[Buildroot] [PATCH 1/4 v5] package/dbus-broker: new package
Norbert Lange
nolange79 at gmail.com
Sat Jul 18 14:27:08 UTC 2020
Am Sa., 18. Juli 2020 um 16:26 Uhr schrieb Norbert Lange <nolange79 at gmail.com>:
>
> Am Sa., 18. Juli 2020 um 13:48 Uhr schrieb Yann E. MORIN
> <yann.morin.1998 at free.fr>:
> >
> > From: Norbert Lange <nolange79 at gmail.com>
> >
> > dbus-broker is an alternate implementation of a dbus dameon. It can be
> > used as a drop-in replacement for the system bus daemon, as well as the
> > session bus daemon.
> >
> > dbus-broker is (basically, and as far as we're concerned in Buildroot)
> > split in two components:
> >
> > - the actual message bus daemon, that relays messages across clients
> >
> > - a launcher, which is responsible for setting various aspects of the
> > bus, like setting the policy et al. and opening the socket(s) the
> > message bus daemon will have to listen on...
> >
> > The launcher can only be used in a systemd setup (it makes heavy use of
> > systemd facilities), while the message bus is generic. However, the
> > message bus daemon is useless without a launcher. There does not exist a
> > non-systemd launcher, which makes dbus-broker actually a systemd-only
> > package; this can be revisited when/if a non-systemd launcher appears.
> >
> > There are two cases:
> >
> > 1. original dbus disabled
> >
> > Here, we install the config files and systemd socket activation
> > units; dbus-broker provides the system and sessions bus daemons.
> >
> > 2. original dbus enabled
> >
> > In this case, we do not install the config files and systemd socket
> > activation units, or define a user: they all are provided by the
> > original dbus, and we piggy-back on those.
> >
> > In this situation, the default system and sessions message bus are
> > the original dbus; dbus-broker is not enabled.
> >
> > However, users may opt-in to use dbus-broker in a few ways:
> > - at build-time: by providing drop-in units or presets in an
> > overlay or custom skeleton;
> > - at build-time: by calling systemctl enable/disable from a
> > post-build script;
> > - at runtime (on a RW filesystem): by calling systemctl
> > enable/disable
> >
> > Note about the user: the path to the system bus socket is a so-called
> > "well-known location": it is expected to be there, by spec. Moving it
> > elsewhere is going to break existing programs. So, the user running the
> > system bus daemon must be able to create that socket.
> >
> > As we may have two packages providing a system bus daemon, they have to
> > be both able to create the socket, and thus must both be able to write
> > in the directory containing the socket. And since they can be switched
> > at runtime, they must be running as the same user.
> >
> > We can't just reference the original dbus user, so we duplicate the
> > entry. What is important, is that the user be named 'dbus', as that's
> > what we use in both cases.
> >
> > Finally, the licensing terms are pretty trivial for dbus-broker itself,
> > but it makes use of third-party code that it inherits as git submodules
> > (that are bundled in the release archive). Thus the licensing is a bit
> > convoluted... The third-party codes claim to be licensed as "Apache-2.0
> > and LGP-2.1+" in their AUTHORS files, but at the same time claim
> > "**Apache-2.0** OR **LGPL-2.1-or-later**" in their README files. The
> > individual source files (that are used) do not seem to have any
> > licensing header to clarify the situation. So we represent the situation
> > with "Apache-2.0 and/or LGPL-2.1+".
