diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest index 0af7e50b0b..5823be671c 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/Manifest @@ -1 +1 @@ -DIST dbus-1.12.20.tar.gz 2095511 BLAKE2B b467526e7e0281db7b8c7c178469fe006dab29ccb1ea197c02495bd297e8de766230b68ed86c4a7e05dbe09ca30ce941a15e0bf8030fe0df66c04febf0534b3b SHA512 0964683bc6859374cc94e42e1ec0cdb542cca67971c205fcba4352500b6c0891665b0718e7d85eb060c81cb82e3346c313892bc02384da300ddd306c7eef0056 +DIST dbus-1.12.22.tar.gz 2108231 BLAKE2B 40c30ad9e48d8ac6b5f1c67726015eb17cb3501372ef2c8ffcd8ad73e4a2f186b80a7bbba094460d4093d1d0a3f1bbb8d83a27724397a8f5312bb8542237e6b7 SHA512 0a716022f9d693fcaf871b6dfb5f242b49a8dd05d3316ec3e530f5129f1d81a2fa9caec795fa62cfdcba6ed21549fdd2f896f9bf1cc9a96e2a7d04f2c7ec7be6 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild index 71950707da..68513fcf1e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.20-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/dbus-1.12.22-r1.ebuild @@ -1,10 +1,12 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{6..10} ) -inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd virtualx multilib-minimal +PYTHON_COMPAT=( python3_{8..10} ) +TMPFILES_OPTIONAL=1 + +inherit autotools flag-o-matic linux-info python-any-r1 readme.gentoo-r1 systemd tmpfiles virtualx multilib-minimal DESCRIPTION="A message bus system, a simple way for applications to talk to each other" HOMEPAGE="https://dbus.freedesktop.org/" @@ -13,7 +15,7 @@ SRC_URI="https://dbus.freedesktop.org/releases/dbus/${P}.tar.gz" LICENSE="|| ( AFL-2.1 GPL-2 )" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="debug doc elogind kernel_linux selinux static-libs systemd test user-session X" +IUSE="debug doc elogind selinux static-libs systemd test X" RESTRICT="!test? ( test )" REQUIRED_USE="?? ( elogind systemd )" @@ -43,11 +45,10 @@ DEPEND="${COMMON_DEPEND} >=dev-libs/glib-2.40:2 ) " - -# Flatcar: drop dependency on sec-policy/selinux-dbus, to avoid pulling in -# unnecessary ebuilds into rootfs RDEPEND="${COMMON_DEPEND} acct-user/messagebus + selinux? ( sec-policy/selinux-dbus ) + systemd? ( virtual/tmpfiles ) " DOC_CONTENTS=" @@ -59,8 +60,13 @@ DOC_CONTENTS=" TBD="${WORKDIR}/${P}-tests-build" PATCHES=( - "${FILESDIR}/${PN}-enable-elogind.patch" - "${FILESDIR}/${PN}-daemon-optional.patch" # bug #653136 + "${FILESDIR}/dbus-enable-elogind.patch" + "${FILESDIR}/dbus-daemon-optional.patch" # bug #653136 + + "${FILESDIR}/dbus-1.12.22-check-fd.patch" + + # https://bugs.gentoo.org/836560 + "${FILESDIR}/dbus-1.14.0-oom_score_adj.patch" ) pkg_setup() { @@ -124,10 +130,10 @@ multilib_src_configure() { $(use_enable selinux libaudit) --disable-apparmor $(use_enable kernel_linux inotify) - $(use_enable kernel_FreeBSD kqueue) + --disable-kqueue $(use_enable elogind) $(use_enable systemd) - $(use_enable user-session) + $(use_enable systemd user-session) --disable-embedded-tests --disable-modular-tests $(use_enable debug stats) @@ -135,6 +141,7 @@ multilib_src_configure() { --with-system-pid-file="${EPREFIX}${rundir}"/dbus.pid --with-system-socket="${EPREFIX}${rundir}"/dbus/system_bus_socket --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + --with-systemduserunitdir="$(systemd_get_userunitdir)" --with-dbus-user=messagebus $(use_with X x) ) @@ -248,7 +255,16 @@ multilib_src_install_all() { pkg_postinst() { readme.gentoo_print_elog - # Flatcar: remove machine-id generation. + if use systemd; then + tmpfiles_process dbus.conf + fi + + # Ensure unique id is generated and put it in /etc wrt #370451 but symlink + # for DBUS_MACHINE_UUID_FILE (see tools/dbus-launch.c) and reverse + # dependencies with hardcoded paths (although the known ones got fixed already) + # TODO: should be safe to remove at least the ln because of the above tmpfiles_process? + dbus-uuidgen --ensure="${EROOT}"/etc/machine-id + ln -sf "${EPREFIX}"/etc/machine-id "${EROOT}"/var/lib/dbus/machine-id if [[ ${CHOST} == *-darwin* ]]; then local plist="org.freedesktop.dbus-session.plist" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch new file mode 100644 index 0000000000..9038411bb1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.12.22-check-fd.patch @@ -0,0 +1,33 @@ +From 769a0462befb9829594a76e675526aba8579317e Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 27 Mar 2022 15:09:48 -0400 +Subject: [PATCH] sysdeps-unix: check fd before calling + _dbus_fd_set_close_on_exec() + +If /proc/self/oom_score_adj does not exist, fd will invalid (-1). +Attempting to set the CLOEXEC flag will obviously fail, and we lose the +original errno value from open(). + +Bug: https://bugs.gentoo.org/834725 +Signed-off-by: Mike Gilbert +--- + dbus/dbus-sysdeps-util-unix.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c +index 314ce64b..8f079cbf 100644 +--- a/dbus/dbus-sysdeps-util-unix.c ++++ b/dbus/dbus-sysdeps-util-unix.c +@@ -1633,7 +1633,8 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + if (fd < 0) + { + fd = open ("/proc/self/oom_score_adj", O_RDWR); +- _dbus_fd_set_close_on_exec (fd); ++ if (fd >= 0) ++ _dbus_fd_set_close_on_exec (fd); + } + + if (fd >= 0) +-- +GitLab + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch new file mode 100644 index 0000000000..0945297080 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/files/dbus-1.14.0-oom_score_adj.patch @@ -0,0 +1,115 @@ +From 499cdfde1b3f5d812912e89b1a1a0d7a4fb83306 Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 1 Apr 2022 18:58:34 +0100 +Subject: [PATCH 1/2] activation-helper: Never crash if unable to write + oom_score_adj + +_dbus_warn() normally only logs a warning, but can be made fatal by +environment variables. In particular, we do that during unit testing, +which can result in a build-time test failure if dbus is built in a +sandbox environment that prevents write access. + +_dbus_log() does only the logging part of _dbus_warn(), which seems +more appropriate here. + +Signed-off-by: Simon McVittie +--- + bus/activation-helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bus/activation-helper.c b/bus/activation-helper.c +index 8a4fd732..df0472ce 100644 +--- a/bus/activation-helper.c ++++ b/bus/activation-helper.c +@@ -348,7 +348,7 @@ exec_for_correct_user (char *exec, char *user, DBusError *error) + /* Resetting the OOM score adjustment is best-effort, so we don't + * treat a failure to do so as fatal. */ + if (!_dbus_reset_oom_score_adj (&error_str)) +- _dbus_warn ("%s: %s", error_str, strerror (errno)); ++ _dbus_log (DBUS_SYSTEM_LOG_WARNING, "%s: %s", error_str, strerror (errno)); + + if (!switch_user (user, error)) + return FALSE; +-- +GitLab + + +From 5c8e5b7140c4f1f88684c7a83ce9587fff2def0c Mon Sep 17 00:00:00 2001 +From: Simon McVittie +Date: Fri, 1 Apr 2022 18:56:26 +0100 +Subject: [PATCH 2/2] sysdeps: Only open oom_score_adj read/write if we need to + write it + +If we're running in a sandbox, we might not have write access to +oom_score_adj. In the common case where we don't have any special +protection from the OOM-killer, we can detect that with only read +access, and skip the part where we open it for writing. + +(We would also not have write access to oom_score_adj if we're running +with elevated Linux capabilities while not root, but that should never +actually happen for dbus-daemon-launch-helper, which is setuid root +for production use or has no capabilities during unit-testing.) + +Signed-off-by: Simon McVittie +--- + dbus/dbus-sysdeps-util-unix.c | 26 +++++++++++++++++++++++--- + 1 file changed, 23 insertions(+), 3 deletions(-) + +diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c +index 8f079cbf..ca130cff 100644 +--- a/dbus/dbus-sysdeps-util-unix.c ++++ b/dbus/dbus-sysdeps-util-unix.c +@@ -1627,12 +1627,12 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + const char *error_str = NULL; + + #ifdef O_CLOEXEC +- fd = open ("/proc/self/oom_score_adj", O_RDWR | O_CLOEXEC); ++ fd = open ("/proc/self/oom_score_adj", O_RDONLY | O_CLOEXEC); + #endif + + if (fd < 0) + { +- fd = open ("/proc/self/oom_score_adj", O_RDWR); ++ fd = open ("/proc/self/oom_score_adj", O_RDONLY); + if (fd >= 0) + _dbus_fd_set_close_on_exec (fd); + } +@@ -1680,6 +1680,26 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + goto out; + } + ++ close (fd); ++#ifdef O_CLOEXEC ++ fd = open ("/proc/self/oom_score_adj", O_WRONLY | O_CLOEXEC); ++ ++ if (fd < 0) ++#endif ++ { ++ fd = open ("/proc/self/oom_score_adj", O_WRONLY); ++ if (fd >= 0) ++ _dbus_fd_set_close_on_exec (fd); ++ } ++ ++ if (fd < 0) ++ { ++ ret = FALSE; ++ error_str = "open(/proc/self/oom_score_adj) for writing"; ++ saved_errno = errno; ++ goto out; ++ } ++ + if (pwrite (fd, "0", sizeof (char), 0) < 0) + { + ret = FALSE; +@@ -1700,7 +1720,7 @@ _dbus_reset_oom_score_adj (const char **error_str_p) + else + { + ret = FALSE; +- error_str = "open(/proc/self/oom_score_adj)"; ++ error_str = "open(/proc/self/oom_score_adj) for reading"; + saved_errno = errno; + goto out; + } +-- +GitLab + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml index a8736a7781..010eeadbdd 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/dbus/metadata.xml @@ -1,5 +1,5 @@ - + freedesktop-bugs@gentoo.org @@ -7,7 +7,6 @@ Use sys-auth/elogind for session tracking. Build with sys-apps/systemd at_console support - Enable user-session semantics for session bus under systemd cpe:/a:freedesktop:dbus