[PATCH] gnu: Add bolt

  • Done
  • quality assurance status badge
Details
4 participants
  • florhizome
  • Ludovic Courtès
  • Maxim Cournoyer
  • phodina
Owner
unassigned
Submitted by
florhizome
Severity
normal
F
F
florhizome wrote on 29 Nov 2022 16:32
(address . guix-patches@gnu.org)(name . florhizome)(address . florhizome@posteo.net)
5255d8ae4c2abdb44b8f1f1cbf55c344e9486c13.1669735188.git.florhizome@posteo.net
From: florhizome <florhizome@posteo.net>

Adds the bolt package with a system daemon (boltd) working over dbus and a cli tool (boltctl) to enable controlling the permissions on thunderbolt ports.
the patch is from the nix package.

* gnu/packages/patches/bolt-skip-mkdir.patch: new file
* gnu/packages/local.mk: Add patch for bolt
* gnu/packages/freedesktop.scm (bolt): new variable
---
gnu/local.mk | 1 +
gnu/packages/freedesktop.scm | 45 ++++++++++++++++++++++
gnu/packages/patches/bolt-skip-mkdir.patch | 12 ++++++
3 files changed, 58 insertions(+)
create mode 100644 gnu/packages/patches/bolt-skip-mkdir.patch

Toggle diff (95 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 7278c50e4f..937c2f0c28 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -942,6 +942,7 @@ dist_patch_DATA = \
%D%/packages/patches/binutils-CVE-2021-45078.patch \
%D%/packages/patches/bloomberg-bde-cmake-module-path.patch \
%D%/packages/patches/bloomberg-bde-tools-fix-install-path.patch \
+ %D%/packages/patches/bolt-skip-mkdir.patch \
%D%/packages/patches/bpftrace-disable-bfd-disasm.patch \
%D%/packages/patches/breezy-fix-gio.patch \
%D%/packages/patches/byobu-writable-status.patch \
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index bd47dfc45b..57f7c4b60f 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -123,6 +123,7 @@ (define-module (gnu packages freedesktop)
#:use-module (gnu packages serialization)
#:use-module (gnu packages sqlite)
#:use-module (gnu packages valgrind)
+ #:use-module (gnu packages version-control)
#:use-module (gnu packages video)
#:use-module (gnu packages w3m)
#:use-module (gnu packages web)
@@ -886,6 +887,50 @@ (define-public basu
This library provides just sd-bus (and the busctl utility).")
(license license:lgpl2.1+)))
+
+(define-public bolt
+ (package
+ (name "bolt")
+ (version "0.9.4")
+ (source
+ (origin
+ (method git-fetch)
+ (uri
+ (git-reference
+ (url "https://gitlab.freedesktop.org/bolt/bolt")
+ (commit version)))
+ (sha256
+ (base32 "0w66shv7ra8yrhr0byifahbq25wi8qfsm3rifz0j31l7cmnys3js"))
+ (patches
+ (search-patches "bolt-skip-mkdir.patch"))))
+ (build-system meson-build-system)
+ (arguments
+ (list #:configure-flags #~(list "-Dsystemd=false")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-before 'configure 'set-useful-envvars
+ (lambda _
+ (setenv "PKEXEC_UID" "-1")
+ (setenv "PKG_CONFIG_UDEV_UDEVDIR"
+ (string-append #$output "/lib/udev")))))))
+ (native-inputs
+ (list asciidoc
+ dbus ;for tests
+ git-minimal
+ (list glib "bin")
+ gobject-introspection
+ pkg-config
+ python
+ umockdev))
+ (inputs
+ (list eudev glib polkit))
+ (home-page "https://gitlab.freedesktop.org/bolt/bolt")
+ (synopsis "Manage security levels for Thunderbolt™ on GNU/Linux®")
+ (description "This package includes the boltd daemon and the boltctl
+ commandline interface to manage security levels of thunderbolt and usb4
+ devices.")
+ (license license:expat)))
+
(define-public localed
;; XXX: This package is extracted from systemd but we retain so little of it
;; that it would make more sense to maintain a fork of the bits we need.
diff --git a/gnu/packages/patches/bolt-skip-mkdir.patch b/gnu/packages/patches/bolt-skip-mkdir.patch
new file mode 100644
index 0000000000..0853bcea91
--- /dev/null
+++ b/gnu/packages/patches/bolt-skip-mkdir.patch
@@ -0,0 +1,12 @@
+diff --git a/scripts/meson-install.sh b/scripts/meson-install.sh
+index 859ae81..05a1c58 100644
+--- a/scripts/meson-install.sh
++++ b/scripts/meson-install.sh
+@@ -7,5 +7,5 @@ fi
+
+ BOLT_DBDIR=$1
+
+-echo "Creating database dir: ${BOLT_DBDIR}"
+-mkdir -p "${DESTDIR}/${BOLT_DBDIR}"
++# echo "Creating database dir: ${BOLT_DBDIR}"
++# mkdir -p "${DESTDIR}/${BOLT_DBDIR}"
--
2.38.1
P
L
L
Ludovic Courtès wrote on 14 Dec 2022 12:24
Re: bug#59683: [PATCH] gnu: Add bolt
(name . phodina)(address . phodina@protonmail.com)
87zgbqrzxf.fsf_-_@gnu.org
Hi,

