* [PATCH 1/3] img/app: move init to /usr/bin
@ 2025-11-13 11:10 Alyssa Ross
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
` (3 more replies)
0 siblings, 4 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-13 11:10 UTC (permalink / raw)
To: devel
/sbin/init (which for us is /usr/bin/init via the /sbin symlink) is
the highest precedence path for init in the kernel. If we keep our
init at /etc/init, installing a package (like systemd) that provides
its own init will quietly take precedence over our own. Let's claim
this path for ourselves, so adding init from a package will fail
loudly.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
img/app/file-list.mk | 4 ++--
img/app/image/{etc => usr/bin}/init | 0
2 files changed, 2 insertions(+), 2 deletions(-)
rename img/app/image/{etc => usr/bin}/init (100%)
diff --git a/img/app/file-list.mk b/img/app/file-list.mk
index 506ab7a..0b4d3d1 100644
--- a/img/app/file-list.mk
+++ b/img/app/file-list.mk
@@ -4,7 +4,6 @@
FILES = \
image/etc/dbus-1/session.conf \
image/etc/fstab \
- image/etc/init \
image/etc/mdev.conf \
image/etc/mdev/iface \
image/etc/mdev/listen \
@@ -26,7 +25,8 @@ FILES = \
image/etc/s6-linux-init/scripts/rc.shutdown \
image/etc/s6-linux-init/scripts/rc.shutdown.final \
image/etc/wireplumber/wireplumber.conf.d/99_spectrum.conf \
- image/etc/xdg/xdg-desktop-portal/portals.conf
+ image/etc/xdg/xdg-desktop-portal/portals.conf \
+ image/usr/bin/init
LINKS = \
image/bin \
diff --git a/img/app/image/etc/init b/img/app/image/usr/bin/init
similarity index 100%
rename from img/app/image/etc/init
rename to img/app/image/usr/bin/init
base-commit: 651da813154329e8398a23dbaabdeef633c1f2a6
--
2.51.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 11:10 [PATCH 1/3] img/app: move init to /usr/bin Alyssa Ross
@ 2025-11-13 11:10 ` Alyssa Ross
2025-11-13 17:46 ` Demi Marie Obenour
` (2 more replies)
2025-11-13 11:10 ` [PATCH 3/3] pkgs: remove dbus overlay Alyssa Ross
` (2 subsequent siblings)
3 siblings, 3 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-13 11:10 UTC (permalink / raw)
To: devel
After working on it for a while, I decided that it complicated the
D-Bus security model too much to upstream VSOCK support for the bus.
Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK
patches.
The new dbus-vsock service starts before dbus-daemon to ensure that
VSOCK connections can be received as soon as
org.freedesktop.impl.portal.desktop.spectrum is started. When a
connection is received (which should only be after the bus is up and
has started org.freedesktop.impl.portal.desktop.spectrum), it will be
relayed to the bus.
Sadly we do still need to allow ANONYMOUS authentication for now[1].
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1]
---
img/app/default.nix | 4 +-
img/app/file-list.mk | 5 +++
img/app/image/etc/dbus-1/session.conf | 1 -
.../XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT | 1 +
...DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license | 2 +
.../etc/s6-rc/dbus-vsock/notification-fd | 1 +
.../s6-rc/dbus-vsock/notification-fd.license | 2 +
img/app/image/etc/s6-rc/dbus-vsock/run | 17 +++++++
img/app/image/etc/s6-rc/dbus-vsock/type | 1 +
.../image/etc/s6-rc/dbus-vsock/type.license | 2 +
.../etc/s6-rc/dbus/dependencies.d/dbus-vsock | 0
img/app/image/etc/s6-rc/dbus/run | 2 -
tools/default.nix | 5 +--
tools/xdg-desktop-portal-spectrum/meson.build | 3 --
.../xdg-desktop-portal-spectrum.c | 45 ++++++-------------
15 files changed, 49 insertions(+), 42 deletions(-)
create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd
create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
create mode 100755 img/app/image/etc/s6-rc/dbus-vsock/run
create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type
create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type.license
create mode 100644 img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock
diff --git a/img/app/default.nix b/img/app/default.nix
index 08cb2cd..6490ac2 100644
--- a/img/app/default.nix
+++ b/img/app/default.nix
@@ -71,6 +71,8 @@ let
pkgs.s6
pkgs.s6-linux-init
pkgs.s6-rc
+ pkgs.socat
+ pkgs.systemd
pkgs.wayland-proxy-virtwl
pkgs.wireplumber
pkgs.xdg-desktop-portal
@@ -88,7 +90,7 @@ let
} ''
mkdir $out
lndir -ignorelinks -silent ${appimageFhsenv} $out
- rm $out/etc/dbus-1/session.conf
+ rm $out/etc/dbus-1/session.conf $out/usr/bin/init
'';
in
diff --git a/img/app/file-list.mk b/img/app/file-list.mk
index 0b4d3d1..6934975 100644
--- a/img/app/file-list.mk
+++ b/img/app/file-list.mk
@@ -17,6 +17,7 @@ FILES = \
image/etc/s6-linux-init/env/GTK_USE_PORTAL \
image/etc/s6-linux-init/env/NIX_XDG_DESKTOP_PORTAL_DIR \
image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
+ image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT \
image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
image/etc/s6-linux-init/run-image/service/getty-hvc0/run \
image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/notification-fd \
@@ -39,6 +40,10 @@ S6_RC_FILES = \
image/etc/s6-rc/app/dependencies.d/wayland-proxy-virtwl \
image/etc/s6-rc/app/run \
image/etc/s6-rc/app/type \
+ image/etc/s6-rc/dbus-vsock/notification-fd \
+ image/etc/s6-rc/dbus-vsock/run \
+ image/etc/s6-rc/dbus-vsock/type \
+ image/etc/s6-rc/dbus/dependencies.d/dbus-vsock \
image/etc/s6-rc/dbus/notification-fd \
image/etc/s6-rc/dbus/run \
image/etc/s6-rc/dbus/type \
diff --git a/img/app/image/etc/dbus-1/session.conf b/img/app/image/etc/dbus-1/session.conf
index 751a788..d31f4b9 100644
--- a/img/app/image/etc/dbus-1/session.conf
+++ b/img/app/image/etc/dbus-1/session.conf
@@ -19,7 +19,6 @@
default config file with an address override on the command
line, because command line address can only be given once.
So that's why we need a whole custom session.conf. -->
- <listen>vsock:</listen>
<listen>unix:path=/run/session-bus</listen>
<auth>EXTERNAL</auth>
diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
new file mode 100644
index 0000000..037ba97
--- /dev/null
+++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
@@ -0,0 +1 @@
+219
diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
@@ -0,0 +1 @@
+3
diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
new file mode 100755
index 0000000..37fae7d
--- /dev/null
+++ b/img/app/image/etc/s6-rc/dbus-vsock/run
@@ -0,0 +1,17 @@
+#!/bin/execlineb -P
+# SPDX-License-Identifier: EUPL-1.2+
+# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
+
+if { modprobe vsock }
+
+export LISTEN_FDS 1
+getpid LISTEN_PID
+export SYSTEMD_LOG_LEVEL notice
+
+systemd-socket-activate -l vsock::219 --now
+
+# Notify readiness.
+if { fdmove 1 3 echo }
+fdclose 3
+
+socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type b/img/app/image/etc/s6-rc/dbus-vsock/type
new file mode 100644
index 0000000..5883cff
--- /dev/null
+++ b/img/app/image/etc/s6-rc/dbus-vsock/type
@@ -0,0 +1 @@
+longrun
diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type.license b/img/app/image/etc/s6-rc/dbus-vsock/type.license
new file mode 100644
index 0000000..0d3d47c
--- /dev/null
+++ b/img/app/image/etc/s6-rc/dbus-vsock/type.license
@@ -0,0 +1,2 @@
+SPDX-License-Identifier: CC0-1.0
+SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
diff --git a/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock b/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock
new file mode 100644
index 0000000..e69de29
diff --git a/img/app/image/etc/s6-rc/dbus/run b/img/app/image/etc/s6-rc/dbus/run
index a226abf..75e9cab 100644
--- a/img/app/image/etc/s6-rc/dbus/run
+++ b/img/app/image/etc/s6-rc/dbus/run
@@ -2,8 +2,6 @@
# SPDX-License-Identifier: EUPL-1.2+
# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is>
-if { modprobe vsock }
-
dbus-daemon
--config-file /etc/dbus-1/session.conf
--nofork
diff --git a/tools/default.nix b/tools/default.nix
index 18d4dd6..0492f98 100644
--- a/tools/default.nix
+++ b/tools/default.nix
@@ -6,7 +6,7 @@ import ../lib/call-package.nix (
{ src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages
, meson, ninja, pkg-config, rustc
, clang-tools, clippy, jq
-, dbus, linuxHeaders
+, linuxHeaders
, clang, libbpf
, buildSupport ? false
, appSupport ? true
@@ -88,8 +88,7 @@ stdenv.mkDerivation (finalAttrs: {
++ lib.optionals (appSupport || driverSupport) [ pkg-config ]
++ lib.optionals hostSupport [ rustc ]
++ lib.optionals driverSupport [ clang.cc ];
- buildInputs = lib.optionals appSupport [ dbus ]
- ++ lib.optionals driverSupport [ libbpf linuxHeaders ];
+ buildInputs = lib.optionals driverSupport [ libbpf linuxHeaders ];
postPatch = lib.optionals hostSupport (lib.concatMapStringsSep "\n" (crate: ''
mkdir -p subprojects/packagecache
diff --git a/tools/xdg-desktop-portal-spectrum/meson.build b/tools/xdg-desktop-portal-spectrum/meson.build
index 7c2716f..a99c66d 100644
--- a/tools/xdg-desktop-portal-spectrum/meson.build
+++ b/tools/xdg-desktop-portal-spectrum/meson.build
@@ -1,8 +1,6 @@
# SPDX-License-Identifier: EUPL-1.2+
# SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
-dbus = dependency('dbus-1')
-
install_data('spectrum.portal',
install_dir : get_option('datadir') / 'xdg-desktop-portal/portals')
@@ -21,5 +19,4 @@ configure_file(
configuration : exe_conf_data)
executable('xdg-desktop-portal-spectrum', 'xdg-desktop-portal-spectrum.c',
- dependencies : dbus,
install : true)
diff --git a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
index 690d397..3c75923 100644
--- a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
+++ b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
@@ -1,5 +1,5 @@
// SPDX-License-Identifier: EUPL-1.2+
-// SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
+// SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
#include <arpa/inet.h>
#include <err.h>
@@ -8,7 +8,6 @@
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
-#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
@@ -16,12 +15,13 @@
#include <linux/vm_sockets.h>
-#include <dbus/dbus.h>
-
#include "config.h"
static const uint32_t HOST_PORT = 219;
+static const char GUEST_PORT_ENV_VAR[] =
+ "XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT";
+
static int parse_u32(const char *s, uint32_t *v)
{
char *end;
@@ -113,36 +113,17 @@ static void check_result(int sock)
int main(void)
{
- char *addr = getenv("DBUS_STARTER_ADDRESS");
-
- DBusAddressEntry **entries;
- int entries_len, i, sock;
- DBusError error;
-
- const char *port_str;
+ int sock;
uint32_t port;
+ char *port_str = getenv(GUEST_PORT_ENV_VAR);
- if (!addr)
- errx(EXIT_FAILURE, "DBUS_STARTER_ADDRESS not set");
+ if (!port_str)
+ errx(EXIT_FAILURE, "%s is not set", GUEST_PORT_ENV_VAR);
- if (!dbus_parse_address(addr, &entries, &entries_len, &error))
- errx(EXIT_FAILURE, "parsing D-Bus address '%s': %s",
- addr, error.message);
+ if (parse_u32(port_str, &port) == -1)
+ err(EXIT_FAILURE, "D-Bus address vsock port");
- for (i = 0; i < entries_len; i++) {
- if (strcmp(dbus_address_entry_get_method(entries[i]), "vsock"))
- continue;
-
- if (!(port_str = dbus_address_entry_get_value(entries[i], "port")))
