diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest index 5823be671c..b69b290210 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest @@ -1 +1 @@ -DIST dbus-1.12.22.tar.gz 2108231 BLAKE2B 40c30ad9e48d8ac6b5f1c67726015eb17cb3501372ef2c8ffcd8ad73e4a2f186b80a7bbba094460d4093d1d0a3f1bbb8d83a27724397a8f5312bb8542237e6b7 SHA512 0a716022f9d693fcaf871b6dfb5f242b49a8dd05d3316ec3e530f5129f1d81a2fa9caec795fa62cfdcba6ed21549fdd2f896f9bf1cc9a96e2a7d04f2c7ec7be6 +DIST dbus-1.14.4.tar.xz 1368196 BLAKE2B 7da5cd8f09eaef7a64f35f8ccbeb81c5687b3fad02d6ac05dd4c232e0f731dbcf4c76c36b615e6216815c8f8631bf9cb32543665440153a1199b1b35922cdda4 SHA512 7c8ce95b8a4c63cf51cc9f10bebbc19e66d6a96c4806befad48c3fe73b4468bb2b50f9570b73fe05ff12223e5e6815032139d316995eb670c28b23c028f293d6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md deleted file mode 100644 index 5ae966f65b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/README.md +++ /dev/null @@ -1,13 +0,0 @@ -Modifications done in this fork: - -- Disable user sessions. We don't need them in Flatcar. At some point - Gentoo dropped the dedicated USE flag for it and enables user - sessions with systemd USE flag. - -- Dropped the dependency on sec-policy/selinux-dbus which is brought - by the selinux USE flag. We enable the flag because we still want - DBus to be selinux-aware, but for some reason we didn't want to pull - in the `sec-policy/selinux-dbus` package. We may want to revisit - this with our SELinux work. - -- Drop /etc/machine-id generation. We do it elsewhere (bootengine?). diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4.ebuild similarity index 75% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4.ebuild index e5950d5e47..9333216aff 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.14.4.ebuild @@ -1,20 +1,23 @@ # Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 PYTHON_COMPAT=( python3_{8..10} ) TMPFILES_OPTIONAL=1 +# At least at the moment, while a CMake port exists, it's not recommended +# for distributions. +# https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L189 inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx multilib-minimal DESCRIPTION="A message bus system, a simple way for applications to talk to each other" -HOMEPAGE="https://dbus.freedesktop.org/" -SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/dbus/" +SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.xz" LICENSE="|| ( AFL-2.1 GPL-2 )" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" IUSE="debug doc elogind selinux static-libs systemd test X" RESTRICT="!test? ( test )" @@ -31,7 +34,10 @@ BDEPEND=" COMMON_DEPEND=" >=dev-libs/expat-2.1.0 elogind? ( sys-auth/elogind ) - selinux? ( sys-libs/libselinux ) + selinux? ( + sys-process/audit + sys-libs/libselinux + ) systemd? ( sys-apps/systemd:0= ) X? ( x11-libs/libX11 @@ -45,14 +51,9 @@ DEPEND="${COMMON_DEPEND} >=dev-libs/glib-2.40:2 ) " -# Flatcar: Drop the following dependency to avoid pulling in -# unnecessary ebuilds into rootfs: -# -# selinux? ( sec-policy/selinux-dbus ) -# -# We may want to revisit that, actually. RDEPEND="${COMMON_DEPEND} acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) systemd? ( virtual/tmpfiles ) " @@ -67,11 +68,6 @@ TBD="${WORKDIR}/${P}-tests-build" PATCHES=( "${FILESDIR}/dbus-enable-elogind.patch" "${FILESDIR}/dbus-daemon-optional.patch" # bug #653136 - - "${FILESDIR}/dbus-1.12.22-check-fd.patch" - - # https://bugs.gentoo.org/836560 - "${FILESDIR}/dbus-1.14.0-oom_score_adj.patch" ) pkg_setup() { @@ -84,12 +80,6 @@ pkg_setup() { } src_prepare() { - # Tests were restricted because of this - sed -i \ - -e 's/.*bus_dispatch_test.*/printf ("Disabled due to excess noise\\n");/' \ - -e '/"dispatch"/d' \ - bus/test-main.c || die - default if [[ ${CHOST} == *-solaris* ]]; then @@ -99,14 +89,16 @@ src_prepare() { configure.ac || die fi - # required for bug 263909, cross-compile so don't remove eautoreconf + # required for bug #263909, cross-compile so don't remove eautoreconf eautoreconf } src_configure() { local rundir=$(usex kernel_linux /run /var/run) + sed -e "s;@rundir@;${EPREFIX}${rundir};g" "${FILESDIR}"/dbus.initd.in \ > "${T}"/dbus.initd || die + multilib-minimal_src_configure } @@ -116,7 +108,7 @@ multilib_src_configure() { # so we can get backtraces from apps case ${CHOST} in *-mingw*) - # error: unrecognized command line option '-rdynamic' wrt #488036 + # error: unrecognized command line option '-rdynamic', bug #488036 ;; *) append-flags -rdynamic @@ -127,6 +119,7 @@ multilib_src_configure() { # not on an SELinux profile. myconf=( --localstatedir="${EPREFIX}/var" + --runstatedir="${EPREFIX}${rundir}" $(use_enable static-libs static) $(use_enable debug verbose-mode) --disable-asserts @@ -138,9 +131,7 @@ multilib_src_configure() { --disable-kqueue $(use_enable elogind) $(use_enable systemd) - # Flatcar: disable user sessions - # $(use_enable systemd user-session) - --disable-user-session + $(use_enable systemd user-session) --disable-embedded-tests --disable-modular-tests $(use_enable debug stats) @@ -200,7 +191,7 @@ multilib_src_configure() { multilib_src_compile() { if multilib_is_native_abi; then - # after the compile, it uses a selinuxfs interface to + # After the compile, it uses a selinuxfs interface to # check if the SELinux policy has the right support use selinux && addwrite /selinux/access @@ -217,7 +208,10 @@ multilib_src_compile() { } src_test() { - DBUS_VERBOSE=1 virtx emake -j1 -C "${TBD}" check + # DBUS_TEST_MALLOC_FAILURES=0 to avoid huge test logs + # https://gitlab.freedesktop.org/dbus/dbus/-/blob/master/CONTRIBUTING.md#L231 + DBUS_TEST_MALLOC_FAILURES=0 DBUS_VERBOSE=1 virtx emake -j1 -C "${TBD}" check + } multilib_src_install() { @@ -235,25 +229,25 @@ multilib_src_install_all() { newinitd "${T}"/dbus.initd dbus if use X; then - # dbus X session script (#77504) + # dbus X session script (bug #77504) # turns out to only work for GDM (and startx). has been merged into # other desktop (kdm and such scripts) exeinto /etc/X11/xinit/xinitrc.d - doexe "${FILESDIR}"/80-dbus + newexe "${FILESDIR}"/80-dbus-r1 80-dbus fi - # needs to exist for dbus sessions to launch + # Needs to exist for dbus sessions to launch keepdir /usr/share/dbus-1/services keepdir /etc/dbus-1/{session,system}.d # machine-id symlink from pkg_postinst() keepdir /var/lib/dbus - # let the init script create the /var/run/dbus directory + # Let the init script create the /var/run/dbus directory rm -rf "${ED}"/var/run - # https://bugs.gentoo.org/761763 + # bug #761763 rm -rf "${ED}"/usr/lib/sysusers.d - dodoc AUTHORS ChangeLog NEWS README doc/TODO + dodoc AUTHORS NEWS README doc/TODO readme.gentoo_create_doc find "${ED}" -name '*.la' -delete || die @@ -262,17 +256,16 @@ multilib_src_install_all() { pkg_postinst() { readme.gentoo_print_elog - # Flatcar: Drop machine-id generation. - # if use systemd; then - # tmpfiles_process dbus.conf - # fi - # - # # Ensure unique id is generated and put it in /etc wrt #370451 but symlink - # # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse - # # dependencies with hardcoded paths (although the known ones got fixed already) - # # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? - # dbus-uuidgen --ensure="${EROOT}"/etc/machine-id - # ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt bug #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id if [[ ${CHOST} == *-darwin* ]]; then local plist="org.freedesktop.dbus-session.plist" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus-r1 similarity index 66% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus rename to sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus-r1 index 5593e2cd73..3499a6a12e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/80-dbus-r1 @@ -1,13 +1,13 @@ -#!/bin/bash +#!/bin/sh # launches a session dbus instance -dbuslaunch="`which dbus-launch 2>/dev/null`" +dbuslaunch=$(command -v dbus-launch 2>/dev/null) if [ -n "$dbuslaunch" ] && [ -x "$dbuslaunch" ] && [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then if [ -n "$command" ]; then command="$dbuslaunch --exit-with-session $command" else - eval `$dbuslaunch --sh-syntax --exit-with-session` + eval "$($dbuslaunch --sh-syntax --exit-with-session)" fi fi diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch deleted file mode 100644 index 9038411bb1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 769a0462befb9829594a76e675526aba8579317e Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Sun, 27 Mar 2022 15:09:48 -0400 -Subject: [PATCH] sysdeps-unix: check fd before calling - _dbus_fd_set_close_on_exec() - -If /proc/self/oom_score_adj does not exist, fd will invalid (-1). -Attempting to set the CLOEXEC flag will obviously fail, and we lose the -original errno value from open(). - -Bug: https://bugs.gentoo.org/834725 -Signed-off-by: Mike Gilbert ---- - dbus/dbus-sysdeps-util-unix.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c -index 314ce64b..8f079cbf 100644 ---- a/dbus/dbus-sysdeps-util-unix.c -+++ b/dbus/dbus-sysdeps-util-unix.c -@@ -1633,7 +1633,8 @@ _dbus_reset_oom_score_adj (const char **error_str_p) - if (fd < 0) - { - fd = open ("/proc/self/oom_score_adj", O_RDWR); -- _dbus_fd_set_close_on_exec (fd); -+ if (fd >= 0) -+ _dbus_fd_set_close_on_exec (fd); - } - - if (fd >= 0) --- -GitLab - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch deleted file mode 100644 index 0945297080..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 499cdfde1b3f5d812912e89b1a1a0d7a4fb83306 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Fri, 1 Apr 2022 18:58:34 +0100 -Subject: [PATCH 1/2] activation-helper: Never crash if unable to write - oom_score_adj - -_dbus_warn() normally only logs a warning, but can be made fatal by -environment variables. In particular, we do that during unit testing, -which can result in a build-time test failure if dbus is built in a -sandbox environment that prevents write access. - -_dbus_log() does only the logging part of _dbus_warn(), which seems -more appropriate here. - -Signed-off-by: Simon McVittie ---- - bus/activation-helper.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bus/activation-helper.c b/bus/activation-helper.c -index 8a4fd732..df0472ce 100644 ---- a/bus/activation-helper.c -+++ b/bus/activation-helper.c -@@ -348,7 +348,7 @@ exec_for_correct_user (char *exec, char *user, DBusError *error) - /* Resetting the OOM score adjustment is best-effort, so we don't - * treat a failure to do so as fatal. */ - if (!_dbus_reset_oom_score_adj (&error_str)) -- _dbus_warn ("%s: %s", error_str, strerror (errno)); -+ _dbus_log (DBUS_SYSTEM_LOG_WARNING, "%s: %s", error_str, strerror (errno)); - - if (!switch_user (user, error)) - return FALSE; --- -GitLab - - -From 5c8e5b7140c4f1f88684c7a83ce9587fff2def0c Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Fri, 1 Apr 2022 18:56:26 +0100 -Subject: [PATCH 2/2] sysdeps: Only open oom_score_adj read/write if we need to - write it - -If we're running in a sandbox, we might not have write access to -oom_score_adj. In the common case where we don't have any special -protection from the OOM-killer, we can detect that with only read -access, and skip the part where we open it for writing. - -(We would also not have write access to oom_score_adj if we're running -with elevated Linux capabilities while not root, but that should never -actually happen for dbus-daemon-launch-helper, which is setuid root -for production use or has no capabilities during unit-testing.) - -Signed-off-by: Simon McVittie ---- - dbus/dbus-sysdeps-util-unix.c | 26 +++++++++++++++++++++++--- - 1 file changed, 23 insertions(+), 3 deletions(-) - -diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c -index 8f079cbf..ca130cff 100644 ---- a/dbus/dbus-sysdeps-util-unix.c -+++ b/dbus/dbus-sysdeps-util-unix.c -@@ -1627,12 +1627,12 @@ _dbus_reset_oom_score_adj (const char **error_str_p) - const char *error_str = NULL; - - #ifdef O_CLOEXEC -- fd = open ("/proc/self/oom_score_adj", O_RDWR | O_CLOEXEC); -+ fd = open ("/proc/self/oom_score_adj", O_RDONLY | O_CLOEXEC); - #endif - - if (fd < 0) - { -- fd = open ("/proc/self/oom_score_adj", O_RDWR); -+ fd = open ("/proc/self/oom_score_adj", O_RDONLY); - if (fd >= 0) - _dbus_fd_set_close_on_exec (fd); - } -@@ -1680,6 +1680,26 @@ _dbus_reset_oom_score_adj (const char **error_str_p) - goto out; - } - -+ close (fd); -+#ifdef O_CLOEXEC -+ fd = open ("/proc/self/oom_score_adj", O_WRONLY | O_CLOEXEC); -+ -+ if (fd < 0) -+#endif -+ { -+ fd = open ("/proc/self/oom_score_adj", O_WRONLY); -+ if (fd >= 0) -+ _dbus_fd_set_close_on_exec (fd); -+ } -+ -+ if (fd < 0) -+ { -+ ret = FALSE; -+ error_str = "open(/proc/self/oom_score_adj) for writing"; -+ saved_errno = errno; -+ goto out; -+ } -+ - if (pwrite (fd, "0", sizeof (char), 0) < 0) - { - ret = FALSE; -@@ -1700,7 +1720,7 @@ _dbus_reset_oom_score_adj (const char **error_str_p) - else - { - ret = FALSE; -- error_str = "open(/proc/self/oom_score_adj)"; -+ error_str = "open(/proc/self/oom_score_adj) for reading"; - saved_errno = errno; - goto out; - } --- -GitLab -