[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Georgy Yakovlev" <gyakovlev@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
Date: Sun,  7 Nov 2021 05:27:27 +0000 (UTC)	[thread overview]
Message-ID: <1636262772.c897165ab00b566f2a21db3bb1d8da0fee67bfc8.gyakovlev@gentoo> (raw)

commit:     c897165ab00b566f2a21db3bb1d8da0fee67bfc8
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  1 23:33:10 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Sun Nov  7 05:26:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a

sys-apps/systemd: add hostnamed-fallback mode

this will allow networkd/hostnamed to properly set hostname
on systems without polkit.

while it's possible to set hostname/fqdn manually already, with fallback workaround
it will be possible to get hostnames from DHCP via networkd too without
using polkit->spidermonkey->rust->llvm chain of deps.

ideas and configs taken from yocto/oe
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee

https://github.com/systemd/systemd/issues/13501
Closes: https://github.com/gentoo/gentoo/pull/22792
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 sys-apps/systemd/files/00-hostnamed-network-user.conf   |  6 ++++++
 .../files/org.freedesktop.hostname1_no_polkit.conf      | 11 +++++++++++
 sys-apps/systemd/metadata.xml                           |  1 +
 sys-apps/systemd/systemd-9999.ebuild                    | 17 ++++++++++++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf
new file mode 100644
index 00000000000..6b224ba9b93
--- /dev/null
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf
@@ -0,0 +1,6 @@
+[Service]
+# By running with these options instead of root, networkd is allowed to request
+# a hostname change via DBUS when policykit is not present
+User=systemd-network
+Group=systemd-hostname
+AmbientCapabilities=CAP_SYS_ADMIN

diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
new file mode 100644
index 00000000000..f4d0271cdb6
--- /dev/null
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
@@ -0,0 +1,11 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+        <policy group="systemd-hostname">
+                <allow own="org.freedesktop.hostname1"/>
+                <allow send_destination="org.freedesktop.hostname1"/>
+                <allow receive_sender="org.freedesktop.hostname1"/>
+        </policy>
+</busconfig>

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index b35d6bfbd41..cd0754d004d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -20,6 +20,7 @@
 		<flag name="fido2">Enable FIDO2 support</flag>
 		<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
 		<flag name="homed">Enable portable home directories</flag>
+		<flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
 		<flag name="http">Enable embedded HTTP server in journald</flag>
 		<flag name="hwdb">Enable support for the hardware database</flag>
 		<flag name="importd">Enable import daemon</flag>

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 8348517478b..485b6498181 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
 
 REQUIRED_USE="
 	homed? ( cryptsetup pam )
 	importd? ( curl gcrypt lzma )
+	policykit? ( !hostnamed-fallback )
 	pwquality? ( homed )
 "
 RESTRICT="!test? ( test )"
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND}
 	>=acct-user/systemd-resolve-0-r1
 	>=acct-user/systemd-timesync-0-r1
 	>=sys-apps/baselayout-2.2
+	hostnamed-fallback? (
+		acct-group/systemd-hostname
+		sys-apps/dbus-broker
+	)
 	selinux? ( sec-policy/selinux-base-policy[systemd] )
 	sysv-utils? (
 		!sys-apps/openrc[sysv-utils(-)]
@@ -400,6 +405,16 @@ multilib_src_install_all() {
 		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
 	fi
 
+	# workaround for https://github.com/systemd/systemd/issues/13501
+	if use hostnamed-fallback; then
+		# this file requires dbus-broker
+		insinto /usr/share/dbus-1/system.d/
+		doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+		insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+		doins "${FILESDIR}/00-hostnamed-network-user.conf"
+	fi
+
 	gen_usr_ldscript -a systemd udev
 }

next             reply	other threads:[~2021-11-07  5:27 UTC|newest]

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-07  5:27 Georgy Yakovlev [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-05-27 18:08 [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ Mike Gilbert
2024-05-28  0:51 Sam James
2024-05-05 15:43 Sam James
2024-04-18  4:20 Mike Gilbert
2024-03-04  2:51 Sam James
2024-02-24 15:51 Mike Gilbert
2023-12-24 11:58 Sam James
2023-12-12  2:50 Sam James
2023-08-17  1:08 Mike Gilbert
2023-08-05 23:07 Sam James
2023-08-02 21:14 Sam James
2023-07-27 22:55 Sam James
2023-02-26 19:27 Mike Gilbert
2022-11-07 16:15 Mike Gilbert
2022-10-19 18:13 Mike Gilbert
2022-05-21 22:23 Mike Gilbert
2022-03-25  4:56 Sam James
2021-12-25 18:20 Mike Gilbert
2021-12-09 19:40 Mike Gilbert
2021-11-14 23:53 Mike Gilbert
2021-09-14 23:47 Mike Gilbert
2021-09-08 18:29 Mike Gilbert
2021-09-08 18:29 Mike Gilbert
2021-07-08 20:23 Mike Gilbert
2021-06-20 17:18 Mike Gilbert
2021-05-19 19:37 Mike Gilbert
2020-11-08 17:51 Mike Gilbert
2020-05-21  0:13 Mike Gilbert
2020-04-27 14:41 Mike Gilbert
2020-04-17 16:36 Mike Gilbert
2020-02-06 15:24 Mike Gilbert
2020-02-05 18:24 Mike Gilbert
2019-11-17 19:56 Mike Gilbert
2019-08-11 16:28 Mike Gilbert
2019-07-10 18:21 Mike Gilbert
2019-07-10 15:37 Mike Gilbert
2019-07-08 15:47 Mike Gilbert
2019-06-08 20:44 Mike Gilbert
2019-02-18 23:32 Mike Gilbert
2018-12-26  4:02 Mike Gilbert
2018-05-24 20:33 Mike Gilbert
2018-04-18 16:50 Mike Gilbert
2018-04-05 20:12 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-03-26 21:17 Mike Gilbert
2018-03-10 17:29 Mike Gilbert
2018-02-08 17:17 Jason Donenfeld
2017-12-19  2:01 Mike Gilbert
2017-12-17 19:03 Mike Gilbert
2017-11-19 20:09 Mike Gilbert
2017-10-26 21:37 Mike Gilbert
2017-10-08 14:40 Mike Gilbert
2017-08-13 23:08 Mike Gilbert
2017-07-17 15:28 Mike Gilbert
2017-07-02 15:56 Mike Gilbert
2017-06-28 20:31 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2016-11-04  1:06 Mike Gilbert
2016-10-30  3:52 Mike Gilbert
2016-04-10  1:05 Mike Gilbert
2015-09-26  1:53 Mike Gilbert
2015-09-25 14:52 Mike Gilbert
2015-08-22 17:16 Mike Gilbert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6b224ba9b9 dfblob:f4d0271cdb dfblob:b35d6bfbd4
dfblob:cd0754d004 dfblob:8348517478 dfblob:485b649818 )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1636262772.c897165ab00b566f2a21db3bb1d8da0fee67bfc8.gyakovlev@gentoo \
    --to=gyakovlev@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox