From a58d0c55add7be45e9add9cce0e27c03d4a1c96b435575eb2d8bc9205dda6b6c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 25 Sep 2023 10:43:07 +0000 Subject: [PATCH] Accepting request 1113382 from home:simotek:branches:Broker - Make dbus-broker start by default as it is now the only supported system bus. - Add feature-suse-refuse-manual-start-stop.patch We don't allow dbus services to be restarted as it breaks many many things. OBS-URL: https://build.opensuse.org/request/show/1113382 OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-broker?expand=0&rev=38 --- .gitattributes | 23 +++ .gitignore | 1 + dbus-broker-33.tar.xz | 3 + dbus-broker.changes | 214 ++++++++++++++++++++ dbus-broker.spec | 110 ++++++++++ feature-suse-refuse-manual-start-stop.patch | 13 ++ 6 files changed, 364 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 dbus-broker-33.tar.xz create mode 100644 dbus-broker.changes create mode 100644 dbus-broker.spec create mode 100644 feature-suse-refuse-manual-start-stop.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/dbus-broker-33.tar.xz b/dbus-broker-33.tar.xz new file mode 100644 index 0000000..8403470 --- /dev/null +++ b/dbus-broker-33.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:23713f25624749fdb274907e429080fa2d8f4dbe76acd87bb6d21a3c818c7841 +size 253172 diff --git a/dbus-broker.changes b/dbus-broker.changes new file mode 100644 index 0000000..06bf155 --- /dev/null +++ b/dbus-broker.changes @@ -0,0 +1,214 @@ +------------------------------------------------------------------- +Thu Sep 21 07:56:38 UTC 2023 - Simon Lees + +- Make dbus-broker start by default as it is now the only supported + system bus. +- Add feature-suse-refuse-manual-start-stop.patch We don't allow + dbus services to be restarted as it breaks many many things. + +------------------------------------------------------------------- +Fri Feb 3 11:07:22 UTC 2023 - Jan Engelhardt + +- Update to release 33 + * Fix a race-condition when starting systemd-services from the + launcher. + * Changes in dbus service-files will no longer affect ongoing + activation attempts. + +------------------------------------------------------------------- +Fri Aug 5 10:15:47 UTC 2022 - Jan Engelhardt + +- Update to release 32 + * Fix several bugs in the d-bus marshalling layer c-dvar, + including out-of-bound reads. + * Fix ubsan and asan warnings in c-stdaux and related + subprojects. + +------------------------------------------------------------------- +Thu May 26 03:14:09 UTC 2022 - Simon Lees + +- Provide dbus-service so from a packaging perspective its easier + to replace dbus-daemon in the future. + +------------------------------------------------------------------- +Mon May 16 10:27:31 UTC 2022 - Jan Engelhardt + +- Update to release 31 + * Fix assertion failures in the user accounting, uncovered by + the changes to accounting in v30. + * Fix a memory leak in service-file re-loading, in particular + in the command-line argument handling. + +------------------------------------------------------------------- +Tue May 10 11:10:02 UTC 2022 - Jan Engelhardt + +- Update to release 30 + * Failed service activations now report more detailed information + on the activation failure back through the activating client. + * The broker now runs in `session.slice` if applicable. + * The `GetStats()` call on `org.freedeskop.DBus.Debug` now + properly returns reply-owner statistics. Before, those were + always set to 0. + +------------------------------------------------------------------- +Wed Jun 2 13:23:40 UTC 2021 - Jan Engelhardt + +- Update to release 29 + * Improve SELinux audit messages. + * Linux >=4.17 is now a hard requirement. + * Fix startup failures when at-console users have + consecutive UIDs. + +------------------------------------------------------------------- +Wed Mar 17 15:10:16 UTC 2021 - Jan Engelhardt + +- Update to release 28 + * Further improvements to the service activation tracking. This + better tracks units in systemd and closes some races where a + repeated activation would incorrectly fail. + * Fix a crash where duplicate monitor matches would be + incorrectly installed in the broker. + +------------------------------------------------------------------- +Mon Feb 15 10:47:52 UTC 2021 - Jan Engelhardt + +- Update to release 27 + * Fix several bugs with the new service-activation tracking, + including a race-condition when restarting activatable + services. + * Be more verbose about denied configuration access and print + the file-path