From 59d6c664bb2619e26376eed1324b3971ddb96561 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Fri, 16 Jun 2017 17:52:49 +0300 Subject: [PATCH 01/29] rekit-image-industrial.bb: horrendous kludge to avoid usrmerge conflict. Currently the ROS image (genmsg in particular) fails to build if usrmerge DISTRO_FEATURE is enabled. Therefore we only inherit refkit-image if it is not, letting the image recipe degenrate to a NOP otherwise. Yuck... and sorry. Signed-off-by: Krisztian Litkey --- .../images/refkit-image-industrial.bb | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb b/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb index c5dee62b84..ddf919c256 100644 --- a/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb +++ b/meta-refkit-industrial/recipes-image/images/refkit-image-industrial.bb @@ -14,4 +14,17 @@ REFKIT_IMAGE_INDUSTRIAL_EXTRA_INSTALL_append = " packagegroup-industrial-robotic # REFKIT_IMAGE_INDUSTRIAL_EXTRA_INSTALL_append = "my-own-package" # REFKIT_IMAGE_INDUSTRIAL_EXTRA_FEATURES_append = "dev-pkgs" -inherit refkit-image +# inherit refkit-image + +# Currently ROS (genmsg in particular) does not build if usrmerge is +# enabled. As a horrendous kludge, we only inherit refkit-image if +# usrmerge is not among DISTRO_FEATURES, thus letting this image de- +# generate to a NOP if usrmerge is enabled. +# +# Note that we need to also replicate the LICENSE-setting here in +# case refkit-image does not get inherited, otherwise the bitbake +# recipe-parser bails out. + +LICENSE = "MIT" +inherit ${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', \ + '', 'refkit-image', d)} From c4adcafdbd30f3842f2319437db6d63de1520ffc Mon Sep 17 00:00:00 2001 From: Amarnath Valluri Date: Thu, 2 Feb 2017 12:42:44 +0200 Subject: [PATCH 02/29] refkit-distro: bitbake configuration changes to support usrmerge Flatpack based refkit application framework demands merging of root folders(/bin, /sbin, /lib*) to their /usr counterparts. This requires the changes to default bitbake configuration to point all base_{lib,bin,sbin}dir variables to /usr. Signed-off-by: Amarnath Valluri --- meta-refkit/conf/distro/include/usrmerge.inc | 29 ++++++++++++++++++++ meta-refkit/conf/distro/refkit.conf | 3 ++ 2 files changed, 32 insertions(+) create mode 100644 meta-refkit/conf/distro/include/usrmerge.inc diff --git a/meta-refkit/conf/distro/include/usrmerge.inc b/meta-refkit/conf/distro/include/usrmerge.inc new file mode 100644 index 0000000000..5e78217de2 --- /dev/null +++ b/meta-refkit/conf/distro/include/usrmerge.inc @@ -0,0 +1,29 @@ +#enable merged /usr +REFKIT_DEFAULT_DISTRO_FEATURES += "usrmerge" + +# Change the configuration to point all base folder to /usr +export base_bindir = "${base_prefix}/usr/bin" +export base_sbindir = "${base_prefix}/usr/sbin" +export base_libdir = "${base_prefix}/usr/${baselib}" +export nonarch_base_libdir = "${base_prefix}/usr/lib" + +#nativesdk +base_bindir_nativesdk = "${bindir_nativesdk}" +base_sbindir_nativesdk = "${sbindir_nativesdk}" +base_libdir_nativesdk = "${libdir_nativesdk}" + +target_base_libdir_class-cross = "${target_base_prefix}/usr/lib" + +# Disable split-usr support in systemd and point the rootprefix to /usr +EXTRA_OECONF_append_pn-systemd = " --disable-split-usr" +rootprefix_pn-systemd = "${exec_prefix}" + +# Most of shell scripts refer to '#!/bin/{sh,bash}' inside the script. But, when +# root folders(/bin, /lib, /sbin) merged with their /usr counterparts this path +# would be /usr/bin/{sh, bash}. The builder complains that 'no package provides +# '/bin/{sh/bash}''. So to satisfy builder adding '/bin/{sh,bash}' to bash, +# busybox package providers list. This is a temporary hack till we get a +# solution from oe-core +# Links to Upstream patches: +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133148.html +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133149.html diff --git a/meta-refkit/conf/distro/refkit.conf b/meta-refkit/conf/distro/refkit.conf index 0740da816b..757207333b 100644 --- a/meta-refkit/conf/distro/refkit.conf +++ b/meta-refkit/conf/distro/refkit.conf @@ -197,3 +197,6 @@ INHERIT += "uninative" # Make ROS use python3 to run its core scripts ROS_USE_PYTHON3 = "yes" + +# Enable merged / and /usr. +require conf/distro/include/usrmerge.inc From 8d21a01e07cd62e07fd245b85734446041d91082 Mon Sep 17 00:00:00 2001 From: Amarnath Valluri Date: Thu, 23 Mar 2017 16:13:56 +0200 Subject: [PATCH 03/29] refkit-image, refkit-initramfs: Create symlinks needed for usrmerge Prepare the root symlinks required for runtime at the time of rootfs creation. The assumption is that in usrmerged distro, no package installs files in /bin,/sbin and /lib* folders. Upstream Patches: http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133166.html Signed-off-by: Amarnath Valluri --- meta-refkit-core/classes/refkit-image.bbclass | 40 +++++++++++++++++++ .../recipes-images/images/refkit-initramfs.bb | 9 +++++ 2 files changed, 49 insertions(+) diff --git a/meta-refkit-core/classes/refkit-image.bbclass b/meta-refkit-core/classes/refkit-image.bbclass index 7b354070be..82806b187b 100644 --- a/meta-refkit-core/classes/refkit-image.bbclass +++ b/meta-refkit-core/classes/refkit-image.bbclass @@ -521,3 +521,43 @@ EOF fi } ROOTFS_POSTPROCESS_COMMAND += "refkit_image_system_serialgetty; " + +# Prepare the symlinks required for merged /usr at the time of rootfs creation. + +# The links created in rootfs are: +#/bin --> /usr/sbin +#/sbin --> /usr/sbin +#/lib --> /usr/lib +#/lib64 --> /usr/lib64 + +# We cannot make these symlinks as part of 'base-files' or some other package. +# Because at rootfs creation, installation of the package(say kernel) that +# depends on these root folders/links fails, if package manager installs this +# package prior to base-files. + +# These symbolic links in top level folder should present as long as +# - kerenl tools use /lib/{module,firmware} +# - shell scripts uses +#upstream commit waiting for review: +# http://lists.openembedded.org/pipermail/openembedded-core/2017-February/133151.html +create_merged_usr_symlinks() { + install -m 0755 -d ${IMAGE_ROOTFS}/${base_bindir} + install -m 0755 -d ${IMAGE_ROOTFS}/${base_sbindir} + install -m 0755 -d ${IMAGE_ROOTFS}/${base_libdir} + lnr ${IMAGE_ROOTFS}${base_bindir} ${IMAGE_ROOTFS}/bin + lnr ${IMAGE_ROOTFS}${base_sbindir} ${IMAGE_ROOTFS}/sbin + lnr ${IMAGE_ROOTFS}${base_libdir} ${IMAGE_ROOTFS}/${baselib} + + if [ "${nonarch_base_libdir}" != "${base_libdir}" ]; then + install -m 0755 -d ${IMAGE_ROOTFS}/${nonarch_base_libdir} + lnr ${IMAGE_ROOTFS}${nonarch_base_libdir} ${IMAGE_ROOTFS}/lib + fi + + # create base links for multilibs + multi_libdirs="${@d.getVar('MULTILIB_VARIANTS')}" + for d in $multi_libdirs; do + install -m 0755 -d ${IMAGE_ROOTFS}/${exec_prefix}/$d + lnr ${IMAGE_ROOTFS}/${exec_prefix}/$d ${IMAGE_ROOTFS}/$d + done +} +ROOTFS_PREPROCESS_COMMAND += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'create_merged_usr_symlinks; ', '',d)}" diff --git a/meta-refkit-core/recipes-images/images/refkit-initramfs.bb b/meta-refkit-core/recipes-images/images/refkit-initramfs.bb index 96b04a0513..8e4c9c85d1 100644 --- a/meta-refkit-core/recipes-images/images/refkit-initramfs.bb +++ b/meta-refkit-core/recipes-images/images/refkit-initramfs.bb @@ -68,3 +68,12 @@ IMA_EVM_ROOTFS_SIGNED = "-maxdepth 0 -false" IMA_EVM_ROOTFS_HASHED = "-maxdepth 0 -false" IMA_EVM_ROOTFS_CLASS = "${@bb.utils.contains('IMAGE_FEATURES', 'ima', 'ima-evm-rootfs', '',d)}" inherit ${IMA_EVM_ROOTFS_CLASS} + +create_merged_usr_links() { + mkdir -p ${IMAGE_ROOTFS}${libdir} ${IMAGE_ROOTFS}${bindir} ${IMAGE_ROOTFS}${sbindir} + lnr ${IMAGE_ROOTFS}${libdir} ${IMAGE_ROOTFS}/${baselib} + lnr ${IMAGE_ROOTFS}${bindir} ${IMAGE_ROOTFS}/bin + lnr ${IMAGE_ROOTFS}${sbindir} ${IMAGE_ROOTFS}/sbin +} +ROOTFS_PREPROCESS_COMMAND += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'create_merged_usr_links;', '', d)}" + From f208bc362bdc4f0401a3b8636452f0cdfdb16661 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Thu, 15 Jun 2017 14:50:31 +0300 Subject: [PATCH 04/29] usrmerge.inc: moved from meta-refkit to meta-refkit-core. Signed-off-by: Krisztian Litkey --- .../conf/distro/include/usrmerge.inc | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {meta-refkit => meta-refkit-core}/conf/distro/include/usrmerge.inc (100%) diff --git a/meta-refkit/conf/distro/include/usrmerge.inc b/meta-refkit-core/conf/distro/include/usrmerge.inc similarity index 100% rename from meta-refkit/conf/distro/include/usrmerge.inc rename to meta-refkit-core/conf/distro/include/usrmerge.inc From 6f5b557dcf077443313cf17dfaea55110c94bf01 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Thu, 15 Jun 2017 14:52:01 +0300 Subject: [PATCH 05/29] refkit.conf,enable-refkit.conf: move inclusion of usermerg.inc to the latter. Move inclusion of usrmerge.inc from meta-refkit/conf/distro/refkit.conf to meta-refkit-core/conf/distro/include/enable-refkit.conf. Signed-off-by: Krisztian Litkey --- meta-refkit-core/conf/distro/include/enable-refkit-config.inc | 2 ++ meta-refkit/conf/distro/refkit.conf | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc index 092dcf8ce7..2ebc0ca771 100644 --- a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc +++ b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc @@ -15,3 +15,5 @@ VIRTUAL-RUNTIME_initscripts = "" # defaults from OE-core. DISTRO_FEATURES_DEFAULT_remove = "${REFKIT_DEFAULT_DISTRO_FEATURES_REMOVE}" DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${DISTRO_FEATURES_LIBC} ${REFKIT_DEFAULT_DISTRO_FEATURES}" + +require conf/distro/include/usrmerge.inc diff --git a/meta-refkit/conf/distro/refkit.conf b/meta-refkit/conf/distro/refkit.conf index 757207333b..0740da816b 100644 --- a/meta-refkit/conf/distro/refkit.conf +++ b/meta-refkit/conf/distro/refkit.conf @@ -197,6 +197,3 @@ INHERIT += "uninative" # Make ROS use python3 to run its core scripts ROS_USE_PYTHON3 = "yes" - -# Enable merged / and /usr. -require conf/distro/include/usrmerge.inc From 84e1ac5e54934ef2d01d1ee68223d80fa1c6a8f1 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 13:47:45 +0300 Subject: [PATCH 06/29] util-linux_%.bbappend: get rid of conflict with usrmerge enabled. Get rid of conflicting /usr/sbin/nologin when usrmerge DISTRO_FEATURE is enabled and also refkit-config. Signed-off-by: Krisztian Litkey --- .../util-linux/util-linux_%.bbappend | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend b/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend index e061203936..4ae1c1a00b 100644 --- a/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend +++ b/meta-refkit-core/recipes-core/util-linux/util-linux_%.bbappend @@ -7,3 +7,20 @@ DEPENDS_remove_class-native_refkit-config = "lzo-native" DEPENDS_remove_class-nativesdk_refkit-config = "lzo-native" DEPENDS_append_class-native_refkit-config = " lz4-native" DEPENDS_append_class-nativesdk_refkit-config = " lz4-native" + +# nologin can come from two separate sources, shadow and util-linux. +# Normally these do not conflict, the one from shadow goes into /sbin, +# the one from util-linux goes into /usr/sbin. With usrmerge enabled, +# however, /sbin is symlinked to /usr/sbin and these start conflicting. +# If that happens, we make util-linux get out of the way by removing +# its nologin. +# +# Ideally we probably should make sure first that shadow is enabled to +# ensure we don't end up without any /{usr/,}sbin/nologin. + +do_install_append_refkit-config () { + if [ -n "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', 'y', '', d)}" ]; + then + rm -f ${D}${sbindir}/nologin + fi +} From 4be92c4a042cf26142adf9af988e3cec0a45214e Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 13:54:00 +0300 Subject: [PATCH 07/29] quilt: override awk path to /usr/bin/awk, disable sendmail. quilts autodetection of awk seems to incorrectly pick up gawk (haven't checked but I guess from the host) even when we don't have gawk enabled. Override autodetection by manually setting it to /usr/bin/awk, if refkit-config distro override is on. Signed-off-by: Krisztian Litkey --- meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend diff --git a/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend b/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend new file mode 100644 index 0000000000..aefd6dfed5 --- /dev/null +++ b/meta-refkit-core/recipes-devtools/quilt/quilt_%.bbappend @@ -0,0 +1,4 @@ +EXTRA_OECONF_append_refkit-config = " \ + --without-sendmail \ + --with-awk=/usr/bin/awk \ +" From bfbfb4a8e02d2b312cd1a102e02641d9744cce9f Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Wed, 14 Jun 2017 21:29:37 +0300 Subject: [PATCH 08/29] bblayers.conf.sample,layer.conf: added meta-flatpak a.k.a flatpak-layer. Added meta-flatpak layer and bumped LCONF_VERSION to 8. Here is an apt explanation of why bumping directly to 8 is necessary from Patrick Ohly who discovered the problem. """ Version numbers >= 4 and <= 7 have a special meaning in OE-core's sanity.bbclass in the code which updates bblayers.conf. We inherit that code and cannot disable it (currently; patch for OE-core in preparation). By bumping directly to 8 we ensure that the OE-core update code at least eventually aborts and prints the desired error message (for some reasons, twice). However, the output now is a bit confusing when updating from bblayers.conf with version 4: NOTE: Your conf/bblayers.conf has been automatically updated. NOTE: Your conf/bblayers.conf has been automatically updated. NOTE: Your conf/bblayers.conf has been automatically updated. ERROR: Your version of bblayers.conf has the wrong LCONF_VERSION (has 7, expecting 8). Please compare your file against bblayers.conf.sample and merge any changes before continuing. "meld conf/bblayers.conf /fast/work/intel-iot-refkit//meta-refkit/conf/bblayers.conf.sample" is a good way to visualise the changes. ERROR: Your version of bblayers.conf has the wrong LCONF_VERSION (has 7, expecting 8). Please compare your file against bblayers.conf.sample and merge any changes before continuing. "meld conf/bblayers.conf /fast/work/intel-iot-refkit//meta-refkit/conf/bblayers.conf.sample" is a good way to visualise the changes. """ Signed-off-by: Krisztian Litkey --- meta-refkit/conf/bblayers.conf.sample | 3 ++- meta-refkit/conf/layer.conf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/meta-refkit/conf/bblayers.conf.sample b/meta-refkit/conf/bblayers.conf.sample index 40bc45d899..7a05cedd01 100644 --- a/meta-refkit/conf/bblayers.conf.sample +++ b/meta-refkit/conf/bblayers.conf.sample @@ -1,6 +1,6 @@ # LAYER_CONF_VERSION is increased each time build/conf/bblayers.conf # changes incompatibly -LCONF_VERSION = "5" +LCONF_VERSION = "8" BBPATH = "${TOPDIR}" BBFILES ?= "" @@ -22,6 +22,7 @@ REFKIT_LAYERS = " \ ##OEROOT##/../meta-intel-realsense \ ##OEROOT##/../meta-clang \ ##OEROOT##/../meta-ros \ + ##OEROOT##/../meta-flatpak \ " # REFKIT_LAYERS += "##OEROOT##/../meta-openembedded/meta-efl" diff --git a/meta-refkit/conf/layer.conf b/meta-refkit/conf/layer.conf index cfc17a617b..8ef77c6c3c 100644 --- a/meta-refkit/conf/layer.conf +++ b/meta-refkit/conf/layer.conf @@ -33,7 +33,7 @@ REFKIT_LOCALCONF_VERSION = "3" LOCALCONF_VERSION = "${REFKIT_LOCALCONF_VERSION}" # Same for LCONF_VERSION in bblayer.conf.sample. -REFKIT_LAYER_CONF_VERSION = "5" +REFKIT_LAYER_CONF_VERSION = "8" LAYER_CONF_VERSION = "${REFKIT_LAYER_CONF_VERSION}" # The default error messages use shell meta* wildcards to find the @@ -65,4 +65,5 @@ LAYERDEPENDS_refkit = " \ perl-layer \ meta-python \ refkit-core \ + flatpak-layer \ " From c26f3db47303fa2f062e362b0703575d475a3cc1 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Wed, 14 Jun 2017 21:21:11 +0300 Subject: [PATCH 09/29] meta-refkit-core/conf/layer.conf: set up HAVE_META_FLATPAK. Set up HAVE_META_FLATPAK (and use it as aliasen for HAVE_OSTREE and HAVE_FLATPAK). Signed-off-by: Krisztian Litkey --- meta-refkit-core/conf/layer.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-refkit-core/conf/layer.conf b/meta-refkit-core/conf/layer.conf index f0d1c687bf..4f005d3ca3 100644 --- a/meta-refkit-core/conf/layer.conf +++ b/meta-refkit-core/conf/layer.conf @@ -31,3 +31,7 @@ HAVE_LOWPAN_TOOLS ??= "${HAVE_META_NETWORKING}" HAVE_IFTOP ??= "${HAVE_META_NETWORKING}" HAVE_META_IOT_WEB = "${@ bb.utils.contains('BBFILE_COLLECTIONS', 'iotweb', 'True', 'False', d) }" HAVE_NODEJS ??= "${HAVE_META_IOT_WEB}" + +HAVE_META_FLATPAK = "${@ bb.utils.contains('BBFILE_COLLECTIONS', 'flatpak-layer', 'True', 'False', d) }" +HAVE_FLATPAK ??= "${HAVE_META_FLATPAK}" +HAVE_OSTREE ??= "${HAVE_META_FLATPAK}" From 826a8eac5ab4fa64f11572d839c3da0ced5eec54 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Wed, 14 Jun 2017 21:10:08 +0300 Subject: [PATCH 10/29] meta-flatpak: added layer.conf. Signed-off-by: Krisztian Litkey --- meta-flatpak/conf/layer.conf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 meta-flatpak/conf/layer.conf diff --git a/meta-flatpak/conf/layer.conf b/meta-flatpak/conf/layer.conf new file mode 100644 index 0000000000..607087c2f8 --- /dev/null +++ b/meta-flatpak/conf/layer.conf @@ -0,0 +1,16 @@ +# We have a conf and classes directory, add to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have recipes-* directories, add to BBFILES +BBFILES += " \ + ${LAYERDIR}/recipes-*/*/*.bb \ + ${LAYERDIR}/recipes-*/*/*.bbappend" + +BBFILE_COLLECTIONS += "flatpak-layer" +BBFILE_PATTERN_flatpak-layer = "^${LAYERDIR}/" +BBFILE_PRIORITY_flatpak-layer = "6" + +LAYERDEPENDS_flatpak-layer = "core openembedded-layer filesystems-layer" + +# Set a variable for easy access to the top directory of the flatpak layer. +FLATPAK_LAYERDIR = '${@os.path.normpath("${LAYERDIR}")}' From d0b3d138afbe429d237dc41a90778a4396be9452 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 16:54:35 +0300 Subject: [PATCH 11/29] fuse: let overriding base_sbindir have the proper effect. Set MOUNT_FUSE_PATH explicitly to ${base_sbindir} before configure. Making this explicit will let people override base_sbindir with the desired effect, for instance when ussrmerge DISTRO_FEATURE is enabled. Upstream-Status: Submitted [openembedded-devel@lists.openembedded.org] Signed-off-by: Krisztian Litkey --- meta-flatpak/recipes-support/fuse/fuse_2.%.bbappend | 9 +++++++++ .../conf/distro/include/refkit-supported-recipes.txt | 1 + 2 files changed, 10 insertions(+) create mode 100644 meta-flatpak/recipes-support/fuse/fuse_2.%.bbappend diff --git a/meta-flatpak/recipes-support/fuse/fuse_2.%.bbappend b/meta-flatpak/recipes-support/fuse/fuse_2.%.bbappend new file mode 100644 index 0000000000..7ffec0ac1e --- /dev/null +++ b/meta-flatpak/recipes-support/fuse/fuse_2.%.bbappend @@ -0,0 +1,9 @@ +# With usrmerge enabled, we need to let FUSE know where to put its mount. +FUSE_MOUNT_PATH = "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', \ + '/usr/sbin', '/sbin', d)}" + +do_configure_prepend() { + export MOUNT_FUSE_PATH="${FUSE_MOUNT_PATH}" +} + +# Upstream-Status: Submitted [openembedded-devel@lists.openembedded.org] diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index 8b4e67b83a..5ae6847a6e 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -115,6 +115,7 @@ fontconfig@core fontsproto@core formfactor@core freetype@core +fuse@filesystems-layer gawk@core gcc-runtime@core gcc@core From 358c1f378877fba95ac8c9cc41fa159fa4b39597 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 17:16:39 +0300 Subject: [PATCH 12/29] gpgme,gnupg: add gpgme, gnupg and their dependencies (for ostree signing). Added bbappends with native support (where needed), and declared as supported recipes gpgme and gnupg along with its missing dependencies libksba, npth, and pinentry. These are necessary to support signing commits in ostree. Signed-off-by: Krisztian Litkey --- meta-flatpak/recipes-support/gnupg/gnupg_2.%.bbappend | 3 +++ meta-flatpak/recipes-support/libksba/libksba_%.bbappend | 3 +++ meta-flatpak/recipes-support/npth/npth_%.bbappend | 3 +++ meta-flatpak/recipes-support/pinentry/pinentry_%.bbappend | 3 +++ .../conf/distro/include/refkit-supported-recipes.txt | 6 ++++++ 5 files changed, 18 insertions(+) create mode 100644 meta-flatpak/recipes-support/gnupg/gnupg_2.%.bbappend create mode 100644 meta-flatpak/recipes-support/libksba/libksba_%.bbappend create mode 100644 meta-flatpak/recipes-support/npth/npth_%.bbappend create mode 100644 meta-flatpak/recipes-support/pinentry/pinentry_%.bbappend diff --git a/meta-flatpak/recipes-support/gnupg/gnupg_2.%.bbappend b/meta-flatpak/recipes-support/gnupg/gnupg_2.%.bbappend new file mode 100644 index 0000000000..ddf373c147 --- /dev/null +++ b/meta-flatpak/recipes-support/gnupg/gnupg_2.%.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-flatpak/recipes-support/libksba/libksba_%.bbappend b/meta-flatpak/recipes-support/libksba/libksba_%.bbappend new file mode 100644 index 0000000000..65f4e2b51d --- /dev/null +++ b/meta-flatpak/recipes-support/libksba/libksba_%.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +BBCLASSEXTEND = "native" diff --git a/meta-flatpak/recipes-support/npth/npth_%.bbappend b/meta-flatpak/recipes-support/npth/npth_%.bbappend new file mode 100644 index 0000000000..65f4e2b51d --- /dev/null +++ b/meta-flatpak/recipes-support/npth/npth_%.