From: Robert Schwebel <r.schwebel@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Michael Olbrich <m.olbrich@pengutronix.de>,
Robert Schwebel <r.schwebel@pengutronix.de>
Subject: [ptxdist] [PATCH] dbus-broker: replacement dbus daemon
Date: Wed, 18 Dec 2024 09:01:59 +0100 [thread overview]
Message-ID: <20241218080159.2909891-1-r.schwebel@pengutronix.de> (raw)
From: Michael Olbrich <m.olbrich@pengutronix.de>
dbus-broker has meanwhile evolved as an alternative to the standard dbus
daemon. Since its beginning, it has for example been long used in
Fedora, and Debian has it as an alternative implementation. So let's try
it in ptxdist as well.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
[various version bumps, added sysroot mechanics for newer versions]
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
---
.../usr/lib/systemd/system/dbus.socket | 5 +
projectroot/usr/share/dbus-1/system.conf | 140 ++++++++++++++++++
rules/dbus-broker.in | 17 +++
rules/dbus-broker.make | 86 +++++++++++
rules/dbus.in | 10 ++
rules/dbus.make | 6 +-
6 files changed, 262 insertions(+), 2 deletions(-)
create mode 100644 projectroot/usr/lib/systemd/system/dbus.socket
create mode 100644 projectroot/usr/share/dbus-1/system.conf
create mode 100644 rules/dbus-broker.in
create mode 100644 rules/dbus-broker.make
diff --git a/projectroot/usr/lib/systemd/system/dbus.socket b/projectroot/usr/lib/systemd/system/dbus.socket
new file mode 100644
index 000000000..0303bfbde
--- /dev/null
+++ b/projectroot/usr/lib/systemd/system/dbus.socket
@@ -0,0 +1,5 @@
+[Unit]
+Description=D-Bus System Message Bus Socket
+
+[Socket]
+ListenStream=/var/run/dbus/system_bus_socket
diff --git a/projectroot/usr/share/dbus-1/system.conf b/projectroot/usr/share/dbus-1/system.conf
new file mode 100644
index 000000000..fb1526a4b
--- /dev/null
+++ b/projectroot/usr/share/dbus-1/system.conf
@@ -0,0 +1,140 @@
+<!-- This configuration file controls the systemwide message bus.
+ Add a system-local.conf and edit that rather than changing this
+ file directly. -->
+
+<!-- Note that there are any number of ways you can hose yourself
+ security-wise by screwing up this file; in particular, you
+ probably don't want to listen on any more addresses, add any more
+ auth mechanisms, run as a different user, etc. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Our well-known bus type, do not change this -->
+ <type>system</type>
+
+ <!-- Run as special user -->
+ <user>messagebus</user>
+
+ <!-- Fork into daemon mode -->
+ <fork/>
+
+ <!-- We use system service launching using a helper -->
+ <standard_system_servicedirs/>
+
+ <!-- This is a setuid helper that is used to launch system services -->
+ <servicehelper>/usr/libexec/dbus-daemon-launch-helper</servicehelper>
+
+ <!-- Write a pid file -->
+ <pidfile>/run/dbus/pid</pidfile>
+
+ <!-- Enable logging to syslog -->
+ <syslog/>
+
+ <!-- Only allow socket-credentials-based authentication -->
+ <auth>EXTERNAL</auth>
+
+ <!-- Only listen on a local socket. (abstract=/path/to/socket
+ means use abstract namespace, don't really create filesystem
+ file; only Linux supports this. Use path=/whatever on other
+ systems.) -->
+ <listen>unix:path=/run/dbus/system_bus_socket</listen>
+
+ <policy context="default">
+ <!-- All users can connect to system bus -->
+ <allow user="*"/>
+
+ <!-- Holes must be punched in service configuration files for
+ name ownership and sending method calls -->
+ <deny own="*"/>
+ <deny send_type="method_call"/>
+
+ <!-- Signals and reply messages (method returns, errors) are allowed
+ by default -->
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+
+ <!-- All messages may be received by default -->
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+
+ <!-- Allow anyone to talk to the message bus -->
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus" />
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <!-- But disallow some specific bus services -->
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus"
+ send_member="UpdateActivationEnvironment"/>
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Debug.Stats"/>
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
+ </policy>
+
+ <!-- Only systemd, which runs as root, may report activation failures. -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
+ </policy>
+
+ <!-- root may monitor the system bus. -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Monitoring"/>
+ </policy>
+
+ <!-- If the Stats interface was enabled at compile-time, root may use it.
+ Copy this into system.local.conf or system.d/*.conf if you want to
+ enable other privileged users to view statistics and debug info -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Debug.Stats"/>
+ </policy>
+
+ <!-- Include legacy configuration location -->
+ <include ignore_missing="yes">/etc/dbus-1/system.conf</include>
+
+ <!-- The defaults for these limits are hard-coded in dbus-daemon.
+ Some clarifications:
+ Times are in milliseconds (ms); 1000ms = 1 second
+ 133169152 bytes = 127 MiB
+ 33554432 bytes = 32 MiB
+ 150000ms = 2.5 minutes -->
+ <!-- <limit name="max_incoming_bytes">133169152</limit> -->
+ <!-- <limit name="max_incoming_unix_fds">64</limit> -->
+ <!-- <limit name="max_outgoing_bytes">133169152</limit> -->
+ <!-- <limit name="max_outgoing_unix_fds">64</limit> -->
+ <!-- <limit name="max_message_size">33554432</limit> -->
+ <!-- <limit name="max_message_unix_fds">16</limit> -->
+ <!-- <limit name="service_start_timeout">25000</limit> -->
+ <!-- <limit name="auth_timeout">5000</limit> -->
+ <!-- <limit name="pending_fd_timeout">150000</limit> -->
+ <!-- <limit name="max_completed_connections">2048</limit> -->
+ <!-- <limit name="max_incomplete_connections">64</limit> -->
+ <!-- <limit name="max_connections_per_user">256</limit> -->
+ <!-- <limit name="max_pending_service_starts">512</limit> -->
+ <!-- <limit name="max_names_per_connection">512</limit> -->
+ <!-- <limit name="max_match_rules_per_connection">512</limit> -->
+ <!-- <limit name="max_replies_per_connection">128</limit> -->
+
+ <!-- Config files are placed here that among other things, punch
+ holes in the above policy for specific services. -->
+ <includedir>system.d</includedir>
+
+ <includedir>/etc/dbus-1/system.d</includedir>
+
+ <!-- This is included last so local configuration can override what's
+ in this standard file -->
+ <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include>
+
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+</busconfig>
diff --git a/rules/dbus-broker.in b/rules/dbus-broker.in
new file mode 100644
index 000000000..839a99246
--- /dev/null
+++ b/rules/dbus-broker.in
@@ -0,0 +1,17 @@
+## SECTION=middleware
+
+config DBUS_BROKER
+ tristate
+ depends on INITMETHOD_SYSTEMD
+ select HOST_MESON
+ select EXPAT
+ select SYSTEMD
+ select DBUS_NO_DAEMON if DBUS
+ prompt "dbus-broker"
+ help
+ The dbus-broker project is an implementation of a message bus as
+ defined by the D-Bus specification. Its aim is to provide high
+ performance and reliability, while keeping compatibility to the D-Bus
+ reference implementation. It is exclusively written for linux systems,
+ and makes use of many modern features provided by recent linux kernel
+ releases.
diff --git a/rules/dbus-broker.make b/rules/dbus-broker.make
new file mode 100644
index 000000000..ffb9a9e9c
--- /dev/null
+++ b/rules/dbus-broker.make
@@ -0,0 +1,86 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2018 by Michael Olbrich <m.olbrich@pengutronix.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_DBUS_BROKER) += dbus-broker
+
+#
+# Paths and names
+#
+DBUS_BROKER_VERSION := 36
+DBUS_BROKER_MD5 := 0398b41a250a6172e35750fc864ee33b
+DBUS_BROKER := dbus-broker-$(DBUS_BROKER_VERSION)
+DBUS_BROKER_SUFFIX := tar.xz
+DBUS_BROKER_URL := https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION)/$(DBUS_BROKER).$(DBUS_BROKER_SUFFIX)
+DBUS_BROKER_SOURCE := $(SRCDIR)/$(DBUS_BROKER).$(DBUS_BROKER_SUFFIX)
+DBUS_BROKER_DIR := $(BUILDDIR)/$(DBUS_BROKER)
+DBUS_BROKER_LICENSE := Apache-2.0
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+# host path leaks in if not set explicitly
+DBUS_BROKER_CONF_ENV := \
+ $(CROSS_ENV) \
+ PTXDIST_PKG_CONFIG_VAR_NO_SYSROOT="systemdsystemunitdir systemduserunitdir catalogdir"
+
+#
+# meson
+#
+DBUS_BROKER_CONF_TOOL := meson
+DBUS_BROKER_CONF_OPT := \
+ $(CROSS_MESON_USR) \
+ -Daudit=false \
+ -Dc-shquote:reference-test=false \
+ -Ddocs=false \
+ -Dlauncher=true \
+ -Dreference-test=false \
+ -Dselinux=false \
+ -Dsystem-console-users="[]"
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/dbus-broker.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, dbus-broker)
+ @$(call install_fixup, dbus-broker,PRIORITY,optional)
+ @$(call install_fixup, dbus-broker,SECTION,base)
+ @$(call install_fixup, dbus-broker,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>")
+ @$(call install_fixup, dbus-broker,DESCRIPTION,missing)
+
+ @$(call install_copy, dbus-broker, 0, 0, 0755, -, \
+ /usr/bin/dbus-broker)
+ @$(call install_copy, dbus-broker, 0, 0, 0755, -, \
+ /usr/bin/dbus-broker-launch)
+
+ @$(call install_alternative, dbus-broker, 0, 0, 0644, \
+ /usr/share/dbus-1/system.conf)
+
+ @$(call install_copy, dbus-broker, 0, 0, 0644, -, \
+ /usr/lib/systemd/system/dbus-broker.service)
+ @$(call install_link, dbus-broker, dbus-broker.service, \
+ /usr/lib/systemd/system/dbus.service)
+
+ @$(call install_alternative, dbus-broker, 0, 0, 0644, \
+ /usr/lib/systemd/system/dbus.socket)
+ @$(call install_link, dbus-broker, ../dbus.socket, \
+ /usr/lib/systemd/system/sockets.target.wants/dbus.socket)
+
+ @$(call install_finish, dbus-broker)
+
+ @$(call touch)
+
+# vim: syntax=make
diff --git a/rules/dbus.in b/rules/dbus.in
index b205ee62f..c8b5f09be 100644
--- a/rules/dbus.in
+++ b/rules/dbus.in
@@ -32,6 +32,14 @@ config DBUS_SELINUX
depends on BROKEN
bool
+config DBUS_NO_DAEMON
+ bool
+
+comment "D-Bus daemon is provided by dbus-broker"
+ depends on DBUS_NO_DAEMON
+
+if !DBUS_NO_DAEMON
+
config DBUS_SYSTEMD
bool
default INITMETHOD_SYSTEMD
@@ -60,3 +68,5 @@ config DBUS_SYSTEMD_USER_UNIT
depends on SYSTEMD_UNITS_USER && DBUS_SYSTEMD_UNIT
endif
+
+endif
diff --git a/rules/dbus.make b/rules/dbus.make
index f2bc7b552..dffa0ab6f 100644
--- a/rules/dbus.make
+++ b/rules/dbus.make
@@ -89,6 +89,7 @@ $(STATEDIR)/dbus.targetinstall:
@$(call install_fixup, dbus,AUTHOR,"Roland Hostettler <r.hostettler@gmx.ch>")
@$(call install_fixup, dbus,DESCRIPTION,missing)
+ifndef PTXCONF_DBUS_NO_DAEMON
@$(call install_copy, dbus, 0, 0, 0755, -, \
/usr/bin/dbus-daemon)
@$(call install_copy, dbus, 0, 0, 0755, -, \
@@ -105,14 +106,17 @@ $(STATEDIR)/dbus.targetinstall:
/usr/bin/dbus-uuidgen)
@$(call install_copy, dbus, 0, 104, 4754, -, \
/usr/libexec/dbus-daemon-launch-helper)
+endif
@$(call install_lib, dbus, 0, 0, 0644, libdbus-1)
# #
# # install config files
# #
+ifndef PTXCONF_DBUS_NO_DAEMON
@$(call install_alternative, dbus, 0, 0, 0644, /usr/share/dbus-1/system.conf)
@$(call install_alternative, dbus, 0, 0, 0644, /usr/share/dbus-1/session.conf)
+endif
# #
# # busybox init: start script
@@ -132,8 +136,6 @@ ifdef PTXCONF_DBUS_SYSTEMD_UNIT
/usr/lib/systemd/system/dbus.socket)
@$(call install_link, dbus, ../dbus.socket, \
/usr/lib/systemd/system/sockets.target.wants/dbus.socket)
- @$(call install_link, dbus, ../dbus.socket, \
- /usr/lib/systemd/system/dbus.target.wants/dbus.socket)
@$(call install_copy, dbus, 0, 0, 0644, -, \
/usr/lib/systemd/system/dbus.service)
--
2.39.5
reply other threads:[~2024-12-18 8:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241218080159.2909891-1-r.schwebel@pengutronix.de \
--to=r.schwebel@pengutronix.de \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox