qt:compositor: Run service as qt user

It is best practice to don't run services as root. The qt-compositor
service now runs under the qt username.
The commit also contains a draft of the systemd socket-based activation
mechanism. Unfortunately, the qt-compositor daemon doesn't handle the transfer
of the socket from the socket unit to the service unit properly.
Until the daemon is fixed, the service still needs to be started manually.

recipes-qt/qt-multi-screen-compositor/files/mx6ull/qt-multi-screen-compositor.service

@@ -3,21 +3,28 @@ Description=Qt multi-screen Compositor
 RequiresMountsFor=/run
 Conflicts=plymouth-quit.service
 After=systemd-user-sessions.service plymouth-quit-wait.service systemd-logind.service
+# Starting via socket unit doesn't work at the moment
+# See comment in qt-multi-screen-compositor.bb
+#Requires=qt-multi-screen-compositor.socket
 
 [Service]
 User=qt
 Group=qt
 WorkingDirectory=/home/qt
 PAMName=qt-autologin
-#Environment=XDG_RUNTIME_DIR=/var/run/user/0
+
+# TODO: Replace the UID with a more stable folder/value
+Environment=XDG_RUNTIME_DIR=/run/user/1001
 Environment=QT_QPA_FONTDIR=/usr/share/fonts/truetype
 Environment=QT_QPA_PLATFORM=linuxfb
 Environment=QT_QUICK_BACKEND=software
 
-# Use this if the touch entry is rotated compared to the screen
-# as the normal libinput calibration is not yet implemented
-# this is the only way of touch calibration available
-# Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+# The following parameter rotates the touchscreen input
+# by 180 degrees. As the normal libinput calibration isn't
+# implemented yet, this is the only way to enable touch
+# calibration at the moment.
+#Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+
 StandardError=journal
 PermissionsStartOnly=true
 IgnoreSIGPIPE=no

recipes-qt/qt-multi-screen-compositor/files/mx8/qt-multi-screen-compositor.service

@@ -3,13 +3,18 @@ Description=Qt multi-screen Compositor
 RequiresMountsFor=/run
 Conflicts=plymouth-quit.service
 After=systemd-user-sessions.service plymouth-quit-wait.service systemd-logind.service
+# Starting via socket unit doesn't work at the moment
+# See comment in qt-multi-screen-compositor.bb
+#Requires=qt-multi-screen-compositor.socket
 
 [Service]
 User=qt
 Group=qt
 WorkingDirectory=/home/qt
 PAMName=qt-autologin
-#Environment=XDG_RUNTIME_DIR=/var/run/user/0
+
+# TODO: Replace the UID with a more stable folder/value
+Environment=XDG_RUNTIME_DIR=/run/user/1001
 Environment=QT_QPA_FONTDIR=/usr/share/fonts/truetype
 Environment=QT_QPA_PLATFORM=eglfs
 
@@ -17,10 +22,12 @@ Environment=QT_QPA_EGLFS_KMS_CONFIG=/etc/kms.conf
 Environment=QT_QPA_EGLFS_INTEGRATION=eglfs_kms
 Environment=QT_QPA_EGLFS_KMS_ATOMIC=1
 
-# Use this if the touch entry is rotated compared to the screen
-# as the normal libinput calibration is not yet implemented
-# this is the only way of touch calibration available
-# Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+# The following parameter rotates the touchscreen input
+# by 180 degrees. As the normal libinput calibration isn't
+# implemented yet, this is the only way to enable touch
+# calibration at the moment.
+#Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+
 StandardError=journal
 PermissionsStartOnly=true
 IgnoreSIGPIPE=no

recipes-qt/qt-multi-screen-compositor/files/qt-autologin

+auth      required  pam_nologin.so
+auth      required  pam_unix.so     try_first_pass nullok
+
+account   required  pam_nologin.so
+account   required  pam_unix.so
+
+session   required  pam_env.so
+session   required  pam_unix.so
+-session  optional  pam_systemd.so  type=wayland class=user desktop=qt
+-session  optional  pam_loginuid.so
+

recipes-qt/qt-multi-screen-compositor/files/qt-multi-screen-compositor.service

@@ -3,23 +3,30 @@ Description=Qt multi-screen Compositor
 RequiresMountsFor=/run
 Conflicts=plymouth-quit.service
 After=systemd-user-sessions.service plymouth-quit-wait.service systemd-logind.service
+# Starting via socket unit doesn't work at the moment
+# See comment in qt-multi-screen-compositor.bb
+#Requires=qt-multi-screen-compositor.socket
 
