref() or + * flatpak_installation_get_current_installed_app() to find out what builds +@@ -510,13 +512,15 @@ flatpak_installation_get_storage_type (FlatpakInstallation *self) + * Returns: %TRUE, unless an error occurred + */ + gboolean +-flatpak_installation_launch (FlatpakInstallation *self, +- const char *name, +- const char *arch, +- const char *branch, +- const char *commit, +- GCancellable *cancellable, +- GError **error) ++flatpak_installation_launch_with_args (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ int argc, ++ char *argv[], ++ GCancellable *cancellable, ++ GError **error) + { + g_autoptr(FlatpakDir) dir = flatpak_installation_get_dir (self); + g_autofree char *app_ref = NULL; +@@ -539,11 +543,45 @@ flatpak_installation_launch (FlatpakInstallation *self, + NULL, + FLATPAK_RUN_FLAG_BACKGROUND, + NULL, +- NULL, 0, ++ argv, argc, + cancellable, error); + } + + ++/** ++ * flatpak_installation_launch: ++ * @self: a #FlatpakInstallation ++ * @name: name of the app to launch ++ * @arch: (nullable): which architecture to launch (default: current architecture) ++ * @branch: (nullable): which branch of the application (default: "master") ++ * @commit: (nullable): the commit of @branch to launch ++ * @cancellable: (nullable): a #GCancellable ++ * @error: return location for a #GError ++ * ++ * Launch an installed application. ++ * ++ * You can use flatpak_installation_get_installed_ref() or ++ * flatpak_installation_get_current_installed_app() to find out what builds ++ * are available, in order to get a value for @commit. ++ * ++ * Returns: %TRUE, unless an error occurred ++ */ ++gboolean ++flatpak_installation_launch (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ return flatpak_installation_launch_with_args(self, name, ++ arch, branch, commit, ++ 0, NULL, ++ cancellable, error); ++} ++ ++ + static FlatpakInstalledRef * + get_ref (FlatpakDir *dir, + const char *full_ref, +diff --git a/lib/flatpak-installation.h b/lib/flatpak-installation.h +index 089d510..c5d352b 100644 +--- a/lib/flatpak-installation.h ++++ b/lib/flatpak-installation.h +@@ -148,6 +148,15 @@ FLATPAK_EXTERN gboolean flatpak_installation_launch (FlatpakInstalla + const char *commit, + GCancellable *cancellable, + GError **error); ++FLATPAK_EXTERN gboolean flatpak_installation_launch_with_args (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ int argc, ++ char *argv[], ++ GCancellable *cancellable, ++ GError **error); + FLATPAK_EXTERN GFileMonitor *flatpak_installation_create_monitor (FlatpakInstallation *self, + GCancellable *cancellable, + GError **error); +-- +2.7.4 + diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb b/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb new file mode 100644 index 0000000000..6ecbe5f42a --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb @@ -0,0 +1,85 @@ +DESCRIPTION = "Versioned Application/Runtime Respository." +HOMEPAGE = "http://flatpak.org" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = " \ + gitsm://git@github.com/flatpak/flatpak;protocol=https \ + file://0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch \ + file://0002-common-Allow-command-to-include-command-line-options.patch \ + file://0003-lib-Allow-passing-command-line-argument-through-laun.patch \ +" + +SRCREV = "1a49029f9d8fbee0338665522cf7432ae7485841" + +PV = "0.9.3+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit autotools pkgconfig gettext requires-systemd gobject-introspection + +DEPENDS = " \ + glib-2.0 json-glib libsoup-2.4 libarchive elfutils fuse \ + ostree libassuan libgpg-error bubblewrap systemd \ +" + +DEPENDS_class-native = " \ + glib-2.0-native libsoup-2.4-native json-glib-native libarchive-native \ + elfutils-native fuse-native ostree-native \ + libassuan-native libgpg-error-native bubblewrap-native \ +" + +RDEPENDS_${PN}_class-target = " \ + bubblewrap \ + ca-certificates \ +" + +AUTO_LIBNAME_PKGS = "" + +# package configuration +PACKAGECONFIG ?