Make colord work out of the box - We already create a colord user -> make use of it by passing the username to the 'daemon_user' meson option. The conf files and systemd service file will then be created accordingly. - Add a backport patch to fix 'only root can write into /var' issue. This prevents colord from starting [https://github.com/hughsie/colord/issues/166] - Set the runtime path for hwdata pnp.ids and add hwdata to RDEPENDS:${PN} for non systemd images - inherit gtk-doc to make api-documentation available - Dont create a home-dir for colord user. It shouldn't need one.
NOTE: colord will fail on first run with missing databases. After second boot it should run as expected. Signed-off-by: Markus Volk <[email protected]> --- meta-oe/recipes-support/colord/colord.bb | 32 +++++++++++-------- ...2b2379fb5582f4312e59bf51a2823df56276.patch | 28 ++++++++++++++++ 2 files changed, 47 insertions(+), 13 deletions(-) create mode 100644 meta-oe/recipes-support/colord/colord/08a32b2379fb5582f4312e59bf51a2823df56276.patch diff --git a/meta-oe/recipes-support/colord/colord.bb b/meta-oe/recipes-support/colord/colord.bb index e30022251..6eb9db8da 100644 --- a/meta-oe/recipes-support/colord/colord.bb +++ b/meta-oe/recipes-support/colord/colord.bb @@ -1,28 +1,33 @@ require ${BPN}.inc -inherit meson gobject-introspection gsettings gettext bash-completion systemd features_check useradd pkgconfig +inherit meson gobject-introspection gsettings gtk-doc gettext bash-completion systemd features_check useradd pkgconfig # polkit and gobject-introspection are mandatory and cannot be configured REQUIRED_DISTRO_FEATURES = "polkit gobject-introspection-data" GIR_MESON_OPTION = "" DEPENDS += " \ - ${BPN}-native \ - glib-2.0 \ - lcms \ - sqlite3 \ - libgusb \ - libgudev \ - polkit \ + ${BPN}-native \ + dbus \ + glib-2.0 \ + lcms \ + libgudev \ + libgusb \ + polkit \ + sqlite3 \ " +RDEPENDS:${PN} += "hwdata" + SRC_URI += " \ - file://0001-Run-native-cd_idt8-cd_create_profile.patch \ + file://0001-Run-native-cd_idt8-cd_create_profile.patch \ + file://08a32b2379fb5582f4312e59bf51a2823df56276.patch \ " -EXTRA_OEMESON = " \ - -Dman=false \ - -Ddocs=false \ +EXTRA_OEMESON += " \ + -Dman=false \ + -Ddaemon_user=colord \ + -Dpnp_ids=${datadir}/hwdata/pnp.ids \ " PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" @@ -42,4 +47,5 @@ FILES:${PN} += " \ " USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --user-group -d /var/lib/colord -s /bin/false colord" +USERADD_PARAM:${PN} = "--system --user-group -s /bin/false colord" + diff --git a/meta-oe/recipes-support/colord/colord/08a32b2379fb5582f4312e59bf51a2823df56276.patch b/meta-oe/recipes-support/colord/colord/08a32b2379fb5582f4312e59bf51a2823df56276.patch new file mode 100644 index 000000000..860e6ab4a --- /dev/null +++ b/meta-oe/recipes-support/colord/colord/08a32b2379fb5582f4312e59bf51a2823df56276.patch @@ -0,0 +1,28 @@ +From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001 +From: Richard Hughes <[email protected]> +Date: Mon, 29 Jan 2024 10:37:11 +0000 +Subject: [PATCH] Fix writing to the database with ProtectSystem=strict + +Fixes https://github.com/hughsie/colord/issues/166 + +Upstream-Status: Backport [https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276] +Signed-off-by: Markus Volk <[email protected]> +--- + data/colord.service.in | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/data/colord.service.in b/data/colord.service.in +index 6825d944..c358dc4b 100644 +--- a/data/colord.service.in ++++ b/data/colord.service.in +@@ -17,6 +17,10 @@ ProtectControlGroups=true + RestrictRealtime=true + RestrictAddressFamilies=AF_UNIX + ++ConfigurationDirectory=colord ++StateDirectory=colord ++CacheDirectory=colord ++ + # drop all capabilities + CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM + -- 2.46.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#112359): https://lists.openembedded.org/g/openembedded-devel/message/112359 Mute This Topic: https://lists.openembedded.org/mt/108522210/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
