From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1337330-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id B4E67158086
	for <garchives@archives.gentoo.org>; Sun,  7 Nov 2021 05:27:33 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id F2FED2BC0E9;
	Sun,  7 Nov 2021 05:27:30 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id C5D282BC0E9
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Nov 2021 05:27:30 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id DA0E7343174
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Nov 2021 05:27:29 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 100A81BA
	for <gentoo-commits@lists.gentoo.org>; Sun,  7 Nov 2021 05:27:27 +0000 (UTC)
From: "Georgy Yakovlev" <gyakovlev@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Georgy Yakovlev" <gyakovlev@gentoo.org>
Message-ID: <1636262772.c897165ab00b566f2a21db3bb1d8da0fee67bfc8.gyakovlev@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/systemd/files/00-hostnamed-network-user.conf sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf sys-apps/systemd/metadata.xml sys-apps/systemd/systemd-9999.ebuild
X-VCS-Directories: sys-apps/systemd/files/ sys-apps/systemd/
X-VCS-Committer: gyakovlev
X-VCS-Committer-Name: Georgy Yakovlev
X-VCS-Revision: c897165ab00b566f2a21db3bb1d8da0fee67bfc8
X-VCS-Branch: master
Date: Sun,  7 Nov 2021 05:27:27 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 7468003a-0b1a-4911-85ee-8a9d71ff97cf
X-Archives-Hash: 50c5eaff85d6c736c22460b948a7fd75

commit:     c897165ab00b566f2a21db3bb1d8da0fee67bfc8
Author:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  1 23:33:10 2021 +0000
Commit:     Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org>
CommitDate: Sun Nov  7 05:26:12 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c897165a

sys-apps/systemd: add hostnamed-fallback mode

this will allow networkd/hostnamed to properly set hostname
on systems without polkit.

while it's possible to set hostname/fqdn manually already, with fallback workaround
it will be possible to get hostnames from DHCP via networkd too without
using polkit->spidermonkey->rust->llvm chain of deps.

ideas and configs taken from yocto/oe
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=3dc37c12c17d5bb6d4701a425a4f79f6e31784ee

https://github.com/systemd/systemd/issues/13501
Closes: https://github.com/gentoo/gentoo/pull/22792
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org>

 sys-apps/systemd/files/00-hostnamed-network-user.conf   |  6 ++++++
 .../files/org.freedesktop.hostname1_no_polkit.conf      | 11 +++++++++++
 sys-apps/systemd/metadata.xml                           |  1 +
 sys-apps/systemd/systemd-9999.ebuild                    | 17 ++++++++++++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/sys-apps/systemd/files/00-hostnamed-network-user.conf b/sys-apps/systemd/files/00-hostnamed-network-user.conf
new file mode 100644
index 00000000000..6b224ba9b93
--- /dev/null
+++ b/sys-apps/systemd/files/00-hostnamed-network-user.conf
@@ -0,0 +1,6 @@
+[Service]
+# By running with these options instead of root, networkd is allowed to request
+# a hostname change via DBUS when policykit is not present
+User=systemd-network
+Group=systemd-hostname
+AmbientCapabilities=CAP_SYS_ADMIN

diff --git a/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
new file mode 100644
index 00000000000..f4d0271cdb6
--- /dev/null
+++ b/sys-apps/systemd/files/org.freedesktop.hostname1_no_polkit.conf
@@ -0,0 +1,11 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+        <policy group="systemd-hostname">
+                <allow own="org.freedesktop.hostname1"/>
+                <allow send_destination="org.freedesktop.hostname1"/>
+                <allow receive_sender="org.freedesktop.hostname1"/>
+        </policy>
+</busconfig>

diff --git a/sys-apps/systemd/metadata.xml b/sys-apps/systemd/metadata.xml
index b35d6bfbd41..cd0754d004d 100644
--- a/sys-apps/systemd/metadata.xml
+++ b/sys-apps/systemd/metadata.xml
@@ -20,6 +20,7 @@
 		<flag name="fido2">Enable FIDO2 support</flag>
 		<flag name="gcrypt">Enable sealing of journal files using gcrypt</flag>
 		<flag name="homed">Enable portable home directories</flag>
+		<flag name="hostnamed-fallback">Enable setting hostname with networkd/hostnamed without polkit (requires running <pkg>sys-apps/dbus-broker</pkg>)</flag>
 		<flag name="http">Enable embedded HTTP server in journald</flag>
 		<flag name="hwdb">Enable support for the hardware database</flag>
 		<flag name="importd">Enable import daemon</flag>

diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild
index 8348517478b..485b6498181 100644
--- a/sys-apps/systemd/systemd-9999.ebuild
+++ b/sys-apps/systemd/systemd-9999.ebuild
@@ -30,11 +30,12 @@ HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd"
 
 LICENSE="GPL-2 LGPL-2.1 MIT public-domain"
 SLOT="0/2"
-IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
+IUSE="acl apparmor audit build cgroup-hybrid cryptsetup curl dns-over-tls elfutils fido2 +gcrypt gnuefi homed hostnamed-fallback http +hwdb idn importd +kmod +lz4 lzma nat pam pcre pkcs11 policykit pwquality qrcode repart +resolvconf +seccomp selinux split-usr +sysv-utils test tpm vanilla xkb +zstd"
 
 REQUIRED_USE="
 	homed? ( cryptsetup pam )
 	importd? ( curl gcrypt lzma )
+	policykit? ( !hostnamed-fallback )
 	pwquality? ( homed )
 "
 RESTRICT="!test? ( test )"
@@ -117,6 +118,10 @@ RDEPEND="${COMMON_DEPEND}
 	>=acct-user/systemd-resolve-0-r1
 	>=acct-user/systemd-timesync-0-r1
 	>=sys-apps/baselayout-2.2
+	hostnamed-fallback? (
+		acct-group/systemd-hostname
+		sys-apps/dbus-broker
+	)
 	selinux? ( sec-policy/selinux-base-policy[systemd] )
 	sysv-utils? (
 		!sys-apps/openrc[sysv-utils(-)]
@@ -400,6 +405,16 @@ multilib_src_install_all() {
 		dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown
 	fi
 
+	# workaround for https://github.com/systemd/systemd/issues/13501
+	if use hostnamed-fallback; then
+		# this file requires dbus-broker
+		insinto /usr/share/dbus-1/system.d/
+		doins "${FILESDIR}/org.freedesktop.hostname1_no_polkit.conf"
+
+		insinto "${rootprefix}/lib/systemd/system/systemd-hostnamed.service.d/"
+		doins "${FILESDIR}/00-hostnamed-network-user.conf"
+	fi
+
 	gen_usr_ldscript -a systemd udev
 }