*** Newami has quit IRC | 00:00 | |
cengiz_io | hello there. probably the most idiotic question you'll hear today. how can I permit `display` user to access `/dev/null` ?? | 00:20 |
---|---|---|
cengiz_io | chsmack says /dev/null is "_" | 00:20 |
cengiz_io | and /dev/null is 0666 | 00:20 |
smurray | cengiz_io: that looks wrong? Just booted qemu and checked, it's label is "*" here | 01:15 |
cengiz_io | smurray I have zero idea. Dbus fails to start because of this. | 01:16 |
smurray | cengiz_io: something's broken in your image if you're booting up and it's not labelled '*' | 01:17 |
cengiz_io | smurray how can I do such a thing by just appending agl-login-manager and agl-users ? | 01:18 |
cengiz_io | by appending I mean adding them ti IMAGE_INSTALL, nothing else | 01:18 |
smurray | cengiz_io: istr mentioning that it'd probably be better to pull in packagegroup-agl-core-security, I'd check to make sure that's making it into the image, I suspect the SMACK bits are pulled in via it | 01:19 |
cengiz_io | smurray it's empty? https://gerrit.automotivelinux.org/gerrit/gitweb?p=AGL/meta-agl.git;a=blob;f=meta-agl-profile-core/recipes-platform/packagegroups/packagegroup-agl-core-security.bb;h=0ae5c77a360f120f80e3ec10188528a75fb30cb1;hb=HEAD | 01:23 |
smurray | I'll have to look, there's some packagegroup | 01:24 |
cengiz_io | smurray ok thanks | 01:25 |
smurray | cengiz_io: that empty one gets added to, see meta-agl/meta-app-framework/recipes-platform/packagegroups/packagegroup-agl-core-security.bbappend | 01:25 |
smurray | cengiz_io: if you don't have e.g. smack-system-setup that that pulls in, I suspect you'll have a bad time | 01:26 |
*** leon-anavi has quit IRC | 01:26 | |
cengiz_io | what is smack-system-setup? | 01:27 |
smurray | no idea, but the name is suggestive | 01:28 |
cengiz_io | can I just disable all appfw and disable smack alltogether? I'm microns away from committing suicide | 01:28 |
smurray | can't just add that packagegroup? | 01:29 |
cengiz_io | added it right now | 01:29 |
smurray | I've not tried building an image w/o the app f/w bits and SMACK, it'd take some experimenting | 01:30 |
smurray | from a quick look, it's non-trivial atm | 01:31 |
smurray | that may change soon, there's some layer reorg planned that probably would have enabling building a plainer image as part of it | 01:32 |
cengiz_io | smurray I was able to run weston (without agl-compositor) and my qt app. | 01:38 |
cengiz_io | smurray but now my app requires user session dbus, everything is gone haywire | 01:38 |
smurray | cengiz_io: so "my qt app" is what again? not an application built with the app f/w stuff? | 01:39 |
cengiz_io | I've been a linux user since 1997. never before I've felt this stupid. file permissions, smack, pam, other unknown mechanisms.... | 01:39 |
cengiz_io | smurray no it's just a f***** qt5 app | 01:40 |
smurray | cengiz_io: so that's the problem, AGL has an application framework with a security model | 01:40 |
cengiz_io | you would probably ask the reason why I did go with AGL then. | 01:40 |
smurray | cengiz_io: yep | 01:40 |
cengiz_io | you already did | 01:40 |
cengiz_io | "for future" is the kool-aid | 01:41 |
smurray | what does your app need to access via dbus? | 01:42 |
cengiz_io | Another app that talks with hardware (can bus, UART, etc) | 01:43 |
cengiz_io | Plus ambient light sensors, battery levels etc | 01:43 |
cengiz_io | this could have been done without any involvement of AGL but the project requires ASIL compliance and Ford is one of the shareholders. | 01:45 |
cengiz_io | and they told us that they "know" AGL | 01:45 |
smurray | that'd be interesting, given they disappeared like 3 years ago ;) | 01:47 |
smurray | and ASIL is odd, that's a research project for anything Linux based still, e.g. the ELISA project at LF | 01:48 |
smurray | so I know there can be issues around SMACK and dbus, there have been problems in the past making some things work | 01:49 |
cengiz_io | smurray adding that packagegroup did really change smack status to * | 01:59 |
cengiz_io | thanks a lot! | 01:59 |
smurray | cool | 01:59 |
cengiz_io | smurray you just saved my soul | 02:00 |
cengiz_io | afm-system-daemon.service: Failed to execute command: No such file or directory | 02:01 |
cengiz_io | do I need something for this? | 02:01 |
cengiz_io | ./usr/bin/afb-daemon is missing | 02:01 |
smurray | so if you're not using the app f/w at all, that wouldn't be a problem, necessarily | 02:03 |