- errx(EXIT_FAILURE, "missing vsock port in D-Bus address '%s'",
- addr);
-
- if (parse_u32(port_str, &port) == -1)
- err(EXIT_FAILURE, "D-Bus address vsock port");
-
- sock = connect_to_host();
- send_info(sock, port);
- check_result(sock);
- return 0;
- }
+ sock = connect_to_host();
+ send_info(sock, port);
+ check_result(sock);
}
--
2.51.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [PATCH 3/3] pkgs: remove dbus overlay
2025-11-13 11:10 [PATCH 1/3] img/app: move init to /usr/bin Alyssa Ross
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
@ 2025-11-13 11:10 ` Alyssa Ross
2025-11-17 22:13 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
2025-11-17 22:07 ` [PATCH 1/3] img/app: move init to /usr/bin Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
3 siblings, 2 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-13 11:10 UTC (permalink / raw)
To: devel
We ended up going with socat forwarding VSOCK to unix inside guests,
so these patches are no longer necessary.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
---
...add-vsock-address-format-to-the-spec.patch | 97 -------
...02-build-sys-add-enable-vsock-option.patch | 55 ----
...upport-to-_dbus_append_address_from_.patch | 68 -----
.../0004-dbus-add-_dbus_listen_vsock.patch | 190 -------------
.../0005-dbus-add-vsock-server-support.patch | 139 ----------
.../0006-dbus-add-_dbus_connect_vsock.patch | 93 -------
.../0007-dbus-add-vsock-client-support.patch | 117 --------
...-test-add-simple-loopback-vsock-test.patch | 127 ---------
...dd-allow-CIDs.-on-listenable-address.patch | 255 ------------------
pkgs/dbus/default.nix | 25 --
pkgs/overlay.nix | 2 -
11 files changed, 1168 deletions(-)
delete mode 100644 pkgs/dbus/0001-doc-add-vsock-address-format-to-the-spec.patch
delete mode 100644 pkgs/dbus/0002-build-sys-add-enable-vsock-option.patch
delete mode 100644 pkgs/dbus/0003-unix-add-vsock-support-to-_dbus_append_address_from_.patch
delete mode 100644 pkgs/dbus/0004-dbus-add-_dbus_listen_vsock.patch
delete mode 100644 pkgs/dbus/0005-dbus-add-vsock-server-support.patch
delete mode 100644 pkgs/dbus/0006-dbus-add-_dbus_connect_vsock.patch
delete mode 100644 pkgs/dbus/0007-dbus-add-vsock-client-support.patch
delete mode 100644 pkgs/dbus/0008-test-add-simple-loopback-vsock-test.patch
delete mode 100644 pkgs/dbus/0009-vsock-add-allow-CIDs.-on-listenable-address.patch
delete mode 100644 pkgs/dbus/default.nix
diff --git a/pkgs/dbus/0001-doc-add-vsock-address-format-to-the-spec.patch b/pkgs/dbus/0001-doc-add-vsock-address-format-to-the-spec.patch
deleted file mode 100644
index 017ed0b..0000000
--- a/pkgs/dbus/0001-doc-add-vsock-address-format-to-the-spec.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From 1b2bf09fbd4a6fadaf2438d0bc99f08e5c38b764 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sun, 10 Jan 2021 01:14:18 +0400
-Subject: [PATCH 1/9] doc: add vsock: address format to the spec
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- doc/dbus-specification.xml | 61 +++++++++++++++++++++++++++++++++++++-
- 1 file changed, 60 insertions(+), 1 deletion(-)
-
-diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
-index 16bbc2ca..775928c0 100644
---- a/doc/dbus-specification.xml
-+++ b/doc/dbus-specification.xml
-@@ -3576,7 +3576,7 @@
- [FIXME we need to specify in detail each transport and its possible arguments]
-
- Current transports include: unix domain sockets (including
-- abstract namespace on linux), launchd, systemd, TCP/IP, an executed subprocess and a debug/testing transport
-+ abstract namespace on linux), launchd, systemd, TCP/IP, VSOCK, an executed subprocess and a debug/testing transport
- using in-process pipes. Future possible transports include one that
- tunnels over X11 protocol.
- </para>
-@@ -3686,6 +3686,65 @@
- </para>
- </sect3>
- </sect2>
-+ <sect2 id="transports-vsock">
-+ <title>VSOCK Sockets</title>
-+ <para>
-+ VSOCK sockets facilitates communication between virtual machines and the
-+ host they are running on. It is supported on various operating systems,
-+ although it is most common on Linux (support added in 3.9 for VMWare,
-+ 4.8 for KVM, 4.14 for Hyper-V).
-+ </para>
-+ <para>
-+ VSOCK addresses do not need to specify the CID or the port to be
-+ listenable. By default, they will use
-+ <literal>VMADDR_CID_ANY(-1)</literal> and
-+ <literal>VMADDR_PORT_ANY(-1)</literal>, which will bind any address or
-+ port available.
-+ </para>
-+ <para>
-+ To be connectable, a VSOCK address must specify both the CID and the port.
-+ </para>
-+ <sect3 id="transport-vsock-addresses">
-+ <title>Server Address Format</title>
-+ <para>
-+ VSOCK socket addresses are identified by the "vsock:" prefix
-+ and support the following key/value pairs:
-+ </para>
-+ <informaltable>
-+ <tgroup cols="3">
-+ <thead>
-+ <row>
-+ <entry>Name</entry>
-+ <entry>Values</entry>
-+ <entry>Description</entry>
-+ </row>
-+ </thead>
-+ <tbody>
-+ <row>
-+ <entry>cid</entry>
-+ <entry>(32 bits unsigned number)</entry>
-+ <entry>
-+ The Context Identifier (CID). 0 is reserved for services
-+ built into the hypervisor, 1 is the well-known address for local
-+ communication, 2 is the well-known address of the host.
-+ -1U means any address for binding.
-+ </entry>
-+ </row>
-+ <row>
-+ <entry>port</entry>
-+ <entry>(32 bits unsigned number)</entry>
-+ <entry>
-+ The port number. -1U means any port for binding. On Linux, the
-+ port numbers below 1024 are called privileged ports. Only a
-+ process with the CAP_NET_BIND_SERVICE capability may bind to these
-+ port numbers.
-+ </entry>
-+ </row>
-+ </tbody>
-+ </tgroup>
-+ </informaltable>
-+ </sect3>
-+ </sect2>
- <sect2 id="transports-launchd">
- <title>launchd</title>
- <para>
---
-2.42.0
-
diff --git a/pkgs/dbus/0002-build-sys-add-enable-vsock-option.patch b/pkgs/dbus/0002-build-sys-add-enable-vsock-option.patch
deleted file mode 100644
index 32ac0d5..0000000
--- a/pkgs/dbus/0002-build-sys-add-enable-vsock-option.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 5b47ee683887c23c0f56cf403f46be1ad8f04470 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Fri, 8 Jan 2021 15:37:54 +0400
-Subject: [PATCH 2/9] build-sys: add --enable-vsock option
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Disabled by default, mainly for two reasons:
-- SELinux support is lacking in kernel, so --disable-selinux is required atm
-- Testing in containers/CI has unresolved issues (time out or unreachable)
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- configure.ac | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index 3f200a6c..2c3e7f54 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -218,6 +218,7 @@ AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[
- AC_ARG_ENABLE(launchd, AS_HELP_STRING([--enable-launchd],[build with launchd auto-launch support]),enable_launchd=$enableval,enable_launchd=auto)
- AC_ARG_ENABLE(systemd, AS_HELP_STRING([--enable-systemd],[build with systemd at_console support]),enable_systemd=$enableval,enable_systemd=auto)
- AC_ARG_ENABLE(traditional-activation, AS_HELP_STRING([--disable-traditional-activation], [Do not build support for service activation without using SystemdService]), enable_traditional_activation="$enableval", enable_traditional_activation=yes)
-+AC_ARG_ENABLE([vsock], [AS_HELP_STRING([--enable-vsock],[build with vsock support (linux only)])], [enable_vsock=$enableval], [enable_vsock=no])
-
- AC_ARG_WITH(session-socket-dir, AS_HELP_STRING([--with-session-socket-dir=[dirname]],[Where to put sockets for the per-login-session message bus]))
- AC_ARG_WITH(test-socket-dir, AS_HELP_STRING([--with-test-socket-dir=[dirname]],[Where to put sockets for make check]))
-@@ -882,6 +883,12 @@ fi
-
- AM_CONDITIONAL(DBUS_BUS_ENABLE_INOTIFY, test x$have_inotify = xyes)
-
-+AS_IF([test "x$enable_vsock" = xno],
-+ [have_vsock=no],
-+ [AC_CHECK_HEADERS([linux/vm_sockets.h], [have_vsock=yes], [have_vsock=no], [#include <sys/socket.h>])])
-+AS_IF([test "x$have_vsock" = xyes],
-+ [AC_DEFINE([DBUS_ENABLE_VSOCK], [1], [Use vsock])])
-+
- # For simplicity, we require the userland API for epoll_create1 at
- # compile-time (glibc 2.9), but we'll run on kernels that turn out
- # not to have it at runtime.
-@@ -1796,6 +1803,7 @@ echo "
- Building inotify support: ${have_inotify}
- Building kqueue support: ${have_kqueue}
- Building systemd support: ${have_systemd}
-+ Building vsock support: ${have_vsock}
- Traditional activation: ${enable_traditional_activation}
- Building X11 code: ${have_x11}
- Building Doxygen docs: ${enable_doxygen_docs}
---
-2.42.0
-
diff --git a/pkgs/dbus/0003-unix-add-vsock-support-to-_dbus_append_address_from_.patch b/pkgs/dbus/0003-unix-add-vsock-support-to-_dbus_append_address_from_.patch
deleted file mode 100644
index 311667f..0000000
--- a/pkgs/dbus/0003-unix-add-vsock-support-to-_dbus_append_address_from_.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 9c0d476590791451a344e086526826ad5a7821f8 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Fri, 8 Jan 2021 15:40:01 +0400
-Subject: [PATCH 3/9] unix: add vsock support to
- _dbus_append_address_from_socket
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2006 Red Hat, Inc.
-SPDX-FileCopyrightText: 2003 CodeFactory AB
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-sysdeps-unix.c | 22 +++++++++++++++++++++-
- 1 file changed, 21 insertions(+), 1 deletion(-)
-
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index e585136f..cc40c0cd 100644
---- a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -89,6 +89,10 @@
- #include <systemd/sd-daemon.h>
- #endif
-
-+#ifdef DBUS_ENABLE_VSOCK
-+#include <linux/vm_sockets.h>
-+#endif
-+
- #if !DBUS_USE_SYNC
- #include <pthread.h>
- #endif
-@@ -4891,6 +4895,9 @@ _dbus_append_address_from_socket (DBusSocket fd,
- struct sockaddr_un un;
- struct sockaddr_in ipv4;
- struct sockaddr_in6 ipv6;
-+#ifdef DBUS_ENABLE_VSOCK
-+ struct sockaddr_vm vm;
-+#endif
- } socket;
- char hostip[INET6_ADDRSTRLEN];
- socklen_t size = sizeof (socket);
-@@ -4962,7 +4969,20 @@ _dbus_append_address_from_socket (DBusSocket fd,
- }
- /* not reached */
- break;
--
-+#ifdef DBUS_ENABLE_VSOCK
-+ case AF_VSOCK:
-+ if (_dbus_string_append_printf (address, "vsock:cid=%u,port=%u",
-+ socket.vm.svm_cid, socket.vm.svm_port))
-+ {
-+ return TRUE;
-+ }
-+ else
-+ {
-+ _DBUS_SET_OOM (error);
-+ return FALSE;
-+ }
-+ break;
-+#endif
- default:
- dbus_set_error (error,
- _dbus_error_from_errno (EINVAL),
---
-2.42.0
-
diff --git a/pkgs/dbus/0004-dbus-add-_dbus_listen_vsock.patch b/pkgs/dbus/0004-dbus-add-_dbus_listen_vsock.patch
deleted file mode 100644
index c9f7cc2..0000000
--- a/pkgs/dbus/0004-dbus-add-_dbus_listen_vsock.patch
+++ /dev/null
@@ -1,190 +0,0 @@
-From 468b34e34ae36970029d544455df80d767b95296 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sun, 10 Jan 2021 00:42:54 +0400
-Subject: [PATCH 4/9] dbus: add _dbus_listen_vsock
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2006 Red Hat, Inc.