 [Service]
 User=qt
 Group=qt
 WorkingDirectory=/home/qt
 PAMName=qt-autologin
-#Environment=XDG_RUNTIME_DIR=/var/run/user/0
+
+# TODO: Replace the UID with a more stable folder/value
+Environment=XDG_RUNTIME_DIR=/run/user/1001
 Environment=QT_QPA_FONTDIR=/usr/share/fonts/truetype
 Environment=QT_QPA_PLATFORM=eglfs
 
 Environment=QT_QPA_EGLFS_INTEGRATION=eglfs_kms
 Environment=QT_QPA_EGLFS_KMS_ATOMIC=1
 
-# Use this if the touch entry is rotated compared to the screen
-# as the normal libinput calibration is not yet implemented
-# this is the only way of touch calibration available
-# Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+# The following parameter rotates the touchscreen input
+# by 180 degrees. As the normal libinput calibration isn't
+# implemented yet, this is the only way to enable touch
+# calibration at the moment.
+#Environment=QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=rotate=180
+
 StandardError=journal
 PermissionsStartOnly=true
 IgnoreSIGPIPE=no

recipes-qt/qt-multi-screen-compositor/files/qt-multi-screen-compositor.socket

+[Unit]
+Description=Qt multi-screen Compositor socket
+RequiresMountsFor=/run
+
+[Socket]
+ListenStream=/run/wayland-0
+SocketMode=0775
+SocketUser=qt
+SocketGroup=wayland
+RemoveOnStop=yes
+
+[Install]
+WantedBy=sockets.target

recipes-qt/qt-multi-screen-compositor/qt-multi-screen-compositor.bb

@@ -11,9 +11,28 @@ SRCREV = "${AUTOREV}"
 
 SRC_URI = " \
     git://git.seco.com/seco-ne/tools/qt-multi-screen-compositor.git;protocol=https;branch=master;nobranch=1 \
+    file://qt-autologin \
     file://qt-multi-screen-compositor.service \
 "
 
+# Starting the qt-compositor via a systemd socket doesn't work out of the box.
+# The systemd socket unit opens the socket and waits for requests from applications
+# on this socket. When an application connects, the unit starts the service itself.
+# The daemon (in this case the qt-compositor), then needs to re-use the socket from
+# the socket unit. Right now, our qt-multi-screen-compositor implementation can't
+# re-use the socket and opens a new socket instead. This behavior blocks the starting
+# Wayland application (e.g. fingerpaint).
+# Until our compositor implementation handles the requests properly,
+# we stick to the old way of manually starting the service unit.
+
+#SRC_URI += " \
+#    file://qt-multi-screen-compositor.socket \
+#"
+
+SRC_URI:append:mx8m = " \
+    file://kms.conf \
+"
+
 inherit gitpkgv
 PKGV = "${GITPKGVTAG}"
 
@@ -40,12 +59,14 @@ do_install () {
         # Systemd Unit
         install -d ${D}${systemd_system_unitdir}/
         install -D -p -m 0644 ${WORKDIR}/qt-multi-screen-compositor.service ${D}${systemd_system_unitdir}/qt-multi-screen-compositor.service
+        #install -D -p -m 0644 ${WORKDIR}/qt-multi-screen-compositor.socket ${D}${systemd_system_unitdir}/qt-multi-screen-compositor.socket
     fi
-}
 
-SRC_URI:append:mx8m = " \
-    file://kms.conf \
-"
+    if ${@bb.utils.contains('DISTRO_FEATURES','pam','true','false',d)}; then
+        # Autologin for Service Unit
+        install -D -p -m 0644 ${WORKDIR}/qt-autologin ${D}${sysconfdir}/pam.d/qt-autologin
+    fi
+}
 
 do_install:append:mx8m () {
     install -d ${D}${sysconfdir}/
@@ -53,12 +74,24 @@ do_install:append:mx8m () {
 }
 
 FILES:${PN} += " \
+    ${sysconfdir}/pam.d/ \
     ${systemd_system_unitdir}/qt-multi-screen-compositor.service \
 "
 
-SYSTEMD_SERVICE:${PN} = "qt-multi-screen-compositor.service"
+#FILES:${PN} += " \
+#    ${systemd_system_unitdir}/qt-multi-screen-compositor.socket \
+#"
+
+SYSTEMD_SERVICE:${PN} = " \
+    qt-multi-screen-compositor.service \
+"
+
+#SYSTEMD_SERVICE:${PN} += " \
+#    qt-multi-screen-compositor.socket \
+#"
 
 inherit useradd
 
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "--home /home/qt --shell /bin/sh --user-group -G video,input qt"
+GROUPADD_PARAM:${PN} = "--system wayland"