From a54555a0245bc7d14b45808e062cdf418a974438972b8a2ce401c3f8bbd4733f Mon Sep 17 00:00:00 2001 From: Simon Lees Date: Thu, 19 Dec 2024 02:21:54 +0000 Subject: [PATCH] - Requires(pre): systemd >= 253.6 to ensure scripts in %post are run correctly, (bsc#1234697) Thanks to Thorsten for the detailed report. OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-broker?expand=0&rev=48 --- .gitattributes | 23 +++ .gitignore | 1 + allow-restart.conf | 3 + block-restart.conf | 4 + dbus-broker-36.tar.xz | 3 + dbus-broker-36.tar.xz.asc | 16 +++ dbus-broker.changes | 291 ++++++++++++++++++++++++++++++++++++++ dbus-broker.spec | 144 +++++++++++++++++++ 8 files changed, 485 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 allow-restart.conf create mode 100644 block-restart.conf create mode 100644 dbus-broker-36.tar.xz create mode 100644 dbus-broker-36.tar.xz.asc create mode 100644 dbus-broker.changes create mode 100644 dbus-broker.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/allow-restart.conf b/allow-restart.conf new file mode 100644 index 0000000..24c7ac4 --- /dev/null +++ b/allow-restart.conf @@ -0,0 +1,3 @@ +[Unit] +RefuseManualStart=false +RefuseManualStop=false diff --git a/block-restart.conf b/block-restart.conf new file mode 100644 index 0000000..82324b8 --- /dev/null +++ b/block-restart.conf @@ -0,0 +1,4 @@ +[Unit] +RefuseManualStart=true +RefuseManualStop=true + diff --git a/dbus-broker-36.tar.xz b/dbus-broker-36.tar.xz new file mode 100644 index 0000000..c557378 --- /dev/null +++ b/dbus-broker-36.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d333d99bd2688135b6d6961e7ad1360099d186078781c87102230910ea4e162b +size 266084 diff --git a/dbus-broker-36.tar.xz.asc b/dbus-broker-36.tar.xz.asc new file mode 100644 index 0000000..127a0c1 --- /dev/null +++ b/dbus-broker-36.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEvl+8jJwcn2Ck8K6uek86Ceve/yYFAmYZQPUACgkQek86Ceve +/yYQIhAAmwUAQMdZZul6qqVNvUPmXL+0Bp3LDhn58kEXbPDj3lXzuXwChU+llwmV +05LuxfCvbQFmBeCCAWEny5LUdhcwIrIKGyk7gNvbolhaNwk6nsOPLdJ+QP+pUNZR +FVRMmTIU0XNh4/yuFn31MYcZrYkNtxka6H+1L5fZsJMUzFigixiIYw4gX2RVya23 +numos0ROu/BQklLES5glTyDnn2lEwpzOHY2zzX+DkFncNMgGEfIZgIzrxTb/+Jlt +5ph+OtvcbnlTmpp68hWTk75ICxE7CM7DiOyOOJA49x5omPEeNggWd5oO/VJtN+h+ +GFX4ulbjlc2k1o44oclN2GfubeYG2PPadReYBneRDJ//ej/4ySH3Ub7t7Rg2puMu +2sTnZsFH1uyfnkP/SKY0eLhnBkT+uoWHZC3zD3QLu/LjqGG10d8TN5gr/bQhLpJ0 +l46GR4ckhaZ4MesmJcyDZhHOVIqrjolkvap6/3/I5NPS+W0mOipaIu47QBaaoIwM +ujJ2V+Ph4LTLD9GV1z+Z5k9NeNRhnKhf7luODb7diE2Iw/Z+7l2L13kHYpxTh5+9 +4vocJ6pxmNhwpPXLZ1UbGgZ7b9ZiBnHT393+DwwwbBp/CfoF5lgg2/JkNDdrjHkv +XH62Wh/yNs36nk+krfoMpecRQEOmNemUL8FJ5vkH6vqjiPtUTjs= +=tBa0 +-----END PGP SIGNATURE----- diff --git a/dbus-broker.changes b/dbus-broker.changes new file mode 100644 index 0000000..0feb692 --- /dev/null +++ b/dbus-broker.changes @@ -0,0 +1,291 @@ +------------------------------------------------------------------- +Thu Dec 19 02:15:06 UTC 2024 - Simon Lees + +- Requires(pre): systemd >= 253.6 to ensure scripts in %post are + run correctly, (bsc#1234697) Thanks to Thorsten for the detailed + report. + +------------------------------------------------------------------- +Tue Aug 6 13:27:48 UTC 2024 - Simon Lees + +- Looks like we need systemd_user_ scripts for some upgrades to + work + +------------------------------------------------------------------- +Fri Apr 12 16:21:44 UTC 2024 - Jan Engelhardt + +- Update to release 36 + * Fix possible file-descriptor use-after-close + * More verbose activation failures + +------------------------------------------------------------------- +Tue Jan 16 13:07:37 UTC 2024 - Marcus Rueckert + +- Make provides versioned +- Ensure that not both packages can be installed at the same time + by adding a conflicts + +------------------------------------------------------------------- +Tue Jan 16 13:06:24 UTC 2024 - Marcus Rueckert + +- Downgrade the recommends to suggests based on suggestion from + dimstar + +------------------------------------------------------------------- +Tue Jan 16 13:01:16 UTC 2024 - Marcus Rueckert + +- Make restart behavior an admin decision: + - drop feature-suse-refuse-manual-start-stop.patch + - introduce 2 new subpackages: + dbus-broker-allow-restart + dbus-broker-block-restart (default to reflect the old patch + behavior) + + one of the 2 packages is required and leaves the admin the + choice if they want to be able to restart dbus-broker without + reboot or not. + +------------------------------------------------------------------- +Wed Dec 20 14:59:15 UTC 2023 - Jan Engelhardt + +- Update to release 35 + * drop an error-checking remnant of old dir-iteration + +------------------------------------------------------------------- +Thu Dec 14 11:20:40 UTC 2023 - Jan Engelhardt + +- Update to release 34 + * Use AT_RANDOM for libexpat initialization to avoid a hidden + dependency in libexpat-hashtables on `/dev/urandom` at + runtime. + * Check for SELinux Enforcing-mode and honor its value. + * Support the new `ProcessFD` key in `GetConnectionCredentials()`. + * Loading files from a directory will not enumerate the files + in a predictable order rather than the pseudo-random order + returned by the kernel. + +------------------------------------------------------------------- +Tue Dec 12 16:31:46 UTC 2023 - Callum Farmer + +- Update feature-suse-refuse-manual-start-stop.patch: prevent + killing user service aswell + +------------------------------------------------------------------- +Fri Sep 29 08:49:36 UTC 2023 - Fabian Vogt + +- Add BuildIgnore to break cycle with dbus-1. + +------------------------------------------------------------------- +Thu Sep 21 07:56:38 UTC 2023 - Simon Lees + +- Make dbus-broker start by default as it is now the only supported + system bus. +- Add feature-suse-refuse-manual-start-stop.patch We don't allow + dbus services to be restarted as it breaks many many things. + +------------------------------------------------------------------- +Fri Feb 3 11:07:22 UTC 2023 - Jan Engelhardt + +- Update to release 33 + * Fix a race-condition when starting systemd-services from the + launcher. + * Changes in dbus service-files will no longer affect ongoing + activation attempts. + +------------------------------------------------------------------- +Fri Aug 5 10:15:47 UTC 2022 - Jan Engelhardt + +- Update to release 32 + * Fix several bugs in the d-bus marshalling layer c-dvar, + including out-of-bound reads. + * Fix ubsan and asan warnings in c-stdaux and related + subprojects. + +------------------------------------------------------------------- +Thu May 26 03:14:09 UTC 2022 - Simon Lees + +- Provide dbus-service so from a packaging perspective its easier + to replace dbus-daemon in the future. + +------------------------------------------------------------------- +Mon May 16 10:27:31 UTC 2022 - Jan Engelhardt + +- Update to release 31 + * Fix assertion failures in the user accounting, uncovered by + the changes to accounting in v30. + * Fix a memory leak in service-file re-loading, in particular + in the command-line argument handling. + +------------------------------------------------------------------- +Tue May 10 11:10:02 UTC 2022 - Jan Engelhardt + +- Update to release 30 + * Failed service activations now report more detailed information + on the activation failure back through the activating client. + * The broker now runs in `session.slice` if applicable. + * The `GetStats()` call on `org.freedeskop.DBus.Debug` now + properly returns reply-owner statistics. Before, those were + always set to 0. + +------------------------------------------------------------------- +Wed Jun 2 13:23:40 UTC 2021 - Jan Engelhardt + +- Update to release 29 + * Improve SELinux audit messages. + * Linux >=4.17 is now a hard requirement. + * Fix startup failures when at-console users have + consecutive UIDs. + +------------------------------------------------------------------- +Wed Mar 17 15:10:16 UTC 2021 - Jan Engelhardt + +- Update to release 28 + * Further improvements to the service activation tracking. This + better tracks units in systemd and closes some races where a + repeated activation would incorrectly fail. + * Fix a crash where duplicate monitor matches would be + incorrectly installed in the broker. + +------------------------------------------------------------------- +Mon Feb 15 10:47:52 UTC 2021 - Jan Engelhardt + +- Update to release 27 + * Fix several bugs with the new service-activation tracking, + including a race-condition when restarting activatable + services. + * Be more verbose about denied configuration access and print + the file-path for better diagnostics. + +------------------------------------------------------------------- +Thu Jan 21 13:28:09 UTC 2021 - Jan Engelhardt + +- Update to release 26 + * Improve the service activation tracking of the compatibility + launcher. We now track spawned systemd units for their entire + lifetime, so we can properly detect when activations fail. + * Work around a kernel off-by-one error in the socket queue + accounting to fix a race-condition where dbus clients might + not be dispatched. + * Support running without `shmem` configured in the kernel. + This will make the broker run better on limited embedded + devices. + +------------------------------------------------------------------- +Thu Dec 3 11:34:56 UTC 2020 - Jan Engelhardt + +- Update to release 25 + * Fix an assertion failure when disconnecting monitors with active + unique-name matches. + * Fix the selinux error-handling to no longer mark all errors as + auditable by default. + +------------------------------------------------------------------- +Fri Sep 4 08:09:00 UTC 2020 - Jan Engelhardt + +- Update to release 24 + * Make audit-events properly typed and prevent non-auditable + events from being forwarded to the linux audit system. + +------------------------------------------------------------------- +Tue May 12 15:27:29 UTC 2020 - Jan Engelhardt + +- Update to release 23 + * Expose supplementary groups as `UnixGroupIDs` as defined by + the dbus specification in 0.53. + * The broker now uses the peer-pid from `SO_PEERCRED` on the + controller socket, rather than relying on `getppid()`. This + allows creating the broker from intermediate processes + without having any credentials of the intermediate leak into + the broker. + +------------------------------------------------------------------- +Mon Feb 24 17:52:17 UTC 2020 - Jan Engelhardt + +- Update to release 22 + * Implement org.freedesktop.DBus.Debug.Stats in the driver. + * Support no-op activation files. + * The new configuration option `linux-4-17`, if set to true + (default is false), makes dbus-broker assume it runs on + linux-v4.17 or newer. It will make use of features introduced + up to linux-v4.17. This allows to forcibly disable + workarounds for old kernels. + +------------------------------------------------------------------- +Tue Jun 11 12:06:26 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 21 + * Previously, resource limits were incorrectly calculated, + leading too limits that were higher than intended. + * Messages are now directly forwarded to the journal and + amended with additional fields. The journal-catalog now + contains entries with background information on runtime log + messages. + +------------------------------------------------------------------- +Thu Feb 21 13:09:08 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 18 + * The compatibility launcher is no longer isolated in its own + network namespace, since the SELinux APIs require access to + the root network namespace. + +------------------------------------------------------------------- +Mon Jan 28 11:06:43 UTC 2019 - Jan Engelhardt + +- Update RPM group. + +------------------------------------------------------------------- +Wed Jan 2 00:38:38 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 17 + * The compatibility launcher now namespaces transient systemd + units based on its own name on the scope-bus. + * The launcher now respects the `NAME' + configuration and correctly drops privileges of the broker + and itself after startup. + * Messages with file-descriptors will now be refused if the + client did not negotiate file-descriptor passing before. +- Drop use-system-deps.diff + +------------------------------------------------------------------- +Mon Mar 5 20:16:26 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 11 + * The policy-type of the dbus-broker API has been simplified. + It is now reduced to a policy-batch indexed by uids, in + combination with a policy-batch indexed either by gid or + uid-range. + * The launcher now supports a `--config-file PATH` commandline + option to override the root configuration file, which is + still deduced based on the passed scope parameter. + +------------------------------------------------------------------- +Tue Feb 6 00:37:19 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 9 + * AddListener() on org.bus1.DBus.Broker now supports UID ranges. + * dbus-broker.service unit is now ordered before basic.target. + * The launcher now uses instantiated systemd template units + when activating a service that has no associated systemd + service file. + * The launcher now supports configuration reloading. + * Activated units now inherit their user from the actual D-Bus + service, if provided. + +------------------------------------------------------------------- +Sun Sep 10 23:30:34 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 4 + * Support for sending SELinux AVC violations to audit rather + than syslog. + * Units will now be activated via explicit calls to StartUnit() + rather