diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2019-06-10 11:23:40 +0200 |
---|---|---|
committer | Robert Schwebel <r.schwebel@pengutronix.de> | 2021-12-29 22:55:28 +0100 |
commit | 306ffed90c9f51447e6cd927825bdae5b51fc74d (patch) | |
tree | c0bb45359e09f44e3891b811c52a953f5efa08d2 | |
parent | 70205d7cc77ff2bd36860291bf767f91bb4bc989 (diff) | |
download | ptxdist-306ffed90c9f51447e6cd927825bdae5b51fc74d.tar.gz ptxdist-306ffed90c9f51447e6cd927825bdae5b51fc74d.tar.xz |
dbus-broker: replacement dbus daemon
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | projectroot/usr/lib/systemd/system/dbus.socket | 5 | ||||
-rw-r--r-- | projectroot/usr/share/dbus-1/system.conf | 140 | ||||
-rw-r--r-- | rules/dbus-broker.in | 17 | ||||
-rw-r--r-- | rules/dbus-broker.make | 81 | ||||
-rw-r--r-- | rules/dbus.in | 10 | ||||
-rw-r--r-- | rules/dbus.make | 6 |
6 files changed, 257 insertions, 2 deletions
diff --git a/projectroot/usr/lib/systemd/system/dbus.socket b/projectroot/usr/lib/systemd/system/dbus.socket new file mode 100644 index 000000000..0303bfbde --- /dev/null +++ b/projectroot/usr/lib/systemd/system/dbus.socket @@ -0,0 +1,5 @@ +[Unit] +Description=D-Bus System Message Bus Socket + +[Socket] +ListenStream=/var/run/dbus/system_bus_socket diff --git a/projectroot/usr/share/dbus-1/system.conf b/projectroot/usr/share/dbus-1/system.conf new file mode 100644 index 000000000..fb1526a4b --- /dev/null +++ b/projectroot/usr/share/dbus-1/system.conf @@ -0,0 +1,140 @@ +<!-- This configuration file controls the systemwide message bus. + Add a system-local.conf and edit that rather than changing this + file directly. --> + +<!-- Note that there are any number of ways you can hose yourself + security-wise by screwing up this file; in particular, you + probably don't want to listen on any more addresses, add any more + auth mechanisms, run as a different user, etc. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <!-- Our well-known bus type, do not change this --> + <type>system</type> + + <!-- Run as special user --> + <user>messagebus</user> + + <!-- Fork into daemon mode --> + <fork/> + + <!-- We use system service launching using a helper --> + <standard_system_servicedirs/> + + <!-- This is a setuid helper that is used to launch system services --> + <servicehelper>/usr/libexec/dbus-daemon-launch-helper</servicehelper> + + <!-- Write a pid file --> + <pidfile>/run/dbus/pid</pidfile> + + <!-- Enable logging to syslog --> + <syslog/> + + <!-- Only allow socket-credentials-based authentication --> + <auth>EXTERNAL</auth> + + <!-- Only listen on a local socket. (abstract=/path/to/socket + means use abstract namespace, don't really create filesystem + file; only Linux supports this. Use path=/whatever on other + systems.) --> + <listen>unix:path=/run/dbus/system_bus_socket</listen> + + <policy context="default"> + <!-- All users can connect to system bus --> + <allow user="*"/> + + <!-- Holes must be punched in service configuration files for + name ownership and sending method calls --> + <deny own="*"/> + <deny send_type="method_call"/> + + <!-- Signals and reply messages (method returns, errors) are allowed + by default --> + <allow send_type="signal"/> + <allow send_requested_reply="true" send_type="method_return"/> + <allow send_requested_reply="true" send_type="error"/> + + <!-- All messages may be received by default --> + <allow receive_type="method_call"/> + <allow receive_type="method_return"/> + <allow receive_type="error"/> + <allow receive_type="signal"/> + + <!-- Allow anyone to talk to the message bus --> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" /> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Properties"/> + <!-- But disallow some specific bus services --> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus" + send_member="UpdateActivationEnvironment"/> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> + <deny send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.systemd1.Activator"/> + </policy> + + <!