From 5d593ccbf2e413c47dc16b7ba3a3fd8c3cef4b41 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 10:41:08 -0900 Subject: [PATCH 01/27] Fixes for plusdeck service --- systemd/plusdeck.service | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/systemd/plusdeck.service b/systemd/plusdeck.service index 7d53be5..b67268c 100644 --- a/systemd/plusdeck.service +++ b/systemd/plusdeck.service @@ -1,5 +1,7 @@ [Unit] Description=Plus Deck 2C PC Cassette Deck +Requires=dbus.socket +After=dbus.socket [Service] Type=dbus @@ -7,3 +9,5 @@ BusName=org.jfhbrook.plusdeck ExecStart=/usr/bin/plusdeckd Restart=on-failure +[Install] +WantedBy=multi-user.target From 92598e5623c4e7cc0c2c9bb6e2516fbf951b7ef4 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 10:44:10 -0900 Subject: [PATCH 02/27] plusdeck systemd policy --- plusdeck.spec.tmpl | 2 ++ systemd/org.jfhbrook.plusdeck.conf | 5 +++++ 2 files changed, 7 insertions(+) create mode 100644 systemd/org.jfhbrook.plusdeck.conf diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index 75c9bf2..5e2274d 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -24,6 +24,7 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service +install -p -D -m 0644 systemd/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %check @@ -31,6 +32,7 @@ install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/system %files %{_prefix}/lib/systemd/system/plusdeck.service +%{_prefix}/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %changelog {{ .Env.CHANGELOG }} diff --git a/systemd/org.jfhbrook.plusdeck.conf b/systemd/org.jfhbrook.plusdeck.conf new file mode 100644 index 0000000..26a6c7b --- /dev/null +++ b/systemd/org.jfhbrook.plusdeck.conf @@ -0,0 +1,5 @@ + + + + + From 6bc680d35a5d308515c2e9be11cd28a41324565c Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 10:49:17 -0900 Subject: [PATCH 03/27] just install-service --- justfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/justfile b/justfile index d560cec..fdcb6c3 100644 --- a/justfile +++ b/justfile @@ -104,6 +104,11 @@ tox: clean-tox: rm -rf .tox +# Install systemd service files for development purposes +install-service: + sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service + sudo install -p -D -m 0644 systemd/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf + # # Shell and console # @@ -130,10 +135,6 @@ build-docs: # Package publishing # -# -# Package publishing -# - # Build the package build: uv build From f264ab9320ce0d583e3514c0a4fbafba3bd17d11 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 10:53:08 -0900 Subject: [PATCH 04/27] Fix file path --- plusdeck.spec.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index 5e2274d..96037ce 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -32,7 +32,7 @@ install -p -D -m 0644 systemd/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/or %files %{_prefix}/lib/systemd/system/plusdeck.service -%{_prefix}/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %changelog {{ .Env.CHANGELOG }} From cd9667f71286f2a9a32703fbd41dc3c6a770e4b8 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 16:15:08 -0900 Subject: [PATCH 05/27] Use tomllib --- scripts/release-version.py | 6 +++--- scripts/version.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/release-version.py b/scripts/release-version.py index 82568b4..91e1127 100755 --- a/scripts/release-version.py +++ b/scripts/release-version.py @@ -1,8 +1,8 @@ #!/usr/bin/env python -import toml +import tomllib -with open("pyproject.toml", "r") as f: - project = toml.load(f) +with open("pyproject.toml", "rb") as f: + project = tomllib.load(f) print(project["tool"]["rpm"]["release"]) diff --git a/scripts/version.py b/scripts/version.py index 218040c..dba81e8 100755 --- a/scripts/version.py +++ b/scripts/version.py @@ -1,8 +1,8 @@ #!/usr/bin/env python -import toml +import tomllib -with open("pyproject.toml", "r") as f: - project = toml.load(f) +with open("pyproject.toml", "rb") as f: + project = tomllib.load(f) print(project["project"]["version"]) From d445878cba74e525f1b1fd81dbc4437a875ab1b5 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 17:41:23 -0900 Subject: [PATCH 06/27] Connect to system bus --- plusdeck/dbus/client.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/plusdeck/dbus/client.py b/plusdeck/dbus/client.py index 4ffe02a..16426cf 100644 --- a/plusdeck/dbus/client.py +++ b/plusdeck/dbus/client.py @@ -12,6 +12,7 @@ from unittest.mock import Mock import click +from sdbus import sd_bus_open_system, sd_bus_open_user, SdBus from plusdeck.cli import async_command, AsyncCommand, echo, LogLevel, OutputMode, STATE from plusdeck.client import State @@ -27,12 +28,12 @@ class DbusClient(DbusInterface): A DBus client for the Plus Deck 2C PC Cassette Deck. """ - def __init__(self: Self) -> None: + def __init__(self: Self, bus: Optional[SdBus] = None) -> None: client = Mock(name="client", side_effect=NotImplementedError("client")) self.subscribe = Mock(name="client.subscribe") super().