- Requires(pre): systemd >= 253.6 to ensure scripts in %post are

run correctly, (bsc#1234697) Thanks to Thorsten for the detailed report. OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-broker?expand=0&rev=48
2024-12-19 02:21:54 +00:00 · 2024-12-19 02:21:54 +00:00 · a54555a024
commit a54555a024
8 changed files with 485 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/allow-restart.conf
+++ b/allow-restart.conf
@ -0,0 +1,3 @@
+[Unit]
+RefuseManualStart=false
+RefuseManualStop=false
--- a/block-restart.conf
+++ b/block-restart.conf
@ -0,0 +1,4 @@
+[Unit]
+RefuseManualStart=true
+RefuseManualStop=true
+
--- a/dbus-broker-36.tar.xz
+++ b/dbus-broker-36.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d333d99bd2688135b6d6961e7ad1360099d186078781c87102230910ea4e162b
+size 266084
--- a/dbus-broker-36.tar.xz.asc
+++ b/dbus-broker-36.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEvl+8jJwcn2Ck8K6uek86Ceve/yYFAmYZQPUACgkQek86Ceve
+/yYQIhAAmwUAQMdZZul6qqVNvUPmXL+0Bp3LDhn58kEXbPDj3lXzuXwChU+llwmV
+05LuxfCvbQFmBeCCAWEny5LUdhcwIrIKGyk7gNvbolhaNwk6nsOPLdJ+QP+pUNZR
+FVRMmTIU0XNh4/yuFn31MYcZrYkNtxka6H+1L5fZsJMUzFigixiIYw4gX2RVya23
+numos0ROu/BQklLES5glTyDnn2lEwpzOHY2zzX+DkFncNMgGEfIZgIzrxTb/+Jlt
+5ph+OtvcbnlTmpp68hWTk75ICxE7CM7DiOyOOJA49x5omPEeNggWd5oO/VJtN+h+
+GFX4ulbjlc2k1o44oclN2GfubeYG2PPadReYBneRDJ//ej/4ySH3Ub7t7Rg2puMu
+2sTnZsFH1uyfnkP/SKY0eLhnBkT+uoWHZC3zD3QLu/LjqGG10d8TN5gr/bQhLpJ0
+l46GR4ckhaZ4MesmJcyDZhHOVIqrjolkvap6/3/I5NPS+W0mOipaIu47QBaaoIwM
+ujJ2V+Ph4LTLD9GV1z+Z5k9NeNRhnKhf7luODb7diE2Iw/Z+7l2L13kHYpxTh5+9
+4vocJ6pxmNhwpPXLZ1UbGgZ7b9ZiBnHT393+DwwwbBp/CfoF5lgg2/JkNDdrjHkv
+XH62Wh/yNs36nk+krfoMpecRQEOmNemUL8FJ5vkH6vqjiPtUTjs=
+=tBa0
+-----END PGP SIGNATURE-----
--- a/dbus-broker.changes
+++ b/dbus-broker.changes
@ -0,0 +1,291 @@
+-------------------------------------------------------------------
+Thu Dec 19 02:15:06 UTC 2024 - Simon Lees <sflees@suse.de>
+
+- Requires(pre): systemd >= 253.6 to ensure scripts in %post are
+  run correctly, (bsc#1234697) Thanks to Thorsten for the detailed
+  report.
+
+-------------------------------------------------------------------
+Tue Aug  6 13:27:48 UTC 2024 - Simon Lees <sflees@suse.de>
+
+- Looks like we need systemd_user_ scripts for some upgrades to
+  work
+
+-------------------------------------------------------------------
+Fri Apr 12 16:21:44 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 36
+  * Fix possible file-descriptor use-after-close
+  * More verbose activation failures
+
+-------------------------------------------------------------------
+Tue Jan 16 13:07:37 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Make provides versioned
+- Ensure that not both packages can be installed at the same time
+  by adding a conflicts
+
+-------------------------------------------------------------------
+Tue Jan 16 13:06:24 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Downgrade the recommends to suggests based on suggestion from
+  dimstar
+
+-------------------------------------------------------------------
+Tue Jan 16 13:01:16 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- Make restart behavior an admin decision:
+  - drop feature-suse-refuse-manual-start-stop.patch
+  - introduce 2 new subpackages:
+    dbus-broker-allow-restart
+    dbus-broker-block-restart (default to reflect the old patch
+    behavior)
+    
+    one of the 2 packages is required and leaves the admin the
+    choice if they want to be able to restart dbus-broker without
+    reboot or not.
+
+-------------------------------------------------------------------
+Wed Dec 20 14:59:15 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 35
+  * drop an error-checking remnant of old dir-iteration
+
+-------------------------------------------------------------------
+Thu Dec 14 11:20:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 34
+  * Use AT_RANDOM for libexpat initialization to avoid a hidden
+    dependency in libexpat-hashtables on `/dev/urandom` at
+    runtime.
+  * Check for SELinux Enforcing-mode and honor its value.
+  * Support the new `ProcessFD` key in `GetConnectionCredentials()`.
+  * Loading files from a directory will not enumerate the files
+    in a predictable order rather than the pseudo-random order
+    returned by the kernel.
+
+-------------------------------------------------------------------
+Tue Dec 12 16:31:46 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
+
+- Update feature-suse-refuse-manual-start-stop.patch: prevent
+  killing user service aswell
+
+-------------------------------------------------------------------
+Fri Sep 29 08:49:36 UTC 2023 - Fabian Vogt <fvogt@suse.com>
+
+- Add BuildIgnore to break cycle with dbus-1.
+
+-------------------------------------------------------------------
+Thu Sep 21 07:56:38 UTC 2023 - Simon Lees <sflees@suse.de>
+
+- Make dbus-broker start by default as it is now the only supported
+  system bus.
+- Add feature-suse-refuse-manual-start-stop.patch We don't allow
+  dbus services to be restarted as it breaks many many things.
+
+-------------------------------------------------------------------
+Fri Feb  3 11:07:22 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 33
+  * Fix a race-condition when starting systemd-services from the
+    launcher.
+  * Changes in dbus service-files will no longer affect ongoing
+    activation attempts.
+
+-------------------------------------------------------------------
+Fri Aug  5 10:15:47 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 32
+  * Fix several bugs in the d-bus marshalling layer c-dvar,
+    including out-of-bound reads.
+  * Fix ubsan and asan warnings in c-stdaux and related
+    subprojects.
+
+-------------------------------------------------------------------
+Thu May 26 03:14:09 UTC 2022 - Simon Lees <sflees@suse.de>
+
+- Provide dbus-service so from a packaging perspective its easier
+  to replace dbus-daemon in the future.
+
+-------------------------------------------------------------------
+Mon May 16 10:27:31 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 31
+  * Fix assertion failures in the user accounting, uncovered by
+    the changes to accounting in v30.
+  * Fix a memory leak in service-file re-loading, in particular
+    in the command-line argument handling.
+
+-------------------------------------------------------------------
+Tue May 10 11:10:02 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 30
+  * Failed service activations now report more detailed information
+    on the activation failure back through the activating client.
+  * The broker now runs in `session.slice` if applicable.
+  * The `GetStats()` call on `org.freedeskop.DBus.Debug` now
+    properly returns reply-owner statistics. Before, those were
+    always set to 0.
+
+-------------------------------------------------------------------
+Wed Jun  2 13:23:40 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 29
+  * Improve SELinux audit messages.
+  * Linux >=4.17 is now a hard requirement.
+  * Fix startup failures when at-console users have
+    consecutive UIDs.
+
+-------------------------------------------------------------------
+Wed Mar 17 15:10:16 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 28
+  * Further improvements to the service activation tracking. This
+    better tracks units in systemd and closes some races where a
+    repeated activation would incorrectly fail.
+  * Fix a crash where duplicate monitor matches would be
+    incorrectly installed in the broker.
+
+-------------------------------------------------------------------
+Mon Feb 15 10:47:52 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 27
+  * Fix several bugs with the new service-activation tracking,
+    including a race-condition when restarting activatable
+    services.
+  * Be more verbose about denied configuration access and print
+    the file-path for better diagnostics.
+
+-------------------------------------------------------------------
+Thu Jan 21 13:28:09 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 26
+  * Improve the service activation tracking of the compatibility
+    launcher. We now track spawned systemd units for their entire
+    lifetime, so we can properly detect when activations fail.
+  * Work around a kernel off-by-one error in the socket queue
+    accounting to fix a race-condition where dbus clients might
+    not be dispatched.
+  * Support running without `shmem` configured in the kernel.
+    This will make the broker run better on limited embedded
+    devices.