for better diagnostics. + +------------------------------------------------------------------- +Thu Jan 21 13:28:09 UTC 2021 - Jan Engelhardt + +- Update to release 26 + * Improve the service activation tracking of the compatibility + launcher. We now track spawned systemd units for their entire + lifetime, so we can properly detect when activations fail. + * Work around a kernel off-by-one error in the socket queue + accounting to fix a race-condition where dbus clients might + not be dispatched. + * Support running without `shmem` configured in the kernel. + This will make the broker run better on limited embedded + devices. + +------------------------------------------------------------------- +Thu Dec 3 11:34:56 UTC 2020 - Jan Engelhardt + +- Update to release 25 + * Fix an assertion failure when disconnecting monitors with active + unique-name matches. + * Fix the selinux error-handling to no longer mark all errors as + auditable by default. + +------------------------------------------------------------------- +Fri Sep 4 08:09:00 UTC 2020 - Jan Engelhardt + +- Update to release 24 + * Make audit-events properly typed and prevent non-auditable + events from being forwarded to the linux audit system. + +------------------------------------------------------------------- +Tue May 12 15:27:29 UTC 2020 - Jan Engelhardt + +- Update to release 23 + * Expose supplementary groups as `UnixGroupIDs` as defined by + the dbus specification in 0.53. + * The broker now uses the peer-pid from `SO_PEERCRED` on the + controller socket, rather than relying on `getppid()`. This + allows creating the broker from intermediate processes + without having any credentials of the intermediate leak into + the broker. + +------------------------------------------------------------------- +Mon Feb 24 17:52:17 UTC 2020 - Jan Engelhardt + +- Update to release 22 + * Implement org.freedesktop.DBus.Debug.Stats in the driver. + * Support no-op activation files. + * The new configuration option `linux-4-17`, if set to true + (default is false), makes dbus-broker assume it runs on + linux-v4.17 or newer. It will make use of features introduced + up to linux-v4.17. This allows to forcibly disable + workarounds for old kernels. + +------------------------------------------------------------------- +Tue Jun 11 12:06:26 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 21 + * Previously, resource limits were incorrectly calculated, + leading too limits that were higher than intended. + * Messages are now directly forwarded to the journal and + amended with additional fields. The journal-catalog now + contains entries with background information on runtime log + messages. + +------------------------------------------------------------------- +Thu Feb 21 13:09:08 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 18 + * The compatibility launcher is no longer isolated in its own + network namespace, since the SELinux APIs require access to + the root network namespace. + +------------------------------------------------------------------- +Mon Jan 28 11:06:43 UTC 2019 - Jan Engelhardt + +- Update RPM group. + +------------------------------------------------------------------- +Wed Jan 2 00:38:38 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 17 + * The compatibility launcher now namespaces transient systemd + units based on its own name on the scope-bus. + * The launcher now respects the `NAME' + configuration and correctly drops privileges of the broker + and itself after startup. + * Messages with file-descriptors will now be refused if the + client did not negotiate file-descriptor passing before. +- Drop use-system-deps.diff + +------------------------------------------------------------------- +Mon Mar 5 20:16:26 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 11 + * The policy-type of the dbus-broker API has been simplified. + It is now reduced to a policy-batch indexed by uids, in + combination with a policy-batch indexed either by gid or + uid-range. + * The launcher now supports a `--config-file PATH` commandline + option to override the root configuration file, which is + still deduced based on the passed scope parameter. + +------------------------------------------------------------------- +Tue Feb 6 00:37:19 UTC 2018 - jengelh@inai.de + +- Update to new upstream release 9 + * AddListener() on org.bus1.DBus.Broker now supports UID ranges. + * dbus-broker.service unit is now ordered before basic.target. + * The launcher now uses instantiated