| Message ID | 20200610232428.201616-1-nolange79@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] package/dbusbroker: new package | expand |
Norbert, All, Thanks for this new improved version. :-) I still have a few concerns about it, see below... On 2020-06-11 01:24 +0200, Norbert Lange spake thusly: > Add dbus-broker, which is a drop-in replacement > for the dbus-daemon. Sorry, but this commit log is far from enough. See below for all the pieces I find are missing. A commit log is not here to describe what is being done, but why it is being done. It is here so that the others can understand it. The more details you can add (up to a certain externt, of course!), the easier the patch can be reviewed, especially when there are misundersstanding like what I provided in my own submission. > Its possible to use this package standalone (without the dbus > package - if buildroot's systemd would not depend on dbus). > > This is sufficient to provide systemd's (d)bus functionality. > To allow standalone usage, the necessary config files are > copied and adopted over from dbus. As I explained previously, if you want to make systemd use dbus-broker, you change the systemd Config.in, as I did in my series. And if this will be done in a followup patch, you can write (instead of the two paragraphs above): dbus-broker is sufficient to provide a dbus-daemon that can fullfil the requirements for systemd's dbus functionality. This will be done in a followup change. Also, I find it lacking the part that describes how dbus-broker is split between a launcher and a bus daemon, and that the launcher can only be used with systemd, because the launcher makes heavy use of systemd functionalities. The commit log also misses the explanations about the licensing information. This is *very* important to have, because it is not obvious hy the terms are as they are, and wh we have two files for each sub-projects. You could have simply duplicated what I wrote in my own submission. Finally, the folowing, from here [*]: > bases on Yanns changes, and > - add an own config entry for dbus-broker-launch > enabled by default if systemd init is used We usually do not enable options by default. But see below... > - undo BR2_COREUTILS_HOST_DEPENDENCY So, I see you don;t like it, but BR2_COREUTILS_HOST_DEPENDENCY is already a dependency of systemd, so adding it to dbus-broker is not in fact adding any new build-time overhead. And if your build machine has a recent-enough, BR2_COREUTILS_HOST_DEPENDENCY will be empty already. > - undo adding dbus user - never used by this package So, how does the does the message bus daemon runs as non-root? In the original dbus pakcage, we define a user, that is used to switch the mesage bus to run as non-root. Pleas explain why the user is nopt needed. > - add condtional audit dependency > - cleanup conditional logic a bit [*] ... to here, should have been after the --- line. > Signed-off-by: Norbert Lange <nolange79@gmail.com> > --- [--SNIP--] > diff --git a/package/dbus-broker/Config.in b/package/dbus-broker/Config.in > new file mode 100644 > index 0000000000..8cde3310eb > --- /dev/null > +++ b/package/dbus-broker/Config.in > @@ -0,0 +1,35 @@ > +config BR2_PACKAGE_DBUS_BROKER > + bool "dbus-broker" > + depends on BR2_USE_MMU > + depends on BR2_TOOLCHAIN_HAS_THREADS > + help > + Linux D-Bus Message Broker. > + > + The dbus-broker project is an implementation of a message bus > + as defined by the D-Bus specification. Its aim is to provide > + high performance and reliability, while keeping compatibility > + to the D-Bus reference implementation. > + > + It is exclusively written for Linux systems, and makes use of > + many modern features provided by recent linux kernel releases. > + > + https://github.com/bus1/dbus-broker/wiki > + > +if BR2_PACKAGE_DBUS_BROKER > +config BR2_PACKAGE_DBUS_BROKER_LAUNCH > + bool "dbus-broker-launch" > + default y > + depends on BR2_INIT_SYSTEMD Do not depend on the init config option, but on the package (it is the package that provides libsystemd et al., not the init feature): depends on BR2_PACKAGE_SYSTEMD But see below... > + select BR2_PACKAGE_EXPAT > + help > + Launcher for D-Bus Message Brokers. > + > + dbus-broker-launch is a launcher for dbus-broker, spawning and > + managing a D-Bus Message Bus. The launcher aims to be fully > + compatible to the D-Bus reference implementation dbus-daemon, > + supporting the same configuration syntax and runtime environment. > +endif Why do you add an option to enable the launcher? Just do it unconditionally when systemd is enabled. And select expat as I did in my own patch, in the main symbol: config BR2_PACKAGE_DBUS_BROKER [...] select BR2_PACKAGE_EXPAT if BR2_PACKAGE_SYSTEMD Note: if the option were to stay, which I doubt is interesting), then it would miss a comment that explains why the launcher is not availble: comment "dbus-broker-launch needs systemd" deepnds on !BR2_INIT_SYSTEMD > +comment "dbus-broker needs a toolchain w/ threads" > + depends on BR2_USE_MMU > + depends on !BR2_TOOLCHAIN_HAS_THREADS Yes, good. :-) > diff --git a/package/dbus-broker/dbus-broker.mk b/package/dbus-broker/dbus-broker.mk > new file mode 100644 > index 0000000000..8a06d9ea82 > --- /dev/null > +++ b/package/dbus-broker/dbus-broker.mk > @@ -0,0 +1,72 @@ > +################################################################################ > +# > +# dbus-broker > +# > +# Launching services is delegated to systemd so there is very little else > +# needed. No separate user is necessary and no helper for launching. > +# > +# Service + Config files were copied over from dbus, > +# uneeded / unecessary entries removed for clarity. Do not add any comment in this section. If you have help to provide, write in the help entry of the Config.in option, or in the commit log. > +################################################################################ > + > +DBUS_BROKER_VERSION = 23 > +DBUS_BROKER_SOURCE = dbus-broker-$(DBUS_BROKER_VERSION).tar.xz > +DBUS_BROKER_SITE = https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION) > +DBUS_BROKER_LICENSE = \ > + Apache-2.0, \ > + Apache-2.0 and/or LGPL-2.1+ (c-dvar, c-ini, c-list, c-rbtree, c-shquote, c-stdaux, c-utf8) > +DBUS_BROKER_LICENSE_FILES = \ > + LICENSE \ > + subprojects/c-dvar/AUTHORS subprojects/c-dvar/README.md \ > + subprojects/c-ini/AUTHORS subprojects/c-ini/README.md \ > + subprojects/c-list/AUTHORS subprojects/c-list/README.md \ > + subprojects/c-rbtree/AUTHORS subprojects/c-rbtree/README.md \ > + subprojects/c-shquote/AUTHORS subprojects/c-shquote/README.md \ > + subprojects/c-stdaux/AUTHORS subprojects/c-stdaux/README.md \ > + subprojects/c-utf8/AUTHORS subprojects/c-utf8/README.md > + > +ifeq ($(BR2_PACKAGE_DBUS_BROKER_LAUNCH),y) ifeq ($(BR2_PACKAGE_SYSTEMD),y) > +DBUS_BROKER_DEPENDENCIES += expat systemd > +DBUS_BROKER_CONF_OPTS += -Dlauncher=true > +else > +DBUS_BROKER_CONF_OPTS += -Dlauncher=false > +endif [--SNIP--] > +# Only install config and service files if dbus is not available > +ifeq ($(BR2_PACKAGE_DBUS)X$(BR2_PACKAGE_DBUS_BROKER_LAUNCH),Xy) > +define DBUS_BROKER_INSTALL_CONFIG_FILES This is not entirey wrong, but I think still incorrect. All those files are only releveant when systemd is used as an init system. As such, the DBUS_BROKER_INSTALL_INIT_SYSTEMD hook should be used. > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/dbus.socket \ > + $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/session.conf \ > + $(TARGET_DIR)/usr/share/dbus-1/session.conf > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/system.conf \ > + $(TARGET_DIR)/usr/share/dbus-1/system.conf > + ln -sf ../dbus.socket \ > + $(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket > +endef > + > +DBUS_BROKER_POST_INSTALL_TARGET_HOOKS += DBUS_BROKER_INSTALL_CONFIG_FILES > +endif > + > +$(eval $(meson-package)) So, in addition to all the above, this patch is lacking two other things that I did provide: - switching systemd to work with dbus-broker (rather than whining about it in the commit log; - a runtime test that demonstrates that systemd does run fine with dbus-broker, and that the original dbus still takes precendence when both dbus and dbus-broker are enabled. Note that the runtime test is not only about demonstrating the feature; it is also and foremost a way to guarantee that any regression will be caught, since we automatically run the runtime tests weekly in gitlab-ci. Regards, Yann E. MORIN.