+
+-------------------------------------------------------------------
+Thu Dec  3 11:34:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 25
+  * Fix an assertion failure when disconnecting monitors with active
+    unique-name matches.
+  * Fix the selinux error-handling to no longer mark all errors as
+    auditable by default.
+
+-------------------------------------------------------------------
+Fri Sep  4 08:09:00 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 24
+  * Make audit-events properly typed and prevent non-auditable
+    events from being forwarded to the linux audit system.
+
+-------------------------------------------------------------------
+Tue May 12 15:27:29 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 23
+  * Expose supplementary groups as `UnixGroupIDs` as defined by
+    the dbus specification in 0.53.
+  * The broker now uses the peer-pid from `SO_PEERCRED` on the
+    controller socket, rather than relying on `getppid()`. This
+    allows creating the broker from intermediate processes
+    without having any credentials of the intermediate leak into
+    the broker.
+
+-------------------------------------------------------------------
+Mon Feb 24 17:52:17 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 22
+  * Implement org.freedesktop.DBus.Debug.Stats in the driver.
+  * Support no-op activation files.
+  * The new configuration option `linux-4-17`, if set to true
+    (default is false), makes dbus-broker assume it runs on
+    linux-v4.17 or newer. It will make use of features introduced
+    up to linux-v4.17. This allows to forcibly disable
+    workarounds for old kernels.
+
+-------------------------------------------------------------------
+Tue Jun 11 12:06:26 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 21
+  * Previously, resource limits were incorrectly calculated,
+    leading too limits that were higher than intended.
+  * Messages are now directly forwarded to the journal and
+    amended with additional fields. The journal-catalog now
+    contains entries with background information on runtime log
+    messages.
+
+-------------------------------------------------------------------
+Thu Feb 21 13:09:08 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 18
+  * The compatibility launcher is no longer isolated in its own
+    network namespace, since the SELinux APIs require access to
+    the root network namespace.
+
+-------------------------------------------------------------------
+Mon Jan 28 11:06:43 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update RPM group.
+
+-------------------------------------------------------------------
+Wed Jan  2 00:38:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 17
+  * The compatibility launcher now namespaces transient systemd
+    units based on its own name on the scope-bus.
+  * The launcher now respects the `<user>NAME</user>'
+    configuration and correctly drops privileges of the broker
+    and itself after startup.
+  * Messages with file-descriptors will now be refused if the
+    client did not negotiate file-descriptor passing before.
+- Drop use-system-deps.diff
+
+-------------------------------------------------------------------
+Mon Mar  5 20:16:26 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 11
+  * The policy-type of the dbus-broker API has been simplified.
+    It is now reduced to a policy-batch indexed by uids, in
+    combination with a policy-batch indexed either by gid or
+    uid-range.
+  * The launcher now supports a `--config-file PATH` commandline
+    option to override the root configuration file, which is
+    still deduced based on the passed scope parameter.
+
+-------------------------------------------------------------------
+Tue Feb  6 00:37:19 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 9
+  * AddListener() on org.bus1.DBus.Broker now supports UID ranges.
+  * dbus-broker.service unit is now ordered before basic.target.
+  * The launcher now uses instantiated systemd template units
+    when activating a service that has no associated systemd
+    service file.
+  * The launcher now supports configuration reloading.
+  * Activated units now inherit their user from the actual D-Bus
+    service, if provided.
+
+-------------------------------------------------------------------
+Sun Sep 10 23:30:34 UTC 2017 - jengelh@inai.de
+
+- Update to new upstream release 4
+  * Support for sending SELinux AVC violations to audit rather
+    than syslog.
+  * Units will now be activated via explicit calls to StartUnit()
+    rather than faking a ActivationRequest directed signal. This
+    allows to catch startup failures (or rejections) and allows
+    to reject all pending activation requests right away.
+  * The broker now logs policy violations to the system log.
+- Add use-system-deps.diff
+
+-------------------------------------------------------------------
+Fri Aug 25 10:54:00 UTC 2017 - jengelh@inai.de
+
+- Initial package (version 3) for build.opensuse.org
--- a/dbus-broker.spec
+++ b/dbus-broker.spec
@ -0,0 +1,144 @@
+#
+# spec file for package dbus-broker
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           dbus-broker
+Version:        36
+Release:        0
+Summary:        XDG message bus implementation
+License:        Apache-2.0
+Group:          System/Daemons
+URL:            https://github.com/bus1/dbus-broker
+
+Source:         https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz
+Source2:        https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz.asc
+Source10:       allow-restart.conf
+Source11:       block-restart.conf
+BuildRequires:  linux-glibc-devel >= 4.17
+BuildRequires:  meson
+BuildRequires:  pkg-config
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  pkgconfig(audit) >= 3.0
+# dbus-1 requires dbus-broker, break that dep to avoid a cycle.