= "" + +PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,seccomp" +PACKAGECONFIG[x11] = "--enable-xauth,--disable-xauth,x11" +PACKAGECONFIG[system-helper] = "--enable-system-helper,--disable-system-helper,poklit" + +EXTRA_OECONF += " \ + --disable-docbook-docs \ + --disable-gtk-doc-html \ + --disable-documentation \ + --with-systemdsystemunitdir=${systemd_unitdir}/system \ +" + +# package content +PACKAGES =+ " \ + ${PN}-build \ + ${PN}-bash-completion \ + ${PN}-gdm \ +" + +FILES_${PN} += " \ + ${libdir}/systemd/user/*.service \ + ${libdir}/systemd/user/dbus.service.d/*.conf \ + ${libdir}/girepository-1.0 \ + ${datadir}/gir-1.0 \ + ${datadir}/dbus-1/services/*.service \ + ${datadir}/dbus-1/interfaces/*.xml \ +" + +FILES_${PN}-build = "${bindir}/flatpak-builder" + +FILES_${PN}-bash-completion = " \ + ${sysconfdir}/profile.d/flatpak.sh \ + ${datadir}/bash-completion/completions/flatpak \ +" + +FILES_${PN}-gdm = " \ + ${datadir}/gdm/env.d/flatpak.env \ +" + +do_configure_prepend() { + cd ${S} + NOCONFIGURE=1 ./autogen.sh + cd - +} + +BBCLASSEXTEND = "native" diff --git a/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch b/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch new file mode 100644 index 0000000000..1dd655064a --- /dev/null +++ b/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch @@ -0,0 +1,32 @@ +From 6a025e5eb379ae4b813eedba43f622abd8244ade Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Sat, 10 Sep 2016 22:15:21 +0300 +Subject: [PATCH] autogen.sh: fall back to no gtkdocize if it is there but + fails. + +--- + autogen.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/autogen.sh b/autogen.sh +index 0f32089..00f5069 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -25,7 +25,13 @@ EXTRA_DIST = + CLEANFILES = + EOF + else +- gtkdocize ++ gtkdocize || { ++ rm -f gtk-doc.make ++ cat > gtk-doc.make < path to flatpak repository to populate" + echo " --repo-mode repository mode [bare-user]" + echo " --repo-export export the image also to archive-z2 " + echo " --gpg-home GPG home directory for keyring" + echo " --gpg-id GPG key id to use for signing" + echo " --branches branches to commit/export to repository" + echo " --machine full MACHINE" + echo " --image-sysroot image sysroot directory" + echo " --tmpdir temporary directory to use" + echo " --subject commit subject message" + echo " --body commit body message" + echo " --image-libs provided image library file" + echo " --help print this help and exit" + + if [ -n "$*" ]; then + exit 1 + else + exit 0 + fi +} + +# Parse the command line. +parse_command_line () { + while [ -n "$1" ]; do + case $1 in + --repo-path|--repo|-r) + REPO_PATH=$2 + shift 2 + ;; + --repo-mode) + REPO_MODE=$2 + shift 2 + ;; + + --repo-export|--export|-e) + REPO_EXPORT=$2 + shift 2 + ;; + + --gpg-home|--gpg-homedir) + GPG_HOME=$2 + shift 2 + ;; + + --gpg-id) + GPG_ID=$2 + shift 2 + ;; + + --branches) + REPO_BRANCHES="$2" + shift 2 + ;; + + --machine) + MACHINE="$2" + shift 2 + ;; + + --image-sysroot|--image) + IMAGE_SYSROOT=$2 + shift 2 + ;; + + --tmp-dir|--tmp) + TMPDIR=$2 + shift 2 + ;; + + --subject) + COMMIT_SUBJECT="$2" + shift 2 + ;; + + --body) + COMMIT_BODY="$2" + shift 2 + ;; + + --image-libs|--libs) + LIBRARIES=$2 + shift 2 + ;; + + --help|-h) + print_usage + exit 0 + ;; + + *) + print_usage "Unknown command line option/argument $1." + ;; + esac + done + + if [ -z "$REPO_PATH" ]; then + print_usage "missing repository path (--repo-path)" + fi + + if [ ! -e "$REPO_PATH" -a -z "$IMAGE_SYSROOT" ]; then + print_usage "missing image sysroot (--image-sysroot)" + fi + + if [ ! -d $REPO_PATH -a -z "$REPO_BRANCHES" ]; then + print_usage "missing branches (--branches)" + fi + + if [ -z "$TMPDIR" ]; then + TMPDIR="$IMAGE_SYSROOT.flatpak-tmp.$$" + else + TMPDIR="$TMPDIR/flatpak-tmp.$$" + fi + + FLATPAK_SYSROOT=$TMPDIR/flatpak-sysroot + METADATA=$FLATPAK_SYSROOT/metadata +} + +# Create image metadata file for the repository. +metadata_generate () { + local _platform _sdk _name + local _sdk + + msg "* Generating metadata file ($METADATA)..." + + _platform="${REPO_BRANCHES%%,*}" + _platform="${_platform#runtime/}" + _sdk="${_platform/BasePlatform/BaseSdk}" + _name="${_platform%%/*}" + + (echo "[Runtime]" + echo "name=$_name" + echo "runtime=$_platform" + echo "sdk=$_sdk") > $METADATA +} + +# Populate temporary sysroot with flatpak-translated path names. +sysroot_populate () { + msg "* Creating flatpak sysroot ($FLATPAK_SYSROOT) from $IMAGE_SYSROOT..." + + mkdir -p $FLATPAK_SYSROOT + bsdtar -C $IMAGE_SYSROOT -cf - ./usr ./etc | \ + bsdtar -C $FLATPAK_SYSROOT \ + -s ":^./usr:./files:S" \ + -s ":^./etc:./files/etc:S" \ + -xvf - +} + +# Clean up temporary sysroot. +sysroot_cleanup () { + msg "* Cleaning up $TMPDIR, $FLATPAK_SYSROOT..." + rm -rf $TMPDIR +} + +# Initialize flatpak/OSTree repository, if necessary. +repo_create () { + local _path="$1" + local _mode="${2:-bare-user}" + + if [ -d $_path ]; then + if [ -f $_path/config -a grep -q $_mode $_path/config ]; then + msg "* Using existing $_mode repository $_path..." + return 0 + fi + + fatal "Existing repository $_path is not a $_mode repo." + fi + + msg "* Creating $_mode repository $_path..." + + mkdir -p $_path + ostree --repo=$_path init --mode=$_mode +} + +# Populate the repository. +repo_populate () { + local _b _ref _content + + # OSTree can't handle files with no read permission + msg "* Fixup permissions for OSTree..." + find $FLATPAK_SYSROOT -type f -exec chmod u+r {} \; + + IMAGE_VERSION=$(cat $IMAGE_SYSROOT/etc/version) + if [ -z "$COMMIT_SUBJECT" ]; then + COMMIT_SUBJECT="Commit of image $IMAGE_VERSION." + fi + + #IMAGE_BUILD="$(cat $IMAGE_SYSROOT/etc/build)" + if [ -z "$COMMIT_BODY" ]; then + COMMIT_BODY="Commit of image $IMAGE_VERSION." + fi + + _ref="" + for _b in ${REPO_BRANCHES//,/ }; do + if [ -z "$_ref" ]; then + msg "* Committing base/canonical branch $_b..." + _content="$FLATPAK_SYSROOT" + _ref=$_b + else + msg "* Committing additional branch $_b..." + _content="--tree=ref=$_ref" + fi + + ostree --repo=$REPO_PATH commit \ + $GPG_SIGN \ + --owner-uid=0 --owner-gid=0 --no-xattrs \ + --subject "$COMMIT_SUBJECT" \ + --body "$COMMIT_BODY" \ + --branch=$_b $_content + + msg "* Updating repository summary..." + ostree --repo=$REPO_PATH summary -u $GPG_SIGN + done +} + +# Mirror the branch we created to our export repository. +repo_export () { + local _from="$1" + local _to="${2:-$_from.archive-z2}" + local _ref + + for _ref in $(ostree --repo=$_from refs); do + msg "* Exporting branch $_ref to $_to..." + ostree --repo=$_to pull-local $_from $_ref + ostree --repo=$_to summary -u $GPG_SIGN + done + + repo_apache_config $_to +} + +# Generate and HTTP configuration fragment for the exported repository. +repo_apache_config () { + local _path=$1 + local _alias + + cd $_path && _path=$(pwd) && cd - >& /dev/null + if [ -n "${MACHINE}" ]; then + _alias="/flatpak/${MACHINE}/" + else + _alias="/flatpak/" + fi + + msg "* Generating apache2 config fragment for $_path..." + (echo "Alias \"$_alias\" \"$_path/\"" + echo "" + echo "" + echo " Options Indexes FollowSymLinks" + echo " Require all granted" + echo "") > $_path.http.conf +} + +# Generate list of libraries provided by the image. +generate_lib_list () { + [ -z "$LIBRARIES" ] && return 0 + + msg "* Generating list of provided libraries..." + (cd $IMAGE_SYSROOT; find . -type f -name lib\*.so.\*) | \ + sed 's#^\./#/#g' > $LIBRARIES +} + +# Fixup gpg2 relocation related overall crapness. +gpg2_kludgeup () { + local _expected _real + + if [ -z "$GPG_HOME" ]; then + return 0 + fi + + _expected=$(gpgconf | grep ^gpg: | cut -d ':' -f 3) + _real=$(which gpg2) + + if [ -n "$_expected" -a -n "$_real" -a "$_expected" != "$_real" ]; then + msg "Temporarily symlinking gpg2 binary to expected location..." + ln -s $_real $_expected + fi +} + +# Undo gpg2 relocation kludge +gpg2_cleanup () { + local _expected _real + + if [ -z "$GPG_HOME" ]; then + return 0 + fi + + _expected=$(gpgconf | grep ^gpg: | cut -d ':' -f 3) + _real=$(which gpg2) + + if [ -n "$_expected" -a -n "$_real" -a "$_expected" != "$_real" ]; then + msg "* Removing gpg2 kludge symlink..." + rm -f $_expected + fi +} + +######################### +# main