Am Fr., 12. Juni 2020 um 07:32 Uhr schrieb Yann E. MORIN <yann.morin.1998@free.fr>: > > Norbert, All, > > Thanks for this new improved version. :-) > > I still have a few concerns about it, see below... > > On 2020-06-11 01:24 +0200, Norbert Lange spake thusly: > > Add dbus-broker, which is a drop-in replacement > > for the dbus-daemon. > > Sorry, but this commit log is far from enough. See below for all the > pieces I find are missing. > > A commit log is not here to describe what is being done, but why it > is being done. It is here so that the others can understand it. The > more details you can add (up to a certain externt, of course!), the > easier the patch can be reviewed, especially when there are > misundersstanding like what I provided in my own submission. Yes, I hoped you could merge this from your version, which I commented BTW. I have more a problem with the workflow of the ML, especially if someone "branches out" with another patch. > > > Its possible to use this package standalone (without the dbus > > package - if buildroot's systemd would not depend on dbus). > > > > This is sufficient to provide systemd's (d)bus functionality. > > To allow standalone usage, the necessary config files are > > copied and adopted over from dbus. > > As I explained previously, if you want to make systemd use dbus-broker, > you change the systemd Config.in, as I did in my series. And if this > will be done in a followup patch, you can write (instead of the two > paragraphs above): > > dbus-broker is sufficient to provide a dbus-daemon that can fullfil > the requirements for systemd's dbus functionality. This will be done > in a followup change. Ok, that was my intention. > > Also, I find it lacking the part that describes how dbus-broker is split > between a launcher and a bus daemon, and that the launcher can only be > used with systemd, because the launcher makes heavy use of systemd > functionalities. > > The commit log also misses the explanations about the licensing > information. This is *very* important to have, because it is not > obvious hy the terms are as they are, and wh we have two files for > each sub-projects. You could have simply duplicated what I wrote > in my own submission. Yes, I am not up to speed about commit-log stuff, and I usually keep explanations where the code is. > > Finally, the folowing, from here [*]: > > > bases on Yanns changes, and > > - add an own config entry for dbus-broker-launch > > enabled by default if systemd init is used > > We usually do not enable options by default. But see below... > > > - undo BR2_COREUTILS_HOST_DEPENDENCY > > So, I see you don;t like it, but BR2_COREUTILS_HOST_DEPENDENCY is > already a dependency of systemd, so adding it to dbus-broker is not in > fact adding any new build-time overhead. And if your build machine has a > recent-enough, BR2_COREUTILS_HOST_DEPENDENCY will be empty already. There is still the point of keeping things simple, and I dont get why ../dbus.socket cant be used, instead of an gnu-specific option. > > > - undo adding dbus user - never used by this package > > So, how does the does the message bus daemon runs as non-root? In the > original dbus pakcage, we define a user, that is used to switch the > mesage bus to run as non-root. Pleas explain why the user is nopt > needed. Ok, I take everything back. I thought this was handled in the service files by adding isolation options (as systemd does the "launching"). Seems like it does drop to the uid, dunno what I tested months ago when first created that package > > > - add condtional audit dependency > > - cleanup conditional logic a bit > > [*] ... to here, should have been after the --- line. > > > Signed-off-by: Norbert Lange <nolange79@gmail.com> > > --- > [--SNIP--] > > diff --git a/package/dbus-broker/Config.in b/package/dbus-broker/Config.in > > new file mode 100644 > > index 0000000000..8cde3310eb > > --- /dev/null > > +++ b/package/dbus-broker/Config.in > > @@ -0,0 +1,35 @@ > > +config BR2_PACKAGE_DBUS_BROKER > > + bool "dbus-broker" > > + depends on BR2_USE_MMU > > + depends on BR2_TOOLCHAIN_HAS_THREADS > > + help > > + Linux D-Bus Message Broker. > > + > > + The dbus-broker project is an implementation of a message bus > > + as defined by the D-Bus specification. Its aim is to provide > > + high performance and reliability, while keeping compatibility > > + to the D-Bus reference implementation. > > + > > + It is exclusively written for Linux systems, and makes use of > > + many modern features provided by recent linux kernel releases. > > + > > + https://github.com/bus1/dbus-broker/wiki > > + > > +if BR2_PACKAGE_DBUS_BROKER > > +config BR2_PACKAGE_DBUS_BROKER_LAUNCH > > + bool "dbus-broker-launch" > > + default y > > + depends on BR2_INIT_SYSTEMD > > Do not depend on the init config option, but on the package (it is the > package that provides libsystemd et al., not the init feature): > > depends on BR2_PACKAGE_SYSTEMD > > But see below... > > > + select BR2_PACKAGE_EXPAT > > + help > > + Launcher for D-Bus Message Brokers. > > + > > + dbus-broker-launch is a launcher for dbus-broker, spawning and > > + managing a D-Bus Message Bus. The launcher aims to be fully > > + compatible to the D-Bus reference implementation dbus-daemon, > > + supporting the same configuration syntax and runtime environment. > > +endif > > Why do you add an option to enable the launcher? Just do it > unconditionally when systemd is enabled. And select expat as I did in my > own patch, in the main symbol: Well, my first attempt was to only make dbus-broker(-launch) available with systemd, given that there is probably no one using it differently yet. If you argue that it makes sense to provide the plain dbus-broker, then it makes sense doing so with systemd aswell. (see below, I use system without dbus or dbus-broker-launch). > > config BR2_PACKAGE_DBUS_BROKER > [...] > select BR2_PACKAGE_EXPAT if BR2_PACKAGE_SYSTEMD > > Note: if the option were to stay, which I doubt is interesting), then > it would miss a comment that explains why the launcher is not availble: > > comment "dbus-broker-launch needs systemd" > deepnds on !BR2_INIT_SYSTEMD > > > +comment "dbus-broker needs a toolchain w/ threads" > > + depends on BR2_USE_MMU > > + depends on !BR2_TOOLCHAIN_HAS_THREADS > > Yes, good. :-) > > > diff --git