Todo List: D-Bus mitigation

2019-06-15 - Márcio Silva

Mitigate D-Bus by disabling it in all applications as possible.

Mitigation reasons:
* Bloated and over-engineered: Its C API is very annoying to use and requires writing large amounts of boilerplate code. In fact, the pure C API is so annoying that its own API documentation states: “If you use this low-level API directly, you're signing up for some pain.”
* Absurd bugs and and conceptional problems: The bugs range from uncontrolled memory usage, over silent dropping of messages, to dead-locks by design, unsolved for up to 7 years. Looking closer, most of them simply cannot be solved without breaking guarantees long given by dbus-daemon(1), the reference implementation.
* D-Bus leaks machine-id across applications which causes privacy and fingerprinting concerns.

Further details:
* https://openwrt.org/docs/techref/ubus#what_s_the_difference_between_ubus_vs_dbus
* https://dvdhrm.github.io/rethinking-the-dbus-message-bus/
* https://unix.stackexchange.com/questions/395331/is-machine-id-a-uuid

Possible replacements:
In packages where D-Bus is required, explore ubus, gio and kio as possible replacements.

dbus-broker isn't a solution because it requires bus-1 (D-Bus inside kernel) and libsystemd.

ubus (https://openwrt.org/docs/techref/ubus) is the planned D-Bus replacement for those packages where D-Bus is required, however it was focused to be used in OpenWrt for embedded machines and contains a different syntax. We need more info to see if is possible its implementation and adoption in a complex environment like our distro by looking for patches, etc.

Possible ubus structuring:
* dbus -> ubus + rpcd
* dbus-c++ -> ubus-c++
* dbus-docs -> ubus-docs
* dbus-glib -> ubus-glib
* dbus-sharp -> ubus-sharp
* dbus-sharp-glib -> ubus-sharp-glib
* deepin-dbus-factory -> deepin-ubus-factory
* deepin-dbus-generator -> deepin-ubus-generator
* deepin-qt-dbus-factory -> deepin-qt-ubus-factory
* dleyna-connector-dbus -> dleyna-connector-ubus
* e_dbus -> e_ubus
* gambas3-gb-dbus -> gambas3-gb-ubus
* haskell-dbus -> haskell-ubus
* jack2-dbus -> jack2-ubus
* kdbusaddons -> kubusaddons
* libdbusmenu-glib -> libubusmenu-glib
* libdbusmenu-gtk2 -> libubusmenu-gtk2
* libdbusmenu-gtk3 -> libubusmenu-gtk
* libdbusmenu-qt4 -> libubusmenu-qt4
* libdbusmenu-qt5 -> libubusmenu-qt
* perl-net-dbus -> perl-net-ubus
* python-dbus (dbus-python) -> python-ubus
* python-dbus-common -> python-ubus-common
* python2-dbus (dbus-python2) -> python2-ubus
* ruby-dbus -> ruby-ubus
* lib32-dbus -> lib32-ubus + lib32-rpcd
* lib32-dbus-glib -> lib32-ubus-glib
* lib32-libdbusmenu-glib -> lib32-libubusmenu-glib
* lib32-libdbusmenu-gtk2 -> lib32-libubusmenu-gtk2
* lib32-libdbusmenu-gtk3 -> lib32-libubusmenu-gtk

Packages to rebuild:
* bluez (dbus)
* bluez-qt (bluez)
* bluedevil (bluez-qt)
* kde-development-environment-meta (bluez-qt kdbusaddons modemmanager-qt)
* powerdevil (bluez-qt)
* at-spi2-core (dbus)
* avahi (dbus python-dbus python2-dbus)
* awesome (dbus)
* bluez-utils (dbus)
* cdemu-daemon (dbus)
* colord (dbus)
* compton (dbus)
* connman (dbus)
* cups (dbus)
* distcc (dbus)
* dnsmasq (dbus)
* elogind (dbus)
* emacs (dbus)
* emacs-nox (dbus)
* fcitx (dbus)
* filezilla (dbus)
* flatpak (dbus)
* ghostscript (dbus)
* gogglesmm (dbus)
* lash (dbus)
* libgnome-keyring (dbus)
* libnih (dbus)
* libpcap (dbus)
* libpulse (dbus)
* libteam (dbus)
* libvirt (dbus)
* openrc-settingsd (dbus)
* pflask (dbus)
* qt4 (dbus)
* rtkit (dbus)
* snapper (dbus)
* spice-vdagent (dbus)
* wesnoth (dbus)
* weston (dbus libinput)
* wpa_supplicant (dbus)
* claws-mail (dbus dbus-glib)
* deadbeef (dbus)
* utox (dbus)
* dconf (dbus)
* gambas3 (dbus)
* gvfs (dbus)
* libcups (dbus)
* libelogind (dbus)
* libwbclient (dbus)
* pulseaudio (dbus)
* samba (dbus)
* vala (dbus)
* libffado (dbus-c++)
* ring-daemon (dbus-c++)
* ring (dbus-c++)
* ario (dbus-glib)
* cairo-dock (dbus-glib)
* caja-sendto (dbus-glib)
* cinnamon-screensaver (dbus-glib)
* cinnamon-session (dbus-glib)
* cinnamon-settings-daemon (dbus-glib)
* cjs (dbus-glib)
* easystroke (dbus-glib)
* efax-gtk (dbus-glib)
* eom (dbus-glib)
* firewalld (dbus-glib)
* fprintd (dbus-glib)
* freerdp (dbus-glib)
* gconf (dbus-glib)
* gimp (dbus-glib)
* gnome-music (dbus-glib python-dbus)
* gnome-screensaver (dbus-glib)
* gypsy (dbus-glib)
* handbrake (dbus-glib)
* hexchat (dbus-glib)
* iceape-uxp (dbus-glib)
* icedove-uxp (dbus-glib)
* iceweasel-uxp (dbus-glib)
* libaccounts-glib (dbus-glib)
* libcryptui (dbus-glib)
* libnm-glib (dbus-glib)
* libpurple (dbus-glib python-dbus)
* libreoffice-still (dbus-glib)
* light-locker (dbus-glib)
* lxcfs (dbus-glib)
* matchbox-panel (dbus-glib)
* mate-notification-daemon (dbus-glib)
* mate-panel (dbus-glib)
* mate-power-manager (dbus-glib)
* mate-session-manager (dbus-glib)
* mate-settings-daemon (dbus-glib)
* mousepad (dbus-glib)
* mx (dbus-glib)
* notify-osd (dbus-glib)
* osdlyrics (dbus-glib)
* packagekit (dbus-glib)
* pragha (dbus-glib)
* python-secretstorage (dbus-glib python-dbus python2-dbus)
* python2-secretstorage (dbus-glib python-dbus python2-dbus)
* roxterm (dbus-glib)
* spice-glib (dbus-glib)
* spice-gtk3 (dbus-glib)
* synce-core (dbus-glib)
* telepathy-glib (dbus-glib)
* thermald (dbus-glib)
* tumbler (dbus-glib)
* wicd (dbus-glib python2-dbus)
* xfconf (dbus-glib)
* audacious-plugins (dbus-glib)
* networkmanager (dbus-glib python-dbus)
* lxappearance (dbus-glib)
* mate-user-share (dbus-glib)
* python2-libappindicator (dbus-glib)
* telepathy-farstream (dbus-glib)
* xfce4-pulseaudio-plugin (dbus-glib)
* libsecret (dbus-glib python-dbus)
* notify-sharp (dbus-sharp-glib)
* notify-sharp-3 (dbus-sharp-glib)
* tomboy (dbus-sharp-glib)
* cairo-dock-plug-ins (dbus-sharp-glib)
* deepin-api (deepin-dbus-factory)
* deepin-daemon (deepin-dbus-factory)
* startdde (deepin-dbus-factory)
* deepin-qml-widgets (deepin-dbus-generator)
* deepin-control-center (deepin-qt-dbus-factory)