script + +REPO_PATH="" +REPO_MODE="" +REPO_EXPORT="" +IMAGE_SYSROOT="" +TMPDIR="" +REPO_BRANCHES="" +GPG_HOME="" +GPG_ID="" + +parse_command_line $* + +msg "Flatpak repository population/exporting:" +msg " image repo: $REPO_PATH" +msg " image sysroot: ${IMAGE_SYSROOT:-none}" +msg " temporary dir: $TMPDIR" +msg " library list: $LIBRARIES" +msg " export repo: $REPO_EXPORT" +msg " branches: ${REPO_BRANCHES//,/ }" +msg " commit subject: $COMMIT_SUBJECT" +msg " commit body: $COMMIT_BODY" +msg " GPG home: ${GPG_HOME:-none}" +msg " GPG signing id: ${GPG_ID:-none}" + +set -e + +if [ -n "$GPG_ID" ]; then + GPG_SIGN="--gpg-homedir=${GPG_HOME:-~/.gnupg} --gpg-sign=$GPG_ID" +else + GPG_SIGN="" +fi + +# gpg2_kludgeup + +if [ ! -e $REPO_PATH ]; then + repo_create $REPO_PATH $REPO_MODE + sysroot_populate + metadata_generate + repo_populate + sysroot_cleanup +fi + +if [ -n "$REPO_EXPORT" ]; then + if [ ! -d $REPO_EXPORT ]; then + repo_create $REPO_EXPORT archive-z2 + fi + + repo_export $REPO_PATH $REPO_EXPORT +fi + +# gpg2_cleanup diff --git a/meta-flatpak/scripts/gpg-keygen.sh b/meta-flatpak/scripts/gpg-keygen.sh new file mode 100755 index 0000000000..1b22d2e029 --- /dev/null +++ b/meta-flatpak/scripts/gpg-keygen.sh @@ -0,0 +1,274 @@ +#!/bin/bash + +# Print an informational message (currently unfiltered). +msg () { + echo "$*" +} + +# Print a fatal error message and exit. +fatal () { + echo "fatal error: $*" 2>1 + exit 1 +} + +# Print help on usage. +print_usage () { + if [ -n "$*" ]; then + echo "$*" + fi + + echo "usage: $0 -c config | -o output [ options ]" + echo "" + echo "Generate GPG signing keyring for our flatpak/OSTree repository and" + echo "export the generated public and secret keys from the keyring." + echo "" + echo "The possible options are:" + echo " --home GPG home directory for the keyring" + echo " --id key ID to check/generate" + echo " --pub public key file to produce/import" + echo " --sec secret key file to produce/import" + echo " --config use provided config, ignore other options" + echo " --type key type to generate" + echo " --length key length to use" + echo " --subkey-type subkey type to generate" + echo " --subkey-length subkey length to use" + echo " --name real name associated with the generated key" + echo " --gpg2 import keys to GPG2 keyring as well" + echo " --help show this help" + + if [ -n "$*" ]; then + exit 1 + else + exit 0 + fi +} + +# Parse the command line. +parse_command_line () { + while [ -n "$1" ]; do + case $1 in + --home|-H) + GPG_HOME="$2" + shift 2 + ;; + --id) + GPG_ID="$2" + shift 2 + ;; + --pub) + GPG_PUB="$2" + shift 2 + ;; + --sec) + GPG_SEC="$2" + shift 2 + ;; + --type|-T) + GPG_TYPE="$2" + shift 2 + ;; + --length|-L) + GPG_LENGTH="$2" + shift 2 + ;; + --subkey-type|-t) + GPG_SUBTYPE="$2" + shift 2 + ;; + --subkey-length|-l) + GPG_SUBLENGTH="$2" + shift 2 + ;; + --name|-n) + GPG_NAME="$2" + shift 2; + ;; + --config|-c) + GPG_CONFIG="$2" + shift 2 + ;; + --gpg2|-2) + GPG2_IMPORT="yes" + ;; + --help|-h) + print_usage + ;; + *) + print_usage "Invalid options/argument $1" + ;; + esac + done + + if [ -z "$GPG_HOME" ]; then + GPG_HOME="~/.gnupg" + fi + + if [ -z "$GPG_ID" ]; then + fatal "missing key ID (--id)" + fi + + if [ -z "$GPG_PUB" ]; then + GPG_PUB="$GPG_HOME/$GPG_ID.pub" + fi + + if [ -z "$GPG_SEC" ]; then + GPG_SEC="$GPG_HOME/$GPG_ID.sec" + fi + + if [ -z "$GPG_NAME" ]; then + GPG_NAME="Signing Key" + fi + + msg "GPG key generation configuration:" + msg " home: $GPG_HOME" + msg " key ID: $GPG_ID" + msg " public key: $GPG_PUB" + msg " public key: $GPG_SEC" + msg " name: $GPG_NAME" +} + +# Check and create GPG home directory if necessary. +gpg1_chkhome () +{ + if [ ! -d $GPG_HOME ]; then + mkdir -p $GPG_HOME + chmod og-rwx $GPG_HOME + else + chmod og-rwx $GPG_HOME + fi +} + +# Check if the requested keys are already in the keyring. +gpg1_chkkeyrings () +{ + if $GPG1 --list-keys | grep -q -e "<$GPG_ID>" && \ + $GPG1 --list-secret-keys | grep -q -e "<$GPG_ID>"; then + return 0 + else + return 1 + fi +} + +# Check if the requested