__init__("", client) - cast(Any, self)._proxify(DBUS_NAME, "/") + cast(Any, self)._proxify(DBUS_NAME, "/", bus=bus) async def staged_config(self: Self) -> StagedConfig: """ @@ -54,6 +55,7 @@ class Obj: client: DbusClient log_level: LogLevel output: OutputMode + user: bool def pass_config(fn: AsyncCommand) -> AsyncCommand: @@ -146,11 +148,12 @@ def warn_dirty() -> None: default="text", help="Output either human-friendly text or JSON", ) +@click.option( + "--user/--no-user", type=bool, default=False, help="Connect to the user bus" +) @click.pass_context def main( - ctx: click.Context, - log_level: LogLevel, - output: OutputMode, + ctx: click.Context, log_level: LogLevel, output: OutputMode, user: bool ) -> None: """ Control your Plus Deck 2C Cassette Drive through dbus. @@ -162,8 +165,9 @@ def main( echo.mode = output async def load() -> None: - client = DbusClient() - ctx.obj = Obj(client=client, log_level=log_level, output=output) + bus: SdBus = sd_bus_open_user() if user else sd_bus_open_system() + client = DbusClient(bus) + ctx.obj = Obj(client=client, log_level=log_level, output=output, user=user) asyncio.run(load()) From f912fd2ce937fe6021b9d50941d8993f0d014efb Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 17:50:07 -0900 Subject: [PATCH 07/27] Hacking on policy --- systemd/org.jfhbrook.plusdeck.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/systemd/org.jfhbrook.plusdeck.conf b/systemd/org.jfhbrook.plusdeck.conf index 26a6c7b..82954d8 100644 --- a/systemd/org.jfhbrook.plusdeck.conf +++ b/systemd/org.jfhbrook.plusdeck.conf @@ -1,5 +1,14 @@ + + + + + + + From 0daa976bbe01f8f78e1930d22f4a4e105ceec607 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:09:29 -0900 Subject: [PATCH 08/27] Trying some more stuff --- systemd/org.jfhbrook.plusdeck.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd/org.jfhbrook.plusdeck.conf b/systemd/org.jfhbrook.plusdeck.conf index 82954d8..6296abd 100644 --- a/systemd/org.jfhbrook.plusdeck.conf +++ b/systemd/org.jfhbrook.plusdeck.conf @@ -9,6 +9,7 @@ - + + From 61095f60a3a5aa0656e292c40f25b0f3e34c6a46 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:11:51 -0900 Subject: [PATCH 09/27] This works for root lmao --- systemd/org.jfhbrook.plusdeck.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/systemd/org.jfhbrook.plusdeck.conf b/systemd/org.jfhbrook.plusdeck.conf index 6296abd..7328f1d 100644 --- a/systemd/org.jfhbrook.plusdeck.conf +++ b/systemd/org.jfhbrook.plusdeck.conf @@ -9,7 +9,7 @@ - - + + From c104576926f2ad34db7fe4f380b129c47d8e7b88 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:13:54 -0900 Subject: [PATCH 10/27] Move policy to better folder --- {systemd => dbus}/org.jfhbrook.plusdeck.conf | 0 justfile | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename {systemd => dbus}/org.jfhbrook.plusdeck.conf (100%) diff --git a/systemd/org.jfhbrook.plusdeck.conf b/dbus/org.jfhbrook.plusdeck.conf similarity index 100% rename from systemd/org.jfhbrook.plusdeck.conf rename to dbus/org.jfhbrook.plusdeck.conf diff --git a/justfile b/justfile index fdcb6c3..6339409 100644 --- a/justfile +++ b/justfile @@ -107,7 +107,7 @@ clean-tox: # Install systemd service files for development purposes install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service - sudo install -p -D -m 0644 systemd/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf + sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf # # Shell and console From afd16f19b5032e24f146a0115d6d255be363ab96 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:14:45 -0900 Subject: [PATCH 11/27] Require python-sdbus package --- plusdeck.spec.tmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index 96037ce..e184a08 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -9,6 +9,7 @@ Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: python-plusdeck +Requires: python-sdbus %description @@ -24,7 +25,7 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service -install -p -D -m 0644 systemd/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %check From f02e19997c5a4f8f09a49f65e55c80dba0234e3e Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:15:17 -0900 Subject: [PATCH 12/27] Regenerate spec --- plusdeck.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plusdeck.spec b/plusdeck.spec index 1154411..cd18778 100644 --- a/plusdeck.spec +++ b/plusdeck.spec @@ -9,6 +9,7 @@ Source0: %{name}-%{version}.tar.gz BuildArch: noarch Requires: python-plusdeck +Requires: python-sdbus %description @@ -24,6 +25,7 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %check @@ -31,6 +33,7 @@ install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/system %files %{_prefix}/lib/systemd/system/plusdeck.service +/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf %changelog * Thu Feb 06 2025 Josh Holbrook 3.0.0-3 From 8c569f063134c297ca05a9dc958c41cafa15155c Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Thu, 6 Feb 2025 18:16:35 -0900 Subject: [PATCH 13/27] Predicting a 4.0 release --- CHANGELOG.md | 5 +++++ pyproject.toml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa83a58..3e811a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +2025/02/06 Version 4.0.0-1 +-------------------------- +- `plusdeckctl` connects to the system bus by default +- `plusdeckctl --user` will connect to the user bus + 2025/02/04 Version 3.0.0-3 -------------------------- - Fix install path of systemd unit diff --git a/pyproject.toml b/pyproject.toml index 9a1c358..b7fc945 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,11 +5,11 @@ build-backend = "setuptools.build_meta" [tool.rpm] # Generally this is "1", but can be incremented to roll up bugfixes in the # top-level `plusdeck` Fedora package. -release = "3" +release = "1" [project] name = "plusdeck" -version = "3.0.0" +version = "4.0.0" authors = [ {name = "Josh Holbrook", email = "josh.holbrook@gmail.com"} ] From c089977da336c990ca92ca144c3c570a689fce7f Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Fri, 7 Feb 2025 09:51:00 -0900 Subject: [PATCH 14/27] dbus service loads config file based on user --- CHANGELOG.md | 1 + plusdeck/dbus/client.py | 2 +- plusdeck/dbus/interface.py | 4 ++-- plusdeck/dbus/service.py | 29 ++++++++++++++++++++++++----- 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e811a7..db389dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ -------------------------- - `plusdeckctl` connects to the system bus by default - `plusdeckctl --user` will connect to the user bus +- `plusdeckd` loads local config by default unless run as root 2025/02/04 Version 3.0.0-3 -------------------------- diff --git a/plusdeck/dbus/client.py b/plusdeck/dbus/client.py index 16426cf..a199e4b 100644 --- a/plusdeck/dbus/client.py +++ b/plusdeck/dbus/client.py @@ -31,7 +31,7 @@ class DbusClient(DbusInterface): def __init__(self: Self, bus: Optional[SdBus] = None) -> None: client = Mock(name="client", side_effect=NotImplementedError("client")) self.subscribe = Mock(name="client.subscribe") - super().__init__("", client) + super().__init__(client) cast(Any, self)._proxify(DBUS_NAME, "/", bus=bus) diff --git a/plusdeck/dbus/interface.py b/plusdeck/dbus/interface.py index f541faf..bacc607 100644 --- a/plusdeck/dbus/interface.py +++ b/plusdeck/dbus/interface.py @@ -18,7 +18,7 @@ DBUS_NAME = "org.jfhbrook.plusdeck" -async def load_client(config_file: str) -> Client: +async def load_client(config_file: Optional[str]) -> Client: config: Config = Config.from_file(config_file) client = await create_connection(config.port) @@ -33,7 +33,7 @@ class DbusInterface( # type: ignore A DBus interface for controlling the Plus Deck 2C PC Cassette Deck. """ - def __init__(self: Self, config_file: str, client: Client) -> None: + def __init__(self: Self, client: Client, config_file: Optional[str] = None) -> None: super().__init__() self._config: Config = Config.from_file(config_file) self.client: Client = client diff --git a/plusdeck/dbus/service.py b/plusdeck/dbus/service.py index 8dc917b..8a5dcc2 100644 --- a/plusdeck/dbus/service.py +++ b/plusdeck/dbus/service.py @@ -1,5 +1,7 @@ import asyncio import logging +import os +from typing import Optional import click from sdbus import ( # pyright: ignore [reportMissingModuleSource] @@ -13,13 +15,13 @@ logger = logging.getLogger(__name__) -async def service(config_file: str) -> DbusInterface: +async def service(config_file: Optional[str] = None) -> DbusInterface: """ Create a configure DBus service with a supplied config file. """ client = await load_client(config_file) - iface = DbusInterface(config_file, client) + iface = DbusInterface(client, config_file=config_file) logger.debug(f"Requesting bus name {DBUS_NAME}...") await request_default_bus_name_async(DBUS_NAME) @@ -33,7 +35,7 @@ async def service(config_file: str) -> DbusInterface: return iface -async def serve(config_file: str) -> None: +async def serve(config_file: Optional[str] = None) -> None: """ Create and serve configure DBus service with a supplied config file. """ @@ -44,6 +46,13 @@ async def serve(config_file: str) -> None: @click.command +@click.option( + "--global/--no-global", + "global_", + default=os.geteuid() == 0, + help=f"Load the global config file at {GLOBAL_FILE} " + "(default true when called with sudo)", +) @click.option( "--config-file", "-C", @@ -58,14 +67,24 @@ async def serve(config_file: str) -> None: default="INFO", help="Set the log level", ) -def main(config_file: str, log_level: LogLevel) -> None: +def main(global_: bool, config_file: str, log_level: LogLevel) -> None: """ Expose the Plus Deck 2C PC Cassette Deck as a DBus service. """ logging.basicConfig(level=getattr(logging, log_level)) - asyncio.run(serve(config_file)) + file = None + if config_file: + if global_: + logger.debug( + "--config-file is specified, so --global flag will be ignored." + ) + file = config_file + elif global_: + file = GLOBAL_FILE + + asyncio.run(serve(file)) if __name__ == "__main__": From 016ec6a5f29f5c91e035fd3cff997a7a734a4a85 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Fri, 7 Feb 2025 13:34:21 -0900 Subject: [PATCH 15/27] Update uv.lock --- uv.