-- Only systemd, which runs as root, may report activation failures. --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.systemd1.Activator"/> + </policy> + + <!-- root may monitor the system bus. --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Monitoring"/> + </policy> + + <!-- If the Stats interface was enabled at compile-time, root may use it. + Copy this into system.local.conf or system.d/*.conf if you want to + enable other privileged users to view statistics and debug info --> + <policy user="root"> + <allow send_destination="org.freedesktop.DBus" + send_interface="org.freedesktop.DBus.Debug.Stats"/> + </policy> + + <!-- Include legacy configuration location --> + <include ignore_missing="yes">/etc/dbus-1/system.conf</include> + + <!-- The defaults for these limits are hard-coded in dbus-daemon. + Some clarifications: + Times are in milliseconds (ms); 1000ms = 1 second + 133169152 bytes = 127 MiB + 33554432 bytes = 32 MiB + 150000ms = 2.5 minutes --> + <!-- <limit name="max_incoming_bytes">133169152</limit> --> + <!-- <limit name="max_incoming_unix_fds">64</limit> --> + <!-- <limit name="max_outgoing_bytes">133169152</limit> --> + <!-- <limit name="max_outgoing_unix_fds">64</limit> --> + <!-- <limit name="max_message_size">33554432</limit> --> + <!-- <limit name="max_message_unix_fds">16</limit> --> + <!-- <limit name="service_start_timeout">25000</limit> --> + <!-- <limit name="auth_timeout">5000</limit> --> + <!-- <limit name="pending_fd_timeout">150000</limit> --> + <!-- <limit name="max_completed_connections">2048</limit> --> + <!-- <limit name="max_incomplete_connections">64</limit> --> + <!-- <limit name="max_connections_per_user">256</limit> --> + <!-- <limit name="max_pending_service_starts">512</limit> --> + <!-- <limit name="max_names_per_connection">512</limit> --> + <!-- <limit name="max_match_rules_per_connection">512</limit> --> + <!-- <limit name="max_replies_per_connection">128</limit> --> + + <!-- Config files are placed here that among other things, punch + holes in the above policy for specific services. --> + <includedir>system.d</includedir> + + <includedir>/etc/dbus-1/system.d</includedir> + + <!-- This is included last so local configuration can override what's + in this standard file --> + <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include> + + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + +</busconfig> diff --git a/rules/dbus-broker.in b/rules/dbus-broker.in new file mode 100644 index 000000000..839a99246 --- /dev/null +++ b/rules/dbus-broker.in @@ -0,0 +1,17 @@ +## SECTION=middleware + +config DBUS_BROKER + tristate + depends on INITMETHOD_SYSTEMD + select HOST_MESON + select EXPAT + select SYSTEMD + select DBUS_NO_DAEMON if DBUS + prompt "dbus-broker" + help + The dbus-broker project is an implementation of a message bus as + defined by the D-Bus specification. Its aim is to provide high + performance and reliability, while keeping compatibility to the D-Bus + reference implementation. It is exclusively written for linux systems, + and makes use of many modern features provided by recent linux kernel + releases. diff --git a/rules/dbus-broker.make b/rules/dbus-broker.make new file mode 100644 index 000000000..e8e8449e2 --- /dev/null +++ b/rules/dbus-broker.make @@ -0,0 +1,81 @@ +# -*-makefile-*- +# +# Copyright (C) 2018 by Michael Olbrich <m.olbrich@pengutronix.de> +# +# See CREDITS for details about who has contributed to this project. +# +# For further information about the PTXdist project and license conditions +# see the README file. +# + +# +# We provide this package +# +PACKAGES-$(PTXCONF_DBUS_BROKER) += dbus-broker + +# +# Paths and names +# +DBUS_BROKER_VERSION := 21 +DBUS_BROKER_MD5 := a17886a92ab1e0bc2e4b1a274339e388 +DBUS_BROKER := dbus-broker-$(DBUS_BROKER_VERSION) +DBUS_BROKER_SUFFIX := tar.xz +DBUS_BROKER_URL := https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION)/$(DBUS_BROKER).