keys already exist. +gpg1_chkkeys () +{ + if [ ! -e $GPG_PUB -o ! -e $GPG_SEC ]; then + msg "* Key files $GPG_PUB/$GPG_SEC not found..." + rm -f $GPG_PUB $GPG_SEC + if gpg1_chkkeyrings; then + msg "* Keys ($GPG_ID) already in keyrings, exporting..." + $GPG1 --export --output $GPG_PUB $GPG_ID + $GPG1 --export-secret-keys --output $GPG_SEC $GPG_ID + else + return 1 + fi + else + if ! gpg1_chkkeyrings; then + msg "* Importing keys $GPG_SEC, $GPG_PUB..." + $GPG1 --import $GPG_PUB + $GPG1 --import $GPG_SEC + fi + fi +} + +# Generate GPG --batch mode key generation configuration file (unless given). +gpg1_mkconfig () { + if [ -n "$GPG_CONFIG" ]; then + if [ ! -f "$GPG_CONFIG" ]; then + fatal "Missing GPG key configuration $GPG_CONFIG." + fi + msg "* Using provided GPG key configuration: $GPG_CONFIG" + else + GPG_CONFIG="$GPG_HOME/$GPG_ID.cfg" + + msg "* Generating GPG key configuration $GPG_CONFIG..." + + (echo "%echo Generating GPG signing keys ($GPG_PUB, $GPG_SEC)..." + echo "Key-Type: $GPG_TYPE" + echo "Key-Length: $GPG_LENGTH" + echo "Subkey-Type: $GPG_SUBTYPE" + echo "Subkey-Length: $GPG_SUBLENGTH" + echo "Name-Real: $GPG_NAME" + echo "Name-Email: $GPG_ID" + echo "Expire-Date: 0" + echo "%pubring $GPG_PUB" + echo "%secring $GPG_SEC" + echo "%commit" + echo "%echo done") > $GPG_CONFIG + fi +} + +# Generate GPG1 keys and keyring. +gpg1_genkeys () { + msg "* Generating GPG1 keys and keyring..." + + $GPG1 --batch --gen-key $GPG_CONFIG + $GPG1 --import $GPG_SEC + $GPG1 --import $GPG_PUB +} + +# Mark all keys trusted in our keyring. +gpg1_trustkeys () { + local _trustdb=$GPG_HOME/gpg.trustdb _fp + + # + # This is a bit iffy... we misuse a supposedly private + # GPG API (the trust DB format). + # + + msg "* Marking keys trusted in keyring..." + + $GPG1 --export-ownertrust > $_trustdb + + # Note: we might end up with duplicates but that's ok... + for _fp in $($GPG1 --fingerprint | \ + grep " fingerprint = " | sed 's/^.* = //g;s/ //g'); do + echo $_fp:6: >> $_trustdb + done + + $GPG1 --import-ownertrust < $_trustdb + rm -f $_trustdb +} + +# Import keys to GPG2 keyring. +gpg2_import () { + if [ "$GPG2_IMPORT" = "yes" ]; then + msg "* Importing keys to GPG2 keyring..." + $GPG1 --export-secret-keys | $GPG2 --import + else + msg "* GPG2 import not requested, skipping..." + fi +} + + +######################### +# main script + +GPG_HOME="" +GPG_ID="" +GPG_PUB="" +GPG_SEC="" +GPG_TYPE="DSA" +GPG_LENGTH="2048" +GPG_SUBTYPE="ELG-E" +GPG_SUBLENGTH="2048" +GPG_NAME="" +GPG_CONFIG="" +GPG2_IMPORT="" + +parse_command_line $* + +set -e + +GPG1="gpg --homedir=$GPG_HOME" +GPG2="gpg2 --homedir=$GPG_HOME" + +gpg1_chkhome + +if ! gpg1_chkkeys; then + gpg1_mkconfig + gpg1_genkeys + gpg1_trustkeys +fi + +gpg2_import diff --git a/meta-refkit-core/classes/refkit-image.bbclass b/meta-refkit-core/classes/refkit-image.bbclass index 7b354070be..0becc04d30 100644 --- a/meta-refkit-core/classes/refkit-image.bbclass +++ b/meta-refkit-core/classes/refkit-image.bbclass @@ -254,6 +254,14 @@ IMAGE_MODE_VALID = "${@ d.getVar('REFKIT_IMAGE_MODE_VALID') or '' }" # variants of variants. inherit image-mode-variants +# Enable flatpak image variant and repository generation. +inherit ${@'flatpak-image-variants' if \ + (d.getVar('HAVE_META_FLATPAK') == 'True' and \ + 'flatpak' in d.getVar('DISTRO_FEATURES')) else ''} +inherit ${@'flatpak-repository' if \ + (d.getVar('HAVE_META_FLATPAK') == 'True' and \ + 'flatpak' in d.getVar('DISTRO_FEATURES')) else ''} + BUILD_ID ?= "${DATETIME}" # Do not re-trigger builds just because ${DATETIME} changed. BUILD_ID[vardepsexclude] += "DATETIME" @@ -521,3 +529,43 @@ EOF fi } ROOTFS_POSTPROCESS_COMMAND += "refkit_image_system_serialgetty; " + +# Prepare the symlinks required for merged /usr at the time of rootfs creation. + +# The links created in rootfs are: +#/bin --> /usr/sbin +#/sbin --> /usr/sbin +#/lib --> /usr/lib +#/lib64 --> /usr/lib64 + +# We cannot make these symlinks as part of 'base-files' or some other package. +# Because at rootfs creation, installation of the package(say kernel) that +# depends on these root folders/links fails, if package manager installs this +# package prior to base-files. + +# These symbolic links in top level folder should present as long as +# - kerenl tools use /lib/{module,firmware} +# - shell scripts uses +#upstream commit waiting for review: +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133151.html +create_merged_usr_symlinks() { + install -m 0755 -d ${IMAGE_ROOTFS}/${base_bindir} + install -m 0755 -d ${IMAGE_ROOTFS}/${base_sbindir} + install -m 0755 -d ${IMAGE_ROOTFS}/${base_libdir} + lnr ${IMAGE_ROOTFS}${base_bindir} ${IMAGE_ROOTFS}/bin + lnr ${IMAGE_ROOTFS}${base_sbindir} ${IMAGE_ROOTFS}/sbin + lnr ${IMAGE_ROOTFS}${base_libdir} ${IMAGE_ROOTFS}/${baselib} + + if [ "${nonarch_base_libdir}" != "${base_libdir}" ]; then + install -m 0755 -d ${IMAGE_ROOTFS}/${nonarch_base_libdir} + lnr ${IMAGE_ROOTFS}${nonarch_base_libdir} ${IMAGE_ROOTFS}/lib + fi + + # create base links for multilibs + multi_libdirs="${@d.getVar('MULTILIB_VARIANTS')}" + for d in $multi_libdirs; do + install -m 0755 -d ${IMAGE_ROOTFS}/${exec_prefix}/$d + lnr ${IMAGE_ROOTFS}/${exec_prefix}/$d ${IMAGE_ROOTFS}/$d + done +} +ROOTFS_PREPROCESS_COMMAND += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'create_merged_usr_symlinks; ', '',d)}" diff --git a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc index 092dcf8ce7..4512e60305 100644 --- a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc +++ b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc @@ -15,3 +15,8 @@ VIRTUAL-RUNTIME_initscripts = "" # defaults from OE-core. DISTRO_FEATURES_DEFAULT_remove = "${REFKIT_DEFAULT_DISTRO_FEATURES_REMOVE}" DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${DISTRO_FEATURES_LIBC} ${REFKIT_DEFAULT_DISTRO_FEATURES}" + +require conf/distro/include/usrmerge.inc + +# Enable basic flatpak support. +include conf/distro/include/flatpak.inc diff --git a/meta-refkit-core/conf/distro/include/usrmerge.inc b/meta-refkit-core/conf/distro/include/usrmerge.inc new file mode 100644 index 0000000000..5e78217de2 --- /dev/null +++ b/meta-refkit-core/conf/distro/include/usrmerge.inc @@ -0,0 +1,29 @@ +#enable merged /usr +REFKIT_DEFAULT_DISTRO_FEATURES += "usrmerge" + +# Change the configuration to point all base folder to /usr +export base_bindir = "${base_prefix}/usr/bin" +export base_sbindir = "${base_prefix}/usr/sbin" +export base_libdir = "${base_prefix}/usr/${baselib}" +export nonarch_base_libdir = "${base_prefix}/usr/lib" + +#nativesdk +base_bindir_nativesdk = "${bindir_nativesdk}" +base_sbindir_nativesdk = "${sbindir_nativesdk}" +base_libdir_nativesdk = "${libdir_nativesdk}" + +target_base_libdir_class-cross = "${target_base_prefix}/usr/lib" + +# Disable split-usr support in systemd and point the rootprefix to /usr +EXTRA_OECONF_append_pn-systemd = " --disable-split-usr" +rootprefix_pn-systemd = "${exec_prefix}" + +# Most of shell scripts refer to '#!/bin/{sh,bash}' inside the script. But, when +# root folders(/bin, /lib, /sbin) merged with their /usr counterparts this path +# would be /usr/bin/{sh, bash}. The builder complains that 'no package provides +# '/bin/{sh/bash}''. So to satisfy builder adding '/bin/{sh,bash}' to bash, +# busybox package providers list. This is a temporary hack till we get a +# solution from oe-core +# Links to Upstream patches: +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133148.html +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133149.html diff --git a/meta-refkit-core/conf/layer.conf b/meta-refkit-core/conf/layer.conf index f0d1c687bf..4f005d3ca3 100644 --- a/meta-refkit-core/conf/layer.conf +++ b/meta-refkit-core/conf/layer.conf @@ -31,3 +31,7 @@ HAVE_LOWPAN_TOOLS ??= "${HAVE_META_NETWORKING}" HAVE_IFTOP ??= "${HAVE_META_NETWORKING}" HAVE_META_IOT_WEB = "${@ bb.utils.contains('BBFILE_COLLECTIONS', 'iotweb', 'True', 'False', d) }" HAVE_NODEJS ??= "${HAVE_META_IOT_WEB}" + +HAVE_META_FLATPAK = "${@ bb.utils.contains('BBFILE_COLLECTIONS', 'flatpak-layer', 'True', 'False', d) }" +HAVE_FLATPAK ??= "${HAVE_META_FLATPAK}" +HAVE_OSTREE ??