-SPDX-FileCopyrightText: 2003 CodeFactory AB
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-sysdeps-unix.c | 140 +++++++++++++++++++++++++++++++++++++++
- dbus/dbus-sysdeps-unix.h | 7 ++
- 2 files changed, 147 insertions(+)
-
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index cc40c0cd..9a46625a 100644
---- a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -1565,6 +1565,146 @@ out:
- return fd;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+static dbus_bool_t
-+_dbus_vsock_parse_cid (const char *cid,
-+ unsigned int *ret,
-+ DBusError *error)
-+{
-+ DBusString cid_str;
-+ unsigned long val;
-+
-+ _dbus_string_init_const (&cid_str, cid);
-+
-+ if (!_dbus_string_parse_uint (&cid_str, 0, &val, NULL) || val > _DBUS_UINT32_MAX)
-+ {
-+ dbus_set_error (error,
-+ DBUS_ERROR_BAD_ADDRESS,
-+ "Failed to parse vsock CID value '%s'", cid);
-+ return FALSE;
-+ }
-+
-+
-+ *ret = val;
-+ return TRUE;
-+}
-+
-+static dbus_bool_t
-+_dbus_vsock_parse_port (const char *port,
-+ unsigned int *ret,
-+ DBusError *error)
-+{
-+ DBusString port_str;
-+ unsigned long val;
-+
-+ _dbus_string_init_const (&port_str, port);
-+
-+ if (!_dbus_string_parse_uint (&port_str, 0, &val, NULL) || val > _DBUS_UINT32_MAX)
-+ {
-+ dbus_set_error (error,
-+ DBUS_ERROR_BAD_ADDRESS,
-+ "Failed to parse vsock port value '%s'", port);
-+ return FALSE;
-+ }
-+
-+ *ret = val;
-+ return TRUE;
-+}
-+
-+int
-+_dbus_listen_vsock (const char *cid,
-+ const char *port,
-+ DBusString *retcid,
-+ DBusString *retport,
-+ DBusError *error)
-+{
-+ struct sockaddr_vm sa;
-+ int saved_errno;
-+ int fd = -1;
-+
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+ _DBUS_ZERO (sa);
-+ sa.svm_family = AF_VSOCK;
-+ sa.svm_cid = VMADDR_CID_ANY;
-+ sa.svm_port = VMADDR_PORT_ANY;
-+
-+ if ((cid && !_dbus_vsock_parse_cid (cid, &sa.svm_cid, error)) ||
-+ (port && !_dbus_vsock_parse_port (port, &sa.svm_port, error)))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ return -1;
-+ }
-+
-+ if (!_dbus_open_socket (&fd, AF_VSOCK, SOCK_STREAM, 0, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ return -1;
-+ }
-+
-+ if (bind (fd, (struct sockaddr *) &sa, sizeof (sa)) < 0)
-+ {
-+ saved_errno = errno;
-+ _dbus_close (fd, NULL);
-+ dbus_set_error (error, _dbus_error_from_errno (saved_errno),
-+ "Failed to bind VSOCK socket of CID:%u: port:%u: %s",
-+ sa.svm_cid, sa.svm_port, _dbus_strerror (saved_errno));
-+ return -1;
-+ }
-+
-+ if (!_dbus_set_fd_nonblocking (fd, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ if (listen (fd, 30 /* backlog */) < 0)
-+ {
-+ saved_errno = errno;
-+ dbus_set_error (error, _dbus_error_from_errno (saved_errno),
-+ "Failed to listen on VSOCK socket of CID:%u port:%u: %s",
-+ sa.svm_cid, sa.svm_port, _dbus_strerror (saved_errno));
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ if (!port || !cid)
-+ {
-+ int result;
-+ socklen_t addrlen;
-+
-+ addrlen = sizeof (sa);
-+ result = getsockname (fd, (struct sockaddr *) &sa, &addrlen);
-+
-+ if (result == -1)
-+ {
-+ saved_errno = errno;
-+ dbus_set_error (error, _dbus_error_from_errno (saved_errno),
-+ "Failed to retrieve VSOCK socket name: %s",
-+ _dbus_strerror (saved_errno));
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+ }
-+
-+ if (!_dbus_string_append_printf (retcid, "%u", sa.svm_cid))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ if (!_dbus_string_append_printf (retport, "%u", sa.svm_port))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ return fd;
-+}
-+#endif
-+
- /**
- * Creates a socket and binds it to the given path, then listens on
- * the socket. The socket is set to be nonblocking. In case of port=0
-diff --git a/dbus/dbus-sysdeps-unix.h b/dbus/dbus-sysdeps-unix.h
-index e86de6d9..49b8f436 100644
---- a/dbus/dbus-sysdeps-unix.h
-+++ b/dbus/dbus-sysdeps-unix.h
-@@ -73,6 +73,13 @@ int _dbus_listen_unix_socket (const char *path,
- dbus_bool_t abstract,
- DBusError *error);
-
-+int _dbus_listen_vsock (const char *cid,
-+ const char *port,
-+ DBusString *retcid,
-+ DBusString *retport,
-+ DBusError *error);
-+
-+
- int _dbus_connect_exec (const char *path,
- char *const argv[],
- DBusError *error);
---
-2.42.0
-
diff --git a/pkgs/dbus/0005-dbus-add-vsock-server-support.patch b/pkgs/dbus/0005-dbus-add-vsock-server-support.patch
deleted file mode 100644
index 04b03b8..0000000
--- a/pkgs/dbus/0005-dbus-add-vsock-server-support.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-From 1f770dab67ddf78a6c327eebf25086e207a0f6e2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sun, 10 Jan 2021 00:43:20 +0400
-Subject: [PATCH 5/9] dbus: add vsock: server support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2004, 2006 Red Hat Inc.
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-server-socket.c | 55 +++++++++++++++++++++++++++++++++++++++
- dbus/dbus-server-socket.h | 3 +++
- dbus/dbus-server-unix.c | 20 ++++++++++++++
- 3 files changed, 78 insertions(+)
-
-diff --git a/dbus/dbus-server-socket.c b/dbus/dbus-server-socket.c
-index bc5e3a9d..074b2dfd 100644
---- a/dbus/dbus-server-socket.c
-+++ b/dbus/dbus-server-socket.c
-@@ -29,6 +29,10 @@
- #include "dbus-memory.h"
- #include "dbus-nonce.h"
- #include "dbus-string.h"
-+#ifdef DBUS_ENABLE_VSOCK
-+#include "dbus-sysdeps.h"
-+#include "dbus-sysdeps-unix.h"
-+#endif
-
- /**
- * @defgroup DBusServerSocket DBusServer implementations for SOCKET
-@@ -395,6 +399,57 @@ failed:
- return NULL;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+DBusServer *
-+_dbus_server_new_for_vsock (const char *cid,
-+ const char *port,
-+ DBusError *error)
-+{
-+ DBusServer *server = NULL;
-+ DBusSocket listen_fd = DBUS_SOCKET_INIT;
-+ DBusString address = _DBUS_STRING_INIT_INVALID;
-+ DBusString cid_str = _DBUS_STRING_INIT_INVALID;
-+ DBusString port_str = _DBUS_STRING_INIT_INVALID;
-+
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+
-+ if (!_dbus_string_init (&address) ||
-+ !_dbus_string_init (&cid_str) ||
-+ !_dbus_string_init (&port_str))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ goto out;
-+ }
-+
-+ listen_fd.fd = _dbus_listen_vsock (cid, port, &cid_str, &port_str, error);
-+ if (!_dbus_socket_is_valid (listen_fd))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ goto out;
-+ }
-+
-+ if (!_dbus_string_append (&address, "vsock:cid=") ||
-+ !_dbus_string_append (&address, _dbus_string_get_const_data (&cid_str)) ||
-+ !_dbus_string_append (&address, ",port=") ||
-+ !_dbus_string_append (&address, _dbus_string_get_const_data (&port_str)))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ goto out;
-+ }
-+
-+ server = _dbus_server_new_for_socket (&listen_fd, 1, &address, NULL, error);
-+ if (server)
-+ _dbus_socket_invalidate (&listen_fd);
-+
-+out:
-+ _dbus_close_socket (listen_fd, NULL);
-+ _dbus_string_free (&cid_str);
-+ _dbus_string_free (&port_str);
-+ _dbus_string_free (&address);
-+ return server;
-+}
-+#endif
-+
- /**
- * Creates a new server listening on TCP.
- * If host is NULL, it will default to localhost.
-diff --git a/dbus/dbus-server-socket.h b/dbus/dbus-server-socket.h
-index ee5bf45f..d2461148 100644
---- a/dbus/dbus-server-socket.h
-+++ b/dbus/dbus-server-socket.h
-@@ -34,6 +34,9 @@ DBusServer* _dbus_server_new_for_socket (DBusSocket *fds,
- const DBusString *address,
- DBusNonceFile *noncefile,
- DBusError *error);
-+DBusServer* _dbus_server_new_for_vsock (const char *cid,
-+ const char *port,
-+ DBusError *error);
- DBusServer* _dbus_server_new_for_autolaunch (const DBusString *address,
- DBusError *error);
- DBUS_PRIVATE_EXPORT
-diff --git a/dbus/dbus-server-unix.c b/dbus/dbus-server-unix.c
-index c7ace2bc..0f34fa8e 100644
---- a/dbus/dbus-server-unix.c
-+++ b/dbus/dbus-server-unix.c
-@@ -287,6 +287,26 @@ _dbus_server_listen_platform_specific (DBusAddressEntry *entry,
- return DBUS_SERVER_LISTEN_DID_NOT_CONNECT;
- }
- }
-+#endif
-+#ifdef DBUS_ENABLE_VSOCK
-+ else if (strcmp (method, "vsock") == 0)
-+ {
-+ const char *vsock_cid_var = dbus_address_entry_get_value (entry, "cid");
-+ const char *vsock_port_var = dbus_address_entry_get_value (entry, "port");
-+ *server_p = _dbus_server_new_for_vsock (vsock_cid_var, vsock_port_var, error);
-+
-+ if (*server_p != NULL)
-+ {
-+ _DBUS_ASSERT_ERROR_IS_CLEAR(error);
-+ return DBUS_SERVER_LISTEN_OK;
-+ }
-+ else
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET(error);
-+ return DBUS_SERVER_LISTEN_DID_NOT_CONNECT;
-+ }
-+
-+ }
- #endif
- else
- {
---
-2.42.0
-
diff --git a/pkgs/dbus/0006-dbus-add-_dbus_connect_vsock.patch b/pkgs/dbus/0006-dbus-add-_dbus_connect_vsock.patch
deleted file mode 100644
index 18ec6d9..0000000
--- a/pkgs/dbus/0006-dbus-add-_dbus_connect_vsock.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 3ac54c0f252cbdedcd86a19822d6f4e736741856 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sun, 10 Jan 2021 00:43:55 +0400
-Subject: [PATCH 6/9] dbus: add _dbus_connect_vsock
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2006 Red Hat, Inc.
