package/dbus-broker: new package

dbus-broker is an alternate implementation of a dbus daemon. It can be used as a drop-in replacement for the system bus daemon, as well as the session bus daemon. dbus-broker is (basically, and as far as we're concerned in Buildroot) split in two components: - the actual message bus daemon, that relays messages across clients - a launcher, which is responsible for setting various aspects of the bus, like setting the policy et al. and opening the socket(s) the message bus daemon will have to listen on... The launcher can only be used in a systemd setup (it makes heavy use of systemd facilities), while the message bus is generic. However, the message bus daemon is useless without a launcher. There does not exist a non-systemd launcher, which makes dbus-broker actually a systemd-only package; this can be revisited when/if a non-systemd launcher appears. Note, however, that libdbus is not provided by dbus-broker. People who want to use dbus-broker as the bus daemon, and need libdbus, will have to enable both. If only original dbus is enabled, things stay as they are now. This is for the moment still the default, though we should change that once dbus-broker has proven to work. If only dbus-broker is enabled, it installs the necessary socket activation units and dbus configuration files. The daemon is not launched at boot time; instead it is socket-activated when a client connects to the bus the first time. If both original dbus and dbus-broker are enabled, we have a conflict with the configuration files, the socket activation file. Also, original dbus activates the daemon as a service in multi-user.target.wants, so it is not socket-activated and dbus-broker would never get the opportunity to start. Therefore, original dbus is updated to remove the conflicting files and the activation of dbus-daemon. Since dbus-broker installs some of the same file that original dbus removes, we have to add a dependency to make sure that the ones installed by dbus-broker aren't removed. If both are installed, it is still possible to revert back to using original dbus as system bus: - at build-time: by calling systemctl enable/disable from a post-build script (preferred), or by providing drop-in units or presets in an overlay (less preferred) or custom skeleton (as a last resort), - at runtime (on a RW filesystem): by calling systemctl enable/disable Note about the user: the path to the system bus socket is a so-called "well-known location": it is expected to be there, by spec. Moving it elsewhere is going to break existing programs. So, the user running the system bus daemon must be able to create that socket. As we may have two packages providing a system bus daemon, they have to be both able to create the socket, and thus must both be able to write in the directory containing the socket. And since they can be switched at runtime, they must be running as the same user. We can't just reference the original dbus user, so we duplicate the entry. What is important, is that the user be named 'dbus', as that's what we use in both cases. If both original dbus and dbus-broker are selected, the dbus user is included twice, but the specifications are identical so that's fine. mkusers will create the user only once. Finally, the licensing terms are pretty trivial for dbus-broker itself, but it makes use of third-party code that it inherits as git submodules (that are bundled in the release archive). Thus the licensing is a bit convoluted... The third-party codes claim to be licensed as "Apache-2.0 and LGP-2.1+" in their AUTHORS files, but at the same time claim "**Apache-2.0** OR **LGPL-2.1-or-later**" in their README files. The individual source files (that are used) do not seem to have any licensing header to clarify the situation. So we represent the situation with "Apache-2.0 and/or LGPL-2.1+". Signed-off-by: Norbert Lange <nolange79@gmail.com> [yann.morin.1998@free.fr: - don't select systemd; depend on it instead - only install config files and systemd units without original dbus - install a user to run the message bus as - fix licensing info - entirely reword and extend the commit log - add myself to DEVELOPERS as well ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> [Arnout: - Use dbus-broker as system bus if both are selected. - Remove conflicting files from dbus installation. - Simplify symbolic link creation. - Add comment to remind update of session.conf and system.conf. ] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-01-09 23:16:47 +01:00 · 2022-01-09 23:16:47 +01:00 · bd3cf3fb5b
commit bd3cf3fb5b
parent f1e3b2bb01
9 changed files with 305 additions and 0 deletions
--- a/2
+++ b/2
@ -2202,6 +2202,7 @@ F:	package/tpm-tools/
 F:	package/trousers/

 N:	Norbert Lange <nolange79@gmail.com>
+F:	package/dbus-broker/
 F:	package/systemd/
 F:	package/tcf-agent/

@ -3015,6 +3016,7 @@ F:	package/asterisk/
 F:	package/cegui/
 F:	package/dahdi-linux/
 F:	package/dahdi-tools/
+F:	package/dbus-broker/
 F:	package/dtc/
 F:	package/dtv-scan-tables/
 F:	package/dvb-apps/
--- a/package/Config.in
+++ b/package/Config.in
@ -468,6 +468,7 @@ endmenu
 	source "package/dahdi-tools/Config.in"
 	source "package/davinci-bootcount/Config.in"
 	source "package/dbus/Config.in"
+	source "package/dbus-broker/Config.in"
 	source "package/dbus-cpp/Config.in"
 	source "package/dbus-cxx/Config.in"
 	source "package/dbus-glib/Config.in"
--- a/package/dbus-broker/Config.in
+++ b/package/dbus-broker/Config.in
@ -0,0 +1,23 @@
+config BR2_PACKAGE_DBUS_BROKER
+	bool "dbus-broker"
+	depends on BR2_USE_MMU
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_17
+	depends on BR2_PACKAGE_SYSTEMD
+	select BR2_PACKAGE_EXPAT
+	help
+	  Linux D-Bus Message Broker.
+
+	  The dbus-broker project is an implementation of a message bus
+	  as defined by the D-Bus specification. Its aim is to provide
+	  high performance and reliability, while keeping compatibility
+	  to the D-Bus reference implementation.
+
+	  It is exclusively written for Linux systems, and makes use of
+	  many modern features provided by recent linux kernel releases.
+
+	  https://github.com/bus1/dbus-broker/wiki
+
+comment "dbusbroker needs systemd and a toolchain w/ threads"
+	depends on BR2_USE_MMU
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_PACKAGE_SYSTEMD
--- a/package/dbus-broker/dbus-broker.hash
+++ b/package/dbus-broker/dbus-broker.hash
@ -0,0 +1,3 @@
+# Locally calculated
+sha256  4eca425db52b7ab1027153e93fea9b3f11759db9e93ffbf88759b73ddfb8026a  dbus-broker-29.tar.xz
+sha256  3cda3630283eda0eab825abe5ac84d191248c6b3fe1c232a118124959b96c6a4  LICENSE
--- a/package/dbus-broker/dbus-broker.mk
+++ b/package/dbus-broker/dbus-broker.mk
@ -0,0 +1,67 @@
+################################################################################
+#
+# dbus-broker
+#
+################################################################################
+
+DBUS_BROKER_VERSION = 29
+DBUS_BROKER_SOURCE = dbus-broker-$(DBUS_BROKER_VERSION).tar.xz
+DBUS_BROKER_SITE = https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION)
+
+DBUS_BROKER_LICENSE = \
+	Apache-2.0, \
+	Apache-2.0 and/or LGPL-2.1+ (c-dvar, c-ini, c-list, c-rbtree, c-shquote, c-stdaux, c-utf8)
+# For the third-party code, the licensing legal-info is inconsistent between
+# the AUTHORS and README, so keep both
+DBUS_BROKER_LICENSE_FILES = \
+	LICENSE \
+	subprojects/c-dvar/AUTHORS subprojects/c-dvar/README.md \
+	subprojects/c-ini/AUTHORS subprojects/c-ini/README.md \
+	subprojects/c-list/AUTHORS subprojects/c-list/README.md \
+	subprojects/c-rbtree/AUTHORS subprojects/c-rbtree/README.md \
+	subprojects/c-shquote/AUTHORS subprojects/c-shquote/README.md \
+	subprojects/c-stdaux/AUTHORS subprojects/c-stdaux/README.md \
+	subprojects/c-utf8/AUTHORS subprojects/c-utf8/README.md
+
+DBUS_BROKER_DEPENDENCIES = expat systemd
+DBUS_BROKER_CONF_OPTS = -Dlauncher=true
+
+ifeq ($(BR2_PACKAGE_AUDIT),y)
+DBUS_BROKER_DEPENDENCIES += audit
+DBUS_BROKER_CONF_OPTS += -Daudit=true
+else
+DBUS_BROKER_CONF_OPTS += -Daudit=false
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+DBUS_BROKER_DEPENDENCIES += libselinux
+DBUS_BROKER_CONF_OPTS += -Dselinux=true
+else
+DBUS_BROKER_CONF_OPTS += -Dselinux=false
+endif
+
+# We must be using the same user as the original dbus, so we can share
+# the home directory and create a socket there. As a consequence, the
+# username and groupname must be dbus:dbus, and they both need to have
+# the same home.
+define DBUS_BROKER_USERS
+	dbus -1 dbus -1 * /run/dbus - dbus DBus messagebus user
+endef
+
+# We overwrite some files from dbus, so add a dependency.
+ifeq ($(BR2_PACKAGE_DBUS),y)
+DBUS_BROKER_DEPENDENCIES += dbus
+endif
+
+define DBUS_BROKER_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/session.conf \
+		$(TARGET_DIR)/usr/share/dbus-1/session.conf
+	$(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/system.conf \
+		$(TARGET_DIR)/usr/share/dbus-1/system.conf
+	$(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/dbus.socket \
+		$(TARGET_DIR)/usr/lib/systemd/system/dbus.socket
+	$(HOST_MAKE_ENV) ln -sf ../dbus.socket \
+		$(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket
+endef
+
+$(eval $(meson-package))
--- a/package/dbus-broker/dbus.socket
+++ b/package/dbus-broker/dbus.socket
@ -0,0 +1,5 @@
+[Unit]
+Description=D-Bus System Message Bus Socket
+
+[Socket]
+ListenStream=/run/dbus/system_bus_socket
--- a/package/dbus-broker/session.conf
+++ b/package/dbus-broker/session.conf
@ -0,0 +1,65 @@
+<!-- This configuration file controls the per-user-login-session message bus.
+     Add a session-local.conf and edit that rather than changing this
+     file directly. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <!-- Our well-known bus type, don't change this -->
+  <type>session</type>
+
+  <!-- If we fork, keep the user's original umask to avoid affecting
+       the behavior of child processes. -->
+  <keep_umask/>
+
+  <standard_session_servicedirs />
+
+  <policy context="default">
+    <!-- Allow everything to be sent -->
+    <allow send_destination="*" eavesdrop="true"/>
+    <!-- Allow everything to be received -->
+    <allow eavesdrop="true"/>
+    <!-- Allow anyone to own anything -->
+    <allow own="*"/>
+  </policy>
+
+  <!-- Config files are placed here that among other things,
+       further restrict the above policy for specific services. -->
+  <includedir>session.d</includedir>
+
+  <includedir>/etc/dbus-1/session.d</includedir>
+
+  <!-- This is included last so local configuration can override what's
+       in this standard file -->
+  <include ignore_missing="yes">/etc/dbus-1/session-local.conf</include>
+
+  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+  <!-- For the session bus, override the default relatively-low limits
+       with essentially infinite limits, since the bus is just running
+       as the user anyway, using up bus resources is not something we need
+       to worry about. In some cases, we do set the limits lower than
+       "all available memory" if exceeding the limit is almost certainly a bug,
+       having the bus enforce a limit is nicer than a huge memory leak. But the
+       intent is that these limits should never be hit. -->
+
+  <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
+  <limit name="max_incoming_bytes">1000000000</limit>
+  <limit name="max_incoming_unix_fds">250000000</limit>
+  <limit name="max_outgoing_bytes">1000000000</limit>
+  <limit name="max_outgoing_unix_fds">250000000</limit>
+  <limit name="max_message_size">1000000000</limit>
+  <!-- We do not override max_message_unix_fds here since the in-kernel
+       limit is also relatively low -->
+  <limit name="service_start_timeout">120000</limit>
+  <limit name="auth_timeout">240000</limit>
+  <limit name="pending_fd_timeout">150000</limit>
+  <limit name="max_completed_connections">100000</limit>
+  <limit name="max_incomplete_connections">10000</limit>
+  <limit name="max_connections_per_user">100000</limit>
+  <limit name="max_pending_service_starts">10000</limit>
+  <limit name="max_names_per_connection">50000</limit>
+  <limit name="max_match_rules_per_connection">50000</limit>
+  <limit name="max_replies_per_connection">50000</limit>
+
+</busconfig>
--- a/package/dbus-broker/system.conf
+++ b/package/dbus-broker/system.conf
@ -0,0 +1,123 @@
+<!-- This configuration file controls the systemwide message bus.
+     Add a system-local.conf and edit that rather than changing this
+     file directly. -->
+
+<!-- Note that there are any number of ways you can hose yourself
+     security-wise by screwing up this file; in particular, you
+     probably don't want to listen on any more addresses, add any more
+     auth mechanisms, run as a different user, etc. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Our well-known bus type, do not change this -->
+  <type>system</type>
+
+  <!-- Fork into daemon mode -->
+  <fork/>
+
+  <!-- Run as special user -->
+  <user>dbus</user>
+
+  <!-- We use system service launching using a helper -->
+  <standard_system_servicedirs/>
+
+  <!-- Enable logging to syslog -->
+  <syslog/>
+
+  <policy context="default">
+    <!-- All users can connect to system bus -->
+    <allow user="*"/>
+
+    <!-- Holes must be punched in service configuration files for
+         name ownership and sending method calls -->
+    <deny own="*"/>
+    <deny send_type="method_call"/>
+
+    <!-- Signals and reply messages (method returns, errors) are allowed
+         by default -->
+    <allow send_type="signal"/>
+    <allow send_requested_reply="true" send_type="method_return"/>
+    <allow send_requested_reply="true" send_type="error"/>
+
+    <!-- All messages may be received by default -->
+    <allow receive_type="method_call"/>
+    <allow receive_type="method_return"/>
+    <allow receive_type="error"/>
+    <allow receive_type="signal"/>
+
+    <!-- Allow anyone to talk to the message bus -->
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.DBus" />
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.DBus.Introspectable"/>
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.DBus.Properties"/>
+    <!-- But disallow some specific bus services -->
+    <deny send_destination="org.freedesktop.DBus"
+          send_interface="org.freedesktop.DBus"
+          send_member="UpdateActivationEnvironment"/>
+    <deny send_destination="org.freedesktop.DBus"
+          send_interface="org.freedesktop.DBus.Debug.Stats"/>
+    <deny send_destination="org.freedesktop.DBus"
+          send_interface="org.freedesktop.systemd1.Activator"/>
+  </policy>
+
+  <!-- Only systemd, which runs as root, may report activation failures. -->
+  <policy user="root">
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.systemd1.Activator"/>
+  </policy>
+
+  <!-- root may monitor the system bus. -->
+  <policy user="root">
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.DBus.Monitoring"/>
+  </policy>
+
+  <!-- If the Stats interface was enabled at compile-time, root may use it.
+       Copy this into system.local.conf or system.d/*.conf if you want to
+       enable other privileged users to view statistics and debug info -->
+  <policy user="root">
+    <allow send_destination="org.freedesktop.DBus"
+           send_interface="org.freedesktop.DBus.Debug.Stats"/>
+  </policy>
+
+
+  <!-- The defaults for these limits are hard-coded in dbus-daemon.
+       Some clarifications:
+       Times are in milliseconds (ms); 1000ms = 1 second
+       133169152 bytes = 127 MiB
+       33554432 bytes = 32 MiB
+       150000ms = 2.5 minutes -->
+  <!-- <limit name="max_incoming_bytes">133169152</limit> -->
+  <!-- <limit name="max_incoming_unix_fds">64</limit> -->
+  <!-- <limit name="max_outgoing_bytes">133169152</limit> -->
+  <!-- <limit name="max_outgoing_unix_fds">64</limit> -->
+  <!-- <limit name="max_message_size">33554432</limit> -->
+  <!-- <limit name="max_message_unix_fds">16</limit> -->
+  <!-- <limit name="service_start_timeout">25000</limit> -->
+  <!-- <limit name="auth_timeout">5000</limit> -->
+  <!-- <limit name="pending_fd_timeout">150000</limit> -->
+  <!-- <limit name="max_completed_connections">2048</limit> -->
+  <!-- <limit name="max_incomplete_connections">64</limit> -->
+  <!-- <limit name="max_connections_per_user">256</limit> -->
+  <!-- <limit name="max_pending_service_starts">512</limit> -->
+  <!-- <limit name="max_names_per_connection">512</limit> -->
+  <!-- <limit name="max_match_rules_per_connection">512</limit> -->
+  <!-- <limit name="max_replies_per_connection">128</limit> -->
+
+  <!-- Config files are placed here that among other things, punch
+       holes in the above policy for specific services. -->
+  <includedir>system.d</includedir>
+
+  <includedir>/etc/dbus-1/system.d</includedir>
+
+  <!-- This is included last so local configuration can override what's
+       in this standard file -->
+  <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include>
+
+  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+</busconfig>
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@ -4,6 +4,8 @@
 #
 ################################################################################

+# When updating dbus, check if there are changes in session.conf and
+# system.conf, and update the versions in the dbus-broker package accordingly.
 DBUS_VERSION = 1.12.22
 DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
 DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
@ -97,6 +99,20 @@ define DBUS_INSTALL_INIT_SYSV
 	ln -sf /tmp/dbus $(TARGET_DIR)/var/lib/dbus
 endef

+# If dbus-broker is installed, don't install the activation links for
+# dbus itself, not the configuration files. They will be overwritten
+# by dbus-broker
+ifeq ($(BR2_PACKAGE_DBUS_BROKER),y)
+define DBUS_REMOVE_SYSTEMD_ACTIVATION_LINKS
+	rm -f $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/dbus.service
+	rm -f $(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket
+	rm -f $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket
+	rm -f $(TARGET_DIR)/usr/share/dbus-1/session.conf
+	rm -f $(TARGET_DIR)/usr/share/dbus-1/system.conf
+endef
+DBUS_POST_INSTALL_TARGET_HOOKS += DBUS_REMOVE_SYSTEMD_ACTIVATION_LINKS
+endif
+
 define DBUS_INSTALL_INIT_SYSTEMD
 	mkdir -p $(TARGET_DIR)/var/lib/dbus
 	ln -sf /etc/machine-id $(TARGET_DIR)/var/lib/dbus/machine-id