1 |
commit: c897165ab00b566f2a21db3bb1d8da0fee67bfc8 |
2 |
Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Nov 1 23:33:10 2021 +0000 |
4 |
Commit: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Nov 7 05:26:12 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a |
7 |
|
8 |
sys-apps/systemd: add hostnamed-fallback mode |
9 |
|
10 |
this will allow networkd/hostnamed to properly set hostname |
11 |
on systems without polkit. |
12 |
|
13 |
while it's possible to set hostname/fqdn manually already, with fallback workaround |
14 |
it will be possible to get hostnames from DHCP via networkd too without |
15 |
using polkit->spidermonkey->rust->llvm chain of deps. |
16 |
|
17 |
ideas and configs taken from yocto/oe |
18 |
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee |
19 |
|
20 |
https://github.com/systemd/systemd/issues/13501 |
21 |
Closes: https://github.com/gentoo/gentoo/pull/22792 |
22 |
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> |
23 |
|
24 |
sys-apps/systemd/files/00-hostnamed-network-user.conf | 6 ++++++ |
25 |
.../files/org.freedesktop.hostname1_no_polkit.conf | 11 +++++++++++ |
26 |
sys-apps/systemd/metadata.xml | 1 + |
27 |
sys-apps/systemd/systemd-9999.ebuild | 17 ++++++++++++++++- |
28 |
4 files changed, 34 insertions(+), 1 deletion(-) |
29 |
|
30 |
diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf |
31 |
new file mode 100644 |
32 |
index 00000000000..6b224ba9b93 |
33 |
--- /dev/null |
34 |
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf |
35 |
@@ -0,0 +1,6 @@ |
36 |
+[Service] |
37 |
+# By running with these options instead of root, networkd is allowed to request |
38 |
+# a hostname change via DBUS when policykit is not present |
39 |
+User=systemd-network |
40 |
+Group=systemd-hostname |
41 |
+AmbientCapabilities=CAP_SYS_ADMIN |
42 |
|
43 |
diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf |
44 |
new file mode 100644 |
45 |
index 00000000000..f4d0271cdb6 |
46 |
--- /dev/null |
47 |
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf |
48 |
@@ -0,0 +1,11 @@ |
49 |
+<?xml version="1.0"?> <!--*-nxml-*--> |
50 |
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" |
51 |
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> |
52 |
+ |
53 |
+<busconfig> |
54 |
+ <policy group="systemd-hostname"> |
55 |
+ <allow own="org.freedesktop.hostname1"/> |
56 |
+ <allow send_destination="org.freedesktop.hostname1"/> |
57 |
+ <allow receive_sender="org.freedesktop.hostname1"/> |
58 |
+ </policy> |
59 |
+</busconfig> |
60 |
|
61 |
diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml |
62 |
index b35d6bfbd41..cd0754d004d 100644 |
63 |
--- a/sys-apps/systemd/metadata.xml |
64 |
+++ b/sys-apps/systemd/metadata.xml |
65 |
@@ -20,6 +20,7 @@ |
66 |
<flag name="fido2">Enable FIDO2 support</flag> |
67 |
<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag> |
68 |
<flag name="homed">Enable portable home directories</flag> |
69 |
+ <flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag> |
70 |
<flag name="http">Enable embedded HTTP server in journald</flag> |
71 |
<flag name="hwdb">Enable support for the hardware database</flag> |
72 |
<flag name="importd">Enable import daemon</flag> |
73 |
|
74 |
diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild |
75 |
index 8348517478b..485b6498181 100644 |
76 |
--- a/sys-apps/systemd/systemd-9999.ebuild |
77 |
+++ b/sys-apps/systemd/systemd-9999.ebuild |
78 |
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" |
79 |
|
80 |
LICENSE="GPL-2 LGPL-2.1 MIT public-domain" |
81 |
SLOT="0/2" |
82 |
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" |
83 |
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" |
84 |
|
85 |
REQUIRED_USE=" |
86 |
homed? ( cryptsetup pam ) |
87 |
importd? ( curl gcrypt lzma ) |
88 |
+ policykit? ( !hostnamed-fallback ) |
89 |
pwquality? ( homed ) |
90 |
" |
91 |
RESTRICT="!test? ( test )" |
92 |
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND} |
93 |
>=acct-user/systemd-resolve-0-r1 |
94 |
>=acct-user/systemd-timesync-0-r1 |
95 |
>=sys-apps/baselayout-2.2 |
96 |
+ hostnamed-fallback? ( |
97 |
+ acct-group/systemd-hostname |
98 |
+ sys-apps/dbus-broker |
99 |
+ ) |
100 |
selinux? ( sec-policy/selinux-base-policy[systemd] ) |
101 |
sysv-utils? ( |
102 |
!sys-apps/openrc[sysv-utils(-)] |
103 |
@@ -400,6 +405,16 @@ multilib_src_install_all() { |
104 |
dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown |
105 |
fi |
106 |
|
107 |
+ # workaround for https://github.com/systemd/systemd/issues/13501 |
108 |
+ if use hostnamed-fallback; then |
109 |
+ # this file requires dbus-broker |
110 |
+ insinto /usr/share/dbus-1/system.d/ |
111 |
+ doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf" |
112 |
+ |
113 |
+ insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/" |
114 |
+ doins "${FILESDIR}/00-hostnamed-network-user.conf" |
115 |
+ fi |
116 |
+ |
117 |
gen_usr_ldscript -a systemd udev |
118 |
} |