> >
> > Signed-off-by: Norbert Lange <nolange79 at gmail.com>
> > [yann.morin.1998 at free.fr:
> > - don't select systemd; depend on it instead
> > - only install config files and systemd units without original dbus
> > - install a user to run the message bus as
> > - fix licensing info
> > - entirely reword and extend the commit log
> > - add myself to DEVELOPERS as well
> > ]
> > Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
> >
> > ---
> > Changes v4 -> v5 (Yann, after review by Norbert):
> > - define the user to run as directly in system.conf
> > - as a consequence, drop the unit drop-in
> > - add myself to DEVELOPERS as well
> >
> > Changes v3 -> v4 (Yann, respining after review by Norbert):
> > - drop the non-systemd case
> > - drop the launcher option
> > - reinstate BR2_COREUTILS_HOST_DEPENDENCY and ln --relative
> > - reinstate the user, explain it
> >
> > Changes v2 -> v3 (Norbert, respinning after Yann):
> > - add an own config entry for dbus-broker-launch
> > enabled by default if systemd init is used
> > - undo BR2_COREUTILS_HOST_DEPENDENCY
> > - undo adding dbus user - never used by this package
> > - add condtional audit dependency
> > - cleanup conditional logic a bit
> >
> > Changes v1 -> v2 (Yann):
> > - make launcher conditional
> > - don't select systemd; don't depend on it either
> > - don't install systemd units without systemd
> > - only install config files and systemd units wihtout original dbus
> > - rename hooks with meaningful names
> > - fix licensing info
> > - entirely reword and extend the commit log
> > ---
> > DEVELOPERS | 2 +
> > package/Config.in | 1 +
> > package/dbus-broker/Config.in | 22 +++++
> > package/dbus-broker/dbus-broker.hash | 3 +
> > package/dbus-broker/dbus-broker.mk | 77 +++++++++++++++++
> > package/dbus-broker/dbus.socket | 5 ++
> > package/dbus-broker/session.conf | 65 ++++++++++++++
> > package/dbus-broker/system.conf | 123 +++++++++++++++++++++++++++
> > 8 files changed, 298 insertions(+)
> > create mode 100644 package/dbus-broker/Config.in
> > create mode 100644 package/dbus-broker/dbus-broker.hash
> > create mode 100644 package/dbus-broker/dbus-broker.mk
> > create mode 100644 package/dbus-broker/dbus.socket
> > create mode 100644 package/dbus-broker/session.conf
> > create mode 100644 package/dbus-broker/system.conf
> >
> > diff --git a/DEVELOPERS b/DEVELOPERS
> > index f91314a13a..4f89276f80 100644
> > --- a/DEVELOPERS
> > +++ b/DEVELOPERS
> > @@ -1900,6 +1900,7 @@ F: package/tpm-tools/
> > F: package/trousers/
> >
> > N: Norbert Lange <nolange79 at gmail.com>
> > +F: package/dbus-broker/
> > F: package/tcf-agent/
> >
> > N: Nylon Chen <nylon7 at andestech.com>
> > @@ -2641,6 +2642,7 @@ F: package/asterisk/
> > F: package/cegui/
> > F: package/dahdi-linux/
> > F: package/dahdi-tools/
> > +F: package/dbus-broker/
> > F: package/dtc/
> > F: package/dtv-scan-tables/
> > F: package/dvb-apps/
> > diff --git a/package/Config.in b/package/Config.in
> > index aafaa312a1..b42c444902 100644
> > --- a/package/Config.in
> > +++ b/package/Config.in
> > @@ -434,6 +434,7 @@ endmenu
> > source "package/dahdi-linux/Config.in"
> > source "package/dahdi-tools/Config.in"
> > source "package/dbus/Config.in"
> > + source "package/dbus-broker/Config.in"
> > source "package/dbus-cpp/Config.in"
> > source "package/dbus-glib/Config.in"
> > source "package/dbus-python/Config.in"
> > diff --git a/package/dbus-broker/Config.in b/package/dbus-broker/Config.in
> > new file mode 100644
> > index 0000000000..30d8b27280
> > --- /dev/null
> > +++ b/package/dbus-broker/Config.in
> > @@ -0,0 +1,22 @@
> > +config BR2_PACKAGE_DBUS_BROKER
> > + bool "dbus-broker"
> > + depends on BR2_USE_MMU
> > + depends on BR2_TOOLCHAIN_HAS_THREADS
> > + depends on BR2_PACKAGE_SYSTEMD
> > + select BR2_PACKAGE_EXPAT
> > + help
> > + Linux D-Bus Message Broker.
> > +
> > + The dbus-broker project is an implementation of a message bus
> > + as defined by the D-Bus specification. Its aim is to provide
> > + high performance and reliability, while keeping compatibility
> > + to the D-Bus reference implementation.
> > +
> > + It is exclusively written for Linux systems, and makes use of
> > + many modern features provided by recent linux kernel releases.