-SPDX-FileCopyrightText: 2003 CodeFactory AB
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-sysdeps-unix.c | 47 ++++++++++++++++++++++++++++++++++++++++
- dbus/dbus-sysdeps-unix.h | 3 +++
- 2 files changed, 50 insertions(+)
-
-diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
-index 9a46625a..829219e6 100644
---- a/dbus/dbus-sysdeps-unix.c
-+++ b/dbus/dbus-sysdeps-unix.c
-@@ -1611,6 +1611,53 @@ _dbus_vsock_parse_port (const char *port,
- return TRUE;
- }
-
-+int
-+_dbus_connect_vsock (const char *cid,
-+ const char *port,
-+ DBusError *error)
-+{
-+ int fd;
-+ struct sockaddr_vm sa;
-+
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+
-+ _DBUS_ZERO (sa);
-+ sa.svm_family = AF_VSOCK;
-+
-+ if (!_dbus_vsock_parse_cid (cid, &sa.svm_cid, error) ||
-+ !_dbus_vsock_parse_port (port, &sa.svm_port, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET(error);
-+ return -1;
-+ }
-+
-+ if (!_dbus_open_socket (&fd, AF_VSOCK, SOCK_STREAM, 0, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET(error);
-+ return -1;
-+ }
-+
-+ if (connect (fd, (struct sockaddr *) &sa, sizeof (sa)) < 0)
-+ {
-+ dbus_set_error (error,
-+ _dbus_error_from_errno (errno),
-+ "Failed to connect to vsock CID:%s port:%s: %s",
-+ cid, port, _dbus_strerror (errno));
-+
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ if (!_dbus_set_fd_nonblocking (fd, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ _dbus_close (fd, NULL);
-+ return -1;
-+ }
-+
-+ return fd;
-+}
-+
- int
- _dbus_listen_vsock (const char *cid,
- const char *port,
-diff --git a/dbus/dbus-sysdeps-unix.h b/dbus/dbus-sysdeps-unix.h
-index 49b8f436..8d72b56e 100644
---- a/dbus/dbus-sysdeps-unix.h
-+++ b/dbus/dbus-sysdeps-unix.h
-@@ -73,6 +73,9 @@ int _dbus_listen_unix_socket (const char *path,
- dbus_bool_t abstract,
- DBusError *error);
-
-+int _dbus_connect_vsock (const char *cid,
-+ const char *port,
-+ DBusError *error);
- int _dbus_listen_vsock (const char *cid,
- const char *port,
- DBusString *retcid,
---
-2.42.0
-
diff --git a/pkgs/dbus/0007-dbus-add-vsock-client-support.patch b/pkgs/dbus/0007-dbus-add-vsock-client-support.patch
deleted file mode 100644
index 5115021..0000000
--- a/pkgs/dbus/0007-dbus-add-vsock-client-support.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From cb3a8ab9bd11ec5eafe5798ae8a8825915d8d3a1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sun, 10 Jan 2021 00:44:55 +0400
-Subject: [PATCH 7/9] dbus: add vsock: client support
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2004 Red Hat Inc.
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-transport-unix.c | 80 ++++++++++++++++++++++++++++++++++++++
- 1 file changed, 80 insertions(+)
-
-diff --git a/dbus/dbus-transport-unix.c b/dbus/dbus-transport-unix.c
-index 30c3ba44..6664206c 100644
---- a/dbus/dbus-transport-unix.c
-+++ b/dbus/dbus-transport-unix.c
-@@ -109,6 +109,53 @@ _dbus_transport_new_for_domain_socket (const char *path,
- return NULL;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+static DBusTransport *
-+_dbus_transport_new_for_vsock (const char *cid,
-+ const char *port,
-+ DBusError *error)
-+{
-+ DBusSocket fd = DBUS_SOCKET_INIT;
-+ DBusTransport *transport = NULL;
-+ DBusString address = _DBUS_STRING_INIT_INVALID;
-+
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+
-+ if (!_dbus_string_init (&address))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ goto out;
-+ }
-+
-+ if (!_dbus_string_append_printf (&address, "vsock:cid=%s,port=%s",
-+ cid, port))
-+ {
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+ goto out;
-+ }
-+
-+ fd.fd = _dbus_connect_vsock (cid, port, error);
-+ if (fd.fd < 0)
-+ goto out;
-+
-+ _dbus_verbose ("Successfully connected to CID:%s port:%s\n",
-+ cid, port);
-+
-+ transport = _dbus_transport_new_for_socket (fd, NULL, &address);
-+ if (transport)
-+ /* DBusTransport takes ownership on success */
-+ _dbus_socket_invalidate (&fd);
-+ else
-+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
-+
-+out:
-+ _DBUS_ASSERT_ERROR_XOR_BOOL (error, transport != NULL);
-+ _dbus_close_socket (fd, NULL);
-+ _dbus_string_free (&address);
-+ return transport;
-+}
-+#endif
-+
- /**
- * Creates a new transport for the given binary and arguments. This
- * creates a client-side of a transport. The process will be forked
-@@ -346,6 +393,39 @@ _dbus_transport_open_platform_specific (DBusAddressEntry *entry,
- return DBUS_TRANSPORT_OPEN_OK;
- }
- }
-+#ifdef DBUS_ENABLE_VSOCK
-+ else if (strcmp (method, "vsock") == 0)
-+ {
-+ const char *cid = dbus_address_entry_get_value (entry, "cid");
-+ const char *port = dbus_address_entry_get_value (entry, "port");
-+
-+ if (cid == NULL)
-+ {
-+ _dbus_set_bad_address (error, NULL, NULL,
-+ "Missing vsock CID to connect to");
-+ return DBUS_TRANSPORT_OPEN_BAD_ADDRESS;
-+ }
-+
-+ if (port == NULL)
-+ {
-+ _dbus_set_bad_address (error, NULL, NULL,
-+ "Missing vsock port to connect to");
-+ return DBUS_TRANSPORT_OPEN_BAD_ADDRESS;
-+ }
-+
-+ *transport_p = _dbus_transport_new_for_vsock (cid, port, error);
-+ if (*transport_p == NULL)
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ return DBUS_TRANSPORT_OPEN_DID_NOT_CONNECT;
-+ }
-+ else
-+ {
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+ return DBUS_TRANSPORT_OPEN_OK;
-+ }
-+ }
-+#endif
- #ifdef DBUS_ENABLE_LAUNCHD
- else if (strcmp (method, "launchd") == 0)
- {
---
-2.42.0
-
diff --git a/pkgs/dbus/0008-test-add-simple-loopback-vsock-test.patch b/pkgs/dbus/0008-test-add-simple-loopback-vsock-test.patch
deleted file mode 100644
index 425945b..0000000
--- a/pkgs/dbus/0008-test-add-simple-loopback-vsock-test.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From f007236005cf26015e5dcdccb5161b9f2b85d134 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sat, 9 Jan 2021 22:05:53 +0400
-Subject: [PATCH 8/9] test: add simple loopback vsock: test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: GPL-2.0-or-later
-SPDX-FileCopyrightText: 2010-2012 Nokia Corporation
-SPDX-FileCopyrightText: 2013-2015 Collabora Ltd.
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- test/loopback.c | 40 ++++++++++++++++++++++++++++++++++++++++
- test/test-utils-glib.c | 10 ++++++++++
- test/test-utils-glib.h | 1 +
- 3 files changed, 51 insertions(+)
-
-diff --git a/test/loopback.c b/test/loopback.c
-index f89f5a95..f02ef8d6 100644
---- a/test/loopback.c
-+++ b/test/loopback.c
-@@ -35,6 +35,10 @@
-
- #include <errno.h>
- #include <string.h>
-+#ifdef DBUS_ENABLE_VSOCK
-+#include <sys/socket.h>
-+#include <linux/vm_sockets.h>
-+#endif
-
- #include "test-utils-glib.h"
-
-@@ -107,6 +111,15 @@ setup (Fixture *f,
- return;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+ if ((g_str_has_prefix (addr, "vsock:") &&
-+ !test_check_vsock_works ()))
-+ {
-+ f->skip = TRUE;
-+ return;
-+ }
-+#endif
-+
- f->server = dbus_server_listen (addr, &f->e);
- assert_no_error (&f->e);
- g_assert (f->server != NULL);
-@@ -260,6 +273,28 @@ test_connect (Fixture *f,
- /* No particular statement about the path here: for that see
- * setup_runtime() and setup_no_runtime() */
- }
-+#endif
-+#ifdef DBUS_ENABLE_VSOCK
-+ else if (g_strcmp0 (listening_address, "vsock:") == 0)
-+ {
-+ DBusString addr_str;
-+ const char *cid = dbus_address_entry_get_value (entries[0], "cid");
-+ const char *port = dbus_address_entry_get_value (entries[0], "port");
-+
-+ g_assert_cmpstr (dbus_address_entry_get_method (entries[0]), ==, "vsock");
-+
-+ g_assert_nonnull (cid);
-+ g_assert_cmpstr (cid, ==, "4294967295");
-+ dbus_free (address);
-+ address = NULL;
-+
-+ _dbus_string_init (&addr_str);
-+ _dbus_string_append_printf (&addr_str, "vsock:cid=%u,port=%s",
-+ 1 /* VMADDR_CID_LOCAL */, port);
-+ _dbus_string_steal_data (&addr_str, &address);
-+ _dbus_string_free (&addr_str);
-+ g_assert_nonnull (address);
-+ }
- #endif
- else
- {
-@@ -523,6 +558,11 @@ main (int argc,
- test_bad_guid, teardown);
- #endif
-
-+#ifdef DBUS_ENABLE_VSOCK
-+ g_test_add ("/connect/vsock", Fixture, "vsock:", setup,
-+ test_connect, teardown);
-+#endif
-+
- ret = g_test_run ();
- dbus_shutdown ();
- return ret;
-diff --git a/test/test-utils-glib.c b/test/test-utils-glib.c
-index 2aafb03e..de24f685 100644
---- a/test/test-utils-glib.c
-+++ b/test/test-utils-glib.c
-@@ -899,6 +899,16 @@ test_check_tcp_works (void)
- #endif
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+gboolean
-+test_check_vsock_works (void)
-+{
-+ int fd = socket (AF_VSOCK, SOCK_STREAM, 0);
-+ g_close (fd, NULL);
-+ return fd >= 0;
-+}
-+#endif
-+
- /*
- * Store the result of an async operation. @user_data is a pointer to a
- * variable that can store @result, initialized to %NULL.
-diff --git a/test/test-utils-glib.h b/test/test-utils-glib.h
-index c4a2c543..d24cb382 100644
---- a/test/test-utils-glib.h
-+++ b/test/test-utils-glib.h
-@@ -131,6 +131,7 @@ backported_g_steal_pointer (gpointer pointer_to_pointer)
- #endif
-
- gboolean test_check_tcp_works (void);
-+gboolean test_check_vsock_works (void);
-
- void test_store_result_cb (GObject *source_object,
- GAsyncResult *result,
---
-2.42.0
-
diff --git a/pkgs/dbus/0009-vsock-add-allow-CIDs.-on-listenable-address.patch b/pkgs/dbus/0009-vsock-add-allow-CIDs.-on-listenable-address.patch
deleted file mode 100644
index cdf096f..0000000
--- a/pkgs/dbus/0009-vsock-add-allow-CIDs.-on-listenable-address.patch
+++ /dev/null
@@ -1,255 +0,0 @@
-From db3dfe2fc8732a5d431c7bf5d07da8e17731b1fa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Thu, 14 Jan 2021 17:30:51 +0400
-Subject: [PATCH 9/9] vsock: add allow=CIDs... on listenable address
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
-SPDX-FileCopyrightText: 2002, 2003, 2004, 2006 Red Hat Inc.
