1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] Re: RFC: virtual/dbus

    From Mike Gilbert@21:1/5 to marecki@gentoo.org on Wed Sep 7 18:30:01 2022
    On Wed, Sep 7, 2022 at 11:56 AM Marek Szuba <marecki@gentoo.org> wrote:

    Dear everyone,

    I wonder if we should create a virtual package to allow our users - or
    at least those who run systemd anyway - to choose between sys-apps/dbus
    and sys-apps/dbus-broken as D-Bus implementation for their systems. The
    usual "Gentoo is about choice" thing aside, there is now at least one, security-related, problem with the former which can be worked around by switching to the latter: https://github.com/systemd/systemd/issues/22737

    WDYT?

    A virtual seems a bit pointless for the following reasons:

    1. dbus and dbus-broker can be (and usually are) installed simultaneously.
    2. dbus-broker[launcher] utilizes config files installed by dbus, and
    actually RDEPENDs on sys-apps/dbus for that reason.
    3. Many client applications depend on sys-apps/dbus for libdbus.

    If you can think of some way to encourage users to install/enable
    dbus-broker, that seems like a good idea to me.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Helmert III@21:1/5 to Marek Szuba on Wed Sep 7 18:40:01 2022
    On Wed, Sep 07, 2022 at 04:56:37PM +0100, Marek Szuba wrote:
    Dear everyone,

    I wonder if we should create a virtual package to allow our users - or
    at least those who run systemd anyway - to choose between sys-apps/dbus
    and sys-apps/dbus-broken as D-Bus implementation for their systems. The usual "Gentoo is about choice" thing aside, there is now at least one, security-related, problem with the former which can be worked around by switching to the latter: https://github.com/systemd/systemd/issues/22737

    If you find a security issue, please file a security bug. I'm not
    really sure what the security impact of this is, though.

    WDYT?

    PS. Cc'ing maintainers of both packages to see what they might have got
    to say about this.

    --
    Marecki




    -----BEGIN PGP SIGNATURE-----

    iHUEABYKAB0WIQQyG9yfCrmO0LPSdG2gXq2+aa/JtQUCYxjIjwAKCRCgXq2+aa/J tVEjAQCnem+7c2p67lHq+1+zAlJfmleCAkXyfEbQkO+EV7MDsQEAxbCee1rWq0+l qtri1vqFUxhC7HX+YfSBM8kLLrGn7wA=
    =aT91
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marek Szuba@21:1/5 to All on Thu Sep 8 10:30:01 2022
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------mJqeG9vccvbUU9nX0Cnv6Rrg
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    T24gMjAyMi0wOS0wNyAxNzozNiwgSm9obiBIZWxtZXJ0IElJSSB3cm90ZToNCg0KPiBJZiB5 b3UgZmluZCBhIHNlY3VyaXR5IGlzc3VlLCBwbGVhc2UgZmlsZSBhIHNlY3VyaXR5IGJ1Zy4g SSdtIG5vdA0KPiByZWFsbHkgc3VyZSB3aGF0IHRoZSBzZWN1cml0eSBpbXBhY3Qgb2YgdGhp cyBpcywgdGhvdWdoLg0KDQpJJ20gbm90IHN1cmUgaWYgdGhpcyBpcyBhIHNlY3VyaXR5IGlz c3VlIHBlciBzZSAod2hpY2ggaXMgd2h5IEkgDQpkZXNjcmliZWQgaXQgYXMgc2VjdXJpdHkt cmVsYXRlZCksIGhlcmUgLSB0aGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIElTIA0KdGhlIG1v cmUgc2VjdXJlIG9uZS4NCg0KID4gSSdtIG5vdCByZWFsbHkgc3VyZSB3aGF0IHRoZSBzZWN1 cml0eSBpbXBhY3Qgb2YgdGhpcyBpcywgdGhvdWdoLg0KDQpUaGUgaW1wYWN0IGlzIHRoYXQg c3lzdGVtZCtkYnVzLWRhZW1vbiB1c2VycyBjdXJyZW50bHkgaGF2ZSB0byBkaXNhYmxlIA0K RHluYW1pY1VzZXIgZnVuY3Rpb25hbGl0eSBmb3IgdW5pdHMgY29tbXVuaWNhdGluZyBvdmVy IEQtQnVzIGluIG9yZGVyIA0KZm9yIHNhaWQgY29tbXVuaWNhdGlvbiB0byBhY3R1YWxseSB3 b3JrLg0KDQotLSANCk1hcmVja2kNCg==

    --------------mJqeG9vccvbUU9nX0Cnv6Rrg--

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE+MBeYVMkcD2jfqCrKMQ7KFUeMgEFAmMZp8oACgkQKMQ7KFUe MgHirhAAjxSmfdzbtpqYIFU31Y++3LLHRryo/ysIzZ4196ciS3donu70LWa7S8Bo hZ1HorRVsfdC6jmqql6hEn0HD8g2DRi4WysdGqujilFcMb3e+YTd4tPQLqUQl5j7 sMUVP49fVHfMCXZhBGft9i1j7K4YLxA6YLxJzbZ3Se1vjUJxDSu7wGl9N0THhHI5 a+hekFgOFSwmJ+SuQIQKNb6p6guxrWMOBjmWbgXwIkQqD9Opu3uoCcoa7VKVo8TG zLa0LRhKdh27dz3Red3RlF6oMCMrg/8400wmWQfts4/EXWnkxpO4ABbs+LhrlEq8 eTtOBIIZpm2TXUvmsbAbTZwrJfCrLWjKtRPenndedb4hcMEYYOP+eRKLOMmXVbvK 3YirgSiQAYfU4NYTpn7Wdxeu6OOsCCZlCGGzKHB3WQDP2/Pc97YppX3vURcfYvSr QLoyCTot5RAEiBk9Z67AE6op+1koT1hntUCWLXmAp64xJdKhua7gNUn7AyHIS6N4 igo1XYbfybcWUNRfUVeeOCCLH1LvYHTuzjJWI/t7YYhymijaDMlSXo4gQsjlXrsi tY0raXPgCJv830F1QWsBstO2taNSVFuZiV2Rez1X1gLvimsB8tDXxKvJUPYoE/Gz doUsO4VOrghdJkE6Ffo1nxKy30jdMlQYYgrS1B2TrbCS7jXAL1o=
    =o985
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam James@21:1/5 to All on Fri Sep 9 01:00:01 2022
    On 7 Sep 2022, at 17:29, Mike Gilbert <floppym@gentoo.org> wrote:

    On Wed, Sep 7, 2022 at 11:56 AM Marek Szuba <marecki@gentoo.org> wrote:

    Dear everyone,

    I wonder if we should create a virtual package to allow our users - or
    at least those who run systemd anyway - to choose between sys-apps/dbus
    and sys-apps/dbus-broken as D-Bus implementation for their systems. The
    usual "Gentoo is about choice" thing aside, there is now at least one,
    security-related, problem with the former which can be worked around by
    switching to the latter: https://github.com/systemd/systemd/issues/22737

    WDYT?

    A virtual seems a bit pointless for the following reasons:

    1. dbus and dbus-broker can be (and usually are) installed simultaneously.
    2. dbus-broker[launcher] utilizes config files installed by dbus, and actually RDEPENDs on sys-apps/dbus for that reason.
    3. Many client applications depend on sys-apps/dbus for libdbus.

    A virtual _might_ have value to add to @system for desktop profiles,
    but I'm not sure. The other criticisms remain, of course.


    If you can think of some way to encourage users to install/enable dbus-broker, that seems like a good idea to me.


    Documentation on the wiki (either on the dbus page, or a new dbus-broker) explaining how to migrate & its advantages would be most welcome.

    -----BEGIN PGP SIGNATURE-----

    iNUEARYKAH0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCYxpzKV8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MAAKCRBzhAn1IN+R kKYVAQDare1JJuzRzjGTsgDKv3/t1Nv+3rafSxqAy1zPXlOTtAD/dyQAO8eaRYnf elrXvikLhDnLVY9dmeqZSG9S19pVEwc=
    =+hAG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)