> > +
> > + https://github.com/bus1/dbus-broker/wiki
> > +
> > +comment "dbusbroker needs systemd and a toolchain w/ threads"
> > + depends on BR2_USE_MMU
> > + depends on !BR2_TOOLCHAIN_HAS_THREADS || !BR2_PACKAGE_SYSTEMD
> > diff --git a/package/dbus-broker/dbus-broker.hash b/package/dbus-broker/dbus-broker.hash
> > new file mode 100644
> > index 0000000000..b8d631767f
> > --- /dev/null
> > +++ b/package/dbus-broker/dbus-broker.hash
> > @@ -0,0 +1,3 @@
> > +# Locally calculated
> > +sha256 95adfde56bce898c3b69eee0524732365e802348dd8189a35d5d00c30990dc81 dbus-broker-23.tar.xz
> > +sha256 3cda3630283eda0eab825abe5ac84d191248c6b3fe1c232a118124959b96c6a4 LICENSE
> > diff --git a/package/dbus-broker/dbus-broker.mk b/package/dbus-broker/dbus-broker.mk
> > new file mode 100644
> > index 0000000000..8b13c03d72
> > --- /dev/null
> > +++ b/package/dbus-broker/dbus-broker.mk
> > @@ -0,0 +1,77 @@
> > +################################################################################
> > +#
> > +# dbus-broker
> > +#
> > +################################################################################
> > +
> > +DBUS_BROKER_VERSION = 23
> > +DBUS_BROKER_SOURCE = dbus-broker-$(DBUS_BROKER_VERSION).tar.xz
> > +DBUS_BROKER_SITE = https://github.com/bus1/dbus-broker/releases/download/v$(DBUS_BROKER_VERSION)
> > +
> > +# For the third-party code, the licensing legla-info is inconsistent between
> > +# the AUTHORS and README, so keep both
> > +DBUS_BROKER_LICENSE = \
> > + Apache-2.0, \
> > + Apache-2.0 and/or LGPL-2.1+ (c-dvar, c-ini, c-list, c-rbtree, c-shquote, c-stdaux, c-utf8)
> > +DBUS_BROKER_LICENSE_FILES = \
> > + LICENSE \
> > + subprojects/c-dvar/AUTHORS subprojects/c-dvar/README.md \
> > + subprojects/c-ini/AUTHORS subprojects/c-ini/README.md \
> > + subprojects/c-list/AUTHORS subprojects/c-list/README.md \
> > + subprojects/c-rbtree/AUTHORS subprojects/c-rbtree/README.md \
> > + subprojects/c-shquote/AUTHORS subprojects/c-shquote/README.md \
> > + subprojects/c-stdaux/AUTHORS subprojects/c-stdaux/README.md \
> > + subprojects/c-utf8/AUTHORS subprojects/c-utf8/README.md
> > +
> > +DBUS_BROKER_DEPENDENCIES = expat systemd
> > +DBUS_BROKER_CONF_OPTS = -Dlauncher=true
> > +
> > +ifeq ($(BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_17),y)
> > +DBUS_BROKER_CONF_OPTS += -Dlinux-4-17=true
> > +else
> > +DBUS_BROKER_CONF_OPTS += -Dlinux-4-17=false
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_AUDIT),y)
> > +DBUS_BROKER_DEPENDENCIES += audit
> > +DBUS_BROKER_CONF_OPTS += -Daudit=true
> > +else
> > +DBUS_BROKER_CONF_OPTS += -Daudit=false
> > +endif
> > +
> > +ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
> > +DBUS_BROKER_DEPENDENCIES += libselinux
> > +DBUS_BROKER_CONF_OPTS += -Dselinux=true
> > +else
> > +DBUS_BROKER_CONF_OPTS += -Dselinux=false
> > +endif
> > +
> > +# We must be using the same user as the original dbus, so we can share
> > +# the home directory and create a socket there. As a consequence, the
> > +# username and groupname must be dbus:dbus, and they both need to have
> > +# the same home.
> > +define DBUS_BROKER_USERS
> > + dbus -1 dbus -1 * /var/run/dbus - dbus DBus messagebus user
> > +endef
>
> The basic issue is, that we read the same configuration file. The sockets/dir is
> owned by root and connection is done as root.
> But it's fine as-is, there's always potential for improvement.
