nixos/dbus: support dbus-broker

[worldofpeace]

Motivation for this change

The dbus-broker project tries to improve on what was dbus-daemon, and provide a better alternative.
This PR adds support for dbus-broker, which I hope could be the default dbus daemon for NixOS.
For more information about dbus-broker see https://dvdhrm.github.io/rethinking-the-dbus-message-bus/ or this short description from Fedora. They've used dbus-broker since F30 (was released on April 30, 2019,) which should help to make this an easy switch for us.

Things done

• I've logged into a root console and checked if dbus-broker was running
• Inspected /etc/systemd for the units being setup in the way I expected
• Ran a Pantheon VM , launched a terminal, and checked the status of dbus-broker

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[worldofpeace]

My position for this PR is to try to merge this without changing defaults. And in another PR change this and maybe we can get a jobset to see that none of our tests are acting up, make release notes, and just general more scrutiny. LMK if that sounds like the way to go.

[worldofpeace]

A concern with I'd have to be concerned with is that dbus-broker doesn't have apparmor support bus1/dbus-broker#169.
Also, gdm has secret dependencies on dbus-run-session https://gitlab.gnome.org/GNOME/gdm/-/merge_requests/90#note_776136 as there is no dbus-run-session equivalent bus1/dbus-broker#145.
So certain dbus utilities might need to be split from dbus and installed, as this change would make everything from dbus not it environment.systemPackages. It would be a good idea to maybe also hardcode those.

[worldofpeace]

Need to add CAP_AUDIT_WRITE https://github.com/bus1/dbus-broker/blob/f596efcaa294f4d9b656385379373b1f60eef718/src/util/audit.c#L39 bus1/dbus-broker#239 somewhere

[xaverdh]

When testing this I see a lot of Ignoring duplicate name messages in the system logs. I assume these were silently ignored by dbus and dbus-broker is just more verbose about them?

[worldofpeace]

When testing this I see a lot of Ignoring duplicate name messages in the system logs. I assume these were silently ignored by dbus and dbus-broker is just more verbose about them?

Yep, I believe this is true also.

[xaverdh]

So we already hard code dbus-run-session path in gdm since bcf3872 right?
From a quick grep through nixpkgs, there are quite a few other occurrences of dbus-run-session though.. is the plan to hard code all of them?

[peterhoeg]

I don't use GNOME, but it should no longer launch dbus manually - instead it expects systemd to have set up the socket.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/what-are-your-goals-for-21-05/11559/7

[dvdhrm]

I don't use GNOME, but it should no longer launch dbus manually - instead it expects systemd to have set up the socket.

On Fedora, GNOME will rely on systemd --user to provide a D-Bus user bus. However, this means there can only be a single user-bus per user (per definition), unlike the old session buses where a single user could have multiple of those. This is usually not an issue. But GDM might run multiple times on a single machine (due to the way that GDM tracks sessions and allows multiple parallel logins). Therefore, the gdm developers use dbus-run-session to spawn their own session bus for each instance of GDM and work around this limitation. This is a hacky workaround and the intention is to switch to a dynamically allocated user instead. But nobody is working on this, so it might stay that way for some time.

Long story short: GDM completely ignores the user bus and spawns its own session bus via dbus-run-session.

[xaverdh]

So I heard that sadly worldofpeace will no longer be actively working on nixpkgs. Could we merge this as is (maybe with a warning that its experimental and some things might not work yet)? I would very much like to use it even in the current state and could also take over the pr if this is desired.

[SuperSandro2000]

So I heard that sadly worldofpeace will no longer be actively working on nixpkgs. Could we merge this as is (maybe with a warning that its experimental and some things might not work yet)? I would very much like to use it even in the current state and could also take over the pr if this is desired.

If this needs more work just create a new PR based on this one.

[ilya-fedin]

Can someone just update dbus-broker package? 🤔
Personally I'm using dbus-broker for a long time on NixOS with a home-made module, but that old version has bugs with service activation and that's really annoying :(

[peterhoeg]

@ilya-fedin - maybe just pull out the commit with the update and stick it into it's own PR? Considering there are no dependencies on it right now, that should get merged quickly.

[ilya-fedin]

#121664
I picked only the system-console-users thing from here

[xaverdh]

I rebased this on recent master (with #121664 applied) here