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uv.lock b/uv.lock index 32233ed..c4601c7 100644 --- a/uv.lock +++ b/uv.lock @@ -1415,7 +1415,7 @@ wheels = [ [[package]] name = "plusdeck" -version = "3.0.0" +version = "4.0.0" source = { editable = "." } dependencies = [ { name = "click" }, From 574fb344ee346e7b0e58b8724a2fc09f9ce8e13d Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Fri, 7 Feb 2025 16:59:37 -0900 Subject: [PATCH 16/27] This configuration works for root --- dbus/org.jfhbrook.plusdeck.conf | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/dbus/org.jfhbrook.plusdeck.conf b/dbus/org.jfhbrook.plusdeck.conf index 7328f1d..4eb51d5 100644 --- a/dbus/org.jfhbrook.plusdeck.conf +++ b/dbus/org.jfhbrook.plusdeck.conf @@ -1,15 +1,18 @@ + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + + + - - - + + + From 4febc1f291280ec52c6c7bac0b93a22125a85057 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Fri, 7 Feb 2025 17:34:20 -0900 Subject: [PATCH 17/27] just service-logs --- justfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/justfile b/justfile index 6339409..64dea59 100644 --- a/justfile +++ b/justfile @@ -109,6 +109,9 @@ install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +service-logs: + journalctl -xeu plusdeck.service + # # Shell and console # From 57f4931ab69f3fe1a598b343186d68b0e67b6106 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 10:13:30 -0900 Subject: [PATCH 18/27] Put the dbus policy in its right place --- justfile | 2 +- plusdeck.spec | 8 ++++---- plusdeck.spec.tmpl | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/justfile b/justfile index 64dea59..c06049c 100644 --- a/justfile +++ b/justfile @@ -107,7 +107,7 @@ clean-tox: # Install systemd service files for development purposes install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service - sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf + sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /usr/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf service-logs: journalctl -xeu plusdeck.service diff --git a/plusdeck.spec b/plusdeck.spec index cd18778..e82a97b 100644 --- a/plusdeck.spec +++ b/plusdeck.spec @@ -1,6 +1,6 @@ Name: plusdeck -Version: 3.0.0 -Release: 3 +Version: 4.0.0 +Release: 1 License: MPL-2.0 Summary: Serial client and Linux service for Plus Deck 2C PC Cassette Deck @@ -25,7 +25,7 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service -install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf %check @@ -33,7 +33,7 @@ install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.j %files %{_prefix}/lib/systemd/system/plusdeck.service -/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf %changelog * Thu Feb 06 2025 Josh Holbrook 3.0.0-3 diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index e184a08..ecb46ec 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -25,7 +25,7 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service -install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf %check @@ -33,7 +33,7 @@ install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /etc/dbus-1/system.d/org.j %files %{_prefix}/lib/systemd/system/plusdeck.service -/etc/dbus-1/system.d/org.jfhbrook.plusdeck.conf +%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf %changelog {{ .Env.CHANGELOG }} From 0986849f706db2771f7e8ac4ffd907f0529d6342 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 10:15:17 -0900 Subject: [PATCH 19/27] Update CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index db389dd..c487432 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,12 @@ - `plusdeckctl` connects to the system bus by default - `plusdeckctl --user` will connect to the user bus - `plusdeckd` loads local config by default unless run as root +- systemd unit fixes + - Requires `dbus.socket`, starts after `dbus.socket` + - Wanted by `multiuser.target` +- dbus access policy + - Ownership and allowed destination for root + - Allowed destination for `plusdeck` user 2025/02/04 Version 3.0.0-3 -------------------------- From 8202b3fc34bb2eb3c0dfb2a0a145c3e0b743710f Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 10:33:56 -0900 Subject: [PATCH 20/27] Update dbus documentation --- docs/dbus.md | 102 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 87 insertions(+), 15 deletions(-) diff --git a/docs/dbus.md b/docs/dbus.md index c18277b..92726b5 100644 --- a/docs/dbus.md +++ b/docs/dbus.md @@ -4,26 +4,18 @@ The `plusdeck` library includes a DBus service and client. This service allows f For information on the API, visit [the API docs for `plusdeck.dbus`](./api/plusdeck.dbus.md). -## plusdeckd +## Starting the Dbus Service -The DBus service can be launched using `plusdeckd`: +`plusdeck` ships with a systemd unit that configures the service as a Dbus service. To set up the service, run: ```sh -$ plusdeckd --help -Usage: plusdeckd [OPTIONS] - - Expose the Plus Deck 2C PC Cassette Deck as a DBus service. - -Options: - -C, --config-file PATH A path to a config file - --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL] - Set the log level - --help Show this message and exit. +sudo systemctl enable plusdeck +sudo systemctl start plusdeck # optional ``` -In most cases, this can be called without arguments. By default, `plusdeckd` will use the global config file at `/etc/plusdeck.yml`. +This unit will start on the `system` bus, under the root user. -## plusdeckctl +## Running `plusdeckctl` Assuming `plusdeckd` is running, you may interact with the service using `plusdeckctl`: @@ -37,6 +29,7 @@ Options: --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL] Set the log level --output [text|json] Output either human-friendly text or JSON + --user / --no-user Connect to the user bus --help Show this message and exit. Commands: @@ -47,8 +40,87 @@ Commands: pause Pause the tape play Play a tape rewind Rewind a tape + state Get the current state stop Stop the tape subscribe Subscribe to state changes ``` -The interface is *very* similar to the vanilla `plusdeck` CLI. Note, however, that the config commands are slightly different. `plusdeckd` doesn't watch or reload the configuration in-place, so `plusdeckctl` will instead show the drift between the relevant config file and the loaded configuration. To synchronize the configuration, restart `plusdeckd` - if running under systemd, this will be `systemctl restart plusdeck` or similar. +The interface is similar to the vanilla `plusdeck` CLI. However, there are a few differences: + +1. By default, `plusdeckctl` will connect to the `system` bus. To connect to the local bus, set the `--user` flag. +2. Configuration commands do not reload `plusdeckctl`'s configuration. Instead, they will update the relevant config file, and show the differences between the file config and the service's loaded config. +3. If the config file isn't owned by the user, `plusdeckctl` will attempt to run editing commands with `sudo`. + +## Bus Access Policies + +**NOTE: Full access for `plusdeck` group access is an area of active development. This feature may not work, particularly on Fedora.** To follow along, view [this StackExchange post](https://unix.stackexchange.com/questions/790750/dbus-policy-that-allows-group-to-access-system-service). and this [Fedora discussion post](https://discussion.fedoraproject.org/t/dbus-policy-that-allows-group-to-access-system-service/144265). + +When running services under the `system` bus, care must be taken to manage access policies. Dbus does this primarily with [an XML-based policy language](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), though SELinux and Polkit may be involved as well. + +By default, Dbus is configured with the following policies: + +* The root user may own the bus, and send and receive messages from `org.jfhbrook.plusdeck` +* Users in the `plusdeck` Unix group may additionally send and receive messages from `org.jfhbrook.plusdeck` + +This means that, if the service is running, `sudo plusdeckctl` commands should always work; and that if your user is in the `plusdeck` Unix group, `plusdeckctl` commands should also work. You can create this group and add yourself to it by running: + +```bash +sudo groupadd plusdeck +sudo usermod -a -G plusdeck "${USER}" +``` + +### SELinux + +Information on configuring SELinux to come. + +### Polkit + +Information on configuring Polkit to come. + + +## Running `plusdeckd` Directly + +The DBus service can be launched directly using `plusdeckd`: + +```sh +$ plusdeckd --help +Usage: plusdeckd [OPTIONS] + + Expose the Plus Deck 2C PC Cassette Deck as a DBus service. + +Options: + -C, --config-file PATH A path to a config file + --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL] + Set the log level + --help Show this message and exit. +``` + +In most cases, this can be called without arguments. By default, `plusdeckd` will listen on the `system` bus and load the global config file (`/etc/plusdeck.yml`) if launched as root; and otherwise listen on the `user` bus and load the user's config file (`~/.config/plusdeck.yml`). + +## Debugging Dbus + +### Default Dbus Configuration + +The default Dbus configuration is at `/usr/share/dbus-1/system.conf`. It may be useful to refer to this file when trying to understand what default access policies are being applied. + +### Monitoring Dbus + +The best tool for debugging Dbus seems to be [dbus-monitor](https://dbus.freedesktop.org/doc/dbus-monitor.1.html). To follow system bus messages, run: + +```sh +sudo dbus-monitor --system +``` + +### Debugging SELinux + +You should be able to see access denials due to SELinux by running either: + +```sh +sudo ausearch -ts recent +``` + +or: + +```sh +sudo tail -f /var/log/audit/audit.log +``` From cd32b52b3ba86cc27c32ba82dce2a52ae5f91682 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 10:39:47 -0900 Subject: [PATCH 21/27] Nascent script to generate dbus interface docs --- scripts/generate-dbus-iface-docs.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 scripts/generate-dbus-iface-docs.sh diff --git a/scripts/generate-dbus-iface-docs.sh b/scripts/generate-dbus-iface-docs.sh new file mode 100755 index 0000000..9df5c3f --- /dev/null +++ b/scripts/generate-dbus-iface-docs.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +dbus-send --system --dest=org.jfhbrook.plusdeck --print-reply "/" org.freedesktop.DBus.Introspectable.Introspect From af513780efb2154438a1bdddbf7cb5350baecd65 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 10:55:25 -0900 Subject: [PATCH 22/27] Script to fetch the dbus iface --- docs/dbus.md | 16 ++++++++++++++++ justfile | 5 +++++ scripts/generate-dbus-iface-docs.sh | 3 --- scripts/get-dbus-iface.sh | 11 +++++++++++ 4 files changed, 32 insertions(+), 3 deletions(-) delete mode 100755 scripts/generate-dbus-iface-docs.sh create mode 100755 scripts/get-dbus-iface.sh diff --git a/docs/dbus.md b/docs/dbus.md index 92726b5..056b2ae 100644 --- a/docs/dbus.md +++ b/docs/dbus.md @@ -111,6 +111,22 @@ The best tool for debugging Dbus seems to be [dbus-monitor](https://dbus.freedes sudo dbus-monitor --system ``` +### Viewing Dbus Logs + +You can review recent logs by checking the status of the `dbus` unit: + +```sh +sudo systemctl status dbus +``` + +### Viewing the Dbus Interface + +I have a just task for that: + +```sh +just get-dbus-iface +``` + ### Debugging SELinux You should be able to see access denials due to SELinux by running either: diff --git a/justfile b/justfile index c06049c..e192faa 100644 --- a/justfile +++ b/justfile @@ -109,9 +109,14 @@ install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /usr/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +# Pull the plusdeck service's logs with journalctl service-logs: journalctl -xeu plusdeck.service +# Fetch the dbus interface for the live service from dbus +get-dbus-iface: + ./scripts/get-dbus-iface.sh + # # Shell and console # diff --git a/scripts/generate-dbus-iface-docs.sh b/scripts/generate-dbus-iface-docs.sh deleted file mode 100755 index 9df5c3f..0000000 --- a/scripts/generate-dbus-iface-docs.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -dbus-send --system --dest=org.jfhbrook.plusdeck --print-reply "/" org.freedesktop.DBus.Introspectable.Introspect diff --git a/scripts/get-dbus-iface.sh b/scripts/get-dbus-iface.sh new file mode 100755 index 0000000..0af109f --- /dev/null +++ b/scripts/get-dbus-iface.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +function extract-response { + tail -n +2 | sed 's/^\s*string "//' | sed 's/"$//' +} + +dbus-send --system \ + --dest=org.jfhbrook.plusdeck "/" \ + --print-reply \ + org.freedesktop.DBus.Introspectable.Introspect \ + | extract-response From 442b8694d77d690f2aa5e6928af4b7a87e83664d Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 11:31:42 -0900 Subject: [PATCH 23/27] Attempt to configure polkit --- justfile | 2 ++ plusdeck.spec | 6 +++++- plusdeck.spec.tmpl | 6 +++++- polkit/org.jfhbrook.plusdeck.policy | 14 ++++++++++++++ polkit/org.jfhbrook.plusdeck.rules | 14 ++++++++++++++ 5 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 polkit/org.jfhbrook.plusdeck.policy create mode 100644 polkit/org.jfhbrook.plusdeck.rules diff --git a/justfile b/justfile index e192faa..3bed8fa 100644 --- a/justfile +++ b/justfile @@ -108,6 +108,8 @@ clean-tox: install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /usr/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf + sudo install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy /usr/share/polkit-1/actions/org.jfhbrook.plusdeck.policy + sudo install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules /usr/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules # Pull the plusdeck service's logs with journalctl service-logs: diff --git a/plusdeck.spec b/plusdeck.spec index e82a97b..dd8a5c0 100644 --- a/plusdeck.spec +++ b/plusdeck.spec @@ -25,7 +25,9 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service -install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy %{buildroot}%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy +install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %check @@ -34,6 +36,8 @@ install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/sha %files %{_prefix}/lib/systemd/system/plusdeck.service %{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy +%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %changelog * Thu Feb 06 2025 Josh Holbrook 3.0.0-3 diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index ecb46ec..2c31551 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -25,7 +25,9 @@ tar -xzf %{SOURCE0} %install mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service -install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy %{buildroot}%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy +install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %check @@ -34,6 +36,8 @@ install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}${_prefix}/sha %files %{_prefix}/lib/systemd/system/plusdeck.service %{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf +%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy +%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %changelog {{ .Env.CHANGELOG }} diff --git a/polkit/org.jfhbrook.plusdeck.policy b/polkit/org.jfhbrook.plusdeck.policy new file mode 100644 index 0000000..5efc55a --- /dev/null +++ b/polkit/org.jfhbrook.plusdeck.policy @@ -0,0 +1,14 @@ + + + + plusdeck + https://github.com/jfhbrook/plusdeck + nm-icon + + Polkit no allow eject tho + + no + yes + + + diff --git a/polkit/org.jfhbrook.plusdeck.rules b/polkit/org.jfhbrook.plusdeck.rules new file mode 100644 index 0000000..8f0f5ae --- /dev/null +++ b/polkit/org.jfhbrook.plusdeck.rules @@ -0,0 +1,14 @@ +polkit.addRule(function(action, subject) { + if ((action.id == "org.jfhbrook.plusdeck.Eject" || + action.id == "org.jfhbrook.plusdeck.FastForwardA" || + action.id == "org.jfhbrook.plusdeck.Pause" || + action.id == "org.jfhbrook.plusdeck.PlayA" || + action.id == "org.jfhbrook.plusdeck.PlayB" || + action.id == "org.jfhbrook.plusdeck.Stop" || + action.id == "org.jfhbrook.plusdeck.WaitFor") && + subject.isInGroup("plusdeck")) { + return polkit.Result.YES; + } + + return polkit.Result.NOT_HANDLED; +}); From 208028add8c2d3ef8e005b9f5148c08ca58bd410 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 12:39:00 -0900 Subject: [PATCH 24/27] Separate polkit install from service install --- justfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/justfile b/justfile index 3bed8fa..6657675 100644 --- a/justfile +++ b/justfile @@ -104,13 +104,19 @@ tox: clean-tox: rm -rf .tox -# Install systemd service files for development purposes +# Install systemd service files and dbus config for development purposes install-service: sudo install -p -D -m 0644 systemd/plusdeck.service /usr/lib/systemd/system/plusdeck.service sudo install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf /usr/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf + +install-polkit-config: sudo install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy /usr/share/polkit-1/actions/org.jfhbrook.plusdeck.policy sudo install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules /usr/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules +remove-polkit-config: + sudo rm -f /usr/share/polkit-1/actions/org.jfhbrook.plusdeck.policy + sudo rm -f /usr/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules + # Pull the plusdeck service's logs with journalctl service-logs: journalctl -xeu plusdeck.service From b7637ca499c92011cf3a00d2ed0cd6f7ea919cdb Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 12:39:10 -0900 Subject: [PATCH 25/27] Update to polkit files --- polkit/org.jfhbrook.plusdeck.policy | 4 ++-- polkit/org.jfhbrook.plusdeck.rules | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/polkit/org.jfhbrook.plusdeck.policy b/polkit/org.jfhbrook.plusdeck.policy index 5efc55a..75bf3df 100644 --- a/polkit/org.jfhbrook.plusdeck.policy +++ b/polkit/org.jfhbrook.plusdeck.policy @@ -3,11 +3,11 @@ plusdeck https://github.com/jfhbrook/plusdeck - nm-icon Polkit no allow eject tho - no + yes + yes yes diff --git a/polkit/org.jfhbrook.plusdeck.rules b/polkit/org.jfhbrook.plusdeck.rules index 8f0f5ae..13865f4 100644 --- a/polkit/org.jfhbrook.plusdeck.rules +++ b/polkit/org.jfhbrook.plusdeck.rules @@ -1,14 +1,14 @@ polkit.addRule(function(action, subject) { - if ((action.id == "org.jfhbrook.plusdeck.Eject" || - action.id == "org.jfhbrook.plusdeck.FastForwardA" || - action.id == "org.jfhbrook.plusdeck.Pause" || - action.id == "org.jfhbrook.plusdeck.PlayA" || - action.id == "org.jfhbrook.plusdeck.PlayB" || - action.id == "org.jfhbrook.plusdeck.Stop" || - action.id == "org.jfhbrook.plusdeck.WaitFor") && - subject.isInGroup("plusdeck")) { - return polkit.Result.YES; - } + if ((action.id == "org.jfhbrook.plusdeck.Eject" || + action.id == "org.jfhbrook.plusdeck.FastForwardA" || + action.id == "org.jfhbrook.plusdeck.Pause" || + action.id == "org.jfhbrook.plusdeck.PlayA" || + action.id == "org.jfhbrook.plusdeck.PlayB" || + action.id == "org.jfhbrook.plusdeck.Stop" || + action.id == "org.jfhbrook.plusdeck.WaitFor") && + subject.isInGroup("plusdeck")) { + return polkit.Result.YES; + } - return polkit.Result.NOT_HANDLED; + return polkit.Result.NOT_HANDLED; }); From 613cab4941fcb68240485ac46efe10403e04b51d Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 12:39:19 -0900 Subject: [PATCH 26/27] Update dbus docs --- docs/dbus.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/dbus.md b/docs/dbus.md index 056b2ae..ade95ca 100644 --- a/docs/dbus.md +++ b/docs/dbus.md @@ -51,32 +51,29 @@ The interface is similar to the vanilla `plusdeck` CLI. However, there are a few 2. Configuration commands do not reload `plusdeckctl`'s configuration. Instead, they will update the relevant config file, and show the differences between the file config and the service's loaded config. 