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +BBCLASSEXTEND = "native" diff --git a/meta-flatpak/recipes-support/pinentry/pinentry_%.bbappend b/meta-flatpak/recipes-support/pinentry/pinentry_%.bbappend new file mode 100644 index 0000000000..65f4e2b51d --- /dev/null +++ b/meta-flatpak/recipes-support/pinentry/pinentry_%.bbappend @@ -0,0 +1,3 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +BBCLASSEXTEND = "native" diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index 5ae6847a6e..b40545982c 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -142,8 +142,10 @@ gmp@core gnome-desktop-testing@core gnu-config@core gnu-efi@core +gnupg@core gnutls@core gobject-introspection@core +gpgme@core gptfdisk@core grep@core gstreamer1.0-plugins-bad@core @@ -195,6 +197,7 @@ kmod@core krb5@openembedded-layer libaio@core libarchive@core +libassuan@core libatomic-ops@core libcap@core libccd@ros-layer @@ -222,6 +225,7 @@ libice@core libidn@core libinput@core libjpeg-turbo@core +libksba@core libmicrohttpd@soletta libmpc@core libnl@core @@ -312,6 +316,7 @@ ncurses@core netbase@core nettle@core nodejs@iotweb +npth@core object-recognition-msgs@ros-layer ocl-icd@refkit-computervision octomap-msgs@ros-layer @@ -331,6 +336,7 @@ packagegroup-.*@refkit.* pango@core pciutils@core perl@core +pinentry@core pixman@core pkgconfig@core pluginlib@ros-layer From f2a458e283139a23f634014441da66a58623425b Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 13:45:46 +0300 Subject: [PATCH 13/29] glib-networking,libsoup: provide native packages (for ostree). Added bbappends to provide native packages and declared as supported recipes. These are needed by ostree-native. Signed-off-by: Krisztian Litkey --- .../glib-networking_%.bbappend | 33 +++++++++++++++++++ .../libsoup/libsoup-2.4_%.bbappend | 5 +++ 2 files changed, 38 insertions(+) create mode 100644 meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend create mode 100644 meta-flatpak/recipes-support/libsoup/libsoup-2.4_%.bbappend diff --git a/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend b/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend new file mode 100644 index 0000000000..789120d5aa --- /dev/null +++ b/meta-flatpak/recipes-core/glib-networking/glib-networking_%.bbappend @@ -0,0 +1,33 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +# Make sure we compile with ca-certificates support enabled. +PACKAGECONFIG_append = " ca-certificates" + +DEPENDS += "ca-certificates" +RDEPENDS_${PN} += "ca-certificates" + +# We need native version for ostree-/flatpak-native. +BBCLASSEXTEND = "native" + +# OE-core's relocatable.bbclass assumes that every package which +# ends up creating a ${libdir}/pkgconfig directory in its sysroot +# will always also install .pc-files there and tries to uncondi- +# tionally update paths in those files using globbing that fails +# if no such files are present. This presumption is not true for +# glib-networking which happens to create a directory by dereferencing +# a GIO pkgconfig variable which in turn is defined relative to +# the pkgconfig directory (${pcfiledir}/../...), causing pkgconfig +# to get created. +# +# Could be worked around in the upatream recipe but since that +# does not provide/create native versions of the package and since +# this problem is related to native packages, we work around it here. +# +do_install_append_class-native () { + for _pc in ${D}${libdir}/pkgconfig/*.pc; do + case $_pc in + *'*.pc') rm -fr ${D}${libdir}/pkgconfig;; + *.pc) break;; + esac + done +} diff --git a/meta-flatpak/recipes-support/libsoup/libsoup-2.4_%.bbappend b/meta-flatpak/recipes-support/libsoup/libsoup-2.4_%.bbappend new file mode 100644 index 0000000000..c08342ae86 --- /dev/null +++ b/meta-flatpak/recipes-support/libsoup/libsoup-2.4_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +DEPENDS += "glib-networking" + +BBCLASSEXTEND = "native" From 479b4534efd2db7e50fd4c2e5d4922ea9563cb07 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 17:26:53 +0300 Subject: [PATCH 14/29] ostree: add recipe for ostree. Added recipe for ostree and declared it as a supported recipes. Signed-off-by: Krisztian Litkey --- ...back-to-no-gtkdocize-if-it-is-there-.patch | 32 +++++++++++ .../recipes-ostree/ostree/ostree_git.bb | 57 +++++++++++++++++++ .../include/refkit-supported-recipes.txt | 1 + 3 files changed, 90 insertions(+) create mode 100644 meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch create mode 100644 meta-flatpak/recipes-ostree/ostree/ostree_git.bb diff --git a/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch b/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch new file mode 100644 index 0000000000..1dd655064a --- /dev/null +++ b/meta-flatpak/recipes-ostree/ostree/ostree/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch @@ -0,0 +1,32 @@ +From 6a025e5eb379ae4b813eedba43f622abd8244ade Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Sat, 10 Sep 2016 22:15:21 +0300 +Subject: [PATCH] autogen.sh: fall back to no gtkdocize if it is there but + fails. + +--- + autogen.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/autogen.sh b/autogen.sh +index 0f32089..00f5069 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -25,7 +25,13 @@ EXTRA_DIST = + CLEANFILES = + EOF + else +- gtkdocize ++ gtkdocize || { ++ rm -f gtk-doc.make ++ cat > gtk-doc.make < Date: Tue, 6 Jun 2017 17:11:21 +0300 Subject: [PATCH 15/29] bubblewrap: addded recipe for bubblewrap (form flatpak). Added recipe for bubblewrap and declared it as a supported recipe. It is needed by flatpak. Signed-off-by: Krisztian Litkey --- .../bubblewrap/bubblewrap_git.bb | 26 +++++++++++++++++++ .../include/refkit-supported-recipes.txt | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb diff --git a/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb b/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb new file mode 100644 index 0000000000..941e5c878b --- /dev/null +++ b/meta-flatpak/recipes-flatpak/bubblewrap/bubblewrap_git.bb @@ -0,0 +1,26 @@ +DESCRIPTION = "Helper binary for running applications sandboxed." +HOMEPAGE = "https://github.com/projectatomic/bubblewrap" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" + +DEPENDS = "libcap" + +SRC_URI = " \ + git://git@github.com/projectatomic/bubblewrap;protocol=https \ +" +SRCREV = "3ebe54af1b2acb702381ec9b5610b60758d3d163" + +PV = "2016.8+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit autotools pkgconfig requires-systemd + +AUTO_LIBNAME_PKGS = "" + +# possible package configurations +PACKAGECONFIG ??= "" + +EXTRA_OECONF_class-target += "--disable-man --without-bash-completion-dir" +EXTRA_OECONF_class-native += "--disable-man --without-bash-completion-dir" + +BBCLASSEXTEND = "native" diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index a996583761..9ee534fdb5 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -60,6 +60,7 @@ bison@core bluez5@core boost@core bsdiff@meta-swupd +bubblewrap@flatpak-layer busybox@core bzip2@core ca-certificates@core From bbcf438f1b15529ffabf3cc1089a876aedb6f7d0 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Wed, 14 Jun 2017 15:21:42 +0300 Subject: [PATCH 16/29] requires-systemd.bbclass: added a distro checking variant of systemd.bbclass. Added a variant of systemd.bbclass which checks that systemd is among DISTRO_FEATURES for class-target recipes. This can be used by recipes that not only support systemd but require it to save an extra explicit required distro feature check. Signed-off-by: Krisztian Litkey --- meta-flatpak/classes/requires-systemd.bbclass | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 meta-flatpak/classes/requires-systemd.bbclass diff --git a/meta-flatpak/classes/requires-systemd.bbclass b/meta-flatpak/classes/requires-systemd.bbclass new file mode 100644 index 0000000000..0dd56d3b47 --- /dev/null +++ b/meta-flatpak/classes/requires-systemd.bbclass @@ -0,0 +1,11 @@ +# Same as systemd.bbclass but should be used by recipes which require +# systemd (as opposed to just support systemd). + + +SYSTEMD_FEATURE_class-target = "systemd" +SYSTEMD_FEATURE_class-native = "" + +REQUIRED_DISTRO_FEATURES = "${SYSTEMD_FEATURE}" +inherit distro_features_check + +inherit systemd From 874a4aa3025d7c81a1459bbef480b018e67f8889 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 17:28:49 +0300 Subject: [PATCH 17/29] flatpak: added recipe for flatpak. Added recipe for flatpak and declared it as a supported recipe. Signed-off-by: Krisztian Litkey --- ...back-to-no-gtkdocize-if-it-is-there-.patch | 32 +++++ ...mand-to-include-command-line-options.patch | 46 ++++++ ...g-command-line-argument-through-laun.patch | 135 ++++++++++++++++++ .../recipes-flatpak/flatpak/flatpak_git.bb | 85 +++++++++++ .../include/refkit-supported-recipes.txt | 4 +- 5 files changed, 301 insertions(+), 1 deletion(-) create mode 100644 meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch create mode 100644 meta-flatpak/recipes-flatpak/flatpak/flatpak/0002-common-Allow-command-to-include-command-line-options.patch create mode 100644 meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch create mode 100644 meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch new file mode 100644 index 0000000000..98db980016 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch @@ -0,0 +1,32 @@ +From 448424558b9cd3978fd61801172d76fa334d9a53 Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Sat, 10 Sep 2016 22:35:06 +0300 +Subject: [PATCH 1/3] autogen.sh: fall back to no gtkdocize if it is there but + fails. + +--- + autogen.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/autogen.sh b/autogen.sh +index 1cd3cee..c3a7bd4 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -37,7 +37,13 @@ else + # gtkdocize needs the macro directory to exist before + # we call autoreconf + mkdir -p m4 +- gtkdocize || exit $? ++ gtkdocize || { ++ rm -f gtk-doc.make ++ cat > gtk-doc.make < +Date: Fri, 4 Nov 2016 10:38:50 +0200 +Subject: [PATCH 2/3] common: Allow command to include command line + options/arguments. + +Allow command from the command line or from a metadata file to +contain options and arguments. Split the command by space and +add all the resulting arguments to the real argument array. + +Signed-off-by: Krisztian Litkey +--- + common/flatpak-run.