systemd template units + when activating a service that has no associated systemd + service file. + * The launcher now supports configuration reloading. + * Activated units now inherit their user from the actual D-Bus + service, if provided. + +------------------------------------------------------------------- +Sun Sep 10 23:30:34 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 4 + * Support for sending SELinux AVC violations to audit rather + than syslog. + * Units will now be activated via explicit calls to StartUnit() + rather than faking a ActivationRequest directed signal. This + allows to catch startup failures (or rejections) and allows + to reject all pending activation requests right away. + * The broker now logs policy violations to the system log. +- Add use-system-deps.diff + +------------------------------------------------------------------- +Fri Aug 25 10:54:00 UTC 2017 - jengelh@inai.de + +- Initial package (version 3) for build.opensuse.org diff --git a/dbus-broker.spec b/dbus-broker.spec new file mode 100644 index 0000000..8aa8f58 --- /dev/null +++ b/dbus-broker.spec @@ -0,0 +1,110 @@ +# +# spec file for package dbus-broker +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: dbus-broker +Version: 33 +Release: 0 +Summary: XDG-conforming message bus implementation +License: Apache-2.0 +Group: System/Daemons +URL: https://github.com/bus1/dbus-broker + +Source: https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz +Patch0: feature-suse-refuse-manual-start-stop.patch +BuildRequires: linux-glibc-devel >= 4.17 +BuildRequires: meson +BuildRequires: pkg-config +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(audit) >= 3.0 +BuildRequires: pkgconfig(dbus-1) >= 1.10 +BuildRequires: pkgconfig(expat) >= 2.2.3 +BuildRequires: pkgconfig(glib-2.0) >= 2.50 +BuildRequires: pkgconfig(libcap-ng) >= 0.6 +BuildRequires: pkgconfig(libselinux) >= 3.2 +BuildRequires: pkgconfig(libsystemd) >= 230 +BuildRequires: pkgconfig(systemd) >= 230 +Provides: dbus-service +Provides: bundled(c-dvar) = 1+ +Provides: bundled(c-ini) = 1+ +Provides: bundled(c-list) = 3+git9 +Provides: bundled(c-rbtree) = 3+git34 +Provides: bundled(c-shquote) = 1+ +Provides: bundled(c-stdaux) = 1+ +Provides: bundled(c-utf8) = 1+ +%{?systemd_ordering} + +%description +dbus-broker is an implementation of a message bus as defined by the +D-Bus specification. It has some different characteristics/features +from classic D-Bus: + +* No shared medium +* No IPC to implement IPC +* User-based accounting +* Reliable messages +* Just the bus implementation, no external communication +* Local only, no remote transport +* Support for SASL pipelining +* Runtime broker control + +%prep +%autosetup -p1 + +%build +ln -s /bin/true rst2man +%meson -Daudit=true -Dselinux=true +%meson_build + +%install +%meson_install + +# dbus-daemon was always started in this way so now start broker in this way. +#mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants/ +#mkdir -p %{buildroot}%{_userunitdir}/default.target.wants/ + +#pushd %{buildroot}%{_unitdir}/multi-user.target.wants/ +#ln -s ../dbus-broker.service dbus-broker.service +#popd +#pushd %{buildroot}%{_userunitdir}/default.target.wants/ +#ln -s ../dbus-broker.service dbus-broker.service +#popd + +%pre +%service_add_pre dbus-broker.service + +%post +%service_add_post dbus-broker.service + +%preun +%service_del_preun dbus-broker.service + +%postun +%service_del_postun_without_restart dbus-broker.service + +%files +%_bindir/dbus-broker* +#%dir %{_unitdir}/multi-user.target.wants +#%dir %{_userunitdir}/default.target.wants +%_unitdir/*.service +#%{_unitdir}/multi-user.target.wants/dbus-broker.service +#%{_userunitdir}/default.target.wants/dbus-broker.service +%_prefix/lib/systemd/user/*.service +%_prefix/lib/systemd/catalog/ +%license LICENSE + +%changelog diff --git a/feature-suse-refuse-manual-start-stop.patch b/feature-suse-refuse-manual-start-stop.patch new file mode 100644 index 0000000..6f6bbfe --- /dev/null +++ b/feature-suse-refuse-manual-start-stop.patch @@ -0,0 +1,13 @@ +Index: dbus-broker-33/src/units/system/dbus-broker.service.in +=================================================================== +--- dbus-broker-33.orig/src/units/system/dbus-broker.service.in ++++ dbus-broker-33/src/units/system/dbus-broker.service.in +@@ -6,6 +6,8 @@ After=dbus.socket + Before=basic.target shutdown.target + Requires=dbus.socket + Conflicts=shutdown.target ++RefuseManualStart=true ++RefuseManualStop=true + + [Service] + Type=notify