3. If the config file isn't owned by the user, `plusdeckctl` will attempt to run editing commands with `sudo`. -## Bus Access Policies +## Dbus Access Policies -**NOTE: Full access for `plusdeck` group access is an area of active development. This feature may not work, particularly on Fedora.** To follow along, view [this StackExchange post](https://unix.stackexchange.com/questions/790750/dbus-policy-that-allows-group-to-access-system-service). and this [Fedora discussion post](https://discussion.fedoraproject.org/t/dbus-policy-that-allows-group-to-access-system-service/144265). +**NOTE: Full access for `plusdeck` group access is an area of active development. This feature does not work - at least, on Fedora.** To follow along, view [this StackExchange post](https://unix.stackexchange.com/questions/790750/dbus-policy-that-allows-group-to-access-system-service). and this [Fedora discussion post](https://discussion.fedoraproject.org/t/dbus-policy-that-allows-group-to-access-system-service/144265). -When running services under the `system` bus, care must be taken to manage access policies. Dbus does this primarily with [an XML-based policy language](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), though SELinux and Polkit may be involved as well. +When running services under the `system` bus, care must be taken to manage access policies. Dbus does this primarily with [an XML-based policy language](https://dbus.freedesktop.org/doc/dbus-daemon.1.html). Systemd additionally manages access to privileged methods, seemingly with the intent of delegating to polkit. By default, Dbus is configured with the following policies: * The root user may own the bus, and send and receive messages from `org.jfhbrook.plusdeck` * Users in the `plusdeck` Unix group may additionally send and receive messages from `org.jfhbrook.plusdeck` -This means that, if the service is running, `sudo plusdeckctl` commands should always work; and that if your user is in the `plusdeck` Unix group, `plusdeckctl` commands should also work. You can create this group and add yourself to it by running: +This means that, if the service is running, `sudo plusdeckctl` commands should always work; and that if your user is in the `plusdeck` Unix group, Dbus will allow for unprivileged `plusdeckctl` commands as well. You can create this group and add yourself to it by running: ```bash sudo groupadd plusdeck sudo usermod -a -G plusdeck "${USER}" ``` -### SELinux - -Information on configuring SELinux to come. - ### Polkit -Information on configuring Polkit to come. +**NOTE: The Polkit policies have not been shown to work at this time.** +Prototype Polkit policies/rules may be found in the `./polkit` folder. ## Running `plusdeckd` Directly @@ -129,6 +126,8 @@ just get-dbus-iface ### Debugging SELinux +While I haven't seen this to be the case, it seems theoretically possible for SELinux to block access to Dbus. + You should be able to see access denials due to SELinux by running either: ```sh From bce35609750f7b35c81161e49c121d6b55739cd0 Mon Sep 17 00:00:00 2001 From: Josh Holbrook Date: Sat, 8 Feb 2025 12:40:01 -0900 Subject: [PATCH 27/27] Remove polkit from spec --- plusdeck.spec | 5 ----- plusdeck.spec.tmpl | 5 ----- 2 files changed, 10 deletions(-) diff --git a/plusdeck.spec b/plusdeck.spec index dd8a5c0..d7c1c88 100644 --- a/plusdeck.spec +++ b/plusdeck.spec @@ -26,9 +26,6 @@ tar -xzf %{SOURCE0} mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf -install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy %{buildroot}%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy -install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules - %check @@ -36,8 +33,6 @@ install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/ %files %{_prefix}/lib/systemd/system/plusdeck.service %{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf -%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy -%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %changelog * Thu Feb 06 2025 Josh Holbrook 3.0.0-3 diff --git a/plusdeck.spec.tmpl b/plusdeck.spec.tmpl index 2c31551..0ccbdfb 100644 --- a/plusdeck.spec.tmpl +++ b/plusdeck.spec.tmpl @@ -26,9 +26,6 @@ tar -xzf %{SOURCE0} mkdir -p %{buildroot}%{_prefix}/lib/systemd/system install -p -D -m 0644 systemd/plusdeck.service %{buildroot}%{_prefix}/lib/systemd/system/plusdeck.service install -p -D -m 0644 dbus/org.jfhbrook.plusdeck.conf %{buildroot}%{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf -install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.policy %{buildroot}%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy -install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules - %check @@ -36,8 +33,6 @@ install -p -D -m 0644 polkit/org.jfhbrook.plusdeck.rules %{buildroot}%{_prefix}/ %files %{_prefix}/lib/systemd/system/plusdeck.service %{_prefix}/share/dbus-1/system.d/org.jfhbrook.plusdeck.conf -%{_prefix}/share/polkit-1/actions/org.jfhbrook.plusdeck.policy -%{_prefix}/share/polkit-1/rules.d/org.jfhbrook.plusdeck.rules %changelog {{ .Env.CHANGELOG }}