cengiz_io | smurray better mask the service then | 02:03 |
smurray | I'm a bit at a loss how you get an image w/o af-binder in it, which is where afb-daemon would come from | 02:04 |
cengiz_io | magic | 02:11 |
smurray | cengiz_io: you may want to try adding packagegroup-agl-app-framework, but it's possible that might complicate your life further | 02:11 |
cengiz_io | smurray may I ask one last question before I go? suppose I need to create an app user (let's say `netservice`) | 02:13 |
cengiz_io | should I add udev rules for that user for certain permissions? | 02:13 |
cengiz_io | what's the canonical way? | 02:14 |
cengiz_io | except ofc adding a group, marking certain files with group etc. | 02:14 |
cengiz_io | by certain permissions I mean /dev access or serial port access etc. | 02:14 |
smurray | so AGL is using a feature in Yocto to use a canned static passwd/group to keep them stable for things like updaters | 02:16 |
smurray | they're in meta-agl/meta-agl-profile-core/files, I'd have to poke around a bit to see how you'd overlay them with another set with an extra user | 02:18 |
cengiz_io | great thanks again | 02:18 |
smurray | I think you'd have to make a files directory in your own layer and have your modified passwd & group files in it, and that layer would have to be higher priority than meta-agl | 02:20 |
smurray | but I'm not 100% sure | 02:20 |
smurray | cengiz_io: useradd-staticids.bbclass is what's being used, see https://docs.yoctoproject.org/ref-manual/ref-classes.html#useradd-bbclass | 02:21 |
smurray | cengiz_io: re the device perms, udev rules would be the typical way to go | 02:26 |
*** Moistmelon has quit IRC | 02:29 | |
cengiz_io | smurray great! that's more than I need | 02:39 |
cengiz_io | if I could wrap this somehow I will be blogging the journey | 02:39 |
cengiz_io | but the fact is docs need serious attention :/ | 02:40 |
cengiz_io | no guidance whatsoever. if it was without this channel and helpful hands like you, it would be impossible | 02:41 |
smurray | cengiz_io: I don't disagree, but you're building something off the expected path. For the past several years the expectation has been people would use the app f/w, and if they didn't they'd basically be building up completely from scratch (i.e. effectively using AGL as a glorified poky) | 02:45 |
smurray | cengiz_io: as I mentioned earlier, that expectation is changing for the next release | 02:46 |
smurray | cengiz_io: you're also jumping in at a time when the docs site has been undergoing some significant rework | 02:46 |
*** adriano has joined #automotive | 04:54 | |
*** vrubiolo has joined #automotive | 08:23 | |
*** adriano has quit IRC | 08:48 | |
*** leon-anavi has joined #automotive | 08:56 | |
leon-anavi | morning | 08:59 |
fury | Hi guys | 11:12 |
fury | How's it hangin? | 11:12 |
*** kooltux has quit IRC | 11:24 | |
*** kooltux has joined #automotive | 11:25 | |
*** walzert has joined #automotive | 13:13 | |
walzert | @smu | 13:13 |
walzert | smurray: master build is working. | 13:13 |
*** walzert has quit IRC | 13:16 | |
*** vrubiolo has quit IRC | 13:37 | |
*** vrubiolo has joined #automotive | 13:37 | |
*** adriano has joined #automotive | 15:22 | |
RzR | https://mastodon.social/@rzr/105316440579379325 video about pipewire that was presentated ealier today at LEE | 15:29 |
RzR | is it public ? | 15:31 |
adriano | https://www.youtube.com/watch?v=1w6yVqU0lkU seems to be very simillar with this :) | 15:34 |
RzR | the logo on the door moved | 15:36 |
*** adriano has quit IRC | 16:27 | |
*** adriano has joined #automotive | 16:27 | |
*** amalek has quit IRC | 16:28 | |
*** adriano has quit IRC | 16:42 | |
*** adriano has joined #automotive | 17:09 | |
*** Newami has joined #automotive | 17:32 | |
*** amalek has joined #automotive | 17:41 | |
*** Newami has quit IRC | 17:42 | |
*** adriano has quit IRC | 17:48 | |
*** adriano has joined #automotive | 17:58 | |
*** adriano has quit IRC | 18:24 | |
*** vrubiolo has quit IRC | 18:45 | |
*** toscalix has joined #automotive | 19:28 | |
*** toscalix has quit IRC | 19:30 | |
*** toscalix has joined #automotive | 19:34 | |
*** amalek has quit IRC | 19:45 | |
*** amalek has joined #automotive | 20:51 | |
*** toscalix has quit IRC | 21:44 | |
*** KREYREN has quit IRC | 21:45 | |
*** KREYREN has joined #automotive | 21:47 | |
*** leon-anavi has quit IRC | 22:52 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!