$(DBUS_BROKER_SUFFIX) +DBUS_BROKER_SOURCE := $(SRCDIR)/$(DBUS_BROKER).$(DBUS_BROKER_SUFFIX) +DBUS_BROKER_DIR := $(BUILDDIR)/$(DBUS_BROKER) +DBUS_BROKER_LICENSE := Apache-2.0 + +# ---------------------------------------------------------------------------- +# Prepare +# ---------------------------------------------------------------------------- + +# +# meson +# +DBUS_BROKER_CONF_TOOL := meson +DBUS_BROKER_CONF_OPT := \ + $(CROSS_MESON_USR) \ + -Daudit=false \ + -Dc-shquote:reference-test=false \ + -Ddocs=false \ + -Dlauncher=true \ + -Dreference-test=false \ + -Dselinux=false \ + -Dsystem-console-users="[]" + +# ---------------------------------------------------------------------------- +# Target-Install +# ---------------------------------------------------------------------------- + +$(STATEDIR)/dbus-broker.targetinstall: + @$(call targetinfo) + + @$(call install_init, dbus-broker) + @$(call install_fixup, dbus-broker,PRIORITY,optional) + @$(call install_fixup, dbus-broker,SECTION,base) + @$(call install_fixup, dbus-broker,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") + @$(call install_fixup, dbus-broker,DESCRIPTION,missing) + + @$(call install_copy, dbus-broker, 0, 0, 0755, -, \ + /usr/bin/dbus-broker) + @$(call install_copy, dbus-broker, 0, 0, 0755, -, \ + /usr/bin/dbus-broker-launch) + + @$(call install_alternative, dbus-broker, 0, 0, 0644, \ + /usr/share/dbus-1/system.conf) + + @$(call install_copy, dbus-broker, 0, 0, 0644, -, \ + /usr/lib/systemd/system/dbus-broker.service) + @$(call install_link, dbus-broker, dbus-broker.service, \ + /usr/lib/systemd/system/dbus.service) + + @$(call install_alternative, dbus-broker, 0, 0, 0644, \ + /usr/lib/systemd/system/dbus.socket) + @$(call install_link, dbus-broker, ../dbus.socket, \ + /usr/lib/systemd/system/sockets.target.wants/dbus.socket) + + @$(call install_finish, dbus-broker) + + @$(call touch) + +# vim: syntax=make diff --git a/rules/dbus.in b/rules/dbus.in index 3af3e5ca1..2ced991e8 100644 --- a/rules/dbus.in +++ b/rules/dbus.in @@ -31,6 +31,14 @@ config DBUS_SELINUX depends on BROKEN bool +config DBUS_NO_DAEMON + bool + +comment "D-Bus daemon is provided by dbus-broker" + depends on DBUS_NO_DAEMON + +if !DBUS_NO_DAEMON + config DBUS_SYSTEMD bool default INITMETHOD_SYSTEMD @@ -59,3 +67,5 @@ config DBUS_SYSTEMD_USER_UNIT depends on SYSTEMD_UNITS_USER && DBUS_SYSTEMD_UNIT endif + +endif diff --git a/rules/dbus.make b/rules/dbus.make index 168c58956..37f1cd2eb 100644 --- a/rules/dbus.make +++ b/rules/dbus.make @@ -93,6 +93,7 @@ $(STATEDIR)/dbus.targetinstall: @$(call install_fixup, dbus,AUTHOR,"Roland Hostettler <r.hostettler@gmx.ch>") @$(call install_fixup, dbus,DESCRIPTION,missing) +ifndef PTXCONF_DBUS_NO_DAEMON @$(call install_copy, dbus, 0, 0, 0755, -, \ /usr/bin/dbus-daemon) @$(call install_copy, dbus, 0, 0, 0755, -, \ @@ -109,14 +110,17 @@ $(STATEDIR)/dbus.targetinstall: /usr/bin/dbus-uuidgen) @$(call install_copy, dbus, 0, 104, 4754, -, \ /usr/libexec/dbus-daemon-launch-helper) +endif @$(call install_lib, dbus, 0, 0, 0644, libdbus-1) # # # # install config files # # +ifndef PTXCONF_DBUS_NO_DAEMON @$(call install_alternative, dbus, 0, 0, 0644, /usr/share/dbus-1/system.conf) @$(call install_alternative, dbus, 0, 0, 0644, /usr/share/dbus-1/session.conf) +endif # # # # busybox init: start script @@ -136,8 +140,6 @@ ifdef PTXCONF_DBUS_SYSTEMD_UNIT /usr/lib/systemd/system/dbus.socket) @$(call install_link, dbus, ../dbus.socket, \ /usr/lib/systemd/system/sockets.target.wants/dbus.socket) - @$(call install_link, dbus, ../dbus.socket, \ - /usr/lib/systemd/system/dbus.target.wants/dbus.socket) @$(call install_copy, dbus, 0, 0, 0644, -, \ /usr/lib/systemd/system/dbus.service) |