a/package/dbus-broker/dbus-broker.mk b/package/dbus-broker/dbus-broker.mk > > new file mode 100644 > > index 0000000000..8a06d9ea82 > > --- /dev/null > > +++ b/package/dbus-broker/dbus-broker.mk > > @@ -0,0 +1,72 @@ > > +################################################################################ > > +# > > +# dbus-broker > > +# > > +# Launching services is delegated to systemd so there is very little else > > +# needed. No separate user is necessary and no helper for launching. > > +# > > +# Service + Config files were copied over from dbus, > > +# uneeded / unecessary entries removed for clarity. > > Do not add any comment in this section. If you have help to provide, > write in the help entry of the Config.in option, or in the commit log. > > > +################################################################################ > > + > > +DBUS_BROKER_VERSION = 23 > > +DBUS_BROKER_SOURCE = dbus-broker-$(DBUS_BROKER_VERSION).tar.xz > > +DBUS_BROKER_SITE = https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION) > > +DBUS_BROKER_LICENSE = \ > > + Apache-2.0, \ > > + Apache-2.0 and/or LGPL-2.1+ (c-dvar, c-ini, c-list, c-rbtree, c-shquote, c-stdaux, c-utf8) > > +DBUS_BROKER_LICENSE_FILES = \ > > + LICENSE \ > > + subprojects/c-dvar/AUTHORS subprojects/c-dvar/README.md \ > > + subprojects/c-ini/AUTHORS subprojects/c-ini/README.md \ > > + subprojects/c-list/AUTHORS subprojects/c-list/README.md \ > > + subprojects/c-rbtree/AUTHORS subprojects/c-rbtree/README.md \ > > + subprojects/c-shquote/AUTHORS subprojects/c-shquote/README.md \ > > + subprojects/c-stdaux/AUTHORS subprojects/c-stdaux/README.md \ > > + subprojects/c-utf8/AUTHORS subprojects/c-utf8/README.md > > + > > +ifeq ($(BR2_PACKAGE_DBUS_BROKER_LAUNCH),y) > > ifeq ($(BR2_PACKAGE_SYSTEMD),y) > > > +DBUS_BROKER_DEPENDENCIES += expat systemd > > +DBUS_BROKER_CONF_OPTS += -Dlauncher=true > > +else > > +DBUS_BROKER_CONF_OPTS += -Dlauncher=false > > +endif > [--SNIP--] > > +# Only install config and service files if dbus is not available > > +ifeq ($(BR2_PACKAGE_DBUS)X$(BR2_PACKAGE_DBUS_BROKER_LAUNCH),Xy) > > +define DBUS_BROKER_INSTALL_CONFIG_FILES > > This is not entirey wrong, but I think still incorrect. All those files > are only releveant when systemd is used as an init system. As such, the > DBUS_BROKER_INSTALL_INIT_SYSTEMD hook should be used. > > > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/dbus.socket \ > > + $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket > > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/session.conf \ > > + $(TARGET_DIR)/usr/share/dbus-1/session.conf > > + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/system.conf \ > > + $(TARGET_DIR)/usr/share/dbus-1/system.conf > > + ln -sf ../dbus.socket \ > > + $(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket > > +endef > > + > > +DBUS_BROKER_POST_INSTALL_TARGET_HOOKS += DBUS_BROKER_INSTALL_CONFIG_FILES > > +endif > > + > > +$(eval $(meson-package)) > > So, in addition to all the above, this patch is lacking two other things > that I did provide: > > - switching systemd to work with dbus-broker (rather than whining > about it in the commit log; I got a patch series for systemd, just a matter of finding the time (and retesting). But I would just simply *take out* the dependency to DBUS ( and UTIL_LINUX_BINARIES and UTIL_LINUX_NOLOGIN, getting a systemd rootfs below 20MB). I have been running systemd without either for more than a year. What would be your pick here? no dependency and a warning if neither is available? adding some BR2_HAS_DBUS_DAEMON that is set by both, so systemd features (like logind) and packages depending on that (and potentially on PACKAGE_DBUS if they need the library or tools)? (https://github.com/nolange/buildroot/commits/improve_systemd_nodbus) > > - a runtime test that demonstrates that systemd does run fine with > dbus-broker, and that the original dbus still takes precendence when > both dbus and dbus-broker are enabled. > > Note that the runtime test is not only about demonstrating the feature; > it is also and foremost a way to guarantee that any regression will be > caught, since we automatically run the runtime tests weekly in gitlab-ci. Ok. Since you already have that, and I know little about your test framework, then could you please incorporate this version into your patch-set. Norbert
Norbert, All, On 2020-06-12 09:02 +0200, Norbert Lange spake thusly: > Am Fr., 12. Juni 2020 um 07:32 Uhr schrieb Yann E. MORIN > <yann.morin.1998@free.fr>: > > > > Thanks for this new improved version. :-) > > > > I still have a few concerns about it, see below... > > > > On 2020-06-11 01:24 +0200, Norbert Lange spake thusly: > > > Add dbus-broker, which is a drop-in replacement > > > for the dbus-daemon. > > > > Sorry, but this commit log is far from enough. See below for all the > > pieces I find are missing. > > > > A commit log is not here to describe what is being done, but why it > > is being done. It is here so that the others can understand it. The > > more details you can add (up to a certain externt, of course!), the > > easier the patch can be reviewed, especially when there are > > misundersstanding like what I provided in my own submission. > > Yes, I hoped you could merge this from your version, which I commented BTW. > I have more a problem with the workflow of the ML, especially if someone > "branches out" with another patch. When I am suggesting an alternate solution, but I have some doubts about it, I would usually take the original patch, massage it into my idea of what it should look like, test it, and resubmit to make my point. Then the original submitter (and others!) have a way to see the point, and comment further by providing additional review and explanations on why the alternate proposal is not correct. Eventually, the original submitter can further improve by keeping the good pieces, removing the bad ones, and so on... and resubmit a new iteration. So you are very welcome to have re-spun this new iteration. :-) [--SNIP--] > > The commit log also misses the explanations about the licensing > > information. This is *very* important to have, because it is not > > obvious hy the terms are as they are, and wh we have two files for > > each sub-projects. You could have simply duplicated what I wrote > > in my own submission. > Yes, I am not up to speed about commit-log stuff, and I usually > keep explanations where the code is. Usually, we like the nitty-gritty details in the commit log, for posterity, while we keep the comments in the code to the bare minimal. In this case, the licensing dirtiness should be kept in the commit log, and a comment could be added in the .mk, like: # Inconsistency between AUTHORS and README, keep both, and # interpret as per the README > > Finally, the folowing, from here [*]: > > > > > bases on Yanns changes, and > > > - add an own config entry for dbus-broker-launch > > > enabled by default if systemd init is used > > > > We usually do not enable options by default. But see below... > > > > > - undo BR2_COREUTILS_HOST_DEPENDENCY > > > > So, I see you don;t like it, but BR2_COREUTILS_HOST_DEPENDENCY is > > already a dependency of systemd, so adding it to dbus-broker is not in > > fact adding any new build-time overhead. And if your build machine has a > > recent-enough, BR2_COREUTILS_HOST_DEPENDENCY will be empty already. > > There is still the point of keeping things simple, and I dont get why > ../dbus.socket > cant be used, instead of an gnu-specific option. I tend to like it better that we use it, because this makes it explicit. Also, there is always the ambiguity about what a relative symlink means when created: is it relative to the current working directory, or relative to the symlink itself? And since we already anyway are sure we do have it (either from the host or as a dependency of systemd itself), let's just use it... And BTW, we do not explicitly support building on a non-GNU system anyway, so it being a GNU extension is moot (IMHO). > > > - undo adding dbus user - never used by this package > > > > So, how does the does the message bus daemon runs as non-root? In the > > original dbus pakcage, we define a user, that is used to switch the > > mesage bus to run as non-root. Pleas explain why the user is nopt > > needed. > > Ok, I take everything back. > I thought this was handled in the service files by adding isolation options > (as systemd does the "launching"). Seems like it does drop to the uid, > dunno what I tested months ago when first created that package OK, I knew that would have been systemd doing the uid-drop, by I'd still like the info appear somewhere (so that we do not later question this in light of the original dbus package which defines one). [--SNIP--] > > Why do you add an option to enable the launcher? Just do it > > unconditionally when systemd is enabled. And select expat as I did in my > > own patch, in the main symbol: > Well, my first attempt was to only make dbus-broker(-launch) available > with systemd, > given that there is probably no one using it differently yet. > If you argue that it makes sense to provide the plain dbus-broker, > then it makes sense doing so with systemd aswell. > (see below, I use system without dbus or dbus-broker-launch). I guess you meant 'systemd' in that last sentence. But OK, I would be fine to introduce this package as a systemd-only option for now, until someone actually provides a non-systemd launcher. So, we would still not need an extra option, but just: config BR2_PACKAGE_DBUS_BROKER bool "dbus-broker" depends on BR2_USE_MMU depends on BR2_TOOLCHAIN_HAS_THREADS depends on BR2_PACKAGE_SYSTEMD select BR2_PACKAGE_EXPAT And explain in the commit log that the launcher needs systemd, and that without the launcher there is no point in dbus-broker. [--SNIP--] > > So, in addition to all the above, this patch is lacking two other things > > that I did provide: > > > > - switching systemd to work with dbus-broker (rather than whining > > about it in the commit log; > > I got a patch series for systemd, just a matter of finding the time > (and retesting). > But I would just simply *take out* the dependency to DBUS > ( and UTIL_LINUX_BINARIES and UTIL_LINUX_NOLOGIN, getting a systemd > rootfs below 20MB). > I have been running systemd without either for more than a year. > What would be your pick here? no dependency and a warning if neither > is available? What would be the reason for not wanting dbus on a systemd-based system (honest question) ? Should we move that select to a (existing?) sub-option of systemd? > adding some BR2_HAS_DBUS_DAEMON that is set by both, so systemd > features (like logind) and packages depending on that (and potentially > on PACKAGE_DBUS if they need the library or tools)? > (https://github.com/nolange/buildroot/commits/improve_systemd_nodbus) In the current case, we would have the systemd's sub-option(s) select what they require, and move the select down to logind (and other sub-options, maybe?) config BR2_PACKAGE_SYSTEMD_LOGIND bool "logind" depends on BR2_USE_MMU # dbus && dbus-broker depends on BR2_TOOLCHAIN_HAS_THREADS # dbus && dbus-broker select BR2_PACKAGE_DBUS if !BR2_PACKAGE_DBUS_BROKER comment "logind needs a toolchain w/ threads" depends on BR2_USE_MMU depends on !BR2_TOOLCHAIN_HAS_THREADS ... and keep the systemd.mk as it is now. Note that is there are three or more sub-option that require dbus, we could go with an intermediate option: config BR2_PACKAGE_SYSTEMD_NEEDS_DBUS bool depends on BR2_USE_MMU # dbus && dbus-broker depends on BR2_TOOLCHAIN_HAS_THREADS # dbus && dbus-broker select BR2_PACKAGE_DBUS if !BR2_PACKAGE_DBUS_BROKER config BR2_PACKAGE_SYSTEMD_LOGIND bool "logind" depends on BR2_USE_MMU # needs_dbus depends on BR2_TOOLCHAIN_HAS_THREADS # needs_dbus select BR2_PACKAGE_SYSTEMD_NEEDS_DBUS comment "logind needs a toolchain w/ threads" depends on BR2_USE_MMU depends on !BR2_TOOLCHAIN_HAS_THREADS > > - a runtime test that demonstrates that systemd does run fine with > > dbus-broker, and that the original dbus still takes precendence when > > both dbus and dbus-broker are enabled. > > > > Note that the runtime test is not only about demonstrating the feature; > > it is also and foremost a way to guarantee that any regression will be > > caught, since we automatically run the runtime tests weekly in gitlab-ci. > Ok. Since you already have that, and I know little about your test framework, > then could you please incorporate this version into your patch-set. If you agree, then I'll try to merge your new submission with your comments into my series and re-spin it soon-ish, if that's OK with you. Regards, Yann E. MORIN.
Am So., 14. Juni 2020 um 15:10 Uhr schrieb Yann E. MORIN <yann.morin.1998@free.fr>: > > Norbert, All, > > On 2020-06-12 09:02 +0200, Norbert Lange spake thusly: > > Am Fr., 12. Juni 2020 um 07:32 Uhr schrieb Yann E. MORIN > > <yann.morin.1998@free.fr>: > > > > > > Thanks for this new improved version. :-) > > > > > > I still have a few concerns about it, see below... > > > > > > On 2020-06-11 01:24 +0200, Norbert Lange spake thusly: > > > > Add dbus-broker, which is a drop-in replacement > > > > for the dbus-daemon. > > > > > > Sorry, but this commit log is far from enough. See below for all the > > > pieces I find are missing. > > > > > > A commit log is not here to describe what is being done, but why it > > > is being done. It is here so that the others can understand it. The > > > more details you can add (up to a certain externt, of course!), the > > > easier the patch can be reviewed, especially when there are > > > misundersstanding like what I provided in my own submission. > > > > Yes, I hoped you could merge this from your version, which I commented BTW. > > I have more a problem with the workflow of the ML, especially if someone > > "branches out" with another patch. > > When I am suggesting an alternate solution, but I have some doubts about > it, I would usually take the original patch, massage it into my idea of > what it should look like, test it, and resubmit to make my point. > > Then the original submitter (and others!) have a way to see the point, > and comment further by providing additional review and explanations on > why the alternate proposal is not correct. > > Eventually, the original submitter can further improve by keeping the > good pieces, removing the bad ones, and so on... and resubmit a new > iteration. > > So you are very welcome to have re-spun this new iteration. :-) As said, I have trouble with the ML flow, seems like the commit should then include the whole discussion as otherwise no one is able to follow? (Might be just me) > > [--SNIP--] > > > The commit log also misses the explanations about the licensing > > > information. This is *very* important to have, because it is not > > > obvious hy the terms are as they are, and wh we have two files for > > > each sub-projects. You could have simply duplicated what I wrote > > > in my own submission. > > Yes, I am not up to speed about commit-log stuff, and I usually > > keep explanations where the code is. > > Usually, we like the nitty-gritty details in the commit log, for > posterity, while we keep the comments in the code to the bare minimal. > > In this case, the licensing dirtiness should be kept in the commit log, > and a comment could be added in the .mk, like: I did not adjust the commit log, should've mentioned that ;) Consider it a continued discussion. > > # Inconsistency between AUTHORS and README, keep both, and > # interpret as per the README > > > > Finally, the folowing, from here [*]: > > > > > > > bases on Yanns changes, and > > > > - add an own config entry for dbus-broker-launch > > > > enabled by default if systemd init is used > > > > > > We usually do not enable options by default. But see below... > > > > > > > - undo BR2_COREUTILS_HOST_DEPENDENCY > > > > > > So, I see you don;t like it, but BR2_COREUTILS_HOST_DEPENDENCY is > > > already a dependency of systemd, so adding it to dbus-broker is not in > > > fact adding any new build-time overhead. And if your build machine has a > > > recent-enough, BR2_COREUTILS_HOST_DEPENDENCY will be empty already. > > > > There is still the point of keeping things simple, and I dont get why > > ../dbus.socket > > cant be used, instead of an gnu-specific option. > > I tend to like it better that we use it, because this makes it explicit. > > Also, there is always the ambiguity about what a relative symlink means > when created: is it relative to the current working directory, or > relative to the symlink itself? Seems clearer to me than some non-trivial path duplicated, and identical to what you see with a 'ln -l'. But I am not really invested into keeping it one way or another. > > And since we already anyway are sure we do have it (either from the host > or as a dependency of systemd itself), let's just use it... > > And BTW, we do not explicitly support building on a non-GNU system > anyway, so it being a GNU extension is moot (IMHO). > > > > > - undo adding dbus user - never used by this package > > > > > > So, how does the does the message bus daemon runs as non-root? In the > > > original dbus pakcage, we define a user, that is used to switch the > > > mesage bus to run as non-root. Pleas explain why the user is nopt > > > needed. > > > > Ok, I take everything back. > > I thought this was handled in the service files by adding isolation options > > (as systemd does the "launching"). Seems like it does drop to the uid, > > dunno what I tested months ago when first created that package > > OK, I knew that would have been systemd doing the uid-drop, by I'd still > like the info appear somewhere (so that we do not later question this in > light of the original dbus package which defines one). Not sure if we got some communication issues. The setting does something (drop privileges), while I originally considered the launcher ignoring the Xml key. I guess you could tweak the systemd service to use a Dynamic user, but I won't touch that for now. > > [--SNIP--] > > > Why do you add an option to enable the launcher? Just do it > > > unconditionally when systemd is enabled. And select expat as I did in my > > > own patch, in the main symbol: > > Well, my first attempt was to only make dbus-broker(-launch) available > > with systemd, > > given that there is probably no one using it differently yet. > > If you argue that it makes sense to provide the plain dbus-broker, > > then it makes sense doing so with systemd aswell. > > (see below, I use system without dbus or dbus-broker-launch). > > I guess you meant 'systemd' in that last sentence. > > But OK, I would be fine to introduce this package as a systemd-only > option for now, until someone actually provides a non-systemd launcher. > > So, we would still not need an extra option, but just: > > config BR2_PACKAGE_DBUS_BROKER > bool "dbus-broker" > depends on BR2_USE_MMU > depends on BR2_TOOLCHAIN_HAS_THREADS > depends on BR2_PACKAGE_SYSTEMD > select BR2_PACKAGE_EXPAT > > And explain in the commit log that the launcher needs systemd, and that > without the launcher there is no point in dbus-broker. Seems to be the best option for now IMHO. Revisit the launcher-less option once you have something to test. > > [--SNIP--] > > > So, in addition to all the above, this patch is lacking