-SPDX-FileCopyrightText: The D-Bus Authors
-
-Limit access to peer CID listed in the allow= list.
-
-When several CIDs are given, the comma will need to be percent-encoded.
-
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
----
- dbus/dbus-server-socket.c | 111 +++++++++++++++++++++++++++++++++++++
- dbus/dbus-server-socket.h | 1 +
- dbus/dbus-server-unix.c | 5 +-
- doc/dbus-specification.xml | 8 +++
- 4 files changed, 124 insertions(+), 1 deletion(-)
-
-diff --git a/dbus/dbus-server-socket.c b/dbus/dbus-server-socket.c
-index 074b2dfd..581a231e 100644
---- a/dbus/dbus-server-socket.c
-+++ b/dbus/dbus-server-socket.c
-@@ -32,6 +32,8 @@
- #ifdef DBUS_ENABLE_VSOCK
- #include "dbus-sysdeps.h"
- #include "dbus-sysdeps-unix.h"
-+#include <sys/socket.h>
-+#include <linux/vm_sockets.h>
- #endif
-
- /**
-@@ -59,6 +61,10 @@ struct DBusServerSocket
- DBusWatch **watch; /**< File descriptor watch. */
- char *socket_name; /**< Name of domain socket, to unlink if appropriate */
- DBusNonceFile *noncefile; /**< Nonce file used to authenticate clients */
-+#ifdef DBUS_ENABLE_VSOCK
-+ int n_allow_cids; /**< Number of allowed CIDs. */
-+ unsigned int *allow_cids; /**< Allowed CIDs. */
-+#endif
- };
-
- static void
-@@ -76,6 +82,9 @@ socket_finalize (DBusServer *server)
- socket_server->watch[i] = NULL;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+ dbus_free (socket_server->allow_cids);
-+#endif
- dbus_free (socket_server->fds);
- dbus_free (socket_server->watch);
- dbus_free (socket_server->socket_name);
-@@ -157,6 +166,37 @@ handle_new_client_fd_and_unlock (DBusServer *server,
- return TRUE;
- }
-
-+#ifdef DBUS_ENABLE_VSOCK
-+static dbus_bool_t
-+_dbus_server_allow_vsock_client (DBusServerSocket *server, DBusSocket client_fd)
-+{
-+ struct sockaddr_vm sa;
-+ socklen_t len;
-+ int n;
-+
-+ if (server->n_allow_cids == 0)
-+ return TRUE;
-+
-+ _DBUS_ZERO (sa);
-+ len = sizeof (sa);
-+ if (getpeername (_dbus_socket_get_int (client_fd), (struct sockaddr *)&sa, &len) < 0)
-+ {
-+ int saved_errno;
-+ saved_errno = _dbus_save_socket_errno ();
-+ _dbus_verbose ("Failed to getpeername(): %s\n", _dbus_strerror (saved_errno));
-+ return FALSE;
-+ }
-+
-+ for (n = 0; n < server->n_allow_cids; n++)
-+ {
-+ if (server->allow_cids[n] == sa.svm_cid)
-+ return TRUE;
-+ }
-+
-+ return FALSE;
-+}
-+#endif
-+
- static dbus_bool_t
- socket_handle_watch (DBusWatch *watch,
- unsigned int flags,
-@@ -196,6 +236,14 @@ socket_handle_watch (DBusWatch *watch,
- else
- client_fd = _dbus_accept (listen_fd);
-
-+#ifdef DBUS_ENABLE_VSOCK
-+ if (!_dbus_server_allow_vsock_client (socket_server, client_fd))
-+ {
-+ _dbus_close_socket (client_fd, NULL);
-+ _dbus_socket_invalidate (&client_fd);
-+ }
-+#endif
-+
- saved_errno = _dbus_save_socket_errno ();
-
- if (!_dbus_socket_is_valid (client_fd))
-@@ -400,19 +448,76 @@ failed:
- }
-
- #ifdef DBUS_ENABLE_VSOCK
-+static dbus_bool_t
-+_dbus_vsock_parse_cid_list (const char *list,
-+ unsigned int **ret_list_cids,
-+ int *ret_n_list_cids,
-+ DBusError *error)
-+{
-+ DBusString list_str;
-+ unsigned int *list_cids = NULL;
-+ int n = 0;
-+ int pos;
-+ int end;
-+
-+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-+
-+ if (!list)
-+ goto end;
-+
-+ // over-allocate
-+ end = strlen (list);
-+ list_cids = dbus_new0 (unsigned int, end);
-+
-+ _dbus_string_init_const (&list_str, list);
-+ for (pos = 0, n = 0; pos < end; ) {
-+ unsigned long val;
-+
-+ if (!_dbus_string_parse_uint (&list_str, pos, &val, &pos) ||
-+ val > _DBUS_UINT32_MAX ||
-+ (list[pos] && list[pos] != ','))
-+ {
-+ dbus_set_error (error,
-+ DBUS_ERROR_BAD_ADDRESS,
-+ "Failed to parse VSOCK CID list '%s'", list);
-+ dbus_free (list_cids);
-+ return FALSE;
-+ }
-+
-+ list_cids[n++] = val;
-+ pos++;
-+ }
-+
-+end:
-+ *ret_list_cids = list_cids;
-+ *ret_n_list_cids = n;
-+
-+ return TRUE;
-+}
-+
- DBusServer *
- _dbus_server_new_for_vsock (const char *cid,
- const char *port,
-+ const char *allow,
- DBusError *error)
- {
- DBusServer *server = NULL;
-+ DBusServerSocket *server_socket = NULL;
- DBusSocket listen_fd = DBUS_SOCKET_INIT;
- DBusString address = _DBUS_STRING_INIT_INVALID;
- DBusString cid_str = _DBUS_STRING_INIT_INVALID;
- DBusString port_str = _DBUS_STRING_INIT_INVALID;
-+ unsigned int *allow_cids = NULL;
-+ int n_allow_cids = 0;
-
- _DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
-+ if (!_dbus_vsock_parse_cid_list (allow, &allow_cids, &n_allow_cids, error))
-+ {
-+ _DBUS_ASSERT_ERROR_IS_SET (error);
-+ goto out;
-+ }
-+
- if (!_dbus_string_init (&address) ||
- !_dbus_string_init (&cid_str) ||
- !_dbus_string_init (&port_str))
-@@ -441,11 +546,17 @@ _dbus_server_new_for_vsock (const char *cid,
- if (server)
- _dbus_socket_invalidate (&listen_fd);
-
-+ server_socket = (DBusServerSocket *)server;
-+ server_socket->n_allow_cids = n_allow_cids;
-+ server_socket->allow_cids = allow_cids;
-+ allow_cids = NULL;
-+
- out:
- _dbus_close_socket (listen_fd, NULL);
- _dbus_string_free (&cid_str);
- _dbus_string_free (&port_str);
- _dbus_string_free (&address);
-+ dbus_free (allow_cids);
- return server;
- }
- #endif
-diff --git a/dbus/dbus-server-socket.h b/dbus/dbus-server-socket.h
-index d2461148..62b61aac 100644
---- a/dbus/dbus-server-socket.h
-+++ b/dbus/dbus-server-socket.h
-@@ -36,6 +36,7 @@ DBusServer* _dbus_server_new_for_socket (DBusSocket *fds,
- DBusError *error);
- DBusServer* _dbus_server_new_for_vsock (const char *cid,
- const char *port,
-+ const char *allow,
- DBusError *error);
- DBusServer* _dbus_server_new_for_autolaunch (const DBusString *address,
- DBusError *error);
-diff --git a/dbus/dbus-server-unix.c b/dbus/dbus-server-unix.c
-index 0f34fa8e..1809cecc 100644
---- a/dbus/dbus-server-unix.c
-+++ b/dbus/dbus-server-unix.c
-@@ -293,7 +293,10 @@ _dbus_server_listen_platform_specific (DBusAddressEntry *entry,
- {
- const char *vsock_cid_var = dbus_address_entry_get_value (entry, "cid");
- const char *vsock_port_var = dbus_address_entry_get_value (entry, "port");
-- *server_p = _dbus_server_new_for_vsock (vsock_cid_var, vsock_port_var, error);
-+ const char *vsock_allow_var = dbus_address_entry_get_value (entry, "allow");
-+
-+ *server_p = _dbus_server_new_for_vsock (vsock_cid_var, vsock_port_var,
-+ vsock_allow_var, error);
-
- if (*server_p != NULL)
- {
-diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
-index 775928c0..25dab7af 100644
---- a/doc/dbus-specification.xml
-+++ b/doc/dbus-specification.xml
-@@ -3740,6 +3740,14 @@
- port numbers.
- </entry>
- </row>
-+ <row>
-+ <entry>allow</entry>
-+ <entry>(comma-separated 32 bits unsigned numbers)</entry>
-+ <entry>
-+ Used on listenable address, to configure the list of allowed peer
-+ CID. If unset, all CID peers are allowed to connect.
-+ </entry>
-+ </row>
- </tbody>
- </tgroup>
- </informaltable>
---
-2.42.0
-
diff --git a/pkgs/dbus/default.nix b/pkgs/dbus/default.nix
deleted file mode 100644
index a17ffb9..0000000
--- a/pkgs/dbus/default.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
-# SPDX-License-Identifier: MIT
-
-import ../../lib/overlay-package.nix [ "dbus" ] ({ final, super }:
-
-super.dbus.overrideAttrs ({ configureFlags ? [], patches ? [], ... }: {
- patches = patches ++ [
- # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/200
- ./0001-doc-add-vsock-address-format-to-the-spec.patch
- ./0002-build-sys-add-enable-vsock-option.patch
- ./0003-unix-add-vsock-support-to-_dbus_append_address_from_.patch
- ./0004-dbus-add-_dbus_listen_vsock.patch
- ./0005-dbus-add-vsock-server-support.patch
- ./0006-dbus-add-_dbus_connect_vsock.patch
- ./0007-dbus-add-vsock-client-support.patch
- ./0008-test-add-simple-loopback-vsock-test.patch
- ./0009-vsock-add-allow-CIDs.-on-listenable-address.patch
- ];
-
- configureFlags = configureFlags ++ [
- "--enable-vsock"
- ];
-
- separateDebugInfo = true;
-}))
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index 2987e7c..55cb00c 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -3,6 +3,4 @@
(final: super: {
cloud-hypervisor = import ./cloud-hypervisor { inherit final super; };
-
- dbus = import ./dbus { inherit final super; };
})
--
2.51.0
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
@ 2025-11-13 17:46 ` Demi Marie Obenour
2025-11-13 17:56 ` Alyssa Ross
2025-11-17 22:19 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
2 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-13 17:46 UTC (permalink / raw)
To: Alyssa Ross, devel
[-- Attachment #1.1.1: Type: text/plain, Size: 6922 bytes --]
On 11/13/25 06:10, Alyssa Ross wrote:
> After working on it for a while, I decided that it complicated the
> D-Bus security model too much to upstream VSOCK support for the bus.
> Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK
> patches.
>
> The new dbus-vsock service starts before dbus-daemon to ensure that
> VSOCK connections can be received as soon as
> org.freedesktop.impl.portal.desktop.spectrum is started. When a
> connection is received (which should only be after the bus is up and
> has started org.freedesktop.impl.portal.desktop.spectrum), it will be
> relayed to the bus.
>
> Sadly we do still need to allow ANONYMOUS authentication for now[1].
Could this be worked around with a proxy?
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1]
> ---
> img/app/default.nix | 4 +-
> img/app/file-list.mk | 5 +++
> img/app/image/etc/dbus-1/session.conf | 1 -
> .../XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT | 1 +
> ...DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license | 2 +
> .../etc/s6-rc/dbus-vsock/notification-fd | 1 +
> .../s6-rc/dbus-vsock/notification-fd.license | 2 +
> img/app/image/etc/s6-rc/dbus-vsock/run | 17 +++++++
> img/app/image/etc/s6-rc/dbus-vsock/type | 1 +
> .../image/etc/s6-rc/dbus-vsock/type.license | 2 +
> .../etc/s6-rc/dbus/dependencies.d/dbus-vsock | 0
> img/app/image/etc/s6-rc/dbus/run | 2 -
> tools/default.nix | 5 +--
> tools/xdg-desktop-portal-spectrum/meson.build | 3 --
> .../xdg-desktop-portal-spectrum.c | 45 ++++++-------------
> 15 files changed, 49 insertions(+), 42 deletions(-)
> create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> create mode 100755 img/app/image/etc/s6-rc/dbus-vsock/run
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type.license
> create mode 100644 img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock
>
> diff --git a/img/app/default.nix b/img/app/default.nix
> index 08cb2cd..6490ac2 100644
> --- a/img/app/default.nix
> +++ b/img/app/default.nix
> @@ -71,6 +71,8 @@ let
> pkgs.s6
> pkgs.s6-linux-init
> pkgs.s6-rc
> + pkgs.socat
> + pkgs.systemd
> pkgs.wayland-proxy-virtwl
> pkgs.wireplumber
> pkgs.xdg-desktop-portal
> @@ -88,7 +90,7 @@ let
> } ''
> mkdir $out
> lndir -ignorelinks -silent ${appimageFhsenv} $out
> - rm $out/etc/dbus-1/session.conf
> + rm $out/etc/dbus-1/session.conf $out/usr/bin/init
> '';
> in
>
> diff --git a/img/app/file-list.mk b/img/app/file-list.mk
> index 0b4d3d1..6934975 100644
> --- a/img/app/file-list.mk
> +++ b/img/app/file-list.mk
> @@ -17,6 +17,7 @@ FILES = \
> image/etc/s6-linux-init/env/GTK_USE_PORTAL \
> image/etc/s6-linux-init/env/NIX_XDG_DESKTOP_PORTAL_DIR \
> image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
> + image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT \
> image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
> image/etc/s6-linux-init/run-image/service/getty-hvc0/run \
> image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/notification-fd \
> @@ -39,6 +40,10 @@ S6_RC_FILES = \
> image/etc/s6-rc/app/dependencies.d/wayland-proxy-virtwl \
> image/etc/s6-rc/app/run \
> image/etc/s6-rc/app/type \
> + image/etc/s6-rc/dbus-vsock/notification-fd \
> + image/etc/s6-rc/dbus-vsock/run \
> + image/etc/s6-rc/dbus-vsock/type \
> + image/etc/s6-rc/dbus/dependencies.d/dbus-vsock \
> image/etc/s6-rc/dbus/notification-fd \
> image/etc/s6-rc/dbus/run \
> image/etc/s6-rc/dbus/type \
> diff --git a/img/app/image/etc/dbus-1/session.conf b/img/app/image/etc/dbus-1/session.conf
> index 751a788..d31f4b9 100644
> --- a/img/app/image/etc/dbus-1/session.conf
> +++ b/img/app/image/etc/dbus-1/session.conf
> @@ -19,7 +19,6 @@
> default config file with an address override on the command
> line, because command line address can only be given once.
> So that's why we need a whole custom session.conf. -->
> - <listen>vsock:</listen>
> <listen>unix:path=/run/session-bus</listen>
>
> <auth>EXTERNAL</auth>
> diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> new file mode 100644
> index 0000000..037ba97
> --- /dev/null
> +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> @@ -0,0 +1 @@
> +219
> diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> new file mode 100644
> index 0000000..0d3d47c
> --- /dev/null
> +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> @@ -0,0 +1,2 @@
> +SPDX-License-Identifier: CC0-1.0
> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> new file mode 100644
> index 0000000..00750ed
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> @@ -0,0 +1 @@
> +3
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> new file mode 100644
> index 0000000..0d3d47c
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> @@ -0,0 +1,2 @@
> +SPDX-License-Identifier: CC0-1.0
> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
> new file mode 100755
> index 0000000..37fae7d
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
> @@ -0,0 +1,17 @@
> +#!/bin/execlineb -P
> +# SPDX-License-Identifier: EUPL-1.2+
> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> +
> +if { modprobe vsock }
> +
> +export LISTEN_FDS 1
> +getpid LISTEN_PID
> +export SYSTEMD_LOG_LEVEL notice
> +
> +systemd-socket-activate -l vsock::219 --now
> +
> +# Notify readiness.
> +if { fdmove 1 3 echo }
> +fdclose 3
> +
> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
I'd prefer to use NOTIFY_SOCKET here.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 17:46 ` Demi Marie Obenour
@ 2025-11-13 17:56 ` Alyssa Ross
2025-11-13 19:32 ` Demi Marie Obenour
0 siblings, 1 reply; 15+ messages in thread
From: Alyssa Ross @ 2025-11-13 17:56 UTC (permalink / raw)
To: Demi Marie Obenour, devel
[-- Attachment #1: Type: text/plain, Size: 2317 bytes --]
Demi Marie Obenour <demiobenour@gmail.com> writes:
> On 11/13/25 06:10, Alyssa Ross wrote:
>> After working on it for a while, I decided that it complicated the
>> D-Bus security model too much to upstream VSOCK support for the bus.
>> Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK
>> patches.
>>
>> The new dbus-vsock service starts before dbus-daemon to ensure that
>> VSOCK connections can be received as soon as
>> org.freedesktop.impl.portal.desktop.spectrum is started. When a
>> connection is received (which should only be after the bus is up and
>> has started org.freedesktop.impl.portal.desktop.spectrum), it will be
>> relayed to the bus.
>>
>> Sadly we do still need to allow ANONYMOUS authentication for now[1].
>
> Could this be worked around with a proxy?
>
>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>> Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1]
Sounds like a lot more work than fixing the underlying zbus issue, which
already has a PR since I sent the patch.
>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>> new file mode 100644
>> index 0000000..0d3d47c
>> --- /dev/null
>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>> @@ -0,0 +1,2 @@
>> +SPDX-License-Identifier: CC0-1.0
>> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
>> new file mode 100755
>> index 0000000..37fae7d
>> --- /dev/null
>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
>> @@ -0,0 +1,17 @@
>> +#!/bin/execlineb -P
>> +# SPDX-License-Identifier: EUPL-1.2+
>> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>> +
>> +if { modprobe vsock }
>> +
>> +export LISTEN_FDS 1
>> +getpid LISTEN_PID
>> +export SYSTEMD_LOG_LEVEL notice
>> +
>> +systemd-socket-activate -l vsock::219 --now
>> +
>> +# Notify readiness.
>> +if { fdmove 1 3 echo }
>> +fdclose 3
>> +
>> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
>
> I'd prefer to use NOTIFY_SOCKET here.
Then we have to run a whole background process to translate the
systemd protocol to the s6 one. Doesn't seem worth it to me.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 17:56 ` Alyssa Ross
@ 2025-11-13 19:32 ` Demi Marie Obenour
2025-11-14 11:45 ` Alyssa Ross
0 siblings, 1 reply; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-13 19:32 UTC (permalink / raw)
To: Alyssa Ross, devel
[-- Attachment #1.1.1: Type: text/plain, Size: 2554 bytes --]
On 11/13/25 12:56, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
>
>> On 11/13/25 06:10, Alyssa Ross wrote:
>>> After working on it for a while, I decided that it complicated the
>>> D-Bus security model too much to upstream VSOCK support for the bus.
>>> Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK
>>> patches.
>>>
>>> The new dbus-vsock service starts before dbus-daemon to ensure that
>>> VSOCK connections can be received as soon as
>>> org.freedesktop.impl.portal.desktop.spectrum is started. When a
>>> connection is received (which should only be after the bus is up and
>>> has started org.freedesktop.impl.portal.desktop.spectrum), it will be
>>> relayed to the bus.
>>>
>>> Sadly we do still need to allow ANONYMOUS authentication for now[1].
>>
>> Could this be worked around with a proxy?
>>
>>> Signed-off-by: Alyssa Ross <hi@alyssa.is>
>>> Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1]
>
> Sounds like a lot more work than fixing the underlying zbus issue, which
> already has a PR since I sent the patch.
That it is.
>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>> new file mode 100644
>>> index 0000000..0d3d47c
>>> --- /dev/null
>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>> @@ -0,0 +1,2 @@
>>> +SPDX-License-Identifier: CC0-1.0
>>> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
>>> new file mode 100755
>>> index 0000000..37fae7d
>>> --- /dev/null
>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
>>> @@ -0,0 +1,17 @@
>>> +#!/bin/execlineb -P
>>> +# SPDX-License-Identifier: EUPL-1.2+
>>> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>> +
>>> +if { modprobe vsock }
>>> +
>>> +export LISTEN_FDS 1
>>> +getpid LISTEN_PID
>>> +export SYSTEMD_LOG_LEVEL notice
>>> +
>>> +systemd-socket-activate -l vsock::219 --now
>>> +
>>> +# Notify readiness.
>>> +if { fdmove 1 3 echo }
>>> +fdclose 3
>>> +
>>> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
>>
>> I'd prefer to use NOTIFY_SOCKET here.
>
> Then we have to run a whole background process to translate the
> systemd protocol to the s6 one. Doesn't seem worth it to me.
Whoops, wrong environment variable name :). I meant $LISTEN_FDS.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 19:32 ` Demi Marie Obenour
@ 2025-11-14 11:45 ` Alyssa Ross
2025-11-14 22:15 ` Demi Marie Obenour
2025-11-17 22:08 ` Demi Marie Obenour
0 siblings, 2 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-14 11:45 UTC (permalink / raw)
To: Demi Marie Obenour; +Cc: devel
[-- Attachment #1: Type: text/plain, Size: 1741 bytes --]
Demi Marie Obenour <demiobenour@gmail.com> writes:
> On 11/13/25 12:56, Alyssa Ross wrote:
>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>
>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>> new file mode 100644
>>>> index 0000000..0d3d47c
>>>> --- /dev/null
>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>> @@ -0,0 +1,2 @@
>>>> +SPDX-License-Identifier: CC0-1.0
>>>> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>> new file mode 100755
>>>> index 0000000..37fae7d
>>>> --- /dev/null
>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>> @@ -0,0 +1,17 @@
>>>> +#!/bin/execlineb -P
>>>> +# SPDX-License-Identifier: EUPL-1.2+
>>>> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>> +
>>>> +if { modprobe vsock }
>>>> +
>>>> +export LISTEN_FDS 1
>>>> +getpid LISTEN_PID
>>>> +export SYSTEMD_LOG_LEVEL notice
>>>> +
>>>> +systemd-socket-activate -l vsock::219 --now
>>>> +
>>>> +# Notify readiness.
>>>> +if { fdmove 1 3 echo }
>>>> +fdclose 3
>>>> +
>>>> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
>>>
>>> I'd prefer to use NOTIFY_SOCKET here.
>>
>> Then we have to run a whole background process to translate the
>> systemd protocol to the s6 one. Doesn't seem worth it to me.
> Whoops, wrong environment variable name :). I meant $LISTEN_FDS.
