The `Containers1` interface is not stable or production-ready, and is
compile-time-optional behind a build option, which in fact currently
cannot be enabled (it intentionally provokes a compiler `#error` if
enabled). If it isn't enabled, this directory won't be useful, so
there's no reason to create it.
As discussed in <https://github.com/systemd/mkosi/issues/3189>, if we
use the `@DBUS_USER@` here, it makes `tmpfiles.d/dbus.conf` dependent
on having created the `@DBUS_USER@` via `sysusers.d` or some
appropriate distro-specific mechanism. This is problematic in distros
that split up the functionality of dbus into several layers, such as
Debian: the `@DBUS_USER@` conceptually belongs to the same layer as
the well-known system bus, but `/etc/machine-id` and
`/var/lib/dbus/machine-id` are also used by the well-known session bus,
which is orthogonal to the system bus; so we want `dbus.conf` to be in a
lower layer than the `@DBUS_USER@`.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We can no longer upload to specifications.freedesktop.org directly.
Instead, that area of the freedesktop.org web space is updated by
sending merge requests to the xdg/xdg-specs> project.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Now that we're installing the Doxygen documentation in a subdirectory,
the Devhelp index needs to reflect that.
Fixes: 522633b4 "cmake: install api docs in html subdir"
Fixes: f546ddd9 "meson: Install Doxygen docs as api/html/*.html"
Signed-off-by: Simon McVittie <smcv@debian.org>
The main NEWS file continues to document all changes since 1.12.0,
including the entire 1.13.x/1.14.x series.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On recent Linux systems, systemd sets the hard limit on the number of
file descriptors extremely high (about 1e9, compared with about 1e6 in
previous systemd versions or 4096 in the kernel's historical defaults),
and dbus raises its soft limit to match the hard limit. The result of
sysconf(_SC_OPEN_MAX) is based on the fd limit, and iterating linearly
through that many fds takes long enough for activation to time out.
This particular piece of code is just test instrumentation, which aims to
log (possibly fatal) warnings if any file descriptor is not close-on-exec
as it should be. In practice the test suite doesn't use anywhere near
a thousand fds, so it's sufficient to run this check against a much
smaller number of fds.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/527
Bug-Debian: https://bugs.debian.org/1086148
Signed-off-by: Simon McVittie <smcv@collabora.com>
Solaris does not allow rmdir() to remove the cwd, so chdir() out of
the tempdir before removing it.
Without this fix, misc-internal reported a failure on Solaris 11.4:
not ok 16 - failed to remove test socket directory /tmp/dbus-test-tduvWc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Other tests have different requirements for fds (and already check for
them), so move this check into the specific test (mirroring what those
other tests already do) instead of blocking the whole test program,
incorrectly using autoconf test return codes instead of TAP protocol,
as discussed in #176.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Many of these tests require more than the default fd limit on some systems,
so raise the limit, if we can, to give them a better chance of being able
to run.
Closes#176
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Needed when building with support for Solaris audit API, otherwise
linking fails with:
Undefined first referenced
symbol in file
adt_export_session_data dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_start_session dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_end_session dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_set_from_ucred dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
Fixes: cd2e3826 ("Add Meson build system")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Need to declare a variable type to avoid gcc 14 error:
error: type defaults to 'int' in declaration of 'adt_user_context'
[-Wimplicit-int]
Fixes: cd2e3826 ("Add Meson build system")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This is useful when an asset manager wants to install a system
service while /usr/ is read-only (e.g.: portable services running
on a different namespaced image). Also recommend searching in /run/
following the now-standard pattern, for ephemeral services.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Tthis is useful when an asset manager wants to install a system
service while /usr/ is read-only (e.g.: portable
services running on a different namespaced image). Unlike other
directories, enforce strict naming and do not set up an inotify,
as the directories might not even exist until much later. Also
search in /run/ for ephemeral services that will disappear after
a reboot.
Signed-off-by: Luca Boccassi <bluca@debian.org>
This was only used in the Autotools build system, which we deleted.
Fixes: 8ea959b2 "Remove autotools related files"
Signed-off-by: Simon McVittie <smcv@collabora.com>
The logic that sets the dbus-daemon-launcher-helper setuid does not
handle the case where the group named the same as the dbus_user does not
exist.
This makes the assumption that the primary group of the dbus_user
has the same name as the dbus_user.
This may not be the case.
To remedy these issues, obtain the group id for dbus_user instead of
attempting to retrieve the group id by name.
To avoid a failure when the user does not exist, handle the KeyError
exception from the pwd.getpwnam function by printing a warning and
skipping the logic to set the binary setuid.
Perform an additional check to ensure that the dbus_user's primary group
has only a single member.
Fail similarly if it has more than one member.
Resolves: #492
Signed-off-by: Simon McVittie <smcv@collabora.com>
Readers of the message bus specification might be encountering Properties
for the first time, so for the basic properties in the o.fd.DBus
interface, link to the interface definition.
I'm not intending to add similar text for extension interfaces like
Containers.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, we arbitrarily divided o.fd.DBus into "messages"
(methods and signals), in one sect2, and Properties, in another sect2;
and for the only extended interface that is documented so far,
o.fd.DBus.Monitoring, we included its single method in the list of
o.fd.DBus methods.
This is putting too much weight on implementation details of how the
D-Bus protocol is implemented (with Properties being "less core" than
methods and signals), and not enough weight on how interfaces are
conceptually structured. It's more usual to group together all aspects
of an interface into one document or section, and the current arbitrary
separation is going to look more and more odd as we start documenting
more interfaces like Containers (dbus!449), Stats and Verbose.
Instead, repurpose the "Message Bus Messages" section to become the
documentation for the o.fd.DBus interface, and introduce a separate
section for each other interface that the message bus provides.
Each one contains a full list of methods, signals and properties (if any)
if it is specific to the message bus, or a cross-reference to a more
generic interface description if it is equally applicable to the message
bus and its clients.
Prompted by discussion on dbus!449.
Signed-off-by: Simon McVittie <smcv@collabora.com>
doc/index.html.in is common to the Meson and CMake build systems, so
every time a new variable gets substituted into it, both the Meson and
CMake build systems need to provide a value for that variable.
Fixes: b58ca0e1 "cmake: Inclusion of a link in html overview file corrected"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This ensures that the Doxygen-built documentation has the same layout
in the installed files that it does in the build tree and on the
website. If we don't keep the same layout, then there is no value for
the `DBUS_APIDOC_LINK` in index.html that would be correct for both
the build tree and the installed tree. The build tree effectively has
a html subdirectory hard-coded, because that's how Doxygen lays out
its outputs.
This commit is the Meson equivalent of
commit 522633b4 "cmake: install api docs in html subdir" in the CMake
build system (dbus!473, dbus#519).
Signed-off-by: Simon McVittie <smcv@collabora.com>
The newest release of the reference message bus that did not support
GetConnectionCredentials was 1.6.30, almost a decade ago.
It's entirely reasonable for new code to assume that
GetConnectionCredentials will succeed, and not implement a fallback.
Signed-off-by: Simon McVittie <smcv@collabora.com>
`<xref>` will typically be replaced by something like
"the section called “Foo”", so if we want to name a specific method
in running text, we need to use `<link>`.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The `AppArmor` feature flag is a case-sensitive string literal,
so consistently use its correct case-combination.
Signed-off-by: Simon McVittie <smcv@collabora.com>
There's no need to make readers go looking for these in a larger section,
we can link directly to the individual interfaces.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Debian 11 recently reached EOL, and we should really be using the
latest stable release as our reference.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This choice of exe_wrapper doesn't appear to work on Debian 12, causing
a build failure while checking that the output of the C++ compiler is
executable.
Another advantage of this is that if we're not running the test suite,
we can do a more traditional cross-build where running host-architecture
executables is impossible, which doubles as a way to prove that this
still works.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On Debian 12, this is necessary to get libclang-rt-14-dev (which
contains the headers for LeakSanitizer) without hard-coding the clang
major version.
Signed-off-by: Simon McVittie <smcv@collabora.com>
