Accepting request 1113382 from home:simotek:branches:Broker

- Make dbus-broker start by default as it is now the only supported
  system bus.
- Add feature-suse-refuse-manual-start-stop.patch We don't allow
  dbus services to be restarted as it breaks many many things.

OBS-URL: https://build.opensuse.org/request/show/1113382
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-broker?expand=0&rev=38

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

dbus-broker-33.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23713f25624749fdb274907e429080fa2d8f4dbe76acd87bb6d21a3c818c7841
+size 253172

dbus-broker.changes

@@ -0,0 +1,214 @@
+-------------------------------------------------------------------
+Thu Sep 21 07:56:38 UTC 2023 - Simon Lees <sflees@suse.de>
+
+- Make dbus-broker start by default as it is now the only supported
+  system bus.
+- Add feature-suse-refuse-manual-start-stop.patch We don't allow
+  dbus services to be restarted as it breaks many many things.
+
+-------------------------------------------------------------------
+Fri Feb  3 11:07:22 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 33
+  * Fix a race-condition when starting systemd-services from the
+    launcher.
+  * Changes in dbus service-files will no longer affect ongoing
+    activation attempts.
+
+-------------------------------------------------------------------
+Fri Aug  5 10:15:47 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 32
+  * Fix several bugs in the d-bus marshalling layer c-dvar,
+    including out-of-bound reads.
+  * Fix ubsan and asan warnings in c-stdaux and related
+    subprojects.
+
+-------------------------------------------------------------------
+Thu May 26 03:14:09 UTC 2022 - Simon Lees <sflees@suse.de>
+
+- Provide dbus-service so from a packaging perspective its easier
+  to replace dbus-daemon in the future.
+
+-------------------------------------------------------------------
+Mon May 16 10:27:31 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 31
+  * Fix assertion failures in the user accounting, uncovered by
+    the changes to accounting in v30.
+  * Fix a memory leak in service-file re-loading, in particular
+    in the command-line argument handling.
+
+-------------------------------------------------------------------
+Tue May 10 11:10:02 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 30
+  * Failed service activations now report more detailed information
+    on the activation failure back through the activating client.
+  * The broker now runs in `session.slice` if applicable.
+  * The `GetStats()` call on `org.freedeskop.DBus.Debug` now
+    properly returns reply-owner statistics. Before, those were
+    always set to 0.
+
+-------------------------------------------------------------------
+Wed Jun  2 13:23:40 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 29
+  * Improve SELinux audit messages.
+  * Linux >=4.17 is now a hard requirement.
+  * Fix startup failures when at-console users have
+    consecutive UIDs.
+
+-------------------------------------------------------------------
+Wed Mar 17 15:10:16 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 28
+  * Further improvements to the service activation tracking. This
+    better tracks units in systemd and closes some races where a
+    repeated activation would incorrectly fail.
+  * Fix a crash where duplicate monitor matches would be
+    incorrectly installed in the broker.
+
+-------------------------------------------------------------------
+Mon Feb 15 10:47:52 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 27
+  * Fix several bugs with the new service-activation tracking,
+    including a race-condition when restarting activatable
+    services.
+  * Be more verbose about denied configuration access and print
+    the file-path for better diagnostics.
+
+-------------------------------------------------------------------
+Thu Jan 21 13:28:09 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 26
+  * Improve the service activation tracking of the compatibility
+    launcher. We now track spawned systemd units for their entire
+    lifetime, so we can properly detect when activations fail.
+  * Work around a kernel off-by-one error in the socket queue
+    accounting to fix a race-condition where dbus clients might
+    not be dispatched.
+  * Support running without `shmem` configured in the kernel.
+    This will make the broker run better on limited embedded
+    devices.
+
+-------------------------------------------------------------------
+Thu Dec  3 11:34:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 25
+  * Fix an assertion failure when disconnecting monitors with active
+    unique-name matches.
+  * Fix the selinux error-handling to no longer mark all errors as
+    auditable by default.
+
+-------------------------------------------------------------------
+Fri Sep  4 08:09:00 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 24
+  * Make audit-events properly typed and prevent non-auditable
+    events from being forwarded to the linux audit system.
+
+-------------------------------------------------------------------
+Tue May 12 15:27:29 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 23
+  * Expose supplementary groups as `UnixGroupIDs` as defined by
+    the dbus specification in 0.53.
+  * The broker now uses the peer-pid from `SO_PEERCRED` on the
+    controller socket, rather than relying on `getppid()`. This
+    allows creating the broker from intermediate processes
+    without having any credentials of the intermediate leak into
+    the broker.
+
+-------------------------------------------------------------------
+Mon Feb 24 17:52:17 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 22
+  * Implement org.freedesktop.DBus.Debug.Stats in the driver.
+  * Support no-op activation files.
+  * The new configuration option `linux-4-17`, if set to true
+    (default is false), makes dbus-broker assume it runs on
+    linux-v4.17 or newer. It will make use of features introduced
+    up to linux-v4.17. This allows to forcibly disable
+    workarounds for old kernels.
+
+-------------------------------------------------------------------
+Tue Jun 11 12:06:26 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 21
+  * Previously, resource limits were incorrectly calculated,
+    leading too limits that were higher than intended.
+  * Messages are now directly forwarded to the journal and
+    amended with additional fields. The journal-catalog now
+    contains entries with background information on runtime log
+    messages.
+
+-------------------------------------------------------------------
+Thu Feb 21 13:09:08 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 18
+  * The compatibility launcher is no longer isolated in its own
+    network namespace, since the SELinux APIs require access to
+    the root network namespace.
+
+-------------------------------------------------------------------
+Mon Jan 28 11:06:43 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update RPM group.
+
+-------------------------------------------------------------------
+Wed Jan  2 00:38:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to new upstream release 17
+  * The compatibility launcher now namespaces transient systemd
+    units based on its own name on the scope-bus.
+  * The launcher now respects the `<user>NAME</user>'
+    configuration and correctly drops privileges of the broker
+    and itself after startup.
+  * Messages with file-descriptors will now be refused if the
+    client did not negotiate file-descriptor passing before.
+- Drop use-system-deps.diff
+
+-------------------------------------------------------------------
+Mon Mar  5 20:16:26 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 11
+  * The policy-type of the dbus-broker API has been simplified.
+    It is now reduced to a policy-batch indexed by uids, in
+    combination with a policy-batch indexed either by gid or
+    uid-range.
+  * The launcher now supports a `--config-file PATH` commandline
+    option to override the root configuration file, which is
+    still deduced based on the passed scope parameter.
+
+-------------------------------------------------------------------
+Tue Feb  6 00:37:19 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 9
+  * AddListener() on org.bus1.DBus.Broker now supports UID ranges.
+  * dbus-broker.service unit is now ordered before basic.target.
+  * The launcher now uses instantiated systemd template units
+    when activating a service that has no associated systemd
+    service file.
+  * The launcher now supports configuration reloading.
+  * Activated units now inherit their user from the actual D-Bus
+    service, if provided.
+
+-------------------------------------------------------------------
+Sun Sep 10 23:30:34 UTC 2017 - jengelh@inai.de
+
+- Update to new upstream release 4
+  * Support for sending SELinux AVC violations to audit rather
+    than syslog.
+  * Units will now be activated via explicit calls to StartUnit()
+    rather than faking a ActivationRequest directed signal. This
+    allows to catch startup failures (or rejections) and allows
+    to reject all pending activation requests right away.
+  * The broker now logs policy violations to the system log.
+- Add use-system-deps.diff
+
+-------------------------------------------------------------------
+Fri Aug 25 10:54:00 UTC 2017 - jengelh@inai.de
+
+- Initial package (version 3) for build.opensuse.org

dbus-broker.spec

@@ -0,0 +1,110 @@
+#
+# spec file for package dbus-broker
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           dbus-broker
+Version:        33
+Release:        0
+Summary:        XDG-conforming message bus implementation
+License:        Apache-2.0
+Group:          System/Daemons
+URL:            https://github.com/bus1/dbus-broker
+
+Source:         https://github.com/bus1/dbus-broker/releases/download/v%version/dbus-broker-%version.tar.xz
+Patch0:         feature-suse-refuse-manual-start-stop.patch
+BuildRequires:  linux-glibc-devel >= 4.17
+BuildRequires:  meson
+BuildRequires:  pkg-config
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  pkgconfig(audit) >= 3.0
+BuildRequires:  pkgconfig(dbus-1) >= 1.10
+BuildRequires:  pkgconfig(expat) >= 2.2.3
+BuildRequires:  pkgconfig(glib-2.0) >= 2.50
+BuildRequires:  pkgconfig(libcap-ng) >= 0.6
+BuildRequires:  pkgconfig(libselinux) >= 3.2
+BuildRequires:  pkgconfig(libsystemd) >= 230
+BuildRequires:  pkgconfig(systemd) >= 230
+Provides:       dbus-service
+Provides:       bundled(c-dvar) = 1+
+Provides:       bundled(c-ini) = 1+
+Provides:       bundled(c-list) = 3+git9
+Provides:       bundled(c-rbtree) = 3+git34
+Provides:       bundled(c-shquote) = 1+
+Provides:       bundled(c-stdaux) = 1+
+Provides:       bundled(c-utf8) = 1+
+%{?systemd_ordering}
+
+%description
+dbus-broker is an implementation of a message bus as defined by the
+D-Bus specification. It has some different characteristics/features
+from classic D-Bus:
+
+* No shared medium
+* No IPC to implement IPC
+* User-based accounting
+* Reliable messages
+* Just the bus implementation, no external communication
+* Local only, no remote transport
+* Support for SASL pipelining
+* Runtime broker control
+
+%prep
+%autosetup -p1
+
+%build
+ln -s /bin/true rst2man
+%meson -Daudit=true -Dselinux=true
+%meson_build
+
+%install
+%meson_install
+
+# dbus-daemon was always started in this way so now start broker in this way.
+#mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants/
+#mkdir -p %{buildroot}%{_userunitdir}/default.target.wants/
+
+#pushd %{buildroot}%{_unitdir}/multi-user.target.wants/
+#ln -s ../dbus-broker.service dbus-broker.service
+#popd
+#pushd %{buildroot}%{_userunitdir}/default.target.wants/
+#ln -s ../dbus-broker.service dbus-broker.service
+#popd
+
+%pre
+%service_add_pre dbus-broker.service
+
+%post
+%service_add_post dbus-broker.service
+
+%preun
+%service_del_preun dbus-broker.service
+
+%postun
+%service_del_postun_without_restart dbus-broker.service
+
+%files
+%_bindir/dbus-broker*
+#%dir %{_unitdir}/multi-user.target.wants
+#%dir %{_userunitdir}/default.target.wants
+%_unitdir/*.service
+#%{_unitdir}/multi-user.target.wants/dbus-broker.service
+#%{_userunitdir}/default.target.wants/dbus-broker.service
+%_prefix/lib/systemd/user/*.service
+%_prefix/lib/systemd/catalog/
+%license LICENSE
+
+%changelog

feature-suse-refuse-manual-start-stop.patch

@@ -0,0 +1,13 @@
+Index: dbus-broker-33/src/units/system/dbus-broker.service.in
+===================================================================
+--- dbus-broker-33.orig/src/units/system/dbus-broker.service.in
++++ dbus-broker-33/src/units/system/dbus-broker.service.in
+@@ -6,6 +6,8 @@ After=dbus.socket
+ Before=basic.target shutdown.target
+ Requires=dbus.socket
+ Conflicts=shutdown.target
++RefuseManualStart=true
++RefuseManualStop=true
+ 
+ [Service]
+ Type=notify