Package: lintian Version: 2.114.0 Severity: wishlist dbus supports policy files in both /usr/share/dbus-1/system.d and /etc/dbus-1/systemd. I recently released dbus 1.14.0, which officially deprecates installing packages' default policies into /etc/dbus-1/systemd, instead reserving it for the sysadmin. This is the same idea as the difference between /lib/udev/rules.d and /etc/udev/rules.d.
It would be useful for Lintian to have a dbus-policy-in-etc tag, mirroring udev-policy-in-etc. I attach an implementation (based on commit 11926263, and might need rebasing on current git, which I can't do because salsa is down at the moment). /usr/share/dbus-1 has worked since Debian 9, and the transition from /etc/dbus-1 to /usr/share/dbus-1 is already about ⅓ complete: /usr/share/dbus-1/system.d is currently used by 75 policy files in 61 binary packages, while /etc/dbus-1/system.d is used by 135 files in 124 binary packages. Thanks, smcv
>From 34fffb40208ec3241f1af43670fa55751f7af474 Mon Sep 17 00:00:00 2001 From: Simon McVittie <s...@debian.org> Date: Mon, 28 Feb 2022 19:43:41 +0000 Subject: [PATCH] desktop/dbus: Check for dbus policy files installed into /etc dbus 1.14.0 officially deprecates this, following the same principles used for udev rules. /etc/dbus-1 is now reserved for the sysadmin (analogous to /etc/udev), and OS packages should use /usr/share/dbus-1 (analogous to /lib/udev). Signed-off-by: Simon McVittie <s...@debian.org> --- lib/Lintian/Check/Desktop/Dbus.pm | 3 +++ .../dbus/dbus-policy/build-spec/debian/install | 1 + .../share}/dbus-1/system.d/at-console.conf | 0 .../checks/desktop/dbus/dbus-policy/eval/hints | 5 +++-- tags/d/dbus-policy-in-etc.tag | 16 ++++++++++++++++ 5 files changed, 23 insertions(+), 2 deletions(-) rename t/recipes/checks/desktop/dbus/dbus-policy/build-spec/orig/{etc => usr/share}/dbus-1/system.d/at-console.conf (100%) create mode 100644 tags/d/dbus-policy-in-etc.tag diff --git a/lib/Lintian/Check/Desktop/Dbus.pm b/lib/Lintian/Check/Desktop/Dbus.pm index e49e63c2e..582a5263c 100644 --- a/lib/Lintian/Check/Desktop/Dbus.pm +++ b/lib/Lintian/Check/Desktop/Dbus.pm @@ -74,6 +74,9 @@ my $PROPERTIES = 'org.freedesktop.DBus.Properties'; sub check_policy { my ($self, $item) = @_; + $self->pointed_hint('dbus-policy-in-etc', $item->pointer) + if $item->name =~ m{^etc/}; + my $xml = $item->decoded_utf8; return unless length $xml; diff --git a/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/debian/install b/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/debian/install index ee19d5d17..a75e23712 100644 --- a/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/debian/install +++ b/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/debian/install @@ -1 +1,2 @@ etc +usr diff --git a/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/orig/etc/dbus-1/system.d/at-console.conf b/t/recipes/checks/desktop/dbus/dbus-policy/build-spec/orig/usr/share/dbus-1/system.d/at-console.conf similarity index 100% rename from t/recipes/checks/desktop/dbus/dbus-policy/build-spec/orig/etc/dbus-1/system.d/at-console.conf rename to t/recipes/checks/desktop/dbus/dbus-policy/build-spec/orig/usr/share/dbus-1/system.d/at-console.conf diff --git a/t/recipes/checks/desktop/dbus/dbus-policy/eval/hints b/t/recipes/checks/desktop/dbus/dbus-policy/eval/hints index 164613fd4..60660677c 100644 --- a/t/recipes/checks/desktop/dbus/dbus-policy/eval/hints +++ b/t/recipes/checks/desktop/dbus/dbus-policy/eval/hints @@ -4,5 +4,6 @@ dbus-policy (binary): dbus-policy-without-send-destination <policy context="defa dbus-policy (binary): dbus-policy-without-send-destination <policy context="default"><allow send_interface="org.freedesktop.DBus.ObjectManager"/> [etc/dbus-1/system.d/send-destination.conf:3] dbus-policy (binary): dbus-policy-excessively-broad <policy context="default"><allow send_path="/com/example/Here"/> [etc/dbus-1/system.d/send-destination.conf:5] dbus-policy (binary): dbus-policy-excessively-broad <policy context="default"><allow send_member="AreYouReallySureThisMethodIsAlwaysOK"/> [etc/dbus-1/system.d/send-destination.conf:4] -dbus-policy (binary): dbus-policy-at-console <policy at_console="true"><allow send_destination="com.example.Service"/> [etc/dbus-1/system.d/at-console.conf:3] -dbus-policy (binary): dbus-policy-at-console <policy at_console="true"><allow send_destination="com.example.Other"/> [etc/dbus-1/system.d/at-console.conf:4] +dbus-policy (binary): dbus-policy-in-etc [etc/dbus-1/system.d/send-destination.conf] +dbus-policy (binary): dbus-policy-at-console <policy at_console="true"><allow send_destination="com.example.Service"/> [usr/share/dbus-1/system.d/at-console.conf:3] +dbus-policy (binary): dbus-policy-at-console <policy at_console="true"><allow send_destination="com.example.Other"/> [usr/share/dbus-1/system.d/at-console.conf:4] diff --git a/tags/d/dbus-policy-in-etc.tag b/tags/d/dbus-policy-in-etc.tag new file mode 100644 index 000000000..b126f877b --- /dev/null +++ b/tags/d/dbus-policy-in-etc.tag @@ -0,0 +1,16 @@ +Tag: dbus-policy-in-etc +Severity: warning +Check: desktop/dbus +Explanation: The package contains D-Bus policy configuration and installs it + under <code>/etc/dbus-1/system.d</code> or + <code>/etc/dbus-1/session.d</code>. These directories are reserved for + local configuration, which overrides the default policies in + <code>/usr</code>. + . + The correct directory for system bus policy installed by packages is + <code>/usr/share/dbus-1/system.d</code>. + . + The correct directory for session bus policy installed by packages + (not usually needed) is <code>/usr/share/dbus-1/session.d</code>. +See-Also: + dbus-daemon(1) -- 2.35.1