phodina <phodina@protonmail.com> skribis:

Toggle quote (4 lines)
> I've already attempted to get bolt merged some time ago.
>
> See [https://issues.guix.gnu.org/49578](https://issues.guix.gnu.org/49578#11)----

Oops, thanks for the heads-up! I’ve now appplied it.

florhizome, please let us know if you can think of changes to make?

Thanks,
Ludo’.
F
F
Florian wrote on 20 Dec 2022 18:04
(name . 59683@debbugs.gnu.org)(address . 59683@debbugs.gnu.org)
87y1r2m2fy.fsf@posteo.net
phodina <phodina@protonmail.com> skribis:
Toggle quote (3 lines)
>> I've already attempted to get bolt merged some time ago.
>>
>> See [https://issues.guix.gnu.org/49578](https://issues.guix.gnu.org/49578#11)----
Ludovic Courtès <ludo@gnu.org> wrote:
Toggle quote (6 lines)
> Oops, thanks for the heads-up! I’ve now appplied it.
>
> florhizome, please let us know if you can think of changes to make?
>
> Thanks,
> Ludo’.
I think using the envvar for correcting the udev dependency is a bit
cleaner but nothing more serious then that, I think ;)
Cheers
P
P
phodina wrote on 20 Dec 2022 21:51
(name . Florian)(address . florhizome@posteo.net)
jI9EAfYg5RiNAMU10wE9DdvQs3NbO-I_5Mv1f8xZUgOLdCSXjN8WdTa4eVRzb1QIoJkz1nO1FY0RwvWS8NGd4uZjUvwIY9QuRzcruoWVIwY=@protonmail.com
I've tried to simplify the service.

However, for some reason the client boltctl does not work. It is restarted under different PID and the service does not fail.

$ boltctl list
boltctl: error: could not create client: Error calling StartServiceByName for org.freedesktop.bolt: Failed to activate service 'org.freedesktop.bolt': timed out (service_start_timeout=25000ms)

$ ps aux | grep boltd
root 20923 0.0 0.0 230592 6744 ? Dsl 21:24 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
pethod 20935 0.0 0.0 6528 1864 pts/6 S+ 21:24 0:00 grep --color=auto boltd
$ ps aux | grep boltd
root 22821 0.0 0.0 230592 6492 ? Ssl 21:33 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
pethod 22979 0.0 0.0 6516 1988 pts/6 S+ 21:33 0:00 grep --color=auto boltd
$ ps aux | grep boltd
root 22980 0.0 0.0 230592 8672 ? Dsl 21:33 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
pethod 23102 0.0 0.0 6504 1988 pts/6 S+ 21:33 0:00 grep --color=auto boltd

$ ls /var/log/bolt*
ls: cannot access '/var/log/bolt*': No such file or directory

Here's a standalone file which I currently use for testing, will put it back to Guix repo.