than faking a ActivationRequest directed signal. This + allows to catch startup failures (or rejections) and allows + to reject all pending activation requests right away. + * The broker now logs policy violations to the system log. +- Add use-system-deps.diff + +------------------------------------------------------------------- +Fri Aug 25 10:54:00 UTC 2017 - jengelh@inai.de + +- Initial package (version 3) for build.opensuse.org diff --git a/dbus-broker.spec b/dbus-broker.spec new file mode 100644 index 0000000..f38b799 --- /dev/null +++ b/dbus-broker.spec @@ -0,0 +1,144 @@ +# +# spec file for package dbus-broker +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: dbus-broker +Version: 36 +Release: 0 +Summary: XDG message bus implementation +License: Apache-2.0 +Group: System/Daemons +URL: https://github.com/bus1/dbus-broker + +Source: https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz +Source2: https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz.asc +Source10: allow-restart.conf +Source11: block-restart.conf +BuildRequires: linux-glibc-devel >= 4.17 +BuildRequires: meson +BuildRequires: pkg-config +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(audit) >= 3.0 +# dbus-1 requires dbus-broker, break that dep to avoid a cycle. +#!BuildIgnore: dbus-broker +BuildRequires: pkgconfig(dbus-1) >= 1.10 +BuildRequires: pkgconfig(expat) >= 2.2.3 +BuildRequires: pkgconfig(glib-2.0) >= 2.50 +BuildRequires: pkgconfig(libcap-ng) >= 0.6 +BuildRequires: pkgconfig(libselinux) >= 3.2 +BuildRequires: pkgconfig(libsystemd) >= 230 +BuildRequires: pkgconfig(systemd) >= 230 +Requires(pre): systemd >= 253.6 +Provides: dbus-service +Provides: bundled(c-dvar) = 1+ +Provides: bundled(c-ini) = 1+ +Provides: bundled(c-list) = 3+git9 +Provides: bundled(c-rbtree) = 3+git34 +Provides: bundled(c-shquote) = 1+ +Provides: bundled(c-stdaux) = 1+ +Provides: bundled(c-utf8) = 1+ +Requires: dbus-broker-restart-behavior = %version +Suggests: dbus-broker-block-restart = %version +%{?systemd_ordering} + +%description +dbus-broker is an implementation of a message bus as defined by the +D-Bus specification. It has some different characteristics/features +from classic D-Bus: + +* No shared medium +* No IPC to implement IPC +* User-based accounting +* Reliable messages +* Just the bus implementation, no external communication +* Local only, no remote transport +* Support for SASL pipelining +* Runtime broker control + +%package allow-restart +Summary: Restart behavior configuration for dbus-broker - Allow restarting +Provides: dbus-broker-restart-behavior = %version-%release +Conflicts: dbus-broker-restart-behavior +BuildArch: noarch + +%description allow-restart +This package configures how the service behave to the systemctl restart command. + +By installing this package dbus-broker will be allowed to restart + +%package block-restart +Summary: Restart behavior configuration for dbus-broker - Block restarting +Provides: dbus-broker-restart-behavior = %version-%release +Conflicts: dbus-broker-restart-behavior +BuildArch: noarch + +%description block-restart +This package configures how the service behave to the systemctl restart command. + +By installing this package dbus-broker will be blocked to restart + +%prep +%autosetup -p1 + +%build +ln -s /bin/true rst2man +%meson -Daudit=true -Dselinux=true +%meson_build + +%install +%meson_install +for mode in allow block ; do + install -Dpm0644 "%_sourcedir/$mode-restart.conf" "%buildroot/%_unitdir/dbus-broker.service.d/$mode-restart.conf" + install -Dpm0644 "%_sourcedir/$mode-restart.conf" "%buildroot/%_userunitdir/dbus-broker.service.d/$mode-restart.conf" +done + +%pre +%service_add_pre dbus-broker.service +%systemd_user_pre dbus-broker.service + +%post +%service_add_post dbus-broker.service +%systemd_user_post dbus-broker.service + +%preun +%service_del_preun dbus-broker.service + +%postun +%service_del_postun_without_restart dbus-broker.service + +%files +%_bindir/dbus-broker* +%_unitdir/*.service +%_userunitdir/*.service +%_journalcatalogdir/* +%license LICENSE + +%files allow-restart +%license LICENSE +%dir %_unitdir/dbus-broker.service.d/ +%dir %_userunitdir/dbus-broker.service.d/ +%_unitdir/dbus-broker.service.d/allow-restart.conf +%_userunitdir/dbus-broker.service.d/allow-restart.conf + +%files block-restart +%license LICENSE +%dir %_unitdir/dbus-broker.service.d/ +%dir %_userunitdir/dbus-broker.service.d/ +%_unitdir/dbus-broker.service.d/block-restart.conf +%_userunitdir/dbus-broker.service.d/block-restart.conf + +%changelog