+#!BuildIgnore: dbus-broker
+BuildRequires:  pkgconfig(dbus-1) >= 1.10
+BuildRequires:  pkgconfig(expat) >= 2.2.3
+BuildRequires:  pkgconfig(glib-2.0) >= 2.50
+BuildRequires:  pkgconfig(libcap-ng) >= 0.6
+BuildRequires:  pkgconfig(libselinux) >= 3.2
+BuildRequires:  pkgconfig(libsystemd) >= 230
+BuildRequires:  pkgconfig(systemd) >= 230
+Requires(pre):  systemd >= 253.6
+Provides:       dbus-service
+Provides:       bundled(c-dvar) = 1+
+Provides:       bundled(c-ini) = 1+
+Provides:       bundled(c-list) = 3+git9
+Provides:       bundled(c-rbtree) = 3+git34
+Provides:       bundled(c-shquote) = 1+
+Provides:       bundled(c-stdaux) = 1+
+Provides:       bundled(c-utf8) = 1+
+Requires:       dbus-broker-restart-behavior = %version
+Suggests:       dbus-broker-block-restart = %version
+%{?systemd_ordering}
+
+%description
+dbus-broker is an implementation of a message bus as defined by the
+D-Bus specification. It has some different characteristics/features
+from classic D-Bus:
+
+* No shared medium
+* No IPC to implement IPC
+* User-based accounting
+* Reliable messages
+* Just the bus implementation, no external communication
+* Local only, no remote transport
+* Support for SASL pipelining
+* Runtime broker control
+
+%package allow-restart
+Summary:        Restart behavior configuration for dbus-broker - Allow restarting
+Provides:       dbus-broker-restart-behavior = %version-%release
+Conflicts:      dbus-broker-restart-behavior
+BuildArch:      noarch
+
+%description allow-restart
+This package configures how the service behave to the systemctl restart command.
+
+By installing this package dbus-broker will be allowed to restart
+
+%package block-restart
+Summary:        Restart behavior configuration for dbus-broker - Block restarting
+Provides:       dbus-broker-restart-behavior = %version-%release
+Conflicts:      dbus-broker-restart-behavior
+BuildArch:      noarch
+
+%description block-restart
+This package configures how the service behave to the systemctl restart command.
+
+By installing this package dbus-broker will be blocked to restart
+
+%prep
+%autosetup -p1
+
+%build
+ln -s /bin/true rst2man
+%meson -Daudit=true -Dselinux=true
+%meson_build
+
+%install
+%meson_install
+for mode in allow block ; do
+	install -Dpm0644 "%_sourcedir/$mode-restart.conf" "%buildroot/%_unitdir/dbus-broker.service.d/$mode-restart.conf"
+	install -Dpm0644 "%_sourcedir/$mode-restart.conf" "%buildroot/%_userunitdir/dbus-broker.service.d/$mode-restart.conf"
+done
+
+%pre
+%service_add_pre dbus-broker.service
+%systemd_user_pre dbus-broker.service
+
+%post
+%service_add_post dbus-broker.service
+%systemd_user_post dbus-broker.service
+
+%preun
+%service_del_preun dbus-broker.service
+
+%postun
+%service_del_postun_without_restart dbus-broker.service
+
+%files
+%_bindir/dbus-broker*
+%_unitdir/*.service
+%_userunitdir/*.service
+%_journalcatalogdir/*
+%license LICENSE
+
+%files allow-restart
+%license LICENSE
+%dir %_unitdir/dbus-broker.service.d/
+%dir %_userunitdir/dbus-broker.service.d/
+%_unitdir/dbus-broker.service.d/allow-restart.conf
+%_userunitdir/dbus-broker.service.d/allow-restart.conf
+
+%files block-restart
+%license LICENSE
+%dir %_unitdir/dbus-broker.service.d/
+%dir %_userunitdir/dbus-broker.service.d/
+%_unitdir/dbus-broker.service.d/block-restart.conf
+%_userunitdir/dbus-broker.service.d/block-restart.conf
+
+%changelog