Second attached file is the daemon running by launching it manually. For some reason it stops.

I'll also add the paragraph with description.

Also the service has to run with higher priviledges [1].

As this service reuqires HW does it make sense to write test? Maybe to check if it is launched, right?


----
Petr
;;; GNU Guix --- Functional package management for GNU ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (bolt) #:use-module (gnu services) #:use-module (gnu services base) #:use-module (gnu services configuration) #:use-module (gnu services linux) #:use-module (gnu services shepherd) #:use-module (gnu services dbus) #:use-module (gnu services admin) #:use-module (gnu system shadow) #:use-module (gnu system pam) #:use-module ((gnu system file-systems) #:select (file-system-mapping)) #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages cluster) #:use-module (gnu packages connman) #:use-module (gnu packages freedesktop) #:use-module (gnu packages linux) #:use-module (gnu packages firmware) #:use-module (nongnu packages firmware) #:use-module (gnu packages tor) #:use-module (gnu packages usb-modeswitch) #:use-module (gnu packages messaging) #:use-module (gnu packages networking) #:use-module (gnu packages ntp) #:use-module (gnu packages gnome) #:use-module (gnu packages ipfs) #:use-module (gnu build linux-container) #:use-module (guix gexp) #:use-module (guix records) #:use-module (guix modules) #:use-module (guix packages) #:use-module (guix deprecation) #:use-module (guix diagnostics) #:use-module (guix i18n) #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) #:use-module (srfi srfi-43) #:use-module (ice-9 match) #:use-module (json) #:export (bolt-configuration bolt-configuration? bolt-service-type)) ;; ;;; Thunderbolt daemon. ;;; (define-record-type* <bolt-configuration> bolt-configuration make-bolt-configuration bolt-configuration? (package bolt-configuration-package ;package (default bolt))) (define (bolt-shepherd-service config) (list (shepherd-service (documentation "Thunderbolt daemon") (provision '(bolt)) (requirement '(dbus-system udev)) (start #~(make-forkexec-constructor '(#$(file-append (bolt-configuration-package config) "/libexec/boltd") "-v") #:log-file "/var/log/bolt.log")) (stop #~(make-kill-destructor))))) (define %bolt-activation #~(begin (use-modules (guix build utils)) (mkdir-p "/var/lib/boltd/"))) (define (bolt-dbus-service config) (list (wrapped-dbus-service (bolt-configuration-package config) "libexec/boltd" `(("BOLT_CONF_FILE_NAME" ,(file-append (bolt-configuration-package config) "/share/dbus-1/interfaces/org.freedesktop.bolt.xml")))))) (define bolt-service-type (service-type (name 'boltd) (description "Thunderbolt daemon manages the devices attached to the Thunderbolt interface.") (extensions (list (service-extension udev-service-type (compose list bolt-configuration-package)) (service-extension dbus-root-service-type bolt-dbus-service) (service-extension activation-service-type (const %bolt-activation)) (service-extension shepherd-root-service-type bolt-shepherd-service))) (default-value (bolt-configuration))))
Attachment: boltd.log
L
L
Ludovic Courtès wrote on 25 Dec 2022 17:22
(name . phodina)(address . phodina@protonmail.com)
87wn6fxxlf.fsf@gnu.org
Hi,

phodina <phodina@protonmail.com> skribis:

Toggle quote (4 lines)
> I've tried to simplify the service.
>
> However, for some reason the client boltctl does not work. It is restarted under different PID and the service does not fail.

Since it’s a D-Bus service, maybe we do not need to create a Shepherd
service for boltd? In that case, it will be started on-demand by
dbus-daemon, for instance the first time someone runs ‘boltctl’.

Is that acceptable or does it have to be started at boot time?

Toggle quote (16 lines)
> $ boltctl list
> boltctl: error: could not create client: Error calling StartServiceByName for org.freedesktop.bolt: Failed to activate service 'org.freedesktop.bolt': timed out (service_start_timeout=25000ms)
>
> $ ps aux | grep boltd
> root 20923 0.0 0.0 230592 6744 ? Dsl 21:24 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
> pethod 20935 0.0 0.0 6528 1864 pts/6 S+ 21:24 0:00 grep --color=auto boltd
> $ ps aux | grep boltd
> root 22821 0.0 0.0 230592 6492 ? Ssl 21:33 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
> pethod 22979 0.0 0.0 6516 1988 pts/6 S+ 21:33 0:00 grep --color=auto boltd
> $ ps aux | grep boltd
> root 22980 0.0 0.0 230592 8672 ? Dsl 21:33 0:00 /gnu/store/fhngddf8yfqsby06mwjbs99s1s83jh68-bolt-0.9.4/libexec/boltd
> pethod 23102 0.0 0.0 6504 1988 pts/6 S+ 21:33 0:00 grep --color=auto boltd
>
> $ ls /var/log/bolt*
> ls: cannot access '/var/log/bolt*': No such file or directory

Perhaps /var/log/messages has details?

Thanks,
Ludo’.
P
P
phodina wrote on 25 Dec 2022 18:33
(name . Ludovic Courtès)(address . ludo@gnu.org)
uVEz0dhebkLVzAio0eirTxRkVlXMoYxsW2gj60lIKRpZWTNJ1dXHPXRbrhQj9m-hpz4Bb7GK4GrWODTAFQpJSHUh07aUrDR2733P472--dQ=@protonmail.com
Hello Ludo’,


Toggle quote (11 lines)
> > I've tried to simplify the service.
> >
> > However, for some reason the client boltctl does not work. It is restarted under different PID and the service does not fail.
>
>
> Since it’s a D-Bus service, maybe we do not need to create a Shepherd
> service for boltd? In that case, it will be started on-demand by
> dbus-daemon, for instance the first time someone runs ‘boltctl’.
>
> Is that acceptable or does it have to be started at boot time?

Not sure about that. I'll ask Christian Kellner (author of the project).
The issue is that user is able to define if the device is allowed to connect or not. And my assumption is that this is the knowledge of the daemon.
So it would have to be started by some udev event that sends dbus-event.
Or maybe the "IDs" of the devices are stored in the Thunderbolt controller (I'm not familar with the specs either) and it's done transparently.
Toggle quote (7 lines)
> >
> > $ ls /var/log/bolt*
> > ls: cannot access '/var/log/bolt*': No such file or directory
>
>
> Perhaps /var/log/messages has details?

Not sure the content of the '/var/log/messages' is useful:

Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Service nix-daemon has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Respawning bolt.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been started.
Dec 25 13:56:48 localhost shepherd[1]: Service bolt has been disabled.
Dec 25 13:56:48 localhost shepherd[1]: (Respawning too fast.)


----
Petr
M
M
Maxim Cournoyer wrote on 16 Jan 2023 14:36
(name . Ludovic Courtès)(address . ludo@gnu.org)
87mt6ibnyk.fsf_-_@gmail.com
Hello,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (12 lines)
> Hi,
>
> phodina <phodina@protonmail.com> skribis:
>
>> I've already attempted to get bolt merged some time ago.
>>
>> See [https://issues.guix.gnu.org/49578](https://issues.guix.gnu.org/49578#11)----
>
> Oops, thanks for the heads-up! I’ve now appplied it.
>
> florhizome, please let us know if you can think of changes to make?

Seems the remaining discussion is about a bolt service rather than
adding a bolt package, hence I'm closing this.

--
Thanks,
Maxim
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 59683@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 59683
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch