2025-11-07 19:04:46 +01:00
7 changed files with 11 additions and 58 deletions
--- a/.mkosi/mkosi.opensuse
+++ b/.mkosi/mkosi.opensuse
@ -48,15 +48,11 @@ BuildPackages=
        python3
        python3-lxml
        qrencode-devel
-        system-user-nobody
        zlib-devel
 # to satisfy tests
        acl
        glibc-locale
        system-group-obsolete
-        system-user-bin
-        system-user-daemon
-        system-user-root
        timezone

 Packages=
--- a/docs/DESKTOP_ENVIRONMENTS.md
+++ b/docs/DESKTOP_ENVIRONMENTS.md
@ -28,11 +28,11 @@ Currently nothing like this is supported or even planned.
 [`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html)
 defines the `graphical-session.target` and `graphical-session-pre.target` to
 allow cross-desktop integration. Furthermore, systemd defines the three base
-slices `background`, `app` and `session`.
+slices `background`, `apps` and `session`.
 All units should be placed into one of these slices depending on their purposes:

 * `session.slice`: Contains only processes essential to run the user's graphical session
- * `app.slice`: Contains all normal applications that the user is running
+ * `apps.slice`: Contains all normal applications that the user is running
 * `background.slice`: Useful for low-priority background tasks

 The purpose of this grouping is to assign different priorities to the
@ -42,7 +42,7 @@ preferentially killing background tasks in out-of-memory situations
 or assigning different memory/CPU/IO priorities to ensure that the session
 runs smoothly under load.

-TODO: Will there be a default to place units into e.g. `app.slice` by default
+TODO: Will there be a default to place units into e.g. `apps.slice` by default
 rather than the root slice?

 ## XDG standardization for applications
@ -50,9 +50,9 @@ rather than the root slice?
 To ensure cross-desktop compatibility and encourage sharing of good practices,
 desktop environments should adhere to the following conventions:

- * Application units should follow the scheme `app-<launcher>-<ApplicationID>-<RANDOM>.service`,
-   e.g. `app-gnome-org.gnome.Evince-12345.service`,
-   `app-flatpak-org.telegram.desktop-12345.service` or `app-KDE-org.kde.okular-12345.service`.
+ * Application units should follow the scheme `apps-<launcher>-<ApplicationID>-<RANDOM>.service`,
+   e.g. `apps-gnome-org.gnome.Evince-12345.service`,
+   `apps-flatpak-org.telegram.desktop-12345.service` or `apps-KDE-org.kde.okular-12345.service`.
 * Using `.service` units instead of `.scope` units, i.e. allowing systemd to
   start the process on behalf of the caller,
   instead of the caller starting the process and letting systemd know about it,
@ -62,13 +62,13 @@ desktop environments should adhere to the following conventions:
   contain a `-` character.

 This has the following advantages:
- * Using the `app-<launcher>-` prefix means that the unit defaults can be
+ * Using the `apps-<launcher>-` prefix means that the unit defaults can be
   adjusted using desktop environment specific drop-in files.
 * The application ID can be retrieved by stripping the prefix and postfix.
   This in turn should map to the corresponding `.desktop` file when available

 TODO: Define the name of slices that should be used.
-This could be `app-<launcher>-<ApplicationID>-<RANDOM>.slice`.
+This could be `apps-<launcher>-<ApplicationID>-<RANDOM>.slice`.

 TODO: Does it really make sense to insert the `<launcher>`? In GNOME I am
 currently using a drop-in to configure `BindTo=graphical-session.target`,
@ -78,7 +78,7 @@ global default for all (graphical) applications.

 * Should application lifetime be bound to the session?
 * May the user have applications that do not belong to the graphical session (e.g. launched from SSH)?
- * Could we maybe add a default `app-.service.d` drop-in configuration?
+ * Could we maybe add a default `apps-.service.d` drop-in configuration?

 ## XDG autostart integration

--- a/src/home/home-util.c
+++ b/src/home/home-util.c
@ -124,8 +124,6 @@ int bus_message_append_secret(sd_bus_message *m, UserRecord *secret) {
        if (r < 0)
                return r;

-        (void) sd_bus_message_sensitive(m);
-
        return sd_bus_message_append(m, "s", formatted);
 }

--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@ -1435,8 +1435,6 @@ static int create_home(int argc, char *argv[], void *userdata) {
                if (r < 0)
                        return bus_log_create_error(r);

-                (void) sd_bus_message_sensitive(m);
-
                r = sd_bus_message_append(m, "s", formatted);
                if (r < 0)
                        return bus_log_create_error(r);
@ -1639,8 +1637,6 @@ static int update_home(int argc, char *argv[], void *userdata) {
                if (r < 0)
                        return r;

-                (void) sd_bus_message_sensitive(m);
-
                r = sd_bus_message_append(m, "s", formatted);
                if (r < 0)
                        return bus_log_create_error(r);
--- a/src/home/user-record-util.c
+++ b/src/home/user-record-util.c
@ -840,8 +840,6 @@ int user_record_set_password(UserRecord *h, char **password, bool prepend) {
        if (r < 0)
                return r;

-        json_variant_sensitive(w);
-
        r = json_variant_set_field(&h->json, "secret", w);
        if (r < 0)
                return r;
@ -902,8 +900,6 @@ int user_record_set_pkcs11_pin(UserRecord *h, char **pin, bool prepend) {
        if (r < 0)
                return r;

-        json_variant_sensitive(w);
-
        r = json_variant_set_field(&h->json, "secret", w);
        if (r < 0)
                return r;
@ -931,11 +927,8 @@ int user_record_set_pkcs11_protected_authentication_path_permitted(UserRecord *h

        if (json_variant_is_blank_object(w))
                r = json_variant_filter(&h->json, STRV_MAKE("secret"));
-        else {
-                json_variant_sensitive(w);
-
+        else
                r = json_variant_set_field(&h->json, "secret", w);
-        }
        if (r < 0)
                return r;

--- a/src/shared/json.c
+++ b/src/shared/json.c
@ -1396,19 +1396,6 @@ void json_variant_sensitive(JsonVariant *v) {
        v->sensitive = true;
 }

-bool json_variant_is_sensitive(JsonVariant *v) {
-        v = json_variant_formalize(v);
-        if (!json_variant_is_regular(v))
-                return false;
-
-        return v->sensitive;
-}
-
-static void json_variant_propagate_sensitive(JsonVariant *from, JsonVariant *to) {
-        if (json_variant_is_sensitive(from))
-                json_variant_sensitive(to);
-}
-
 int json_variant_get_source(JsonVariant *v, const char **ret_source, unsigned *ret_line, unsigned *ret_column) {
        assert_return(v, -EINVAL);

@ -1842,8 +1829,6 @@ int json_variant_filter(JsonVariant **v, char **to_remove) {
        if (r < 0)
                return r;

-        json_variant_propagate_sensitive(*v, w);
-
        json_variant_unref(*v);
        *v = TAKE_PTR(w);

@ -1913,8 +1898,6 @@ int json_variant_set_field(JsonVariant **v, const char *field, JsonVariant *valu
        if (r < 0)
                return r;

-        json_variant_propagate_sensitive(*v, w);
-
        json_variant_unref(*v);
        *v = TAKE_PTR(w);

@ -2022,9 +2005,6 @@ int json_variant_merge(JsonVariant **v, JsonVariant *m) {
        if (r < 0)
                return r;

-        json_variant_propagate_sensitive(*v, w);
-        json_variant_propagate_sensitive(m, w);
-
        json_variant_unref(*v);
        *v = TAKE_PTR(w);

@ -2064,11 +2044,10 @@ int json_variant_append_array(JsonVariant **v, JsonVariant *element) {

                r = json_variant_new_array(&nv, array, i + 1);
        }
+
        if (r < 0)
                return r;

-        json_variant_propagate_sensitive(*v, nv);
-
        json_variant_unref(*v);
        *v = TAKE_PTR(nv);

@ -2214,8 +2193,6 @@ static int json_variant_copy(JsonVariant **nv, JsonVariant *v) {

        memcpy_safe(&c->value, source, k);

-        json_variant_propagate_sensitive(v, c);
-
        *nv = c;
        return 0;
 }
@ -4201,9 +4178,6 @@ int json_variant_sort(JsonVariant **v) {
        r = json_variant_new_object(&n, a, m);
        if (r < 0)
                return r;
-
-        json_variant_propagate_sensitive(*v, n);
-
        if (!n->sorted) /* Check if this worked. This will fail if there are multiple identical keys used. */
                return -ENOTUNIQ;

@ -4252,9 +4226,6 @@ int json_variant_normalize(JsonVariant **v) {
        }
        if (r < 0)
                goto finish;
-
-        json_variant_propagate_sensitive(*v, n);
-
        if (!n->normalized) { /* Let's see if normalization worked. It will fail if there are multiple
                               * identical keys used in the same object anywhere, or if there are floating
                               * point numbers used (see below) */
--- a/src/shared/json.h
+++ b/src/shared/json.h
@ -135,7 +135,6 @@ JsonVariant *json_variant_by_key_full(JsonVariant *v, const char *key, JsonVaria
 bool json_variant_equal(JsonVariant *a, JsonVariant *b);

 void json_variant_sensitive(JsonVariant *v);
-bool json_variant_is_sensitive(JsonVariant *v);

 struct json_variant_foreach_state {
        JsonVariant *variant;