diff --git a/Makefile b/Makefile index fcbccced..1ad8b30d 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ libdir = /lib SYSTEMD_LIB_DIR = ${libdir} SYSTEMD_SERVICE_DIR = ${SYSTEMD_LIB_DIR}/systemd/system/ GOBUILD = env GOPATH="${CURDIR}/${GOBUILD_DIR}:${GOPATH}" go build +INSTALL_LOCALE_HELPER ?= 0 TESTS = \ ${GOPKG_PREFIX}/adjust-grub-theme \ @@ -133,14 +134,21 @@ install-binary: mkdir -pv ${DESTDIR}${PREFIX}/share/polkit-1/actions cp misc/polkit-action/*.policy ${DESTDIR}${PREFIX}/share/polkit-1/actions/ - mkdir -pv ${DESTDIR}/var/lib/polkit-1/localauthority/10-vendor.d - cp misc/polkit-localauthority/*.pkla ${DESTDIR}/var/lib/polkit-1/localauthority/10-vendor.d/ - + mkdir -pv ${DESTDIR}/var/lib/polkit-1/rules.d + cp misc/polkit-rules/*.rules ${DESTDIR}/var/lib/polkit-1/rules.d/ + mkdir -pv ${DESTDIR}${PREFIX}/share/dde-api cp -R misc/data ${DESTDIR}${PREFIX}/share/dde-api mkdir -pv ${DESTDIR}${SYSTEMD_SERVICE_DIR} cp -R misc/systemd/system/*.service ${DESTDIR}${SYSTEMD_SERVICE_DIR} + # 默认不安装 deepin-locale-helper.service,只有显式开启时才保留 +ifneq ($(INSTALL_LOCALE_HELPER), 1) + rm -f ${DESTDIR}${SYSTEMD_SERVICE_DIR}/deepin-locale-helper.service; + rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system-services/org.deepin.dde.LocaleHelper1.service; + rm -f ${DESTDIR}${PREFIX}/share/polkit-1/actions/org.deepin.dde.locale-helper.policy; + rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system.d/org.deepin.dde.LocaleHelper1.conf; +endif mkdir -pv ${DESTDIR}${PREFIX}/share/icons/hicolor cp -R misc/icons/* ${DESTDIR}${PREFIX}/share/icons/hicolor diff --git a/archlinux/deepin-api.install b/archlinux/deepin-api.install deleted file mode 100644 index 6c80139b..00000000 --- a/archlinux/deepin-api.install +++ /dev/null @@ -1,16 +0,0 @@ -post_install() { - # We need to know uid and gid to create /var/lib/deepin-sound-player with proper - # permissions. So keep systemd-sysusers invocation here despite having - # pacman hooks. - systemd-sysusers deepin-sound-player.conf - mkdir -p var/lib/deepin-sound-player - chown -R deepin-sound-player:deepin-sound-player var/lib/deepin-sound-player -} - -post_upgrade() { - if (( $(vercmp $2 5.2.0.1-2) < 0)); then - usermod -d /var/lib/deepin-sound-player deepin-sound-player - mkdir -p var/lib/deepin-sound-player - chown -R deepin-sound-player:deepin-sound-player var/lib/deepin-sound-player - fi -} diff --git a/archlinux/deepin-api.sysusers b/archlinux/deepin-api.sysusers deleted file mode 100644 index 513ebb1e..00000000 --- a/archlinux/deepin-api.sysusers +++ /dev/null @@ -1 +0,0 @@ -u deepin-sound-player - "Deepin Sound Player" /var/lib/deepin-sound-player diff --git a/debian/dde-api.postinst b/debian/dde-api.postinst index b7add180..8d25efc5 100644 --- a/debian/dde-api.postinst +++ b/debian/dde-api.postinst @@ -3,9 +3,6 @@ set -e -player_user=deepin-sound-player -player_home=/var/lib/$player_user - themeDir="/boot/grub/themes/deepin" fallbackThemeDir=$themeDir-fallback adjustGrubThemeBin="/usr/lib/deepin-api/adjust-grub-theme" @@ -45,17 +42,6 @@ adjustGrubTheme () { case "$1" in configure) - if ! getent group $player_user >/dev/null; then - addgroup --quiet --system $player_user - fi - if ! getent passwd $player_user >/dev/null; then - adduser --quiet --system --ingroup $player_user --home $player_home $player_user - adduser --quiet $player_user audio - fi - - runuser -u $player_user -- mkdir -p $player_home/.config/pulse - runuser - deepin-sound-player -s /bin/sh -c "echo 'autospawn = no' > $player_home/.config/pulse/client.conf" - adjustGrubTheme setupFallbackTheme ;; diff --git a/debian/dde-api.postrm b/debian/dde-api.postrm deleted file mode 100755 index b301ccfd..00000000 --- a/debian/dde-api.postrm +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# postrm script for dde-api - -set -e -sound_player_user=deepin-sound-player - -if [ "$1" = "purge" ]; then - deluser --quiet --system $sound_player_user >/dev/null || true - delgroup --quiet --system $sound_player_user >/dev/null || true - rm -rf /var/lib/$sound_player_user 2>/dev/null || true -fi - -#DEBHELPER# -exit 0 diff --git a/debian/rules b/debian/rules index ad140813..a5939800 100755 --- a/debian/rules +++ b/debian/rules @@ -14,10 +14,12 @@ endif dh $@ --buildsystem=makefile override_dh_auto_install: - dh_auto_install + cp -f misc/sysusers/deepin-daemon.conf debian/deepin-daemon.sysusers + dh_installsysusers --name=deepin-daemon + dh_auto_install -- INSTALL_LOCALE_HELPER=1 override_dh_strip: dh_strip --dbgsym-migration=dde-api-dbg override_dh_installsystemd: - dh_installsystemd --no-start + dh_installsystemd --no-start --no-restart-on-upgrade diff --git a/misc/conf/org.deepin.dde.SoundThemePlayer1.conf b/misc/conf/org.deepin.dde.SoundThemePlayer1.conf index 45c20db8..f9ad1153 100644 --- a/misc/conf/org.deepin.dde.SoundThemePlayer1.conf +++ b/misc/conf/org.deepin.dde.SoundThemePlayer1.conf @@ -5,8 +5,8 @@ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - - + + diff --git a/misc/polkit-action/org.deepin.dde.device.unblock-bluetooth-devices.policy.in b/misc/polkit-action/org.deepin.dde.device.unblock-bluetooth-devices.policy.in index 4b5a0205..61c3d130 100644 --- a/misc/polkit-action/org.deepin.dde.device.unblock-bluetooth-devices.policy.in +++ b/misc/polkit-action/org.deepin.dde.device.unblock-bluetooth-devices.policy.in @@ -14,5 +14,6 @@ no auth_admin_keep + unix-user:deepin-daemon diff --git a/misc/polkit-localauthority/org.deepin.dde.device.pkla b/misc/polkit-localauthority/org.deepin.dde.device.pkla deleted file mode 100644 index 69acbb5d..00000000 --- a/misc/polkit-localauthority/org.deepin.dde.device.pkla +++ /dev/null @@ -1,6 +0,0 @@ -[Unblock bluetooth devices] -Identity=unix-group:sudo -Action=org.deepin.dde.device.unblock-bluetooth-devices -ResultAny=no -ResultInactive=no -ResultActive=yes diff --git a/misc/polkit-rules/org.deepin.dde.device.rules b/misc/polkit-rules/org.deepin.dde.device.rules new file mode 100644 index 00000000..d75110ae --- /dev/null +++ b/misc/polkit-rules/org.deepin.dde.device.rules @@ -0,0 +1,7 @@ +polkit.addRule(function(action, subject) { + if (action.id === "org.deepin.dde.device.unblock-bluetooth-devices" && + subject.isInGroup("sudo") && + subject.active) { + return polkit.Result.YES; + } +}); \ No newline at end of file diff --git a/misc/system-services/org.deepin.dde.SoundThemePlayer1.service b/misc/system-services/org.deepin.dde.SoundThemePlayer1.service index 2dc2943a..72501fb4 100644 --- a/misc/system-services/org.deepin.dde.SoundThemePlayer1.service +++ b/misc/system-services/org.deepin.dde.SoundThemePlayer1.service @@ -1,5 +1,5 @@ [D-BUS Service] Name=org.deepin.dde.SoundThemePlayer1 Exec=/usr/lib/deepin-api/sound-theme-player -User=deepin-sound-player +User=deepin-daemon SystemdService=dbus-org.deepin.dde.SoundThemePlayer1.service diff --git a/misc/systemd/system/deepin-api-device.service b/misc/systemd/system/deepin-api-device.service index bfd4d2ce..37238258 100644 --- a/misc/systemd/system/deepin-api-device.service +++ b/misc/systemd/system/deepin-api-device.service @@ -17,23 +17,32 @@ ExecStart=/usr/lib/deepin-api/device DeviceAllow=/dev/rfkill rw DevicePolicy=closed -ProtectSystem=full +ProtectSystem=strict + +InaccessiblePaths=/etc/shadow +InaccessiblePaths=-/etc/NetworkManager/system-connections +InaccessiblePaths=-/etc/pam.d +InaccessiblePaths=-/usr/share/uadp/ + +NoNewPrivileges=yes ProtectHome=yes -PrivateTmp=yes -#PrivateDevices=yes -PrivateNetwork=yes -ProtectHostname=yes -ProtectClock=yes ProtectKernelTunables=yes ProtectKernelModules=yes -ProtectKernelLogs=yes ProtectControlGroups=yes -RestrictAddressFamilies=AF_UNIX +PrivateMounts=yes +PrivateTmp=yes +# 需要操作rfkill +#PrivateDevices=yes +PrivateNetwork=yes +# 需要读取/proc的exe字段数据 +#PrivateUsers=yes RestrictNamespaces=yes LockPersonality=yes RestrictRealtime=yes -RestrictSUIDSGID=yes RemoveIPC=yes +# 和golang -pie参数冲突,导致进程无法启动 +#MemoryDenyWriteExecute=yes +MemoryLimit=100M [Install] Alias=dbus-org.deepin.dde.Device1.service diff --git a/misc/systemd/system/deepin-login-sound.service b/misc/systemd/system/deepin-login-sound.service index ffd8d53a..150cfd14 100644 --- a/misc/systemd/system/deepin-login-sound.service +++ b/misc/systemd/system/deepin-login-sound.service @@ -5,7 +5,8 @@ After=dbus.service lightdm.service [Service] Type=oneshot -User=deepin-sound-player +User=deepin-daemon +Environment=HOME=/var/lib/deepin-sound-player ExecStart=/usr/bin/dbus-send --system --print-reply --dest=org.deepin.dde.SoundThemePlayer1 /org/deepin/dde/SoundThemePlayer1 org.deepin.dde.SoundThemePlayer1.PlaySoundDesktopLogin RemainAfterExit=yes @@ -28,3 +29,6 @@ LockPersonality=yes RestrictRealtime=yes RestrictSUIDSGID=yes RemoveIPC=yes + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/misc/systemd/system/deepin-shutdown-sound.service b/misc/systemd/system/deepin-shutdown-sound.service index 2e33d36a..a9ec93d8 100644 --- a/misc/systemd/system/deepin-shutdown-sound.service +++ b/misc/systemd/system/deepin-shutdown-sound.service @@ -7,13 +7,14 @@ Before=shutdown.target [Service] Type=simple -User=deepin-sound-player +User=deepin-daemon +Environment=HOME=/var/lib/deepin-sound-player ExecStart=/usr/bin/true ExecStop=/usr/lib/deepin-api/deepin-shutdown-sound RemainAfterExit=yes TimeoutStopSec=7s -ReadOnlyPaths=/var/lib/deepin-sound-player +StateDirectory=deepin-sound-player BindReadOnlyPaths=-/tmp/deepin-shutdown-sound.json DeviceAllow=char-alsa rw @@ -36,3 +37,6 @@ LockPersonality=yes RestrictRealtime=yes RestrictSUIDSGID=yes RemoveIPC=yes + +[Install] +WantedBy=graphical.target \ No newline at end of file diff --git a/misc/systemd/system/deepin-sound-theme-player.service b/misc/systemd/system/deepin-sound-theme-player.service index 14c82820..3c3d0308 100644 --- a/misc/systemd/system/deepin-sound-theme-player.service +++ b/misc/systemd/system/deepin-sound-theme-player.service @@ -11,7 +11,8 @@ After=dbus.socket [Service] Type=dbus BusName=org.deepin.dde.SoundThemePlayer1 -User=deepin-sound-player +User=deepin-daemon +Environment=HOME=/var/lib/deepin-sound-player ExecStart=/usr/lib/deepin-api/sound-theme-player StateDirectory=deepin-sound-player diff --git a/misc/sysusers/deepin-daemon.conf b/misc/sysusers/deepin-daemon.conf new file mode 100644 index 00000000..5be71b7f --- /dev/null +++ b/misc/sysusers/deepin-daemon.conf @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u deepin-daemon - "" - - \ No newline at end of file diff --git a/rpm/dde-api.spec b/rpm/dde-api.spec index 09b5b6ba..aea75470 100644 --- a/rpm/dde-api.spec +++ b/rpm/dde-api.spec @@ -87,17 +87,10 @@ for file in $(find . -iname "*.go" -o -iname "*.c" -o -iname "*.h" -o -iname "*. cp -pav $file %{buildroot}/%{gopath}/src/%{goipath}/$file echo "%{gopath}/src/%{goipath}/$file" >> devel.file-list done +install -D -m 0644 misc/sysusers/deepin-daemon.conf %{buildroot}%{_sysusersdir}/deepin-daemon.conf %make_install SYSTEMD_SERVICE_DIR="%{_unitdir}" LIBDIR="%{_libexecdir}" -# HOME directory for user deepin-sound-player -mkdir -p %{buildroot}%{_sharedstatedir}/deepin-sound-player - -%pre -getent group deepin-sound-player >/dev/null || groupadd -r deepin-sound-player -getent passwd deepin-sound-player >/dev/null || \ - useradd -r -g deepin-sound-player -d %{_sharedstatedir}/deepin-sound-player\ - -s /sbin/nologin \ - -c "User of org.deepin.dde.SoundThemePlayer1.service" deepin-sound-player -exit 0 +# HOME directory for user deepin-daemon +mkdir -p %{buildroot}%{_sharedstatedir}/deepin-daemon %post %systemd_post deepin-shutdown-sound.service @@ -122,8 +115,9 @@ exit 0 %{_datadir}/dde-api/data/grub-themes/ %{_datadir}/polkit-1/actions/org.deepin.dde.locale-helper.policy %{_datadir}/polkit-1/actions/org.deepin.dde.device.unblock-bluetooth-devices.policy -%{_var}/lib/polkit-1/localauthority/10-vendor.d/org.deepin.dde.device.pkla -%attr(-, deepin-sound-player, deepin-sound-player) %{_sharedstatedir}/deepin-sound-player +%{_var}/lib/polkit-1/rules.d/org.deepin.dde.device.rules +%attr(-, deepin-daemon, deepin-daemon) %{_sharedstatedir}/deepin-daemon +%{_sysusersdir}/deepin-daemon.conf %files -n %{name}-devel -f devel.file-list diff --git a/sound-theme-player/config.go b/sound-theme-player/config.go index 36a64416..51b5053e 100644 --- a/sound-theme-player/config.go +++ b/sound-theme-player/config.go @@ -9,9 +9,6 @@ import ( "fmt" "io/ioutil" "path/filepath" - - "github.com/linuxdeepin/dde-api/soundutils" - gio "github.com/linuxdeepin/go-gir/gio-2.0" ) type config struct { @@ -39,22 +36,7 @@ func saveUserConfig(uid int, cfg *config) error { return saveConfig(filename, cfg) } -var _loadDefaultCfgFromGSettings bool = false - func loadConfig(filename string, cfg *config) error { - if _loadDefaultCfgFromGSettings { - // 从 gsettings 获取默认值 - soundEffectGs := gio.NewSettings("com.deepin.dde.sound-effect") - defer soundEffectGs.Unref() - appearanceGs := gio.NewSettings("com.deepin.dde.appearance") - defer appearanceGs.Unref() - - cfg.Enabled = soundEffectGs.GetBoolean("enabled") - cfg.DesktopLoginEnabled = soundEffectGs.GetBoolean(soundutils.EventDesktopLogin) - cfg.SystemShutdownEnabled = soundEffectGs.GetBoolean(soundutils.EventSystemShutdown) - cfg.Theme = appearanceGs.GetString("sound-theme") - } - data, err := ioutil.ReadFile(filename) if err != nil { return err diff --git a/sound-theme-player/main.go b/sound-theme-player/main.go index 6617a71d..5bc28614 100644 --- a/sound-theme-player/main.go +++ b/sound-theme-player/main.go @@ -42,12 +42,7 @@ var ( func init() { flag.BoolVar(&optAutoQuit, "auto-quit", true, "auto quit") - u, err := user.Current() - if err != nil { - logger.Warning(err) - } else { - homeDir = u.HomeDir - } + homeDir = os.Getenv("HOME") if homeDir == "" { homeDir = defaultHomeDir } @@ -382,8 +377,6 @@ func main() { logger.Fatalf("name %q already has the owner", dbusServiceName) } - // 实际运行时才从 gsettings 加载默认设置,测试环境下没安装相关 gsettings schema 会导致崩溃。 - _loadDefaultCfgFromGSettings = true m := newManager(service) err = service.Export(dbusPath, m) if err != nil {