I still don't understand what you mean. You'd like this to calculate
2 + LISTEN_FDS, and substitute that into the socat command line, even
though we know the result will always be 4?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-14 11:45 ` Alyssa Ross
@ 2025-11-14 22:15 ` Demi Marie Obenour
2025-11-17 22:08 ` Demi Marie Obenour
1 sibling, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-14 22:15 UTC (permalink / raw)
To: Alyssa Ross; +Cc: devel
[-- Attachment #1.1.1: Type: text/plain, Size: 2002 bytes --]
On 11/14/25 06:45, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
>
>> On 11/13/25 12:56, Alyssa Ross wrote:
>>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>>
>>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>>> new file mode 100644
>>>>> index 0000000..0d3d47c
>>>>> --- /dev/null
>>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>>> @@ -0,0 +1,2 @@
>>>>> +SPDX-License-Identifier: CC0-1.0
>>>>> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>>> new file mode 100755
>>>>> index 0000000..37fae7d
>>>>> --- /dev/null
>>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>>> @@ -0,0 +1,17 @@
>>>>> +#!/bin/execlineb -P
>>>>> +# SPDX-License-Identifier: EUPL-1.2+
>>>>> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>>> +
>>>>> +if { modprobe vsock }
>>>>> +
>>>>> +export LISTEN_FDS 1
>>>>> +getpid LISTEN_PID
>>>>> +export SYSTEMD_LOG_LEVEL notice
>>>>> +
>>>>> +systemd-socket-activate -l vsock::219 --now
>>>>> +
>>>>> +# Notify readiness.
>>>>> +if { fdmove 1 3 echo }
>>>>> +fdclose 3
>>>>> +
>>>>> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
>>>>
>>>> I'd prefer to use NOTIFY_SOCKET here.
>>>
>>> Then we have to run a whole background process to translate the
>>> systemd protocol to the s6 one. Doesn't seem worth it to me.
>> Whoops, wrong environment variable name :). I meant $LISTEN_FDS.
>
> I still don't understand what you mean. You'd like this to calculate
> 2 + LISTEN_FDS, and substitute that into the socat command line, even
> though we know the result will always be 4?
Oh, I hadn't thought of that. systemd does support named file
descriptors, which do need a more complex calculation.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/3] img/app: move init to /usr/bin
2025-11-13 11:10 [PATCH 1/3] img/app: move init to /usr/bin Alyssa Ross
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
2025-11-13 11:10 ` [PATCH 3/3] pkgs: remove dbus overlay Alyssa Ross
@ 2025-11-17 22:07 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
3 siblings, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-17 22:07 UTC (permalink / raw)
To: Alyssa Ross, devel
[-- Attachment #1.1.1: Type: text/plain, Size: 1725 bytes --]
On 11/13/25 06:10, Alyssa Ross wrote:
> /sbin/init (which for us is /usr/bin/init via the /sbin symlink) is
> the highest precedence path for init in the kernel. If we keep our
> init at /etc/init, installing a package (like systemd) that provides
> its own init will quietly take precedence over our own. Let's claim
> this path for ourselves, so adding init from a package will fail
> loudly.
>
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> ---
> img/app/file-list.mk | 4 ++--
> img/app/image/{etc => usr/bin}/init | 0
> 2 files changed, 2 insertions(+), 2 deletions(-)
> rename img/app/image/{etc => usr/bin}/init (100%)
>
> diff --git a/img/app/file-list.mk b/img/app/file-list.mk
> index 506ab7a..0b4d3d1 100644
> --- a/img/app/file-list.mk
> +++ b/img/app/file-list.mk
> @@ -4,7 +4,6 @@
> FILES = \
> image/etc/dbus-1/session.conf \
> image/etc/fstab \
> - image/etc/init \
> image/etc/mdev.conf \
> image/etc/mdev/iface \
> image/etc/mdev/listen \
> @@ -26,7 +25,8 @@ FILES = \
> image/etc/s6-linux-init/scripts/rc.shutdown \
> image/etc/s6-linux-init/scripts/rc.shutdown.final \
> image/etc/wireplumber/wireplumber.conf.d/99_spectrum.conf \
> - image/etc/xdg/xdg-desktop-portal/portals.conf
> + image/etc/xdg/xdg-desktop-portal/portals.conf \
> + image/usr/bin/init
>
> LINKS = \
> image/bin \
> diff --git a/img/app/image/etc/init b/img/app/image/usr/bin/init
> similarity index 100%
> rename from img/app/image/etc/init
> rename to img/app/image/usr/bin/init
>
> base-commit: 651da813154329e8398a23dbaabdeef633c1f2a6
Reviewed-by: Demi Marie Obenour <demiobenour@gmail.com>
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-14 11:45 ` Alyssa Ross
2025-11-14 22:15 ` Demi Marie Obenour
@ 2025-11-17 22:08 ` Demi Marie Obenour
1 sibling, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-17 22:08 UTC (permalink / raw)
To: Alyssa Ross; +Cc: devel
[-- Attachment #1.1.1: Type: text/plain, Size: 1980 bytes --]
On 11/14/25 06:45, Alyssa Ross wrote:
> Demi Marie Obenour <demiobenour@gmail.com> writes:
>
>> On 11/13/25 12:56, Alyssa Ross wrote:
>>> Demi Marie Obenour <demiobenour@gmail.com> writes:
>>>
>>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>>> new file mode 100644
>>>>> index 0000000..0d3d47c
>>>>> --- /dev/null
>>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
>>>>> @@ -0,0 +1,2 @@
>>>>> +SPDX-License-Identifier: CC0-1.0
>>>>> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>>> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>>> new file mode 100755
>>>>> index 0000000..37fae7d
>>>>> --- /dev/null
>>>>> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
>>>>> @@ -0,0 +1,17 @@
>>>>> +#!/bin/execlineb -P
>>>>> +# SPDX-License-Identifier: EUPL-1.2+
>>>>> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
>>>>> +
>>>>> +if { modprobe vsock }
>>>>> +
>>>>> +export LISTEN_FDS 1
>>>>> +getpid LISTEN_PID
>>>>> +export SYSTEMD_LOG_LEVEL notice
>>>>> +
>>>>> +systemd-socket-activate -l vsock::219 --now
>>>>> +
>>>>> +# Notify readiness.
>>>>> +if { fdmove 1 3 echo }
>>>>> +fdclose 3
>>>>> +
>>>>> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
>>>>
>>>> I'd prefer to use NOTIFY_SOCKET here.
>>>
>>> Then we have to run a whole background process to translate the
>>> systemd protocol to the s6 one. Doesn't seem worth it to me.
>> Whoops, wrong environment variable name :). I meant $LISTEN_FDS.
>
> I still don't understand what you mean. You'd like this to calculate
> 2 + LISTEN_FDS, and substitute that into the socat command line, even
> though we know the result will always be 4?
Nevermind, your version is fine. I wasn't sure this is a stable API
but I'm pretty sure it is.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 3/3] pkgs: remove dbus overlay
2025-11-13 11:10 ` [PATCH 3/3] pkgs: remove dbus overlay Alyssa Ross
@ 2025-11-17 22:13 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
1 sibling, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-17 22:13 UTC (permalink / raw)
To: Alyssa Ross, devel
[-- Attachment #1.1.1: Type: text/plain, Size: 338 bytes --]
On 11/13/25 06:10, Alyssa Ross wrote:
> We ended up going with socat forwarding VSOCK to unix inside guests,
> so these patches are no longer necessary.
>
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
For deleting the overlay:
Acked-by: Demi Marie Obenour <demiobenour@gmail.com>
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
2025-11-13 17:46 ` Demi Marie Obenour
@ 2025-11-17 22:19 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
2 siblings, 0 replies; 15+ messages in thread
From: Demi Marie Obenour @ 2025-11-17 22:19 UTC (permalink / raw)
To: Alyssa Ross, devel
[-- Attachment #1.1.1: Type: text/plain, Size: 12492 bytes --]
On 11/13/25 06:10, Alyssa Ross wrote:
> After working on it for a while, I decided that it complicated the
> D-Bus security model too much to upstream VSOCK support for the bus.
> Proxying D-Bus with socat will allow us to drop the D-Bus VSOCK
> patches.
>
> The new dbus-vsock service starts before dbus-daemon to ensure that
> VSOCK connections can be received as soon as
> org.freedesktop.impl.portal.desktop.spectrum is started. When a
> connection is received (which should only be after the bus is up and
> has started org.freedesktop.impl.portal.desktop.spectrum), it will be
> relayed to the bus.
>
> Sadly we do still need to allow ANONYMOUS authentication for now[1].
>
> Signed-off-by: Alyssa Ross <hi@alyssa.is>
> Link: https://github.com/z-galaxy/zbus/issues/1003#issuecomment-3523214990 [1]
> ---
> img/app/default.nix | 4 +-
> img/app/file-list.mk | 5 +++
> img/app/image/etc/dbus-1/session.conf | 1 -
> .../XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT | 1 +
> ...DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license | 2 +
> .../etc/s6-rc/dbus-vsock/notification-fd | 1 +
> .../s6-rc/dbus-vsock/notification-fd.license | 2 +
> img/app/image/etc/s6-rc/dbus-vsock/run | 17 +++++++
> img/app/image/etc/s6-rc/dbus-vsock/type | 1 +
> .../image/etc/s6-rc/dbus-vsock/type.license | 2 +
> .../etc/s6-rc/dbus/dependencies.d/dbus-vsock | 0
> img/app/image/etc/s6-rc/dbus/run | 2 -
> tools/default.nix | 5 +--
> tools/xdg-desktop-portal-spectrum/meson.build | 3 --
> .../xdg-desktop-portal-spectrum.c | 45 ++++++-------------
> 15 files changed, 49 insertions(+), 42 deletions(-)
> create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> create mode 100644 img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> create mode 100755 img/app/image/etc/s6-rc/dbus-vsock/run
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type
> create mode 100644 img/app/image/etc/s6-rc/dbus-vsock/type.license
> create mode 100644 img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock
>
> diff --git a/img/app/default.nix b/img/app/default.nix
> index 08cb2cd..6490ac2 100644
> --- a/img/app/default.nix
> +++ b/img/app/default.nix
> @@ -71,6 +71,8 @@ let
> pkgs.s6
> pkgs.s6-linux-init
> pkgs.s6-rc
> + pkgs.socat
> + pkgs.systemd
> pkgs.wayland-proxy-virtwl
> pkgs.wireplumber
> pkgs.xdg-desktop-portal
> @@ -88,7 +90,7 @@ let
> } ''
> mkdir $out
> lndir -ignorelinks -silent ${appimageFhsenv} $out
> - rm $out/etc/dbus-1/session.conf
> + rm $out/etc/dbus-1/session.conf $out/usr/bin/init
> '';
> in
>
> diff --git a/img/app/file-list.mk b/img/app/file-list.mk
> index 0b4d3d1..6934975 100644
> --- a/img/app/file-list.mk
> +++ b/img/app/file-list.mk
> @@ -17,6 +17,7 @@ FILES = \
> image/etc/s6-linux-init/env/GTK_USE_PORTAL \
> image/etc/s6-linux-init/env/NIX_XDG_DESKTOP_PORTAL_DIR \
> image/etc/s6-linux-init/env/WAYLAND_DISPLAY \
> + image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT \
> image/etc/s6-linux-init/env/XDG_RUNTIME_DIR \
> image/etc/s6-linux-init/run-image/service/getty-hvc0/run \
> image/etc/s6-linux-init/run-image/service/s6-linux-init-shutdownd/notification-fd \
> @@ -39,6 +40,10 @@ S6_RC_FILES = \
> image/etc/s6-rc/app/dependencies.d/wayland-proxy-virtwl \
> image/etc/s6-rc/app/run \
> image/etc/s6-rc/app/type \
> + image/etc/s6-rc/dbus-vsock/notification-fd \
> + image/etc/s6-rc/dbus-vsock/run \
> + image/etc/s6-rc/dbus-vsock/type \
> + image/etc/s6-rc/dbus/dependencies.d/dbus-vsock \
> image/etc/s6-rc/dbus/notification-fd \
> image/etc/s6-rc/dbus/run \
> image/etc/s6-rc/dbus/type \
> diff --git a/img/app/image/etc/dbus-1/session.conf b/img/app/image/etc/dbus-1/session.conf
> index 751a788..d31f4b9 100644
> --- a/img/app/image/etc/dbus-1/session.conf
> +++ b/img/app/image/etc/dbus-1/session.conf
> @@ -19,7 +19,6 @@
> default config file with an address override on the command
> line, because command line address can only be given once.
> So that's why we need a whole custom session.conf. -->
> - <listen>vsock:</listen>
> <listen>unix:path=/run/session-bus</listen>
>
> <auth>EXTERNAL</auth>
> diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> new file mode 100644
> index 0000000..037ba97
> --- /dev/null
> +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT
> @@ -0,0 +1 @@
> +219
> diff --git a/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> new file mode 100644
> index 0000000..0d3d47c
> --- /dev/null
> +++ b/img/app/image/etc/s6-linux-init/env/XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT.license
> @@ -0,0 +1,2 @@
> +SPDX-License-Identifier: CC0-1.0
> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> new file mode 100644
> index 0000000..00750ed
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd
> @@ -0,0 +1 @@
> +3
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> new file mode 100644
> index 0000000..0d3d47c
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/notification-fd.license
> @@ -0,0 +1,2 @@
> +SPDX-License-Identifier: CC0-1.0
> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/run b/img/app/image/etc/s6-rc/dbus-vsock/run
> new file mode 100755
> index 0000000..37fae7d
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/run
> @@ -0,0 +1,17 @@
> +#!/bin/execlineb -P
> +# SPDX-License-Identifier: EUPL-1.2+
> +# SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> +
> +if { modprobe vsock }
> +
> +export LISTEN_FDS 1
> +getpid LISTEN_PID
> +export SYSTEMD_LOG_LEVEL notice
> +
> +systemd-socket-activate -l vsock::219 --now
> +
> +# Notify readiness.
> +if { fdmove 1 3 echo }
> +fdclose 3
> +
> +socat ACCEPT-FD:4,fork UNIX-CONNECT:/run/session-bus
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type b/img/app/image/etc/s6-rc/dbus-vsock/type
> new file mode 100644
> index 0000000..5883cff
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/type
> @@ -0,0 +1 @@
> +longrun
> diff --git a/img/app/image/etc/s6-rc/dbus-vsock/type.license b/img/app/image/etc/s6-rc/dbus-vsock/type.license
> new file mode 100644
> index 0000000..0d3d47c
> --- /dev/null
> +++ b/img/app/image/etc/s6-rc/dbus-vsock/type.license
> @@ -0,0 +1,2 @@
> +SPDX-License-Identifier: CC0-1.0
> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is>
> diff --git a/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock b/img/app/image/etc/s6-rc/dbus/dependencies.d/dbus-vsock
> new file mode 100644
> index 0000000..e69de29
> diff --git a/img/app/image/etc/s6-rc/dbus/run b/img/app/image/etc/s6-rc/dbus/run
> index a226abf..75e9cab 100644
> --- a/img/app/image/etc/s6-rc/dbus/run
> +++ b/img/app/image/etc/s6-rc/dbus/run
> @@ -2,8 +2,6 @@
> # SPDX-License-Identifier: EUPL-1.2+
> # SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is>
>
> -if { modprobe vsock }
> -
> dbus-daemon
> --config-file /etc/dbus-1/session.conf
> --nofork
> diff --git a/tools/default.nix b/tools/default.nix
> index 18d4dd6..0492f98 100644
> --- a/tools/default.nix
> +++ b/tools/default.nix
> @@ -6,7 +6,7 @@ import ../lib/call-package.nix (
> { src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages
> , meson, ninja, pkg-config, rustc
> , clang-tools, clippy, jq
> -, dbus, linuxHeaders
> +, linuxHeaders
> , clang, libbpf
> , buildSupport ? false
> , appSupport ? true
> @@ -88,8 +88,7 @@ stdenv.mkDerivation (finalAttrs: {
> ++ lib.optionals (appSupport || driverSupport) [ pkg-config ]
> ++ lib.optionals hostSupport [ rustc ]
> ++ lib.optionals driverSupport [ clang.cc ];
> - buildInputs = lib.optionals appSupport [ dbus ]
> - ++ lib.optionals driverSupport [ libbpf linuxHeaders ];
> + buildInputs = lib.optionals driverSupport [ libbpf linuxHeaders ];
>
> postPatch = lib.optionals hostSupport (lib.concatMapStringsSep "\n" (crate: ''
> mkdir -p subprojects/packagecache
> diff --git a/tools/xdg-desktop-portal-spectrum/meson.build b/tools/xdg-desktop-portal-spectrum/meson.build
> index 7c2716f..a99c66d 100644
> --- a/tools/xdg-desktop-portal-spectrum/meson.build
> +++ b/tools/xdg-desktop-portal-spectrum/meson.build
> @@ -1,8 +1,6 @@
> # SPDX-License-Identifier: EUPL-1.2+
> # SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
>
> -dbus = dependency('dbus-1')
> -
> install_data('spectrum.portal',
> install_dir : get_option('datadir') / 'xdg-desktop-portal/portals')
>
> @@ -21,5 +19,4 @@ configure_file(
> configuration : exe_conf_data)
>
> executable('xdg-desktop-portal-spectrum', 'xdg-desktop-portal-spectrum.c',
> - dependencies : dbus,
> install : true)
> diff --git a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
> index 690d397..3c75923 100644
> --- a/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
> +++ b/tools/xdg-desktop-portal-spectrum/xdg-desktop-portal-spectrum.c
> @@ -1,5 +1,5 @@
> // SPDX-License-Identifier: EUPL-1.2+
> -// SPDX-FileCopyrightText: 2024 Alyssa Ross <hi@alyssa.is>
> +// SPDX-FileCopyrightText: 2024-2025 Alyssa Ross <hi@alyssa.is>
>
> #include <arpa/inet.h>
> #include <err.h>
> @@ -8,7 +8,6 @@
> #include <stdio.h>
> #include <stdint.h>
> #include <stdlib.h>
> -#include <string.h>
> #include <unistd.h>
>
> #include <sys/socket.h>
> @@ -16,12 +15,13 @@
>
> #include <linux/vm_sockets.h>
>
> -#include <dbus/dbus.h>
> -
> #include "config.h"
>
> static const uint32_t HOST_PORT = 219;
>
> +static const char GUEST_PORT_ENV_VAR[] =
> + "XDG_DESKTOP_PORTAL_SPECTRUM_GUEST_PORT";
> +
> static int parse_u32(const char *s, uint32_t *v)
> {
> char *end;
> @@ -113,36 +113,17 @@ static void check_result(int sock)
>
> int main(void)
> {
> - char *addr = getenv("DBUS_STARTER_ADDRESS");
> -
> - DBusAddressEntry **entries;
> - int entries_len, i, sock;
> - DBusError error;
> -
> - const char *port_str;
> + int sock;
> uint32_t port;
> + char *port_str = getenv(GUEST_PORT_ENV_VAR);
>
> - if (!addr)
> - errx(EXIT_FAILURE, "DBUS_STARTER_ADDRESS not set");
> + if (!port_str)
> + errx(EXIT_FAILURE, "%s is not set", GUEST_PORT_ENV_VAR);
>
> - if (!dbus_parse_address(addr, &entries, &entries_len, &error))
> - errx(EXIT_FAILURE, "parsing D-Bus address '%s': %s",
> - addr, error.message);
> + if (parse_u32(port_str, &port) == -1)
> + err(EXIT_FAILURE, "D-Bus address vsock port");
>
> - for (i = 0; i < entries_len; i++) {
> - if (strcmp(dbus_address_entry_get_method(entries[i]), "vsock"))
> - continue;
> -
> - if (!(port_str = dbus_address_entry_get_value(entries[i], "port")))
> - errx(EXIT_FAILURE, "missing vsock port in D-Bus address '%s'",
> - addr);
> -
> - if (parse_u32(port_str, &port) == -1)
> - err(EXIT_FAILURE, "D-Bus address vsock port");
> -
> - sock = connect_to_host();
> - send_info(sock, port);
> - check_result(sock);
> - return 0;
> - }
> + sock = connect_to_host();
> + send_info(sock, port);
> + check_result(sock);
> }
Assuming it passes tests:
Acked-by: Demi Marie Obenour <demiobenour@gmail.com>
socat could be replaced with systemd-socket-proxyd, which avoids
forking a process for each connection. That's definitely a very
minor nit, though.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 7253 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 1/3] img/app: move init to /usr/bin
2025-11-13 11:10 [PATCH 1/3] img/app: move init to /usr/bin Alyssa Ross
` (2 preceding siblings ...)
2025-11-17 22:07 ` [PATCH 1/3] img/app: move init to /usr/bin Demi Marie Obenour
@ 2025-11-18 15:03 ` Alyssa Ross
3 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-18 15:03 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as e514016c48b3eca1eb593b7af5060ba6a90fcbc8,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=e514016c48b3eca1eb593b7af5060ba6a90fcbc8.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 2/3] img/app: dbus: don't listen on VSOCK
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
2025-11-13 17:46 ` Demi Marie Obenour
2025-11-17 22:19 ` Demi Marie Obenour
@ 2025-11-18 15:03 ` Alyssa Ross
2 siblings, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-18 15:03 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as af3193815fe99d35b6074c49f5bdc81b1f686b25,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=af3193815fe99d35b6074c49f5bdc81b1f686b25.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH 3/3] pkgs: remove dbus overlay
2025-11-13 11:10 ` [PATCH 3/3] pkgs: remove dbus overlay Alyssa Ross
2025-11-17 22:13 ` Demi Marie Obenour
@ 2025-11-18 15:03 ` Alyssa Ross
1 sibling, 0 replies; 15+ messages in thread
From: Alyssa Ross @ 2025-11-18 15:03 UTC (permalink / raw)
To: Alyssa Ross, devel
This patch has been committed as 99f09ab0a69f41eb14795c1cd047d5cd6ee5896e,
which can be viewed online at
https://spectrum-os.org/git/spectrum/commit/?id=99f09ab0a69f41eb14795c1cd047d5cd6ee5896e.
This is an automated message. Send comments/questions/requests to:
Alyssa Ross <hi@alyssa.is>
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2025-11-18 15:03 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-13 11:10 [PATCH 1/3] img/app: move init to /usr/bin Alyssa Ross
2025-11-13 11:10 ` [PATCH 2/3] img/app: dbus: don't listen on VSOCK Alyssa Ross
2025-11-13 17:46 ` Demi Marie Obenour
2025-11-13 17:56 ` Alyssa Ross
2025-11-13 19:32 ` Demi Marie Obenour
2025-11-14 11:45 ` Alyssa Ross
2025-11-14 22:15 ` Demi Marie Obenour
2025-11-17 22:08 ` Demi Marie Obenour
2025-11-17 22:19 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
2025-11-13 11:10 ` [PATCH 3/3] pkgs: remove dbus overlay Alyssa Ross
2025-11-17 22:13 ` Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
2025-11-17 22:07 ` [PATCH 1/3] img/app: move init to /usr/bin Demi Marie Obenour
2025-11-18 15:03 ` Alyssa Ross
Code repositories for project(s) associated with this public inbox
https://spectrum-os.org/git/crosvm
https://spectrum-os.org/git/doc
https://spectrum-os.org/git/mktuntap
https://spectrum-os.org/git/nixpkgs
https://spectrum-os.org/git/spectrum
https://spectrum-os.org/git/ucspi-vsock
https://spectrum-os.org/git/www
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).