commit: c897165ab00b566f2a21db3bb1d8da0fee67bfc8 Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> AuthorDate: Mon Nov 1 23:33:10 2021 +0000 Commit: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> CommitDate: Sun Nov 7 05:26:12 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a
sys-apps/systemd: add hostnamed-fallback mode this will allow networkd/hostnamed to properly set hostname on systems without polkit. while it's possible to set hostname/fqdn manually already, with fallback workaround it will be possible to get hostnames from DHCP via networkd too without using polkit->spidermonkey->rust->llvm chain of deps. ideas and configs taken from yocto/oe https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee https://github.com/systemd/systemd/issues/13501 Closes: https://github.com/gentoo/gentoo/pull/22792 Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> sys-apps/systemd/files/00-hostnamed-network-user.conf | 6 ++++++ .../files/org.freedesktop.hostname1_no_polkit.conf | 11 +++++++++++ sys-apps/systemd/metadata.xml | 1 + sys-apps/systemd/systemd-9999.ebuild | 17 ++++++++++++++++- 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf new file mode 100644 index 00000000000..6b224ba9b93 --- /dev/null +++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf @@ -0,0 +1,6 @@ +[Service] +# By running with these options instead of root, networkd is allowed to request +# a hostname change via DBUS when policykit is not present +User=systemd-network +Group=systemd-hostname +AmbientCapabilities=CAP_SYS_ADMIN diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf new file mode 100644 index 00000000000..f4d0271cdb6 --- /dev/null +++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf @@ -0,0 +1,11 @@ +<?xml version="1.0"?> <!--*-nxml-*--> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> + +<busconfig> + <policy group="systemd-hostname"> + <allow own="org.freedesktop.hostname1"/> + <allow send_destination="org.freedesktop.hostname1"/> + <allow receive_sender="org.freedesktop.hostname1"/> + </policy> +</busconfig> diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml index b35d6bfbd41..cd0754d004d 100644 --- a/sys-apps/systemd/metadata.xml +++ b/sys-apps/systemd/metadata.xml @@ -20,6 +20,7 @@ <flag name="fido2">Enable FIDO2 support</flag> <flag name="gcrypt">Enable sealing of journal files using gcrypt</flag> <flag name="homed">Enable portable home directories</flag> + <flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag> <flag name="http">Enable embedded HTTP server in journald</flag> <flag name="hwdb">Enable support for the hardware database</flag> <flag name="importd">Enable import daemon</flag> diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 8348517478b..485b6498181 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"; LICENSE="GPL-2 LGPL-2.1 MIT public-domain" SLOT="0/2" -IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" +IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd" REQUIRED_USE=" homed? ( cryptsetup pam ) importd? ( curl gcrypt lzma ) + policykit? ( !hostnamed-fallback ) pwquality? ( homed ) " RESTRICT="!test? ( test )" @@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND} >=acct-user/systemd-resolve-0-r1 >=acct-user/systemd-timesync-0-r1 >=sys-apps/baselayout-2.2 + hostnamed-fallback? ( + acct-group/systemd-hostname + sys-apps/dbus-broker + ) selinux? ( sec-policy/selinux-base-policy[systemd] ) sysv-utils? ( !sys-apps/openrc[sysv-utils(-)] @@ -400,6 +405,16 @@ multilib_src_install_all() { dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown fi + # workaround for https://github.com/systemd/systemd/issues/13501 + if use hostnamed-fallback; then + # this file requires dbus-broker + insinto /usr/share/dbus-1/system.d/ + doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf" + + insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/" + doins "${FILESDIR}/00-hostnamed-network-user.conf" + fi + gen_usr_ldscript -a systemd udev }