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/common/flatpak-run.c b/common/flatpak-run.c +index 0cef78a..03e98f9 100644 +--- a/common/flatpak-run.c ++++ b/common/flatpak-run.c +@@ -4498,6 +4498,7 @@ flatpak_run_app (const char *app_ref, + g_autoptr(GPtrArray) real_argv_array = NULL; + g_auto(GStrv) envp = NULL; + const char *command = "/bin/sh"; ++ gchar **argv, *arg; + g_autoptr(GError) my_error = NULL; + g_auto(GStrv) runtime_parts = NULL; + int i; +@@ -4687,7 +4688,14 @@ flatpak_run_app (const char *app_ref, + NULL); + } + +- g_ptr_array_add (real_argv_array, g_strdup (command)); ++ argv = g_strsplit (command, " ", -1); ++ for (i = 0; (arg = argv[i]); i++) ++ g_ptr_array_add (real_argv_array, g_strdup (arg)); ++ g_strfreev(argv); ++ ++ for (i = 0; i < n_args; i++) ++ g_ptr_array_add (real_argv_array, g_strdup (args[i])); ++ + if (!add_rest_args (app_ref_parts[1], exports, (flags & FLATPAK_RUN_FLAG_FILE_FORWARDING) != 0, + doc_mount_path, + real_argv_array, args, n_args, error)) +-- +2.7.4 + diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch new file mode 100644 index 0000000000..c30dd64339 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak/0003-lib-Allow-passing-command-line-argument-through-laun.patch @@ -0,0 +1,135 @@ +From 559597e3687bd1cebb70ebcd55e674e0df9a9390 Mon Sep 17 00:00:00 2001 +From: Krisztian Litkey +Date: Fri, 4 Nov 2016 10:38:22 +0200 +Subject: [PATCH 3/3] lib: Allow passing command line argument through launch. + +Added a new function flatpak_installation_launch_with_args which is +actually a copy of the original flatpak_installation_launch slightly +modified to allow passing argument to the launched application. Also +changed the original flatpak_installation_launch to call this new +function with 0, NULL as the argument list. + +Signed-off-by: Krisztian Litkey +--- + lib/flatpak-installation.c | 58 ++++++++++++++++++++++++++++++++++++++-------- + lib/flatpak-installation.h | 9 +++++++ + 2 files changed, 57 insertions(+), 10 deletions(-) + +diff --git a/lib/flatpak-installation.c b/lib/flatpak-installation.c +index 12803d7..370c854 100644 +--- a/lib/flatpak-installation.c ++++ b/lib/flatpak-installation.c +@@ -492,16 +492,18 @@ flatpak_installation_get_storage_type (FlatpakInstallation *self) + } + + /** +- * flatpak_installation_launch: ++ * flatpak_installation_launch_with_args: + * @self: a #FlatpakInstallation + * @name: name of the app to launch + * @arch: (nullable): which architecture to launch (default: current architecture) + * @branch: (nullable): which branch of the application (default: "master") + * @commit: (nullable): the commit of @branch to launch ++ * @argc: number of command line arguments to pass to the application ++ * @argv: (nullable): command line arguments to pass to the application + * @cancellable: (nullable): a #GCancellable + * @error: return location for a #GError + * +- * Launch an installed application. ++ * Launch an installed application with the given arguments. + * + * You can use flatpak_installation_get_installed_ref() or + * flatpak_installation_get_current_installed_app() to find out what builds +@@ -510,13 +512,15 @@ flatpak_installation_get_storage_type (FlatpakInstallation *self) + * Returns: %TRUE, unless an error occurred + */ + gboolean +-flatpak_installation_launch (FlatpakInstallation *self, +- const char *name, +- const char *arch, +- const char *branch, +- const char *commit, +- GCancellable *cancellable, +- GError **error) ++flatpak_installation_launch_with_args (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ int argc, ++ char *argv[], ++ GCancellable *cancellable, ++ GError **error) + { + g_autoptr(FlatpakDir) dir = flatpak_installation_get_dir (self); + g_autofree char *app_ref = NULL; +@@ -539,11 +543,45 @@ flatpak_installation_launch (FlatpakInstallation *self, + NULL, + FLATPAK_RUN_FLAG_BACKGROUND, + NULL, +- NULL, 0, ++ argv, argc, + cancellable, error); + } + + ++/** ++ * flatpak_installation_launch: ++ * @self: a #FlatpakInstallation ++ * @name: name of the app to launch ++ * @arch: (nullable): which architecture to launch (default: current architecture) ++ * @branch: (nullable): which branch of the application (default: "master") ++ * @commit: (nullable): the commit of @branch to launch ++ * @cancellable: (nullable): a #GCancellable ++ * @error: return location for a #GError ++ * ++ * Launch an installed application. ++ * ++ * You can use flatpak_installation_get_installed_ref() or ++ * flatpak_installation_get_current_installed_app() to find out what builds ++ * are available, in order to get a value for @commit. ++ * ++ * Returns: %TRUE, unless an error occurred ++ */ ++gboolean ++flatpak_installation_launch (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ return flatpak_installation_launch_with_args(self, name, ++ arch, branch, commit, ++ 0, NULL, ++ cancellable, error); ++} ++ ++ + static FlatpakInstalledRef * + get_ref (FlatpakDir *dir, + const char *full_ref, +diff --git a/lib/flatpak-installation.h b/lib/flatpak-installation.h +index 089d510..c5d352b 100644 +--- a/lib/flatpak-installation.h ++++ b/lib/flatpak-installation.h +@@ -148,6 +148,15 @@ FLATPAK_EXTERN gboolean flatpak_installation_launch (FlatpakInstalla + const char *commit, + GCancellable *cancellable, + GError **error); ++FLATPAK_EXTERN gboolean flatpak_installation_launch_with_args (FlatpakInstallation *self, ++ const char *name, ++ const char *arch, ++ const char *branch, ++ const char *commit, ++ int argc, ++ char *argv[], ++ GCancellable *cancellable, ++ GError **error); + FLATPAK_EXTERN GFileMonitor *flatpak_installation_create_monitor (FlatpakInstallation *self, + GCancellable *cancellable, + GError **error); +-- +2.7.4 + diff --git a/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb b/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb new file mode 100644 index 0000000000..6ecbe5f42a --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak/flatpak_git.bb @@ -0,0 +1,85 @@ +DESCRIPTION = "Versioned Application/Runtime Respository." +HOMEPAGE = "http://flatpak.org" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI = " \ + gitsm://git@github.com/flatpak/flatpak;protocol=https \ + file://0001-autogen.sh-fall-back-to-no-gtkdocize-if-it-is-there-.patch \ + file://0002-common-Allow-command-to-include-command-line-options.patch \ + file://0003-lib-Allow-passing-command-line-argument-through-laun.patch \ +" + +SRCREV = "1a49029f9d8fbee0338665522cf7432ae7485841" + +PV = "0.9.3+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit autotools pkgconfig gettext requires-systemd gobject-introspection + +DEPENDS = " \ + glib-2.0 json-glib libsoup-2.4 libarchive elfutils fuse \ + ostree libassuan libgpg-error bubblewrap systemd \ +" + +DEPENDS_class-native = " \ + glib-2.0-native libsoup-2.4-native json-glib-native libarchive-native \ + elfutils-native fuse-native ostree-native \ + libassuan-native libgpg-error-native bubblewrap-native \ +" + +RDEPENDS_${PN}_class-target = " \ + bubblewrap \ + ca-certificates \ +" + +AUTO_LIBNAME_PKGS = "" + +# package configuration +PACKAGECONFIG ?= "" + +PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,seccomp" +PACKAGECONFIG[x11] = "--enable-xauth,--disable-xauth,x11" +PACKAGECONFIG[system-helper] = "--enable-system-helper,--disable-system-helper,poklit" + +EXTRA_OECONF += " \ + --disable-docbook-docs \ + --disable-gtk-doc-html \ + --disable-documentation \ + --with-systemdsystemunitdir=${systemd_unitdir}/system \ +" + +# package content +PACKAGES =+ " \ + ${PN}-build \ + ${PN}-bash-completion \ + ${PN}-gdm \ +" + +FILES_${PN} += " \ + ${libdir}/systemd/user/*.service \ + ${libdir}/systemd/user/dbus.service.d/*.conf \ + ${libdir}/girepository-1.0 \ + ${datadir}/gir-1.0 \ + ${datadir}/dbus-1/services/*.service \ + ${datadir}/dbus-1/interfaces/*.xml \ +" + +FILES_${PN}-build = "${bindir}/flatpak-builder" + +FILES_${PN}-bash-completion = " \ + ${sysconfdir}/profile.d/flatpak.sh \ + ${datadir}/bash-completion/completions/flatpak \ +" + +FILES_${PN}-gdm = " \ + ${datadir}/gdm/env.d/flatpak.env \ +" + +do_configure_prepend() { + cd ${S} + NOCONFIGURE=1 ./autogen.sh + cd - +} + +BBCLASSEXTEND = "native" diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index 9ee534fdb5..c5518855b6 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -109,7 +109,8 @@ fcl@ros-layer file@core findutils@core fixesproto@core -flac@core +flatpak@flatpak-layer +flatpak-image-runtime@flatpak-layer flex@core font-util@core fontconfig@core @@ -188,6 +189,7 @@ iptables@core iputils@core iso-codes@core json-c@core +json-glib@core kbd@core kbproto@core kdl-conversions@ros-layer From 44eb61cb638ec6e32c6f4eadf1827b9621e999ac Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 19:49:41 +0300 Subject: [PATCH 18/29] packagegroups: added flatpak packagegroup. Added basic flatpak packagegroup. Only pulls in flatpak with its dependencies. We'll add another dedicated one (probably along with a dedicated DISTRO_FEATURE) for flatpak-session. Signed-off-by: Krisztian Litkey --- .../recipes-core/packagegroups/packagegroup-flatpak.bb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb diff --git a/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb b/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb new file mode 100644 index 0000000000..abe86784c3 --- /dev/null +++ b/meta-flatpak/recipes-core/packagegroups/packagegroup-flatpak.bb @@ -0,0 +1,9 @@ +SUMMARY = "IoT Reference OS Kit Basic Flatpak Support" +LICENSE = "MIT" + +inherit packagegroup + +RDEPENDS_${PN} = "\ + flatpak \ + flatpak-image-runtime \ +" From fc8f2f22d090f140041da2b14cd0ef95b528c8d0 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 13 Jun 2017 14:19:55 +0300 Subject: [PATCH 19/29] flatpak-image-runtime.bb: added recipes for fake runtime. Added a recipe for flatpak-image-runtime, a simple systemd service which emulates a flatpak runtime for the currently running image using a bunch of read-only bind mounts. Also declared the recipe as a supported one. Signed-off-by: Krisztian Litkey --- .../flatpak-image-runtime_git.bb | 43 +++++++++++++++++++ .../include/refkit-supported-recipes.txt | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb diff --git a/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb b/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb new file mode 100644 index 0000000000..adc9e63ef5 --- /dev/null +++ b/meta-flatpak/recipes-flatpak/flatpak-image-runtime/flatpak-image-runtime_git.bb @@ -0,0 +1,43 @@ +SUMMARY = "A systemd service to set up a fake flatpak runtime for the image." +DESCRIPTION = "This package provides a systemd service that fakes a flatpak \ +runtime for the currently running image, using read-only bind mounts." +HOMEPAGE = "https://github.com/klihub/flatpak-image-runtime" +SECTION = "misc" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE-BSD;md5=f9f435c1bd3a753365e799edf375fc42" + +SRC_URI = " \ + git://git@github.com/klihub/flatpak-image-runtime.git;protocol=http;branch=master \ +" + +SRCREV = "d4cc5bbbe8be1a1cef4eecb1df656e60d8ad18de" + +DEPENDS = "systemd" + +inherit autotools pkgconfig requires-systemd flatpak-config + +S = "${WORKDIR}/git" + +FILES_${PN} = " \ + ${datadir}/flatpak-image-runtime \ + ${systemd_unitdir}/system/flatpak-image-runtime.service \ +" + +SYSTEMD_SERVICE_${PN} = " \ + flatpak-image-runtime.service \ +" + +EXTRA_OECONF += " \ + --with-systemdunitdir=${systemd_unitdir} \ + --with-domain=${FLATPAK_DOMAIN} \ + --with-arch=${FLATPAK_ARCH} \ + --with-branch=${FLATPAK_BRANCH} \ +" + +do_configure_prepend () { + cd ${S} + NOCONFIGURE=1 ./bootstrap + cd - +} + diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index c5518855b6..04723ba493 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -109,6 +109,7 @@ fcl@ros-layer file@core findutils@core fixesproto@core +flac@core flatpak@flatpak-layer flatpak-image-runtime@flatpak-layer flex@core From 3c46fba289fd2b616aaa4cf3f64728eb699f280f Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Thu, 8 Jun 2017 20:32:22 +0300 Subject: [PATCH 20/29] gnupg1: added native-only gnupg1 for key generation/repo signing. Added a native-only recipe for gnupg1. We'll use this to generate keys and sign (ostree) repository commits during bitbake/image building in connection with ostree and flatpak repositories. While gnupg2 can be beaten to working obedience with hacks, it is somewhat of a PITA to use both in non-interactive batch mode and in the Yocto relocated native environment. Instead of dealing with those problems we generate/import signing keys and sign repository commits using gnupg1, and check signatures on client devices using gnupg2. The 'native-only' aspect is currently implemented by a prepended class-target configure scriptlet which bails out with an error status. If necessary this can be changed and the recipe easily converted to a genuine native-only recipe. Signed-off-by: Krisztian Litkey --- .../recipes-support/gnupg1/gnupg1_1.4.21.bb | 111 ++++++++++++++++++ .../include/refkit-supported-recipes.txt | 1 + 2 files changed, 112 insertions(+) create mode 100644 meta-flatpak/recipes-support/gnupg1/gnupg1_1.4.21.bb diff --git a/meta-flatpak/recipes-support/gnupg1/gnupg1_1.4.21.bb b/meta-flatpak/recipes-support/gnupg1/gnupg1_1.4.21.bb new file mode 100644 index 0000000000..a995c32003 --- /dev/null +++ b/meta-flatpak/recipes-support/gnupg1/gnupg1_1.4.21.bb @@ -0,0 +1,111 @@ +SUMMARY = "GNU Privacy Guard - encryption and signing tools" +HOMEPAGE = "http://www.gnupg.org/" +DEPENDS = "zlib bzip2 readline" +SECTION = "console/utils" + +LICENSE = "GPLv3" + +LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949" + +PR = "r9" + +SRC_URI = "${GNUPG_MIRROR}/gnupg/gnupg-${PV}.tar.bz2" + +SRC_URI[md5sum] = "9bdeabf3c0f87ff21cb3f9216efdd01d" +SRC_URI[sha256sum] = "6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276" + +inherit autotools gettext texinfo + +S = "${WORKDIR}/gnupg-${PV}" + +# --with-egd-socket=NAME use NAME for the EGD socket +# --with-photo-viewer=FIXED_VIEWER set a fixed photo ID viewer +# --with-included-zlib use the zlib code included here +# --with-capabilities use linux capabilities default=no +# --with-mailprog=NAME use "NAME -t" for mail transport +# --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib +# --without-libiconv-prefix don't search for libiconv in includedir and libdir +# --with-included-gettext use the GNU gettext library included here +# --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib +# --without-libintl-prefix don't search for libintl in includedir and libdir +# --without-readline do not support fancy command line editing +# --with-included-regex use the included GNU regex library +# --with-zlib=DIR use libz in DIR +# --with-bzip2=DIR look for bzip2 in DIR +# --enable-static-rnd=egd|unix|linux|auto +# --disable-dev-random disable the use of dev random +# --disable-asm do not use assembler modules +# --enable-m-guard enable memory guard facility +# --enable-selinux-support +# enable SELinux support +# --disable-card-support disable OpenPGP card support +# --disable-gnupg-iconv disable the new iconv code +# --enable-backsigs enable the experimental backsigs code +# --enable-minimal build the smallest gpg binary possible +# --disable-rsa disable the RSA public key algorithm +# --disable-idea disable the IDEA cipher +# --disable-cast5 disable the CAST5 cipher +# --disable-blowfish disable the BLOWFISH cipher +# --disable-aes disable the AES, AES192, and AES256 ciphers +# --disable-twofish disable the TWOFISH cipher +# --disable-sha256 disable the SHA-256 digest +# --disable-sha512 disable the SHA-384 and SHA-512 digests +# --disable-bzip2 disable the BZIP2 compression algorithm +# --disable-exec disable all external program execution +# --disable-photo-viewers disable photo ID viewers +# --disable-keyserver-helpers disable all external keyserver support +# --disable-ldap disable LDAP keyserver interface +# --disable-hkp disable HKP keyserver interface +# --disable-http disable HTTP key fetching interface +# --disable-finger disable Finger key fetching interface +# --disable-mailto disable email keyserver interface +# --disable-keyserver-path disable the exec-path option for keyserver helpers +# --enable-key-cache=SIZE Set key cache to SIZE (default 4096) +# --disable-largefile omit support for large files +# --disable-dns-srv disable the use of DNS SRV in HKP and HTTP +# --disable-nls do not use Native Language Support +# --disable-regex do not handle regular expressions in trust sigs + +EXTRA_OECONF = "--disable-ldap \ + --with-zlib=${STAGING_LIBDIR}/.. \ + --with-bzip2=${STAGING_LIBDIR}/.. \ + --disable-selinux-support \ + --without-readline \ + ac_cv_sys_symbol_underscore=no \ + " + +do_configure_prepend_class-target() { + echo "ERROR: ##################################################" + echo "ERROR: This recipe is meant for class-native usage only" + echo "ERROR: to help key generation and signing." + echo "ERROR: Do not build a class target version of this." + echo "ERROR: Use gnupg version 2.x instead." + echo "ERROR: ##################################################" + exit 1 +} + + +do_configure_prepend () { + CFLAGS="$CFLAGS -fgnu89-inline" +} + +do_install () { + autotools_do_install + install -d ${D}${docdir}/${BPN} + mv ${D}${datadir}/gnupg/* ${D}/${docdir}/gnupg/ || : + mv ${D}${prefix}/doc/* ${D}/${docdir}/gnupg/ || : +} + +# split out gpgv from main package +RDEPENDS_${PN}_class-target = "gpgv" +PACKAGES =+ "gpgv" +FILES_gpgv = "${bindir}/gpgv" + +# Exclude debug files from the main packages +FILES_${PN} = "${bindir}/* ${datadir}/gnupg ${libexecdir}/gnupg/*" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[curl] = "--with-libcurl=${STAGING_LIBDIR},--without-libcurl,curl" +PACKAGECONFIG[libusb] = "--with-libusb=${STAGING_LIBDIR},--without-libusb,libusb-compat" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt index 04723ba493..cfccd4900f 100644 --- a/meta-refkit/conf/distro/include/refkit-supported-recipes.txt +++ b/meta-refkit/conf/distro/include/refkit-supported-recipes.txt @@ -146,6 +146,7 @@ gnome-desktop-testing@core gnu-config@core gnu-efi@core gnupg@core +gnupg1@refkit-core gnutls@core gobject-introspection@core gpgme@core From d10611ed143cfb762d7757bcea115dd1fdb49dc1 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 17:44:02 +0300 Subject: [PATCH 21/29] scripts: added gpg-keygen.sh. Added a script for generating GPG keys, primarily intended for generating signing keys for ostree/flatpak repositories. Signed-off-by: Krisztian Litkey --- meta-flatpak/scripts/gpg-keygen.sh | 274 +++++++++++++++++++++++++++++ 1 file changed, 274 insertions(+) create mode 100755 meta-flatpak/scripts/gpg-keygen.sh diff --git a/meta-flatpak/scripts/gpg-keygen.sh b/meta-flatpak/scripts/gpg-keygen.sh new file mode 100755 index 0000000000..1b22d2e029 --- /dev/null +++ b/meta-flatpak/scripts/gpg-keygen.sh @@ -0,0 +1,274 @@ +#!/bin/bash + +# Print an informational message (currently unfiltered). +msg () { + echo "$*" +} + +# Print a fatal error message and exit. +fatal () { + echo "fatal error: $*" 2>1 + exit 1 +} + +# Print help on usage. +print_usage () { + if [ -n "$*" ]; then + echo "$*" + fi + + echo "usage: $0 -c config | -o output [ options ]" + echo "" + echo "Generate GPG signing keyring for our flatpak/OSTree repository and" + echo "export the generated public and secret keys from the keyring." + echo "" + echo "The possible options are:" + echo " --home GPG home directory for the keyring" + echo " --id key ID to check/generate" + echo " --pub public key file to produce/import" + echo " --sec secret key file to produce/import" + echo " --config use provided config, ignore other options" + echo " --type key type to generate" + echo " --length key length to use" + echo " --subkey-type subkey type to generate" + echo " --subkey-length subkey length to use" + echo " --name real name associated with the generated key" + echo " --gpg2 import keys to GPG2 keyring as well" + echo " --help show this help" + + if [ -n "$*" ]; then + exit 1 + else + exit 0 + fi +} + +# Parse the command line. +parse_command_line () { + while [ -n "$1" ]; do + case $1 in + --home|-H) + GPG_HOME="$2" + shift 2 + ;; + --id) + GPG_ID="$2" + shift 2 + ;; + --pub) + GPG_PUB="$2" + shift 2 + ;; + --sec) + GPG_SEC="$2" + shift 2 + ;; + --type|-T) + GPG_TYPE="$2" + shift 2 + ;; + --length|-L) + GPG_LENGTH="$2" + shift 2 + ;; + --subkey-type|-t) + GPG_SUBTYPE="$2" + shift 2 + ;; + --subkey-length|-l) + GPG_SUBLENGTH="$2" + shift 2 + ;; + --name|-n) + GPG_NAME="$2" + shift 2; + ;; + --config|-c) + GPG_CONFIG="$2" + shift 2 + ;; + --gpg2|-2) + GPG2_IMPORT="yes" + ;; + --help|-h) + print_usage + ;; + *) + print_usage "Invalid options/argument $1" + ;; + esac + done + + if [ -z "$GPG_HOME" ]; then + GPG_HOME="~/.gnupg" + fi + + if [ -z "$GPG_ID" ]; then + fatal "missing key ID (--id)" + fi + + if [ -z "$GPG_PUB" ]; then + GPG_PUB="$GPG_HOME/$GPG_ID.pub" + fi + + if [ -z "$GPG_SEC" ]; then + GPG_SEC="$GPG_HOME/$GPG_ID.sec" + fi + + if [ -z "$GPG_NAME" ]; then + GPG_NAME="Signing Key" + fi + + msg "GPG key generation configuration:" + msg " home: $GPG_HOME" + msg " key ID: $GPG_ID" + msg " public key: $GPG_PUB" + msg " public key: $GPG_SEC" + msg " name: $GPG_NAME" +} + +# Check and create GPG home directory if necessary. +gpg1_chkhome () +{ + if [ ! -d $GPG_HOME ]; then + mkdir -p $GPG_HOME + chmod og-rwx $GPG_HOME + else + chmod og-rwx $GPG_HOME + fi +} + +# Check if the requested keys are already in the keyring. +gpg1_chkkeyrings () +{ + if $GPG1 --list-keys | grep -q -e "<$GPG_ID>" && \ + $GPG1 --list-secret-keys | grep -q -e "<$GPG_ID>"; then + return 0 + else + return 1 + fi +} + +# Check if the requested keys already exist. +gpg1_chkkeys () +{ + if [ ! -e $GPG_PUB -o ! -e $GPG_SEC ]; then + msg "* Key files $GPG_PUB/$GPG_SEC not found..." + rm -f $GPG_PUB $GPG_SEC + if gpg1_chkkeyrings; then + msg "* Keys ($GPG_ID) already in keyrings, exporting..." + $GPG1 --export --output $GPG_PUB $GPG_ID + $GPG1 --export-secret-keys --output $GPG_SEC $GPG_ID + else + return 1 + fi + else + if ! gpg1_chkkeyrings; then + msg "* Importing keys $GPG_SEC, $GPG_PUB..." + $GPG1 --import $GPG_PUB + $GPG1 --import $GPG_SEC + fi + fi +} + +# Generate GPG --batch mode key generation configuration file (unless given). +gpg1_mkconfig () { + if [ -n "$GPG_CONFIG" ]; then + if [ ! -f "$GPG_CONFIG" ]; then + fatal "Missing GPG key configuration $GPG_CONFIG." + fi + msg "* Using provided GPG key configuration: $GPG_CONFIG" + else + GPG_CONFIG="$GPG_HOME/$GPG_ID.cfg" + + msg "* Generating GPG key configuration $GPG_CONFIG..." + + (echo "%echo Generating GPG signing keys ($GPG_PUB, $GPG_SEC)..." + echo "Key-Type: $GPG_TYPE" + echo "Key-Length: $GPG_LENGTH" + echo "Subkey-Type: $GPG_SUBTYPE" + echo "Subkey-Length: $GPG_SUBLENGTH" + echo "Name-Real: $GPG_NAME" + echo "Name-Email: $GPG_ID" + echo "Expire-Date: 0" + echo "%pubring $GPG_PUB" + echo "%secring $GPG_SEC" + echo "%commit" + echo "%echo done") > $GPG_CONFIG + fi +} + +# Generate GPG1 keys and keyring. +gpg1_genkeys () { + msg "* Generating GPG1 keys and keyring..." + + $GPG1 --batch --gen-key $GPG_CONFIG + $GPG1 --import $GPG_SEC + $GPG1 --import $GPG_PUB +} + +# Mark all keys trusted in our keyring. +gpg1_trustkeys () { + local _trustdb=$GPG_HOME/gpg.trustdb _fp + + # + # This is a bit iffy... we misuse a supposedly private + # GPG API (the trust DB format). + # + + msg "* Marking keys trusted in keyring..." + + $GPG1 --export-ownertrust > $_trustdb + + # Note: we might end up with duplicates but that's ok... + for _fp in $($GPG1 --fingerprint | \ + grep " fingerprint = " | sed 's/^.* = //g;s/ //g'); do + echo $_fp:6: >> $_trustdb + done + + $GPG1 --import-ownertrust < $_trustdb + rm -f $_trustdb +} + +# Import keys to GPG2 keyring. +gpg2_import () { + if [ "$GPG2_IMPORT" = "yes" ]; then + msg "* Importing keys to GPG2 keyring..." + $GPG1 --export-secret-keys | $GPG2 --import + else + msg "* GPG2 import not requested, skipping..." + fi +} + + +######################### +# main script + +GPG_HOME="" +GPG_ID="" +GPG_PUB="" +GPG_SEC="" +GPG_TYPE="DSA" +GPG_LENGTH="2048" +GPG_SUBTYPE="ELG-E" +GPG_SUBLENGTH="2048" +GPG_NAME="" +GPG_CONFIG="" +GPG2_IMPORT="" + +parse_command_line $* + +set -e + +GPG1="gpg --homedir=$GPG_HOME" +GPG2="gpg2 --homedir=$GPG_HOME" + +gpg1_chkhome + +if ! gpg1_chkkeys; then + gpg1_mkconfig + gpg1_genkeys + gpg1_trustkeys +fi + +gpg2_import From 2d971288ec6c48eb4411acef07a82f728d554b0f Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Mon, 12 Jun 2017 19:30:25 +0300 Subject: [PATCH 22/29] refkit-signing-keys.bbclass: added class for key generation/import. Added a class for generating or importing signing keys using GPG. Currently we use this to generate signing keys for flatpak ostree repositories. Signed-off-by: Krisztian Litkey --- .../classes/refkit-signing-keys.bbclass | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 meta-flatpak/classes/refkit-signing-keys.bbclass diff --git a/meta-flatpak/classes/refkit-signing-keys.bbclass b/meta-flatpak/classes/refkit-signing-keys.bbclass new file mode 100644 index 0000000000..b795407f4c --- /dev/null +++ b/meta-flatpak/classes/refkit-signing-keys.bbclass @@ -0,0 +1,84 @@ +# +# This class can be used to generate (or import) a set of signing keys, +# for whatever purpose the build might need those. Once such purpose is +# the signing of base OS and flatpak ostree repositories. +# +# To make sure all the necessary keys get generated list them in your +# local.conf (or some other global configuration file) by setting +# REFKIT_SIGNING_KEYS to necessary key IDs. + +# Signing keys to generate, a list of key IDs. +REFKIT_SIGNING_KEYS ?= "" + +# This is where we put our GPG homedir, export keys to, etc. +REFKIT_SIGNING_GPGDIR ?= "${DEPLOY_DIR}/gnupg" + +# How long we let two parallel key generation tasks clash. +REFKIT_SIGNING_TIMEOUT ?= "60" + +# task to generate/check all requested signing keys +fakeroot do_generate_signing_keys () { + # Bail out early if we have no keys to generate. + if [ -z "${REFKIT_SIGNING_KEYS}" -o -z "${REFKIT_SIGNING_GPGDIR}" ]; then + echo "No GPG key IDs or directory set, nothing to do..." + return 0 + fi + + # When building several images in parallel (e.g. in CI), we have to + # make sure we don't let two tasks start generating the same signing + # key into the keyring. While GPG itself seems to semi-gracefully + # survive a keyring with duplicate key ids, gpgme (or maybe just ostree, + # I did not bother checking it) segfaults in such a case. + # Therefore, we have this unholy kludge where we use mkdir(2) as a + # lock, and let the task getting there first do the deed, while the + # second one just waits for the first to finish (and consequently causes + # its own dependent tasks to properly wait for the keys to get generated). + # Yuck... + + dir="${REFKIT_SIGNING_GPGDIR}" + mkdir -p "${dir%/*}" + mkdir "${dir}.lock" || { # Forgive me Thompson&Dijkstra, for I have sinned... + slept=0 + for id in ${REFKIT_SIGNING_KEYS}; do + while [ $slept -lt ${REFKIT_SIGNING_TIMEOUT} ]; do + if [ ! -e ${dir}/$id.sec ]; then + echo "Waiting for generation of signing key $id..." + sleep 1 + let slept=$slept+1 + else + echo "Got signing key $id..." + break + fi + done + done + if [ $slept -ge ${REFKIT_SIGNING_TIMEOUT} ]; then + echo "Signing key generation timed out..." + return 1 + else + return 0 + fi + } + + dir="${REFKIT_SIGNING_GPGDIR}" + for id in ${REFKIT_SIGNING_KEYS}; do + pubkey="$dir/$id.pub" + seckey="$dir/$id.sec" + + # Generate repository signing GPG keys, if we don't have them yet. + echo "Generating/checking signing key $id..." + + ${FLATPAKBASE}/scripts/gpg-keygen.sh \ + --home $dir \ + --id $id \ + --pub $pubkey \ + --sec $seckey + done + + rmdir "${dir}.lock" +} + +do_generate_signing_keys[depends] += " \ + gnupg1-native:do_populate_sysroot \ +" + +addtask generate_signing_keys before do_rootfs From c7aa793f787ace01667d89c27e185c98c02b9d3c Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 6 Jun 2017 17:47:06 +0300 Subject: [PATCH 23/29] scripts: added script for generating a flatpak repostory. Added a workhorse script for generating/populating a primary flatpak repository for an image. The script can also replicate this repository to another archive-z2 repository which can then be exposed over HTTP for consumption by flatpak clients. This will be necessary for building flatpaks for/against a flatpak-enabled refkit image. Signed-off-by: Krisztian Litkey --- meta-flatpak/scripts/flatpak-populate-repo.sh | 377 ++++++++++++++++++ 1 file changed, 377 insertions(+) create mode 100755 meta-flatpak/scripts/flatpak-populate-repo.sh diff --git a/meta-flatpak/scripts/flatpak-populate-repo.sh b/meta-flatpak/scripts/flatpak-populate-repo.sh new file mode 100755 index 0000000000..92282b2747 --- /dev/null +++ b/meta-flatpak/scripts/flatpak-populate-repo.sh @@ -0,0 +1,377 @@ +#!/bin/bash + + +# Print an informational message an exit (currently unconditionally). +msg () { + echo "$*" +} + +# Print a fatal error message and exit. +fatal () { + echo "fatal error: $*" + exit 1 +} + +# Print help on usage. +print_usage () { + if [ -n "$*" ]; then + echo "$*" + fi + + echo "usage: $0 [options]" + echo "" + echo "Take a runtime or SDK image sysroot directory and commit it into a" + echo "flatpak/OSTree repository. If the repository does not exist by" + echo "default it is created in archive-z2 mode. Such a repository is" + echo "suitable to be exported over HTTP/HTTPS for flatpak clients to fetch" + echo "fetch runtime/SDK images and flatpak application from." + echo "archive-z2 format, suitable to be exported over HTTP for clients to" + echo "fetch data from." + echo "" + echo "The other possible options are:" + echo " --repo-path path to flatpak repository to populate" + echo " --repo-mode repository mode [bare-user]" + echo " --repo-export export the image also to archive-z2 " + echo " --gpg-home GPG home directory for keyring" + echo " --gpg-id GPG key id to use for signing" + echo " --branches branches to commit/export to repository" + echo " --machine full MACHINE" + echo " --image-sysroot image sysroot directory" + echo " --tmpdir temporary directory to use" + echo " --subject commit subject message" + echo " --body commit body message" + echo " --image-libs provided image library file" + echo " --help print this help and exit" + + if [ -n "$*" ]; then + exit 1 + else + exit 0 + fi +} + +# Parse the command line. +parse_command_line () { + while [ -n "$1" ]; do + case $1 in + --repo-path|--repo|-r) + REPO_PATH=$2 + shift 2 + ;; + --repo-mode) + REPO_MODE=$2 + shift 2 + ;; + + --repo-export|--export|-e) + REPO_EXPORT=$2 + shift 2 + ;; + + --gpg-home|--gpg-homedir) + GPG_HOME=$2 + shift 2 + ;; + + --gpg-id) + GPG_ID=$2 + shift 2 + ;; + + --branches) + REPO_BRANCHES="$2" + shift 2 + ;; + + --machine) + MACHINE="$2" + shift 2 + ;; + + --image-sysroot|--image) + IMAGE_SYSROOT=$2 + shift 2 + ;; + + --tmp-dir|--tmp) + TMPDIR=$2 + shift 2 + ;; + + --subject) + COMMIT_SUBJECT="$2" + shift 2 + ;; + + --body) + COMMIT_BODY="$2" + shift 2 + ;; + + --image-libs|--libs) + LIBRARIES=$2 + shift 2 + ;; + + --help|-h) + print_usage + exit 0 + ;; + + *) + print_usage "Unknown command line option/argument $1." + ;; + esac + done + + if [ -z "$REPO_PATH" ]; then + print_usage "missing repository path (--repo-path)" + fi + + if [ ! -e "$REPO_PATH" -a -z "$IMAGE_SYSROOT" ]; then + print_usage "missing image sysroot (--image-sysroot)" + fi + + if [ ! -d $REPO_PATH -a -z "$REPO_BRANCHES" ]; then + print_usage "missing branches (--branches)" + fi + + if [ -z "$TMPDIR" ]; then + TMPDIR="$IMAGE_SYSROOT.flatpak-tmp.$$" + else + TMPDIR="$TMPDIR/flatpak-tmp.$$" + fi + + FLATPAK_SYSROOT=$TMPDIR/flatpak-sysroot + METADATA=$FLATPAK_SYSROOT/metadata +} + +# Create image metadata file for the repository. +metadata_generate () { + local _platform _sdk _name + local _sdk + + msg "* Generating metadata file ($METADATA)..." + + _platform="${REPO_BRANCHES%%,*}" + _platform="${_platform#runtime/}" + _sdk="${_platform/BasePlatform/BaseSdk}" + _name="${_platform%%/*}" + + (echo "[Runtime]" + echo "name=$_name" + echo "runtime=$_platform" + echo "sdk=$_sdk") > $METADATA +} + +# Populate temporary sysroot with flatpak-translated path names. +sysroot_populate () { + msg "* Creating flatpak sysroot ($FLATPAK_SYSROOT) from $IMAGE_SYSROOT..." + + mkdir -p $FLATPAK_SYSROOT + bsdtar -C $IMAGE_SYSROOT -cf - ./usr ./etc | \ + bsdtar -C $FLATPAK_SYSROOT \ + -s ":^./usr:./files:S" \ + -s ":^./etc:./files/etc:S" \ + -xvf - +} + +# Clean up temporary sysroot. +sysroot_cleanup () { + msg "* Cleaning up $TMPDIR, $FLATPAK_SYSROOT..." + rm -rf $TMPDIR +} + +# Initialize flatpak/OSTree repository, if necessary. +repo_create () { + local _path="$1" + local _mode="${2:-bare-user}" + + if [ -d $_path ]; then + if [ -f $_path/config -a grep -q $_mode $_path/config ]; then + msg "* Using existing $_mode repository $_path..." + return 0 + fi + + fatal "Existing repository $_path is not a $_mode repo." + fi + + msg "* Creating $_mode repository $_path..." + + mkdir -p $_path + ostree --repo=$_path init --mode=$_mode +} + +# Populate the repository. +repo_populate () { + local _b _ref _content + + # OSTree can't handle files with no read permission + msg "* Fixup permissions for OSTree..." + find $FLATPAK_SYSROOT -type f -exec chmod u+r {} \; + + IMAGE_VERSION=$(cat $IMAGE_SYSROOT/etc/version) + if [ -z "$COMMIT_SUBJECT" ]; then + COMMIT_SUBJECT="Commit of image $IMAGE_VERSION." + fi + + #IMAGE_BUILD="$(cat $IMAGE_SYSROOT/etc/build)" + if [ -z "$COMMIT_BODY" ]; then + COMMIT_BODY="Commit of image $IMAGE_VERSION." + fi + + _ref="" + for _b in ${REPO_BRANCHES//,/ }; do + if [ -z "$_ref" ]; then + msg "* Committing base/canonical branch $_b..." + _content="$FLATPAK_SYSROOT" + _ref=$_b + else + msg "* Committing additional branch $_b..." + _content="--tree=ref=$_ref" + fi + + ostree --repo=$REPO_PATH commit \ + $GPG_SIGN \ + --owner-uid=0 --owner-gid=0 --no-xattrs \ + --subject "$COMMIT_SUBJECT" \ + --body "$COMMIT_BODY" \ + --branch=$_b $_content + + msg "* Updating repository summary..." + ostree --repo=$REPO_PATH summary -u $GPG_SIGN + done +} + +# Mirror the branch we created to our export repository. +repo_export () { + local _from="$1" + local _to="${2:-$_from.archive-z2}" + local _ref + + for _ref in $(ostree --repo=$_from refs); do + msg "* Exporting branch $_ref to $_to..." + ostree --repo=$_to pull-local $_from $_ref + ostree --repo=$_to summary -u $GPG_SIGN + done + + repo_apache_config $_to +} + +# Generate and HTTP configuration fragment for the exported repository. +repo_apache_config () { + local _path=$1 + local _alias + + cd $_path && _path=$(pwd) && cd - >& /dev/null + if [ -n "${MACHINE}" ]; then + _alias="/flatpak/${MACHINE}/" + else + _alias="/flatpak/" + fi + + msg "* Generating apache2 config fragment for $_path..." + (echo "Alias \"$_alias\" \"$_path/\"" + echo "" + echo "" + echo " Options Indexes FollowSymLinks" + echo " Require all granted" + echo "") > $_path.http.conf +} + +# Generate list of libraries provided by the image. +generate_lib_list () { + [ -z "$LIBRARIES" ] && return 0 + + msg "* Generating list of provided libraries..." + (cd $IMAGE_SYSROOT; find . -type f -name lib\*.so.\*) | \ + sed 's#^\./#/#g' > $LIBRARIES +} + +# Fixup gpg2 relocation related overall crapness. +gpg2_kludgeup () { + local _expected _real + + if [ -z "$GPG_HOME" ]; then + return 0 + fi + + _expected=$(gpgconf | grep ^gpg: | cut -d ':' -f 3) + _real=$(which gpg2) + + if [ -n "$_expected" -a -n "$_real" -a "$_expected" != "$_real" ]; then + msg "Temporarily symlinking gpg2 binary to expected location..." + ln -s $_real $_expected + fi +} + +# Undo gpg2 relocation kludge +gpg2_cleanup () { + local _expected _real + + if [ -z "$GPG_HOME" ]; then + return 0 + fi + + _expected=$(gpgconf | grep ^gpg: | cut -d ':' -f 3) + _real=$(which gpg2) + + if [ -n "$_expected" -a -n "$_real" -a "$_expected" != "$_real" ]; then + msg "* Removing gpg2 kludge symlink..." + rm -f $_expected + fi +} + +######################### +# main script + +REPO_PATH="" +REPO_MODE="" +REPO_EXPORT="" +IMAGE_SYSROOT="" +TMPDIR="" +REPO_BRANCHES="" +GPG_HOME="" +GPG_ID="" + +parse_command_line $* + +msg "Flatpak repository population/exporting:" +msg " image repo: $REPO_PATH" +msg " image sysroot: ${IMAGE_SYSROOT:-none}" +msg " temporary dir: $TMPDIR" +msg " library list: $LIBRARIES" +msg " export repo: $REPO_EXPORT" +msg " branches: ${REPO_BRANCHES//,/ }" +msg " commit subject: $COMMIT_SUBJECT" +msg " commit body: $COMMIT_BODY" +msg " GPG home: ${GPG_HOME:-none}" +msg " GPG signing id: ${GPG_ID:-none}" + +set -e + +if [ -n "$GPG_ID" ]; then + GPG_SIGN="--gpg-homedir=${GPG_HOME:-~/.gnupg} --gpg-sign=$GPG_ID" +else + GPG_SIGN="" +fi + +# gpg2_kludgeup + +if [ ! -e $REPO_PATH ]; then + repo_create $REPO_PATH $REPO_MODE + sysroot_populate + metadata_generate + repo_populate + sysroot_cleanup +fi + +if [ -n "$REPO_EXPORT" ]; then + if [ ! -d $REPO_EXPORT ]; then + repo_create $REPO_EXPORT archive-z2 + fi + + repo_export $REPO_PATH $REPO_EXPORT +fi + +# gpg2_cleanup From 0dc6ec4343d1af2b07c7055b0e62dddd923cac93 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Mon, 12 Jun 2017 23:21:50 +0300 Subject: [PATCH 24/29] flatpak-*.bbclass: added flatpak image and repository support classes. Added three classes for supporting building flatpak-enabled images, and creating/publishing repositories with flatpak platform and SDK runtimes for such images. flatpak-config.bbclass contains the flatpak-related bitbake/configuration variables. It is separated to a class of its own because we'll probably need to inherit it in a recipe which will support pre-populating an image with pre-declared flatpak application repositories. flatpak-image-variants.bbclass declares two image variants: flatpak- runtime and flatpak-sdk. flatpak-runtime is our flatpak-enabled runtime image variant. It is supposed to get flashed to client devices that need flatpak support. flatpak-sdk is a corresponding image which we use to populate a flatpak repository with a flatpak SDK runtime which can then be used to compile/generate flatpaks for the flatpak-runtime variant. flatpak-repository.bbclass takes care of the details of populating and exporting flatpak repositories with images. Signed-off-by: Krisztian Litkey --- meta-flatpak/classes/flatpak-config.bbclass | 65 ++++++++ .../classes/flatpak-image-variants.bbclass | 39 +++++ .../classes/flatpak-repository.bbclass | 139 ++++++++++++++++++ 3 files changed, 243 insertions(+) create mode 100644 meta-flatpak/classes/flatpak-config.bbclass create mode 100644 meta-flatpak/classes/flatpak-image-variants.bbclass create mode 100644 meta-flatpak/classes/flatpak-repository.bbclass diff --git a/meta-flatpak/classes/flatpak-config.bbclass b/meta-flatpak/classes/flatpak-config.bbclass new file mode 100644 index 0000000000..094d76316c --- /dev/null +++ b/meta-flatpak/classes/flatpak-config.bbclass @@ -0,0 +1,65 @@ +# We expect to find our scripts here, in the scripts subdirectory. +FLATPAKBASE = "${FLATPAK_LAYERDIR}" + +# Flatpak image base. We need to use this often in path names to avoid +# conflicts for repos of different ${MACHINES}. Although flatpak uses +# ostree as the backend for its repositories, the runtime branch naming +# conventions for flatpak ostree repositories is strict. Branches names +# must be of the form +# +# runtime/ID/ARCH/VERSION +# +# Any other branches are silently ignored by flatpak. Therefore we cannot +# easily reuse (primary) repositories across multiple ${MACHINES} wihtout +# running into branch-naming conflicts. It is technically possible to share +# a primary bare-user repository if we teach the repository-exporting bits +# to do clever branch-name translations when pulling to the destination +# (exported, archive-z2) repository. However, since the exported repos anyway +# cannot be shared in this way there is not much point in doing so. +# +# As an additional restriction, ARCH must be from a known set, which is the +# one commonly used by the kernel, package managers, etc (although there is +# a slight chance that non-standard ARCHs work if explicitly overridden from +# the command-line... needs to be either tested or checked from the sources). +# +# Therefore, we translate ${MACHINE} to ${BUILD_ARCH} a.k.a ${FLATPAK_ARCH} +# in branch names while use ${MACHINE} as such in repository names. +# +FLATPAK_PN ?= "${@d.getVar('PN').split('-flatpak-')[0]}" + +# Canonical ARCH flatpak will understand. +FLATPAK_ARCH ?= "${BUILD_ARCH}" + +# Per-build per-${MACHINE} per-image primary bare-user flatpak repository. +FLATPAK_REPO = "${WORKDIR}/${FLATPAK_PN}.flatpak.${MACHINE}.bare-user" + +# This is an archive-z2 repository where we export our builds for testing. +# This can be exposed over HTTP for consumption by flatpak. Among other +# things, this can be used to pull in the generated BaseSdk and BasePlatform +# repository branches to a development host for building flatpak applications +# against the corresponding flatpak-enabled image. Set this to empty if you +# don't want to automatically publish to such a repository. +FLATPAK_EXPORT ?= "${DEPLOY_DIR}/${FLATPAK_PN}.flatpak.${MACHINE}.archive-z2" + +# We use the domain and the (canonical) branch together with ${MACHINE} to +# construct the full flatpak REFs of our base and SDK runtimes. The full REF +# is considered the canonical branch and is constructed as: +# +# runtime/${FLATPAK_DOMAIN}.Base{Platform,Sdk}/${FLATPAK_ARCH}/${FLATPAK_BRANCH} +# +# Optionally we publish builds as two additional branches: +# +# - an optional rolling 'latest' corresponding to the last build +# - an optional rolling 'build' tagged with the ${BUILD_ID} +# +# Setting the corresponding variables for the optional branches to empty +# disables publishing/creating those branches. +# +FLATPAK_DOMAIN ?= "org.example" +FLATPAK_BRANCH ?= "${DISTRO_VERSION}" +FLATPAK_LATEST ?= "${DISTRO}/${FLATPAK_PN}/latest" +FLATPAK_BUILD ?= "${DISTRO}/${FLATPAK_PN}/build/${BUILD_ID}" + +# This is the GPG key id of our repository signing key. If you set this to +# empty, signing is disabled altogether. +FLATPAK_GPGID ?= "refkit-signing@key" diff --git a/meta-flatpak/classes/flatpak-image-variants.bbclass b/meta-flatpak/classes/flatpak-image-variants.bbclass new file mode 100644 index 0000000000..153088e78a --- /dev/null +++ b/meta-flatpak/classes/flatpak-image-variants.bbclass @@ -0,0 +1,39 @@ +IMAGE_FEATURES[validitems] += " \ + flatpak \ + tools-sdk \ + dev-pkgs \ + tools-debug \ + tools-profile \ +" + +FEATURE_PACKAGES_flatpak = " \ + packagegroup-flatpak \ +" + +# +# Define two flatpak-related image variants. +# +# - flatpak runtime image variant 'flatpak-runtime': +# This variant corresponds to a flatpak BasePlatform runtime. In +# addition to the content of its base image, this variant has the +# necessary runtime bits for flatpak. Using this image on a device +# enables one to pull in, update and run applications as flatpaks +# from flatpak remotes/repositories. +# +# - flatpak SDK image variant 'flatpak-sdk': +# This variant corresponds to a flatpak BaseSdk runtime. It has the +# necessary bits for compiling applications and publishing them as +# flatpaks in flatpak repositories. +# +# When building these images variants, a flatpak repository will also be +# populated with the contents of these images. This repository can be used +# to flatpak-install the runtime and SDK runtimes on a development machine +# for generating flatpaks for the flatpak-runtime image variant. + +# 'flatpak-runtime' variant (runtime image for a device) +IMAGE_VARIANT[flatpak-runtime] = "flatpak" + +# 'flatpak-sdk' variant (SDK image for a development host) +IMAGE_VARIANT[flatpak-sdk] = "flatpak tools-develop tools-debug dev-pkgs" + +BBCLASSEXTEND += "imagevariant:flatpak-runtime imagevariant:flatpak-sdk" diff --git a/meta-flatpak/classes/flatpak-repository.bbclass b/meta-flatpak/classes/flatpak-repository.bbclass new file mode 100644 index 0000000000..357519aae4 --- /dev/null +++ b/meta-flatpak/classes/flatpak-repository.bbclass @@ -0,0 +1,139 @@ +# Check we have the necessary distro features enabled. +inherit distro_features_check +REQUIRED_DISTRO_FEATURES_append = " usrmerge systemd pam" + +inherit flatpak-config + +REFKIT_SIGNING_KEYS += "${FLATPAK_GPGID}" +inherit refkit-signing-keys + +# +# Create and populate a primary flatpak repository from/for an image. +# +fakeroot do_flatpak_populate_repository () { + echo "Flatpak repository population:" + echo " * FLATPAKBASE: ${FLATPAKBASE}" + echo " * IMAGE_BASENAME: ${IMAGE_BASENAME}" + + # Bail out early if flatpak is not enabled for this image. + case ${IMAGE_BASENAME} in + *-flatpak-runtime) RUNTIME_TYPE=BasePlatform;; + *-flatpak-sdk) RUNTIME_TYPE=BaseSdk;; + *) + echo "${IMAGE_BASENAME} is not a flatpak-enabled image..." + return 0 + ;; + esac + + echo "${IMAGE_BASENAME} is a flatpak $RUNTIME_TYPE image" + + if [ -n "${FLATPAK_GPGID}" ]; then + GPG_SIGN="--gpg-home ${REFKIT_SIGNING_GPGDIR} \ + --gpg-id ${FLATPAK_GPGID}" + else + GPG_SIGN="" + fi + + # Hmm... it might be a better idea to either preconstruct this in + # flatpak-config and just be a postman for it here, or pass these + # separately to the backend script and let that construct these. + # XXX TODO: We'll need to revisit this and decide... + + _base="runtime/${FLATPAK_DOMAIN}.$RUNTIME_TYPE/${FLATPAK_ARCH}" + _t="" + for _b in ${FLATPAK_BRANCH} ${FLATPAK_LATEST} ${FLATPAK_BUILD}; do + BRANCHES="$BRANCHES$_t$_base/$_b" + _t="," + done + + echo "Using flatpak branches $BRANCHES for ${IMAGE_ROOTFS}..." + + # Generate/populate flatpak/OSTree repository + ${FLATPAKBASE}/scripts/flatpak-populate-repo.sh \ + --repo-path ${FLATPAK_REPO} \ + --repo-mode bare-user \ + $GPG_SIGN \ + --branches "$BRANCHES" \ + --image-sysroot ${IMAGE_ROOTFS} \ + --tmp-dir ${TMPDIR} +} + +do_flatpak_populate_repository[depends] += " \ + ostree-native:do_populate_sysroot \ + flatpak-native:do_populate_sysroot \ + gnupg1-native:do_populate_sysroot \ +" + +do_flatpak_populate_repository[vardeps] += " \ + FLATPAK_REPO \ + FLATPAK_EXPORT \ + FLATPAK_DOMAIN \ + FLATPAK_BRANCH \ + FLATPAK_LATEST \ + FLATPAK_BUILD \ + FLATPAK_GPGID \ +" + +# +# Export an image (well the bare-user repo, really) to an archive-z2 repo. +# +fakeroot do_flatpak_export_repository () { + # Bail out early if no export repository is defined. + if [ -z "${FLATPAK_EXPORT}" ]; then + echo "Flatpak repository for export not specified, skip export..." + return 0 + fi + + # Bail out early if flatpak is not enabled for this image. + case ${IMAGE_BASENAME} in + *-flatpak-runtime) RUNTIME_TYPE=BasePlatform;; + *-flatpak-sdk) RUNTIME_TYPE=BaseSdk;; + *) + echo "${IMAGE_BASENAME} is not a flatpak-enabled image..." + return 0 + ;; + esac + + echo "${IMAGE_BASENAME} is a flatpak $RUNTIME_TYPE image" + + if [ -n "${FLATPAK_GPGID}" ]; then + GPG_SIGN="--gpg-home ${REFKIT_SIGNING_GPGDIR} \ + --gpg-id ${FLATPAK_GPGID}" + else + GPG_SIGN="" + fi + + # Export to archive-z2 flatpak/OSTree repository + ${FLATPAKBASE}/scripts/flatpak-populate-repo.sh \ + --repo-path ${FLATPAK_REPO} \ + --repo-export ${FLATPAK_EXPORT} \ + --machine ${MACHINE} \ + $GPG_SIGN \ + --tmp-dir ${TMPDIR} +} + +do_flatpak_export_repository[depends] += " \ + ostree-native:do_populate_sysroot \ + flatpak-native:do_populate_sysroot \ + gnupg1-native:do_populate_sysroot \ +" + +do_flatpak_export_repository[vardeps] += " \ + FLATPAK_REPO \ + FLATPAK_EXPORT \ + FLATPAK_DOMAIN \ + FLATPAK_BRANCH \ + FLATPAK_LATEST \ + FLATPAK_BUILD \ + FLATPAK_GPGID \ + MACHINE \ +" + +addtask flatpak_populate_repository \ + after do_rootfs \ + before do_image_complete + +addtask flatpak_export_repository \ + after do_flatpak_populate_repository \ + before do_image_complete + From d619f00def0faeab322f4da2c5cfd212348df9eb Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 13 Jun 2017 21:21:54 +0300 Subject: [PATCH 25/29] flatpak.inc: added config fragment for enabling flatpak support. If included/required, enable DISTRO_FEATURES (usrmerge, systemd, pam, and flatpak) necessary for basic flatpak support, and also set user-session PACKAGECONFIG for D-Bus. Signed-off-by: Krisztian Litkey --- meta-flatpak/conf/distro/include/flatpak.inc | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 meta-flatpak/conf/distro/include/flatpak.inc diff --git a/meta-flatpak/conf/distro/include/flatpak.inc b/meta-flatpak/conf/distro/include/flatpak.inc new file mode 100644 index 0000000000..dc1323ed65 --- /dev/null +++ b/meta-flatpak/conf/distro/include/flatpak.inc @@ -0,0 +1,9 @@ +REFKIT_DEFAULT_DISTRO_FEATURES += " \ + usrmerge \ + systemd \ + pam \ + flatpak \ +" + +# Enable D-Bus session bus support, needed by flatpak. +PACKAGECONFIG_append_pn-dbus_refkit-config = " user-session" From 090c825bd68e3eb547a86da452861309ec832b08 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Mon, 12 Jun 2017 23:23:42 +0300 Subject: [PATCH 26/29] refkit-image.bbclass: flatpak-enabled images, enable flatpak repo support. If meta-flatpak is available and the DISTRO_FEATURE is on inherit flatpak-image-variant and flatpak-repository to enable building flatpak-enabled images and generating corresponding flatpak repositories. Signed-off-by: Krisztian Litkey --- meta-refkit-core/classes/refkit-image.bbclass | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-refkit-core/classes/refkit-image.bbclass b/meta-refkit-core/classes/refkit-image.bbclass index 82806b187b..0becc04d30 100644 --- a/meta-refkit-core/classes/refkit-image.bbclass +++ b/meta-refkit-core/classes/refkit-image.bbclass @@ -254,6 +254,14 @@ IMAGE_MODE_VALID = "${@ d.getVar('REFKIT_IMAGE_MODE_VALID') or '' }" # variants of variants. inherit image-mode-variants +# Enable flatpak image variant and repository generation. +inherit ${@'flatpak-image-variants' if \ + (d.getVar('HAVE_META_FLATPAK') == 'True' and \ + 'flatpak' in d.getVar('DISTRO_FEATURES')) else ''} +inherit ${@'flatpak-repository' if \ + (d.getVar('HAVE_META_FLATPAK') == 'True' and \ + 'flatpak' in d.getVar('DISTRO_FEATURES')) else ''} + BUILD_ID ?= "${DATETIME}" # Do not re-trigger builds just because ${DATETIME} changed. BUILD_ID[vardepsexclude] += "DATETIME" From 5b720d3c2c37c6526b6b0c6a692d9e9303061a64 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Tue, 13 Jun 2017 21:22:51 +0300 Subject: [PATCH 27/29] enable-refkit-config.inc: include/enable flatpak support. Enable basic flatpak support in enable-refkit-config.inc. Signed-off-by: Krisztian Litkey --- meta-refkit-core/conf/distro/include/enable-refkit-config.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc index 2ebc0ca771..4512e60305 100644 --- a/meta-refkit-core/conf/distro/include/enable-refkit-config.inc +++ b/meta-refkit-core/conf/distro/include/enable-refkit-config.inc @@ -17,3 +17,6 @@ DISTRO_FEATURES_DEFAULT_remove = "${REFKIT_DEFAULT_DISTRO_FEATURES_REMOVE}" DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT} ${DISTRO_FEATURES_LIBC} ${REFKIT_DEFAULT_DISTRO_FEATURES}" require conf/distro/include/usrmerge.inc + +# Enable basic flatpak support. +include conf/distro/include/flatpak.inc From e9ebcb6b6a9dd66d9fd586d32dd3dcd1532118bf Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Fri, 16 Jun 2017 12:49:43 +0300 Subject: [PATCH 28/29] conf-notes.txt: update for flatpak variants. Signed-off-by: Krisztian Litkey --- meta-refkit/conf/conf-notes.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/meta-refkit/conf/conf-notes.txt b/meta-refkit/conf/conf-notes.txt index 9ac41ea00e..ced493fd52 100644 --- a/meta-refkit/conf/conf-notes.txt +++ b/meta-refkit/conf/conf-notes.txt @@ -11,3 +11,12 @@ Common targets are: gateway) refkit-image-industrial (when building an image with tools and configuration for industrial use cases) + +If you have the flatpak DISTRO_FEATURE enabled (by default it is on if you +build with refkit-config enabled), there are two additional flatpak variant +targets for each image derived from refkit-image: + + -flatpak-runtime (image variant with flatpak support enabled) + -flatpak-sdk (image variant used as a flatpak BaseSdk for + building flatpaks suitable to be used on the + corresponding -flatpak-runtime image variant) From 0dd53e80104f639df02f301193f900db09a818b8 Mon Sep 17 00:00:00 2001 From: Krisztian Litkey Date: Wed, 14 Jun 2017 15:33:17 +0300 Subject: [PATCH 29/29] refkit-ci.inc: build gateway flatpak runtime image as well. Signed-off-by: Krisztian Litkey --- meta-refkit/conf/distro/include/refkit-ci.inc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meta-refkit/conf/distro/include/refkit-ci.inc b/meta-refkit/conf/distro/include/refkit-ci.inc index f2fd51dc83..34f003c923 100644 --- a/meta-refkit/conf/distro/include/refkit-ci.inc +++ b/meta-refkit/conf/distro/include/refkit-ci.inc @@ -77,7 +77,11 @@ REFKIT_CI_SDK_TARGETS="" # as possible. REFKIT_CI_ESDK_TARGETS="" # Following targets would be executed with do_test_iot_export task -REFKIT_CI_TEST_EXPORT_TARGETS="refkit-image-common refkit-image-computervision refkit-image-gateway" +REFKIT_CI_TEST_EXPORT_TARGETS="refkit-image-common refkit-image-computervision refkit-image-gateway \ +${@bb.utils.contains('DISTRO_FEATURES', 'flatpak', \ + 'refkit-image-gateway-flatpak-runtime', '', d)} \ +" + # Execute automatic tests for following images with corresponding # test suite, test files and devices. # Space separated list of tuples, each should in format: