From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 7B77E1E497; Thu, 13 Nov 2025 11:10:57 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id D085C1E458; Thu, 13 Nov 2025 11:10:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-b6-smtp.messagingengine.com (fhigh-b6-smtp.messagingengine.com [202.12.124.157]) by atuin.qyliss.net (Postfix) with ESMTPS id 599A71E453 for ; Thu, 13 Nov 2025 11:10:51 +0000 (UTC) Received: from phl-compute-11.internal (phl-compute-11.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id 22BFC7A01B5 for ; Thu, 13 Nov 2025 06:10:48 -0500 (EST) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Thu, 13 Nov 2025 06:10:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm2; t=1763032247; x= 1763118647; bh=xdsGZvn9kZ0VK6RiAAVJuLJPs6EbuCld2RhOyt7V3UU=; b=I vKB+OkpOrAo4++eVXwhbWimb11MAWISB7RWRRBPqGp9fY+8j2KPZWArEgLk7Rmk/ RrLefPtsKNP8VKNOK3UOcKAI37KqW1PQHSf1OvaXzdbFC79A3p1VQqvFPCRc1TVg oGjMMjtYEeZH7ocvhbpSb1NHNCVKJggr3vWxBpfXHu7tnjMcy2gK2FjUOLh+skDN 8iZCzY0f8aaQ7APuyFxtO51Wn+qHo00EoHQRoFiacDFjCq0tljAL7+GiCVLeuNfM hkeCf4ncYbw8cZtsYEJ6DfMkIXv0eRX89ggKmKTyZvxU3KCB4Qij/IbFUunZTz7x +M/uRQYBXTTmzjfJRHDuw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1763032247; x=1763118647; bh=xdsGZvn9kZ0VK6RiAAVJuLJPs6Eb uCld2RhOyt7V3UU=; b=0uZyI+Oaw9jghhwKtYwD0Q59GrE0T5RugdT4cscUKPnr LBrFALMEQzfJgULrTw6POP8n3gXWMiT0hD+Y6BHirSH1BOh4YVGRULGyPsgYAJMl DRh4pLVMTs4iPpNUC5AQdlyzFTZEVYX8N4tCMo0rS5B8DR4f+PdfQ3MZOpEfxdVi k1bC87GtEhyI6j7fuBci8sXiDEh5LM6G0rycRw2ws4WbY+DN1qAtUDIMZVYcWrRg xnwZJQGzsHNOV3vGZLlIx2DxndO2mgxrBsvnEJUwk6EhginWdyXfkuGDkaUX7YaW EWwX0AadbqqkV9k9z+XF5qyNHmtahM9wHeSiO3c9pg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddvtdeijeekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkofgjfhgggfestdekredtre dttdenucfhrhhomheptehlhihsshgrucftohhsshcuoehhihesrghlhihsshgrrdhisheq necuggftrfgrthhtvghrnhepveejuedtfeelkefgffeugeehtdehleefudeugeegtdfhvd ffheduueekffejkedvnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrd hishdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep uggvvhgvlhesshhpvggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Thu, 13 Nov 2025 06:10:47 -0500 (EST) Received: by fw12.qyliss.net (Postfix, from userid 1000) id 3CA45139B883; Thu, 13 Nov 2025 12:10:46 +0100 (CET) From: Alyssa Ross To: devel@spectrum-os.org Subject: [PATCH 2/3] img/app: dbus: don't listen on VSOCK Date: Thu, 13 Nov 2025 12:10:37 +0100 Message-ID: <20251113111038.39098-2-hi@alyssa.is> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251113111038.39098-1-hi@alyssa.is> References: <20251113111038.39098-1-hi@alyssa.is> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: O3C62WLOSZLMXYPQRLSOCFGGFHBROZWN X-Message-ID-Hash: O3C62WLOSZLMXYPQRLSOCFGGFHBROZWN X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: After working on it for a while, I decided that it complicated the D-Bus security model too much to upstream VSOCK support for the bus. Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK patches. The new dbus-vsock service starts before dbus-daemon to ensure that VSOCK connections can be received as soon as org.freedesktop.impl.portal.desktop.spectrum is started. When a connection is received (which should only be after the bus is up and has started org.freedesktop.impl.portal.desktop.spectrum), it will be relayed to the bus. Sadly we do still need to allow ANONYMOUS authentication for now[1]. Signed-off-by: Alyssa Ross Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1] --- img/app/default.nix | 4 +- img/app/file-list.mk | 5 +++ img/app/image/etc/dbus-1/session.conf | 1 - .../XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT | 1 + ...DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license | 2 + .../etc/s6-rc/dbus-vsock/notification-fd | 1 + .../s6-rc/dbus-vsock/notification-fd.license | 2 + img/app/image/etc/s6-rc/dbus-vsock/run | 17 +++++++ img/app/image/etc/s6-rc/dbus-vsock/type | 1 + .../image/etc/s6-rc/dbus-vsock/type.license | 2 + .../etc/s6-rc/dbus/dependencies.d/dbus-vsock | 0 img/app/image/etc/s6-rc/dbus/run | 2 - tools/default.nix | 5 +-- tools/xdg-desktop-portal-spectrum/meson.build | 3 -- .../xdg-desktop-portal-spectrum.c | 45 ++++++------------- 15 files changed, 49 insertions(+), 42 deletions(-) create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license create mode 100755 img/app/image/etc/s6-rc/dbus-vsock/run create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type.license create mode 100644 img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock diff --git a/img/app/default.nix b/img/app/default.nix index 08cb2cd..6490ac2 100644 --- a/img/app/default.nix +++ b/img/app/default.nix @@ -71,6 +71,8 @@ let pkgs.s6 pkgs.s6-linux-init pkgs.s6-rc + pkgs.socat + pkgs.systemd pkgs.wayland-proxy-virtwl pkgs.wireplumber pkgs.xdg-desktop-portal @@ -88,7 +90,7 @@ let } '' mkdir $out lndir -ignorelinks -silent ${appimageFhsenv} $out - rm $out/etc/dbus-1/session.conf + rm $out/etc/dbus-1/session.conf $out/usr/bin/init ''; in diff --git a/img/app/file-list.mk b/img/app/file-list.mk index 0b4d3d1..6934975 100644 --- a/img/app/file-list.mk +++ b/img/app/file-list.mk @@ -17,6 +17,7 @@ FILES = \ image/etc/s6-linux-init/env/GTK_USE_PORTAL \ image/etc/s6-linux-init/env/NIX_XDG_DESKTOP_PORTAL_DIR \ image/etc/s6-linux-init/env/WAYLAND_DISPLAY \ + image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT \ image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \ image/etc/s6-linux-init/run-image/service/getty-hvc0/run \ image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/notification-fd \ @@ -39,6 +40,10 @@ S6_RC_FILES = \ image/etc/s6-rc/app/dependencies.d/wayland-proxy-virtwl \ image/etc/s6-rc/app/run \ image/etc/s6-rc/app/type \ + image/etc/s6-rc/dbus-vsock/notification-fd \ + image/etc/s6-rc/dbus-vsock/run \ + image/etc/s6-rc/dbus-vsock/type \ + image/etc/s6-rc/dbus/dependencies.d/dbus-vsock \ image/etc/s6-rc/dbus/notification-fd \ image/etc/s6-rc/dbus/run \ image/etc/s6-rc/dbus/type \ diff --git a/img/app/image/etc/dbus-1/session.conf b/img/app/image/etc/dbus-1/session.conf index 751a788..d31f4b9 100644 --- a/img/app/image/etc/dbus-1/session.conf +++ b/img/app/image/etc/dbus-1/session.conf @@ -19,7 +19,6 @@ default config file with an address override on the command line, because command line address can only be given once. So that's why we need a whole custom session.conf. --> - vsock: unix:path=/run/session-bus EXTERNAL diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT new file mode 100644 index 0000000..037ba97 --- /dev/null +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT @@ -0,0 +1 @@ +219 diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license new file mode 100644 index 0000000..0d3d47c --- /dev/null +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license @@ -0,0 +1,2 @@ +SPDX-License-Identifier: CC0-1.0 +SPDX-FileCopyrightText: 2025 Alyssa Ross diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd new file mode 100644 index 0000000..00750ed --- /dev/null +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd @@ -0,0 +1 @@ +3 diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license new file mode 100644 index 0000000..0d3d47c --- /dev/null +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license @@ -0,0 +1,2 @@ +SPDX-License-Identifier: CC0-1.0 +SPDX-FileCopyrightText: 2025 Alyssa Ross diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run new file mode 100755 index 0000000..37fae7d --- /dev/null +++ b/img/app/image/etc/s6-rc/dbus-vsock/run @@ -0,0 +1,17 @@ +#!/bin/execlineb -P +# SPDX-License-Identifier: EUPL-1.2+ +# SPDX-FileCopyrightText: 2025 Alyssa Ross + +if { modprobe vsock } + +export LISTEN_FDS 1 +getpid LISTEN_PID +export SYSTEMD_LOG_LEVEL notice + +systemd-socket-activate -l vsock::219 --now + +# Notify readiness. +if { fdmove 1 3 echo } +fdclose 3 + +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type b/img/app/image/etc/s6-rc/dbus-vsock/type new file mode 100644 index 0000000..5883cff --- /dev/null +++ b/img/app/image/etc/s6-rc/dbus-vsock/type @@ -0,0 +1 @@ +longrun diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type.license b/img/app/image/etc/s6-rc/dbus-vsock/type.license new file mode 100644 index 0000000..0d3d47c --- /dev/null +++ b/img/app/image/etc/s6-rc/dbus-vsock/type.license @@ -0,0 +1,2 @@ +SPDX-License-Identifier: CC0-1.0 +SPDX-FileCopyrightText: 2025 Alyssa Ross diff --git a/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock b/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock new file mode 100644 index 0000000..e69de29 diff --git a/img/app/image/etc/s6-rc/dbus/run b/img/app/image/etc/s6-rc/dbus/run index a226abf..75e9cab 100644 --- a/img/app/image/etc/s6-rc/dbus/run +++ b/img/app/image/etc/s6-rc/dbus/run @@ -2,8 +2,6 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2023 Alyssa Ross -if { modprobe vsock } - dbus-daemon --config-file /etc/dbus-1/session.conf --nofork diff --git a/tools/default.nix b/tools/default.nix index 18d4dd6..0492f98 100644 --- a/tools/default.nix +++ b/tools/default.nix @@ -6,7 +6,7 @@ import ../lib/call-package.nix ( { src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages , meson, ninja, pkg-config, rustc , clang-tools, clippy, jq -, dbus, linuxHeaders +, linuxHeaders , clang, libbpf , buildSupport ? false , appSupport ? true @@ -88,8 +88,7 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optionals (appSupport || driverSupport) [ pkg-config ] ++ lib.optionals hostSupport [ rustc ] ++ lib.optionals driverSupport [ clang.cc ]; - buildInputs = lib.optionals appSupport [ dbus ] - ++ lib.optionals driverSupport [ libbpf linuxHeaders ]; + buildInputs = lib.optionals driverSupport [ libbpf linuxHeaders ]; postPatch = lib.optionals hostSupport (lib.concatMapStringsSep "\n" (crate: '' mkdir -p subprojects/packagecache diff --git a/tools/xdg-desktop-portal-spectrum/meson.build b/tools/xdg-desktop-portal-spectrum/meson.build index 7c2716f..a99c66d 100644 --- a/tools/xdg-desktop-portal-spectrum/meson.build +++ b/tools/xdg-desktop-portal-spectrum/meson.build @@ -1,8 +1,6 @@ # SPDX-License-Identifier: EUPL-1.2+ # SPDX-FileCopyrightText: 2024 Alyssa Ross -dbus = dependency('dbus-1') - install_data('spectrum.portal', install_dir : get_option('datadir') / 'xdg-desktop-portal/portals') @@ -21,5 +19,4 @@ configure_file( configuration : exe_conf_data) executable('xdg-desktop-portal-spectrum', 'xdg-desktop-portal-spectrum.c', - dependencies : dbus, install : true) diff --git a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c index 690d397..3c75923 100644 --- a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c +++ b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: EUPL-1.2+ -// SPDX-FileCopyrightText: 2024 Alyssa Ross +// SPDX-FileCopyrightText: 2024-2025 Alyssa Ross #include #include @@ -8,7 +8,6 @@ #include #include #include -#include #include #include @@ -16,12 +15,13 @@ #include -#include - #include "config.h" static const uint32_t HOST_PORT = 219; +static const char GUEST_PORT_ENV_VAR[] = + "XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT"; + static int parse_u32(const char *s, uint32_t *v) { char *end; @@ -113,36 +113,17 @@ static void check_result(int sock) int main(void) { - char *addr = getenv("DBUS_STARTER_ADDRESS"); - - DBusAddressEntry **entries; - int entries_len, i, sock; - DBusError error; - - const char *port_str; + int sock; uint32_t port; + char *port_str = getenv(GUEST_PORT_ENV_VAR); - if (!addr) - errx(EXIT_FAILURE, "DBUS_STARTER_ADDRESS not set"); + if (!port_str) + errx(EXIT_FAILURE, "%s is not set", GUEST_PORT_ENV_VAR); - if (!dbus_parse_address(addr, &entries, &entries_len, &error)) - errx(EXIT_FAILURE, "parsing D-Bus address '%s': %s", - addr, error.message); + if (parse_u32(port_str, &port) == -1) + err(EXIT_FAILURE, "D-Bus address vsock port"); - for (i = 0; i < entries_len; i++) { - if (strcmp(dbus_address_entry_get_method(entries[i]), "vsock")) - continue; - - if (!(port_str = dbus_address_entry_get_value(entries[i], "port"))) - errx(EXIT_FAILURE, "missing vsock port in D-Bus address '%s'", - addr); - - if (parse_u32(port_str, &port) == -1) - err(EXIT_FAILURE, "D-Bus address vsock port"); - - sock = connect_to_host(); - send_info(sock, port); - check_result(sock); - return 0; - } + sock = connect_to_host(); + send_info(sock, port); + check_result(sock); } -- 2.51.0