colord: add configuration to fix runtime

Make colord work out of the box

- We already create a colord user -> make use of it by passing the username
  to the 'daemon_user' meson option. The conf files and systemd service file
  will then be created accordingly.
- Add a backport patch to fix 'only root can write into /var' issue.
  This prevents colord from starting
  [https://github.com/hughsie/colord/issues/166]
- Set the runtime path for hwdata pnp.ids and
  add hwdata to RDEPENDS:${PN} for non systemd images
- inherit gtk-doc to make api-documentation available
- Dont create a home-dir for colord user. It shouldn't need one.

NOTE:
colord will fail on first run with missing databases.
After second boot it should run as expected.

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-oe/recipes-support/colord/colord.bb

@@ -1,28 +1,33 @@
 require ${BPN}.inc
 
-inherit meson gobject-introspection gsettings gettext bash-completion systemd features_check useradd pkgconfig
+inherit meson gobject-introspection gsettings gtk-doc gettext bash-completion systemd features_check useradd pkgconfig
 
 # polkit and gobject-introspection are mandatory and cannot be configured
 REQUIRED_DISTRO_FEATURES = "polkit gobject-introspection-data"
 GIR_MESON_OPTION = ""
 
 DEPENDS += " \
-    ${BPN}-native \
-    glib-2.0 \
-    lcms \
-    sqlite3 \
-    libgusb \
-    libgudev \
-    polkit \
+	${BPN}-native \
+	dbus \
+	glib-2.0 \
+	lcms \
+	libgudev \
+	libgusb \
+	polkit \
+	sqlite3 \
 "
 
+RDEPENDS:${PN} += "hwdata"
+
 SRC_URI += " \
-    file://0001-Run-native-cd_idt8-cd_create_profile.patch \
+	file://0001-Run-native-cd_idt8-cd_create_profile.patch \
+	file://08a32b2379fb5582f4312e59bf51a2823df56276.patch \
 "
 
-EXTRA_OEMESON = " \
-    -Dman=false \
-    -Ddocs=false \
+EXTRA_OEMESON += " \
+	-Dman=false \
+	-Ddaemon_user=colord \
+	-Dpnp_ids=${datadir}/hwdata/pnp.ids \
 "
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
@@ -42,4 +47,5 @@ FILES:${PN} += " \
 "
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "--system --user-group -d /var/lib/colord -s /bin/false colord"
+USERADD_PARAM:${PN} = "--system --user-group -s /bin/false colord"
+

meta-oe/recipes-support/colord/colord/08a32b2379fb5582f4312e59bf51a2823df56276.patch

@@ -0,0 +1,28 @@
+From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Mon, 29 Jan 2024 10:37:11 +0000
+Subject: [PATCH] Fix writing to the database with ProtectSystem=strict
+
+Fixes https://github.com/hughsie/colord/issues/166
+
+Upstream-Status: Backport [https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276]
+Signed-off-by: Markus Volk <f_l_k@t-online.de>
+---
+ data/colord.service.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/data/colord.service.in b/data/colord.service.in
+index 6825d944..c358dc4b 100644
+--- a/data/colord.service.in
++++ b/data/colord.service.in
+@@ -17,6 +17,10 @@ ProtectControlGroups=true
+ RestrictRealtime=true
+ RestrictAddressFamilies=AF_UNIX
+ 
++ConfigurationDirectory=colord
++StateDirectory=colord
++CacheDirectory=colord
++
+ # drop all capabilities
+ CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+