two other things > > > that I did provide: > > > > > > - switching systemd to work with dbus-broker (rather than whining > > > about it in the commit log; > > > > I got a patch series for systemd, just a matter of finding the time > > (and retesting). > > But I would just simply *take out* the dependency to DBUS > > ( and UTIL_LINUX_BINARIES and UTIL_LINUX_NOLOGIN, getting a systemd > > rootfs below 20MB). > > I have been running systemd without either for more than a year. > > What would be your pick here? no dependency and a warning if neither > > is available? > > What would be the reason for not wanting dbus on a systemd-based system > (honest question) ? Minimalism, both in RAM + storage aswell as in maintenance and attack points. You can have alot of "Dbus-like" just with unix sockets, and the core system and service manager portion is fully functional without it. systemd moved some early init stuff and core stuff to "varlink" the last couple years [1], I can run my system without realizing dbus is missing. (Back when I wasn't sure about that, I added dbus-broker for a cleaner dbus implementations) > > Should we move that select to a (existing?) sub-option of systemd? Dunno, add a warning like? + comment "systemd recommends enabling a dbus daemon" + depends on !BR2_PACKAGE_DBUS + depends on !BR2_PACKAGE_DBUS_BROKER > > > adding some BR2_HAS_DBUS_DAEMON that is set by both, so systemd > > features (like logind) and packages depending on that (and potentially > > on PACKAGE_DBUS if they need the library or tools)? > > (https://github.com/nolange/buildroot/commits/improve_systemd_nodbus) > > In the current case, we would have the systemd's sub-option(s) select > what they require, and move the select down to logind (and other > sub-options, maybe?) > > config BR2_PACKAGE_SYSTEMD_LOGIND > bool "logind" > depends on BR2_USE_MMU # dbus && dbus-broker > depends on BR2_TOOLCHAIN_HAS_THREADS # dbus && dbus-broker > select BR2_PACKAGE_DBUS if !BR2_PACKAGE_DBUS_BROKER > > comment "logind needs a toolchain w/ threads" > depends on BR2_USE_MMU > depends on !BR2_TOOLCHAIN_HAS_THREADS > > ... and keep the systemd.mk as it is now. > > Note that is there are three or more sub-option that require dbus, we > could go with an intermediate option: > > config BR2_PACKAGE_SYSTEMD_NEEDS_DBUS > bool > depends on BR2_USE_MMU # dbus && dbus-broker > depends on BR2_TOOLCHAIN_HAS_THREADS # dbus && dbus-broker > select BR2_PACKAGE_DBUS if !BR2_PACKAGE_DBUS_BROKER > > config BR2_PACKAGE_SYSTEMD_LOGIND > bool "logind" > depends on BR2_USE_MMU # needs_dbus > depends on BR2_TOOLCHAIN_HAS_THREADS # needs_dbus > select BR2_PACKAGE_SYSTEMD_NEEDS_DBUS > > comment "logind needs a toolchain w/ threads" > depends on BR2_USE_MMU > depends on !BR2_TOOLCHAIN_HAS_THREADS > Problem is, that thi is not as clear-cut and might change btw version, see [1]. For the time being, a global "here be dragons" warning if no dbus-daemon is available would be best. For example networkd is fine handling the system setup, but networkctl cant display the state. dbus/broker should be enabled by default with systemd, but with some way that the user still can disable those. Dunno what's the correct to do this in buildroot, add a line to dbus 'default y if BR2_PACKAGE_SYSTEMD'? > > > - a runtime test that demonstrates that systemd does run fine with > > > dbus-broker, and that the original dbus still takes precendence when > > > both dbus and dbus-broker are enabled. > > > > > > Note that the runtime test is not only about demonstrating the feature; > > > it is also and foremost a way to guarantee that any regression will be > > > caught, since we automatically run the runtime tests weekly in gitlab-ci. > > Ok. Since you already have that, and I know little about your test framework, > > then could you please incorporate this version into your patch-set. > > If you agree, then I'll try to merge your new submission with your > comments into my series and re-spin it soon-ish, if that's OK with you. You doing the work, and I get to nag? Deal ;) Norbert [1] - https://github.com/systemd/systemd/issues/14190
Norbert, All, On 2020-06-14 23:30 +0200, Norbert Lange spake thusly: > Am So., 14. Juni 2020 um 15:10 Uhr schrieb Yann E. MORIN > <yann.morin.1998@free.fr>: [--SNIP--] > > So you are very welcome to have re-spun this new iteration. :-) > As said, I have trouble with the ML flow, seems like the commit should then > include the whole discussion as otherwise no one is able to follow? I guess that's what the post-commit history (all that is after the --- line) is for: keep a track of the changes between the various iteration of a patch (if I understood your isue correctly). [--SNIP--] > > OK, I knew that would have been systemd doing the uid-drop, by I'd still > > like the info appear somewhere (so that we do not later question this in > > light of the original dbus package which defines one). > Not sure if we got some communication issues. The setting does > something (drop privileges), > while I originally considered the launcher ignoring the Xml key. > I guess you could tweak the systemd service to use a Dynamic user, > but I won't touch that for now. So I did some testing: - without the <user> entry in system.conf, the launcher and the message bus are running as root. - with a <user> entry in system.conf (and the correct user in /etc/passwd and /etc/group), the launcher and the message bus are running as non-root with the specified user, and systemd is working happily. So, I would like we do use a non-root user for dbus-broker, like we do for the original dbus. I'll add that when I re-submit later tonight. [--SNIP--] > > And explain in the commit log that the launcher needs systemd, and that > > without the launcher there is no point in dbus-broker. > Seems to be the best option for now IMHO. Revisit the launcher-less option > once you have something to test. Agreed. [--SNIP--] > dbus/broker should be enabled by default with systemd, but with some way > that the user still can disable those. Dunno what's the correct to do > this in buildroot, > add a line to dbus 'default y if BR2_PACKAGE_SYSTEMD'? We can revisit that in a later patch (I've seen and started to apply your otehr series, which conclusion is to indeed drop the dbus requirement; let's see that happen there, not here). [--SNIP--] > > If you agree, then I'll try to merge your new submission with your > > comments into my series and re-spin it soon-ish, if that's OK with you. > You doing the work, and I get to nag? Deal ;) My pleasure! ;-) Thanks for the discusion and the explanations. New iteration pending by the end of the day (hopefully). Regards, Yann E. MORIN.