= "${HAVE_META_FLATPAK}" diff --git a/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend b/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend index e061203936..4ae1c1a00b 100644 --- a/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend +++ b/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend @@ -7,3 +7,20 @@ DEPENDS_remove_class-native_refkit-config = "lzo-native" DEPENDS_remove_class-nativesdk_refkit-config = "lzo-native" DEPENDS_append_class-native_refkit-config = " lz4-native" DEPENDS_append_class-nativesdk_refkit-config = " lz4-native" + +# nologin can come from two separate sources, shadow and util-linux. +# Normally these do not conflict, the one from shadow goes into /sbin, +# the one from util-linux goes into /usr/sbin. With usrmerge enabled, +# however, /sbin is symlinked to /usr/sbin and these start conflicting. +# If that happens, we make util-linux get out of the way by removing +# its nologin. +# +# Ideally we probably should make sure first that shadow is enabled to +# ensure we don't end up without any /{usr/,}sbin/nologin. + +do_install_append_refkit-config () { + if [ -n "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'y', '', d)}" ]; + then + rm -f ${D}${sbindir}/nologin + fi +} diff --git a/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend b/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend new file mode 100644 index 0000000000..aefd6dfed5 --- /dev/null +++ b/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend @@ -0,0 +1,4 @@ +EXTRA_OECONF_append_refkit-config = " \ + --without-sendmail \ + --with-awk=/usr/bin/awk \ +" diff --git a/meta-refkit-core/recipes-images/images/refkit-initramfs.bb b/meta-refkit-core/recipes-images/images/refkit-initramfs.bb index 96b04a0513..8e4c9c85d1 100644 --- a/meta-refkit-core/recipes-images/images/refkit-initramfs.bb +++ b/meta-refkit-core/recipes-images/images/refkit-initramfs.bb @@ -68,3 +68,12 @@ IMA_EVM_ROOTFS_SIGNED = "-maxdepth 0 -false" IMA_EVM_ROOTFS_HASHED = "-maxdepth 0 -false" IMA_EVM_ROOTFS_CLASS = "${@bb.utils.contains('IMAGE_FEATURES', 'ima', 'ima-evm-rootfs', '',d)}" inherit ${IMA_EVM_ROOTFS_CLASS} + +create_merged_usr_links() { + mkdir -p ${IMAGE_ROOTFS}${libdir} ${IMAGE_ROOTFS}${bindir} ${IMAGE_ROOTFS}${sbindir} + lnr ${IMAGE_ROOTFS}${libdir} ${IMAGE_ROOTFS}/${baselib} + lnr ${IMAGE_ROOTFS}${bindir} ${IMAGE_ROOTFS}/bin + lnr ${IMAGE_ROOTFS}${sbindir} ${IMAGE_ROOTFS}/sbin +} +ROOTFS_PREPROCESS_COMMAND += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'create_merged_usr_links;', '', d)}" + diff --git a/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb b/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb index c5dee62b84..ddf919c256 100644 --- a/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb +++ b/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb @@ -14,4 +14,17 @@ REFKIT_IMAGE_INDUSTRIAL_EXTRA_INSTALL_append = " packagegroup-industrial-robotic # REFKIT_IMAGE_INDUSTRIAL_EXTRA_INSTALL_append = "my-own-package" # REFKIT_IMAGE_INDUSTRIAL_EXTRA_FEATURES_append = "dev-pkgs" -inherit refkit-image +# inherit refkit-image + +# Currently ROS (genmsg in particular) does not build if usrmerge is +# enabled. As a horrendous kludge, we only inherit refkit-image if +# usrmerge is not among DISTRO_FEATURES, thus letting this image de- +# generate to a NOP if usrmerge is enabled. +# +# Note that we need to also replicate the LICENSE-setting here in +# case refkit-image does not get inherited, otherwise the bitbake +# recipe-parser bails out. + +LICENSE = "MIT" +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', \ + '', 'refkit-image', d)} diff --git a/meta-refkit/conf/bblayers.conf.sample b/meta-refkit/conf/bblayers.conf.sample index 40bc45d899..7a05cedd01 100644 --- a/meta-refkit/conf/bblayers.conf.sample +++ b/meta-refkit/conf/bblayers.conf.sample @@ -1,6 +1,6 @@ # LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf # changes incompatibly -LCONF_VERSION = "5" +LCONF_VERSION = "8" BBPATH = "${TOPDIR}" BBFILES ?= "" @@ -22,6 +22,7 @@ REFKIT_LAYERS = " \ ##OEROOT##/../meta-intel-realsense \ ##OEROOT##/../meta-clang \ ##OEROOT##/../meta-ros \ + ##OEROOT##/../meta-flatpak \ " # REFKIT_LAYERS += "##OEROOT##/../meta-openembedded/meta-efl" diff --git a/meta-refkit/conf/conf-notes.txt b/meta-refkit/conf/conf-notes.txt index 9ac41ea00e..ced493fd52 100644 --- a/meta-refkit/conf/conf-notes.txt +++ b/meta-refkit/conf/conf-notes.txt @@ -11,3 +11,12 @@ Common targets are: gateway) refkit-image-industrial (when building an image with tools and configuration for industrial use cases) + +If you have the flatpak DISTRO_FEATURE enabled (by default it is on if you +build with refkit-config enabled), there are two additional flatpak variant +targets for each image derived from refkit-image: + + -flatpak-runtime (image variant with flatpak support enabled) + -flatpak-sdk (image variant used as a flatpak BaseSdk for + building flatpaks suitable to be used on the + corresponding -flatpak-runtime image variant) diff --git a/meta-refkit/conf/distro/include/refkit-ci.inc b/meta-refkit/conf/distro/include/refkit-ci.inc index f2fd51dc83..34f003c923 100644 --- a/meta-refkit/conf/distro/include/refkit-ci.inc +++ b/meta-refkit/conf/distro/include/refkit-ci.inc @@ -77,7 +77,11 @@ REFKIT_CI_SDK_TARGETS="" # as possible. REFKIT_CI_ESDK_TARGETS="" # Following targets would be executed with do_test_iot_export task -REFKIT_CI_TEST_EXPORT_TARGETS="refkit-image-common refkit-image-computervision refkit-image-gateway" +REFKIT_CI_TEST_EXPORT_TARGETS="refkit-image-common refkit-image-computervision refkit-image-gateway \ +${@bb.utils.contains('DISTRO_FEATURES', 'flatpak', \ + 'refkit-image-gateway-flatpak-runtime', '', d)} \ +" + # Execute automatic tests for following images with corresponding # test suite, test files and devices. # Space separated list of tuples, each should in format: diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index 8b4e67b83a..cfccd4900f 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -60,6 +60,7 @@ bison@core bluez5@core boost@core bsdiff@meta-swupd +bubblewrap@flatpak-layer busybox@core bzip2@core ca-certificates@core @@ -109,12 +110,15 @@ file@core findutils@core fixesproto@core flac@core +flatpak@flatpak-layer +flatpak-image-runtime@flatpak-layer flex@core font-util@core fontconfig@core fontsproto@core formfactor@core freetype@core +fuse@filesystems-layer gawk@core gcc-runtime@core gcc@core @@ -141,8 +145,11 @@ gmp@core gnome-desktop-testing@core gnu-config@core gnu-efi@core +gnupg@core +gnupg1@refkit-core gnutls@core gobject-introspection@core +gpgme@core gptfdisk@core grep@core gstreamer1.0-plugins-bad@core @@ -184,6 +191,7 @@ iptables@core iputils@core iso-codes@core json-c@core +json-glib@core kbd@core kbproto@core kdl-conversions@ros-layer @@ -194,6 +202,7 @@ kmod@core krb5@openembedded-layer libaio@core libarchive@core +libassuan@core libatomic-ops@core libcap@core libccd@ros-layer @@ -221,6 +230,7 @@ libice@core libidn@core libinput@core libjpeg-turbo@core +libksba@core libmicrohttpd@soletta libmpc@core libnl@core @@ -311,6 +321,7 @@ ncurses@core netbase@core nettle@core nodejs@iotweb +npth@core object-recognition-msgs@ros-layer ocl-icd@refkit-computervision octomap-msgs@ros-layer @@ -325,11 +336,13 @@ opkg-utils@core orc@core orocos-kdl@ros-layer os-release@core +ostree@flatpak-layer ovmf@core packagegroup-.*@refkit.* pango@core pciutils@core perl@core +pinentry@core pixman@core pkgconfig@core pluginlib@ros-layer diff --git a/meta-refkit/conf/layer.conf b/meta-refkit/conf/layer.conf index cfc17a617b..8ef77c6c3c 100644 --- a/meta-refkit/conf/layer.conf +++ b/meta-refkit/conf/layer.conf @@ -33,7 +33,7 @@ REFKIT_LOCALCONF_VERSION = "3" LOCALCONF_VERSION = "${REFKIT_LOCALCONF_VERSION}" # Same for LCONF_VERSION in bblayer.conf.sample. -REFKIT_LAYER_CONF_VERSION = "5" +REFKIT_LAYER_CONF_VERSION = "8" LAYER_CONF_VERSION = "${REFKIT_LAYER_CONF_VERSION}" # The default error messages use shell meta* wildcards to find the @@ -65,4 +65,5 @@ LAYERDEPENDS_refkit = " \ perl-layer \ meta-python \ refkit-core \ + flatpak-layer \ "