>
> > +
> > +# Only install units for system bus daemon socket if original dbus is not present
> > +# Only install config and service files if original dbus is not present
> > +#
> > +# Note: BR2_COREUTILS_HOST_DEPENDENCY to be able to use ln --relative
> > +ifeq ($(BR2_PACKAGE_DBUS),)
> > +DBUS_BROKER_DEPENDENCIES += $(BR2_COREUTILS_HOST_DEPENDENCY)
> > +
> > +define DBUS_BROKER_INSTALL_INIT_SYSTEMD
> > + $(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/session.conf \
> > + $(TARGET_DIR)/usr/share/dbus-1/session.conf
> > + $(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/system.conf \
> > + $(TARGET_DIR)/usr/share/dbus-1/system.conf
> > + $(INSTALL) -D -m 0644 $(DBUS_BROKER_PKGDIR)/dbus.socket \
> > + $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket
> > + $(HOST_MAKE_ENV) ln -sf --relative \
> > + $(TARGET_DIR)/usr/lib/systemd/system/dbus.socket \
> > + $(TARGET_DIR)/usr/lib/systemd/system/sockets.target.wants/dbus.socket
> > +endef
> > +endif # !BR2_PACKAGE_DBUS
> > +
> > +$(eval $(meson-package))
> > diff --git a/package/dbus-broker/dbus.socket b/package/dbus-broker/dbus.socket
> > new file mode 100644
> > index 0000000000..5c373cf450
> > --- /dev/null
> > +++ b/package/dbus-broker/dbus.socket
> > @@ -0,0 +1,5 @@
> > +[Unit]
> > +Description=D-Bus System Message Bus Socket
> > +
> > +[Socket]
> > +ListenStream=/run/dbus/system_bus_socket
> > diff --git a/package/dbus-broker/session.conf b/package/dbus-broker/session.conf
> > new file mode 100644
> > index 0000000000..e4758fa218
> > --- /dev/null
> > +++ b/package/dbus-broker/session.conf
> > @@ -0,0 +1,65 @@
> > +<!-- This configuration file controls the per-user-login-session message bus.
> > + Add a session-local.conf and edit that rather than changing this
> > + file directly. -->
> > +
> > +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
> > + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> > +<busconfig>
> > + <!-- Our well-known bus type, don't change this -->
> > + <type>session</type>
> > +
> > + <!-- If we fork, keep the user's original umask to avoid affecting
> > + the behavior of child processes. -->
> > + <keep_umask/>
> > +
> > + <standard_session_servicedirs />
> > +
> > + <policy context="default">
> > + <!-- Allow everything to be sent -->
> > + <allow send_destination="*" eavesdrop="true"/>
> > + <!-- Allow everything to be received -->
> > + <allow eavesdrop="true"/>
> > + <!-- Allow anyone to own anything -->
> > + <allow own="*"/>
> > + </policy>
> > +
> > + <!-- Config files are placed here that among other things,
> > + further restrict the above policy for specific services. -->
> > + <includedir>session.d</includedir>
> > +
> > + <includedir>/etc/dbus-1/session.d</includedir>
> > +
> > + <!-- This is included last so local configuration can override what's
> > + in this standard file -->
> > + <include ignore_missing="yes">/etc/dbus-1/session-local.conf</include>
> > +
> > + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
> > +
> > + <!-- For the session bus, override the default relatively-low limits
> > + with essentially infinite limits, since the bus is just running
> > + as the user anyway, using up bus resources is not something we need
> > + to worry about. In some cases, we do set the limits lower than
> > + "all available memory" if exceeding the limit is almost certainly a bug,
> > + having the bus enforce a limit is nicer than a huge memory leak. But the
> > + intent is that these limits should never be hit. -->
> > +
> > + <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
> > + <limit name="max_incoming_bytes">1000000000</limit>
> > + <limit name="max_incoming_unix_fds">250000000</limit>
> > + <limit name="max_outgoing_bytes">1000000000</limit>
> > + <limit name="max_outgoing_unix_fds">250000000</limit>
> > + <limit name="max_message_size">1000000000</limit>
> > + <!-- We do not override max_message_unix_fds here since the in-kernel
> > + limit is also relatively low -->
> > + <limit name="service_start_timeout">120000</limit>
> > + <limit name="auth_timeout">240000</limit>
> > + <limit name="pending_fd_timeout">150000</limit>
> > + <limit name="max_completed_connections">100000</limit>
> > + <limit name="max_incomplete_connections">10000</limit>
> > + <limit name="max_connections_per_user">100000</limit>
> > + <limit name="max_pending_service_starts">10000</limit>
> > + <limit name="max_names_per_connection">50000</limit>
> > + <limit name="max_match_rules_per_connection">50000</limit>
> > + <limit name="max_replies_per_connection">50000</limit>
> > +
> > +</busconfig>
> > diff --git a/package/dbus-broker/system.conf b/package/dbus-broker/system.conf
> > new file mode 100644
> > index 0000000000..4b17fbd90e
> > --- /dev/null
> > +++ b/package/dbus-broker/system.conf
> > @@ -0,0 +1,123 @@
> > +<!-- This configuration file controls the systemwide message bus.
> > + Add a system-local.conf and edit that rather than changing this
> > + file directly. -->
> > +
> > +<!-- Note that there are any number of ways you can hose yourself
> > + security-wise by screwing up this file; in particular, you
> > + probably don't want to listen on any more addresses, add any more
> > + auth mechanisms, run as a different user, etc. -->
> > +
> > +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
> > + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> > +<busconfig>
> > +
> > + <!-- Our well-known bus type, do not change this -->
> > + <type>system</type>
> > +
> > + <!-- Fork into daemon mode -->
> > + <fork/>
> > +
> > + <!-- Run as special user -->
> > + <user>dbus</user>
> > +
> > + <!-- We use system service launching using a helper -->
> > + <standard_system_servicedirs/>
> > +
> > + <!-- Enable logging to syslog -->
> > + <syslog/>
> > +
> > + <policy context="default">
> > + <!-- All users can connect to system bus -->
> > + <allow user="*"/>
> > +
> > + <!-- Holes must be punched in service configuration files for
> > + name ownership and sending method calls -->
> > + <deny own="*"/>
> > + <deny send_type="method_call"/>
> > +
> > + <!-- Signals and reply messages (method returns, errors) are allowed
> > + by default -->
> > + <allow send_type="signal"/>
> > + <allow send_requested_reply="true" send_type="method_return"/>
> > + <allow send_requested_reply="true" send_type="error"/>
> > +
> > + <!-- All messages may be received by default -->
> > + <allow receive_type="method_call"/>
> > + <allow receive_type="method_return"/>
> > + <allow receive_type="error"/>
> > + <allow receive_type="signal"/>
> > +
> > + <!-- Allow anyone to talk to the message bus -->
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus" />
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus.Introspectable"/>
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus.Properties"/>
> > + <!-- But disallow some specific bus services -->
> > + <deny send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus"
> > + send_member="UpdateActivationEnvironment"/>
> > + <deny send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus.Debug.Stats"/>
> > + <deny send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.systemd1.Activator"/>
> > + </policy>
> > +
> > + <!-- Only systemd, which runs as root, may report activation failures. -->
> > + <policy user="root">
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.systemd1.Activator"/>
> > + </policy>
> > +
> > + <!-- root may monitor the system bus. -->
> > + <policy user="root">
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus.Monitoring"/>
> > + </policy>
> > +
> > + <!-- If the Stats interface was enabled at compile-time, root may use it.
> > + Copy this into system.local.conf or system.d/*.conf if you want to
> > + enable other privileged users to view statistics and debug info -->
> > + <policy user="root">
> > + <allow send_destination="org.freedesktop.DBus"
> > + send_interface="org.freedesktop.DBus.Debug.Stats"/>
> > + </policy>
> > +
> > +
> > + <!-- The defaults for these limits are hard-coded in dbus-daemon.
> > + Some clarifications:
> > + Times are in milliseconds (ms); 1000ms = 1 second
> > + 133169152 bytes = 127 MiB
> > + 33554432 bytes = 32 MiB
> > + 150000ms = 2.5 minutes -->
> > + <!-- <limit name="max_incoming_bytes">133169152</limit> -->
> > + <!-- <limit name="max_incoming_unix_fds">64</limit> -->
> > + <!-- <limit name="max_outgoing_bytes">133169152</limit> -->
> > + <!-- <limit name="max_outgoing_unix_fds">64</limit> -->
> > + <!-- <limit name="max_message_size">33554432</limit> -->
> > + <!-- <limit name="max_message_unix_fds">16</limit> -->
> > + <!-- <limit name="service_start_timeout">25000</limit> -->
> > + <!-- <limit name="auth_timeout">5000</limit> -->
> > + <!-- <limit name="pending_fd_timeout">150000</limit> -->
> > + <!-- <limit name="max_completed_connections">2048</limit> -->
> > + <!-- <limit name="max_incomplete_connections">64</limit> -->
> > + <!-- <limit name="max_connections_per_user">256</limit> -->
> > + <!-- <limit name="max_pending_service_starts">512</limit> -->
> > + <!-- <limit name="max_names_per_connection">512</limit> -->
> > + <!-- <limit name="max_match_rules_per_connection">512</limit> -->
> > + <!-- <limit name="max_replies_per_connection">128</limit> -->
> > +
> > + <!-- Config files are placed here that among other things, punch
> > + holes in the above policy for specific services. -->
> > + <includedir>system.d</includedir>
> > +
> > + <includedir>/etc/dbus-1/system.d</includedir>
> > +
> > + <!-- This is included last so local configuration can override what's
> > + in this standard file -->
> > + <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include>
> > +
> > + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
> > +
> > +</busconfig>
> > --
> > 2.20.1
> >
>
> Regards, Norbert
Forgot:
Reviewed-by: Norbert Lange <nolange79 at gmail.com>
More information about the buildroot
mailing list