diff --git a/DEVELOPERS b/DEVELOPERS index 9a94307082..889df4fb56 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -1884,6 +1884,7 @@ F: package/tpm-tools/ F: package/trousers/ N: Norbert Lange <nolange79@gmail.com> +F: package/dbusbroker/ F: package/tcf-agent/ N: Nylon Chen <nylon7@andestech.com> diff --git a/package/Config.in b/package/Config.in index b0a7da2f5c..de28d71e52 100644 --- a/package/Config.in +++ b/package/Config.in @@ -432,6 +432,7 @@ endmenu source "package/dahdi-linux/Config.in" source "package/dahdi-tools/Config.in" source "package/dbus/Config.in" + source "package/dbus-broker/Config.in" source "package/dbus-cpp/Config.in" source "package/dbus-glib/Config.in" source "package/dbus-python/Config.in" diff --git a/package/dbus-broker/Config.in b/package/dbus-broker/Config.in new file mode 100644 index 0000000000..8cde3310eb --- /dev/null +++ b/package/dbus-broker/Config.in @@ -0,0 +1,35 @@ +config BR2_PACKAGE_DBUS_BROKER + bool "dbus-broker" + depends on BR2_USE_MMU + depends on BR2_TOOLCHAIN_HAS_THREADS + help + Linux D-Bus Message Broker. + + The dbus-broker project is an implementation of a message bus + as defined by the D-Bus specification. Its aim is to provide + high performance and reliability, while keeping compatibility + to the D-Bus reference implementation. + + It is exclusively written for Linux systems, and makes use of + many modern features provided by recent linux kernel releases. + + https://github.com/bus1/dbus-broker/wiki + +if BR2_PACKAGE_DBUS_BROKER +config BR2_PACKAGE_DBUS_BROKER_LAUNCH + bool "dbus-broker-launch" + default y + depends on BR2_INIT_SYSTEMD + select BR2_PACKAGE_EXPAT + help + Launcher for D-Bus Message Brokers. + + dbus-broker-launch is a launcher for dbus-broker, spawning and + managing a D-Bus Message Bus. The launcher aims to be fully + compatible to the D-Bus reference implementation dbus-daemon, + supporting the same configuration syntax and runtime environment. +endif + +comment "dbus-broker needs a toolchain w/ threads" + depends on BR2_USE_MMU + depends on !BR2_TOOLCHAIN_HAS_THREADS diff --git a/package/dbus-broker/dbus-broker.hash b/package/dbus-broker/dbus-broker.hash new file mode 100644 index 0000000000..b8d631767f --- /dev/null +++ b/package/dbus-broker/dbus-broker.hash @@ -0,0 +1,3 @@ +# Locally calculated +sha256 95adfde56bce898c3b69eee0524732365e802348dd8189a35d5d00c30990dc81 dbus-broker-23.tar.xz +sha256 3cda3630283eda0eab825abe5ac84d191248c6b3fe1c232a118124959b96c6a4 LICENSE diff --git a/package/dbus-broker/dbus-broker.mk b/package/dbus-broker/dbus-broker.mk new file mode 100644 index 0000000000..8a06d9ea82 --- /dev/null +++ b/package/dbus-broker/dbus-broker.mk @@ -0,0 +1,72 @@ +################################################################################ +# +# dbus-broker +# +# Launching services is delegated to systemd so there is very little else +# needed. No separate user is necessary and no helper for launching. +# +# Service + Config files were copied over from dbus, +# uneeded / unecessary entries removed for clarity. +# +################################################################################ + +DBUS_BROKER_VERSION = 23 +DBUS_BROKER_SOURCE = dbus-broker-$(DBUS_BROKER_VERSION).tar.xz +DBUS_BROKER_SITE = https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION) +DBUS_BROKER_LICENSE = \ + Apache-2.0, \ + Apache-2.0 and/or LGPL-2.1+ (c-dvar, c-ini, c-list, c-rbtree, c-shquote, c-stdaux, c-utf8) +DBUS_BROKER_LICENSE_FILES = \ + LICENSE \ + subprojects/c-dvar/AUTHORS subprojects/c-dvar/README.md \ + subprojects/c-ini/AUTHORS subprojects/c-ini/README.md \ + subprojects/c-list/AUTHORS subprojects/c-list/README.md \ + subprojects/c-rbtree/AUTHORS subprojects/c-rbtree/README.md \ + subprojects/c-shquote/AUTHORS subprojects/c-shquote/README.md \ + subprojects/c-stdaux/AUTHORS subprojects/c-stdaux/README.md \ + subprojects/c-utf8/AUTHORS subprojects/c-utf8/README.md + +ifeq ($(BR2_PACKAGE_DBUS_BROKER_LAUNCH),y) +DBUS_BROKER_DEPENDENCIES += expat systemd +DBUS_BROKER_CONF_OPTS += -Dlauncher=true +else +DBUS_BROKER_CONF_OPTS += -Dlauncher=false +endif + +ifeq ($(BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_17),y) +DBUS_BROKER_CONF_OPTS += -Dlinux-4-17=true +else +DBUS_BROKER_CONF_OPTS += -Dlinux-4-17=false +endif + +ifeq ($(BR2_PACKAGE_AUDIT),y) +DBUS_BROKER_DEPENDENCIES += audit +DBUS_BROKER_CONF_OPTS += -Daudit=true +else +DBUS_BROKER_CONF_OPTS += -Daudit=false +endif + +ifeq ($(BR2_PACKAGE_LIBSELINUX),y) +DBUS_BROKER_DEPENDENCIES += libselinux +DBUS_BROKER_CONF_OPTS += -Dselinux=true +else +DBUS_BROKER_CONF_OPTS += -Dselinux=false +endif + +# Only install config and service files if dbus is not available +ifeq ($(BR2_PACKAGE_DBUS)X$(BR2_PACKAGE_DBUS_BROKER_LAUNCH),Xy) +define DBUS_BROKER_INSTALL_CONFIG_FILES + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/dbus.socket \ + $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/session.conf \ + $(TARGET_DIR)/usr/share/dbus-1/session.conf + $(INSTALL) -D -m644 $(DBUS_BROKER_PKGDIR)/system.conf \ + $(TARGET_DIR)/usr/share/dbus-1/system.conf + ln -sf ../dbus.socket \ + $(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket +endef + +DBUS_BROKER_POST_INSTALL_TARGET_HOOKS += DBUS_BROKER_INSTALL_CONFIG_FILES +endif + +$(eval $(meson-package)) diff --git a/package/dbus-broker/dbus.socket b/package/dbus-broker/dbus.socket new file mode 100644 index 0000000000..5c373cf450 --- /dev/null +++ b/package/dbus-broker/dbus.socket @@ -0,0 +1,5 @@ +[Unit] +Description=D-Bus System Message Bus Socket + +[Socket] +ListenStream=/run/dbus/system_bus_socket diff --git a/package/dbus-broker/session.conf b/package/dbus-broker/session.conf new file mode 100644 index 0000000000..e4758fa218 --- /dev/null +++ b/package/dbus-broker/session.conf @@ -0,0 +1,65 @@ +<!-- This configuration file controls the per-user-login-session message bus. + Add a session-local.conf and edit that rather than changing this + file directly. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <!-- Our well-known bus type, don't change this --> + <type>session</type> + + <!-- If we fork, keep the user's original umask to avoid affecting + the behavior of child processes. --> + <keep_umask/> + + <standard_session_servicedirs /> + + <policy context="default"> + <!-- Allow everything to be sent --> + <allow send_destination="*" eavesdrop="true"/> + <!-- Allow everything to be received --> + <allow eavesdrop="true"/> + <!-- Allow anyone to own anything --> + <allow own="*"/> + </policy> + + <!-- Config files are placed here that among other things, + further restrict the above policy for specific services. --> + <includedir>session.d</includedir> + + <includedir>/etc/dbus-1/session.d</includedir> + + <!-- This is included last so local configuration can override what's + in this standard file --> + <include ignore_missing="yes">/etc/dbus-1/session-local.conf</include> + + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + + <!-- For the session bus, override the default relatively-low limits + with essentially infinite limits, since the bus is just running + as the user anyway, using up bus resources is not something we need + to worry about. In some cases, we do set the limits lower than + "all available memory" if exceeding the limit is almost certainly a bug, + having the bus enforce a limit is nicer than a huge memory leak. But the + intent is that these limits should never be hit. --> + + <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max --> + <limit name="max_incoming_bytes">1000000000</limit> + <limit name="max_incoming_unix_fds">250000000</limit> + <limit name="max_outgoing_bytes">1000000000</limit> + <limit name="max_outgoing_unix_fds">250000000</limit> + <limit name="max_message_size">1000000000</limit> + <!-- We do not override max_message_unix_fds here since the in-kernel + limit is also relatively low --> + <limit name="service_start_timeout">120000</limit> + <limit name="auth_timeout">240000</limit> + <limit name="pending_fd_timeout">150000</limit> + <limit name="max_completed_connections">100000</limit> + <limit name="max_incomplete_connections">10000</limit> + <limit name="max_connections_per_user">100000</limit> + <limit name="max_pending_service_starts">10000</limit> + <limit name="max_names_per_connection">50000</limit> + <limit name="max_match_rules_per_connection">50000</limit> + <limit name="max_replies_per_connection">50000</limit> + +</busconfig> diff --git a/package/dbus-broker/system.conf b/package/dbus-broker/system.conf new file mode 100644 index 0000000000..a1e8df7367 --- /dev/null +++ b/package/dbus-broker/system.conf @@ -0,0 +1,120 @@ +<!-- This configuration file controls the systemwide message bus. + Add a system-local.conf and edit that rather than changing this + file directly. --> + +<!-- Note that there are any number of ways you can hose yourself + security-wise by screwing up this file; in particular, you + probably don't want to listen on any more addresses, add any more + auth mechanisms, run as a different user, etc. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <!-- Our well-known bus type, do not change this --> + <type>system</type> + + <!-- Fork into daemon mode --> + <fork/> + + <!-- We use system service launching using a helper --> + <standard_system_servicedirs/> + + <!-- Enable logging to syslog --> + <syslog/> + + <policy context="default"> + <!-- All users can connect to system bus --> + <allow user="*"/> + + <!-- Holes must be punched in service configuration files for + name ownership and sending method calls --> + <deny own="*"/> + <deny send_type="method_call"/> + + <!-- Signals and reply messages (method returns, errors) are allowed + by default --> + <allow send_type="signal"/> + <allow send_requested_reply="true" send_type="method_return"/> + <allow send_requested_reply="true" send_type="error"/> + + <!-- All messages may be received by default --> + <allow receive_type="method_call"/> + <allow receive_type="method_return"/> + <allow receive_type="error"/> + <allow receive_type="signal"/> + + <!-- Allow anyone to talk to the message bus --> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" /> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Properties"/> + <!-- But disallow some specific bus services --> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" + send_member="UpdateActivationEnvironment"/> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.systemd1.Activator"/> + </policy> + + <!-- Only systemd, which runs as root, may report activation failures. --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.systemd1.Activator"/> + </policy> + + <!-- root may monitor the system bus. --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Monitoring"/> + </policy> + + <!-- If the Stats interface was enabled at compile-time, root may use it. + Copy this into system.local.conf or system.d/*.conf if you want to + enable other privileged users to view statistics and debug info --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> + </policy> + + + <!-- The defaults for these limits are hard-coded in dbus-daemon. + Some clarifications: + Times are in milliseconds (ms); 1000ms = 1 second + 133169152 bytes = 127 MiB + 33554432 bytes = 32 MiB + 150000ms = 2.5 minutes --> + <!-- <limit name="max_incoming_bytes">133169152</limit> --> + <!-- <limit name="max_incoming_unix_fds">64</limit> --> + <!-- <limit name="max_outgoing_bytes">133169152</limit> --> + <!-- <limit name="max_outgoing_unix_fds">64</limit> --> + <!-- <limit name="max_message_size">33554432</limit> --> + <!-- <limit name="max_message_unix_fds">16</limit> --> + <!-- <limit name="service_start_timeout">25000</limit> --> + <!-- <limit name="auth_timeout">5000</limit> --> + <!-- <limit name="pending_fd_timeout">150000</limit> --> + <!-- <limit name="max_completed_connections">2048</limit> --> + <!-- <limit name="max_incomplete_connections">64</limit> --> + <!-- <limit name="max_connections_per_user">256</limit> --> + <!-- <limit name="max_pending_service_starts">512</limit> --> + <!-- <limit name="max_names_per_connection">512</limit> --> + <!-- <limit name="max_match_rules_per_connection">512</limit> --> + <!-- <limit name="max_replies_per_connection">128</limit> --> + + <!-- Config files are placed here that among other things, punch + holes in the above policy for specific services. --> + <includedir>system.d</includedir> + + <includedir>/etc/dbus-1/system.d</includedir> + + <!-- This is included last so local configuration can override what's + in this standard file --> + <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include> + + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + +</busconfig>
Add dbus-broker, which is a drop-in replacement for the dbus-daemon. Its possible to use this package standalone (without the dbus package - if buildroot's systemd would not depend on dbus). This is sufficient to provide systemd's (d)bus functionality. To allow standalone usage, the necessary config files are copied and adopted over from dbus. bases on Yanns changes, and - add an own config entry for dbus-broker-launch enabled by default if systemd init is used - undo BR2_COREUTILS_HOST_DEPENDENCY - undo adding dbus user - never used by this package - add condtional audit dependency - cleanup conditional logic a bit Signed-off-by: Norbert Lange <nolange79@gmail.com> --- DEVELOPERS | 1 + package/Config.in | 1 + package/dbus-broker/Config.in | 35 ++++++++ package/dbus-broker/dbus-broker.hash | 3 + package/dbus-broker/dbus-broker.mk | 72 ++++++++++++++++ package/dbus-broker/dbus.socket | 5 ++ package/dbus-broker/session.conf | 65 +++++++++++++++ package/dbus-broker/system.conf | 120 +++++++++++++++++++++++++++ 8 files changed, 302 insertions(+) create mode 100644 package/dbus-broker/Config.in create mode 100644 package/dbus-broker/dbus-broker.hash create mode 100644 package/dbus-broker/dbus-broker.mk create mode 100644 package/dbus-broker/dbus.socket create mode 100644 package/dbus-broker/session.conf create mode 100644 package/dbus-broker/system.conf