* deepin-dock (deepin-qt-dbus-factory)
* deepin-launcher (deepin-qt-dbus-factory)
* deepin-menu (deepin-qt-dbus-factory)
* deepin-session-ui (deepin-qt-dbus-factory)
* dleyna-renderer (dleyna-connector-dbus)
* dleyna-server (dleyna-connector-dbus)
* haskell-fdo-notify (haskell-dbus)
* git-annex (haskell-dbus)
* kdebugsettings (kdbusaddons)
* kservice (kdbusaddons)
* kwrited (kdbusaddons)
* polkit-kde-agent (kdbusaddons)
* lib32-fluidsynth (lib32-dbus)
* lib32-gconf (lib32-dbus lib32-dbus-glib)
* lib32-glib2 (lib32-dbus)
* lib32-libnm-glib (lib32-dbus lib32-dbus-glib)
* lib32-libpulse (lib32-dbus)
* lib32-libteam (lib32-dbus)
* lib32-libnm (lib32-dbus lib32-dbus-glib)
* lib32-libappindicator (lib32-libdbusmenu-gtk2 lib32-libdbusmenu-gtk3)
* lib32-libappindicator-gtk2 (lib32-libdbusmenu-gtk2)
* lib32-libappindicator-gtk3 (lib32-libdbusmenu-gtk3)
* libappindicator (dbus-glib libdbusmenu-gtk2 libdbusmenu-gtk3)
* libappindicator-gtk2 (libdbusmenu-gtk2)
* libappindicator-gtk3 (libdbusmenu-gtk3)
* appmenu-qt4 (libdbusmenu-qt4)
* kdelibs (libdbusmenu-qt4)
* sni-qt (libdbusmenu-qt4)
* knotifications (libdbusmenu-qt5)
* lxqt-panel (libdbusmenu-qt5)
* lxqt-qtplugin (libdbusmenu-qt5)
* libinput (dbus)
* clutter (libinput)
* deepin-clutter (libinput)
* efl (libinput)
* mutter (libinput)
* qt5-base (libinput)
* wlc (libinput)
* xorg-input-libinput (libinput)
* modemmanager-qt (qt5-base)
* plasma-nm (modemmanager-qt)
* vibe (modemmanager-qt)
* xdg-utils (perl-net-dbus)
* blueman (python-dbus)
* cinnamon (python-dbus python2-dbus)
* gedit-plugins (python-dbus)
* gloobus-preview (python-dbus)
* gnome-code-assistance (python-dbus ruby-dbus)
* hplip (python-dbus)
* ibus (python-dbus python2-dbus)
* ibus-typing-booster (python-dbus)
* lollypop (python-dbus)
* onboard (python-dbus)
* orca (python-dbus)
* pitivi (python-dbus)
* python-slip (python-dbus)
* system-config-printer (python-dbus)
* pyqt5 (python-dbus)
* totem (python-dbus)
* pyqt4-common (python-dbus python2-dbus)
* pyqt5-common (python-dbus python2-dbus)
* python-pyqt4 (python-dbus python2-dbus)
* python-pyqt5 (python-dbus python2-dbus)
* python2-pyqt4 (python-dbus python2-dbus)
* python2-pyqt5 (python-dbus python2-dbus)
* python-kivy (python-dbus python2-dbus)
* a2jmidid (python2-dbus)
* billreminder (python2-dbus)
* blueberry (python2-dbus)
* calibre (python2-dbus)
* cherrytree (python2-dbus)
* deepin-movie (python2-dbus)
* gespeaker (python2-dbus)
* guake (python2-dbus)
* hamster-time-tracker (python2-dbus)
* mate-applets (python2-dbus)
* oblogout (python2-dbus)
* python2-telepathy (python2-dbus)
* quodlibet (python2-dbus)
* rapid-photo-downloader (python2-dbus)
* scribes (python2-dbus)
* sugar-datastore (python2-dbus)
* synce-sync-engine (python2-dbus)
* terminator (python2-dbus)
* variety (python2-dbus)
* virt-manager (python2-dbus)
* gajim (python2-dbus)
* jack2 (python2-dbus)
* meld (python2-dbus)
* sonata (python2-dbus)
* python-keyring (python-secretstorage python2-secretstorage)
* python2-keyring (python-secretstorage python2-secretstorage)

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
0 packages displayed out of 0 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By