Use DynamicUser instead of static users

To allow this, we need a more lenient policy for owning the service's
name on the system bus.

data/dbus/org.learningequality.Kolibri.Daemon.conf.in

@@ -1,13 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
-  <!-- Only @KOLIBRI_USER@ can own the service -->
-  <policy user="@KOLIBRI_USER@">
-    <allow own="@KOLIBRI_DAEMON_SERVICE@" />
-  </policy>
-
   <!-- Any user can call into the service -->
   <policy context="default">
+    <allow own="@KOLIBRI_DAEMON_SERVICE@" />
     <allow send_destination="@KOLIBRI_DAEMON_SERVICE@" send_interface="org.freedesktop.DBus.Introspectable" />
     <allow send_destination="@KOLIBRI_DAEMON_SERVICE@" send_interface="org.freedesktop.DBus.Properties" />
     <allow send_destination="@KOLIBRI_DAEMON_SERVICE@" send_interface="org.learningequality.Kolibri.Daemon" />

data/dbus/org.learningequality.Kolibri.Daemon.service.in

@@ -1,5 +1,5 @@
 [D-BUS Service]
 Name=@KOLIBRI_DAEMON_SERVICE@
 Exec=/bin/false
-User=@KOLIBRI_USER@
+User=root
 SystemdService=dbus-@KOLIBRI_DAEMON_SERVICE@.service

data/meson.build

@@ -1,6 +1,4 @@
 subdir('dbus')
 subdir('environment.d')
 subdir('systemd')
-subdir('sysusers.d')
-subdir('tmpfiles.d')
 

data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in

@@ -6,5 +6,6 @@ ConditionPathExists=/var/lib/flatpak/app/@KOLIBRI_FLATPAK_ID@
 Type=dbus
 BusName=@KOLIBRI_DAEMON_SERVICE@
 ExecStart=@libexecdir@/eos-kolibri-daemon
+DynamicUser=yes
 User=@KOLIBRI_USER@
-PrivateTmp=yes
+StateDirectory=kolibri

meson.build

@@ -60,7 +60,6 @@ eos_kolibri_config.set('bindir', bindir)
 eos_kolibri_config.set('libexecdir', libexecdir)
 eos_kolibri_config.set('PYTHON', 'python3')
 eos_kolibri_config.set('KOLIBRI_USER', kolibri_user)
-eos_kolibri_config.set('KOLIBRI_USER_HOME', kolibri_user_home)
 eos_kolibri_config.set('KOLIBRI_DATA_DIR', kolibri_data_dir)
 eos_kolibri_config.set('KOLIBRI_FLATPAK_ID', kolibri_flatpak_id)
 eos_kolibri_config.set('KOLIBRI_DAEMON_SERVICE', kolibri_daemon_service)

meson_options.txt

@@ -33,13 +33,6 @@ option(
     description: 'user to create for the system service'
 )
 
-option(
-    'kolibri_user_home',
-    type: 'string',
-    value: '',
-    description: 'home directory for the system user [default=$localstatedir/lib/kolibri]'
-)
-
 option(
     'kolibri_flatpak_id',
     type: 'string',

src/eos-kolibri-daemon.in

@@ -1,11 +1,15 @@
 #!/bin/sh
 
-: ${KOLIBRI_HOME:="@KOLIBRI_DATA_DIR@"}
+: ${STATE_DIRECTORY:=/var/lib/kolibri}
+
+echo "HOME: ${HOME}" > ${STATE_DIRECTORY}/info.txt
+export HOME="${STATE_DIRECTORY}"
+echo "HOME: ${HOME}" >> ${STATE_DIRECTORY}/info.txt
 
 @bindir@/flatpak run \
    --no-desktop \
-  --env=KOLIBRI_HOME="${KOLIBRI_HOME}" \
-  --filesystem="${KOLIBRI_HOME}" \
+  --env=KOLIBRI_HOME="${STATE_DIRECTORY}/data" \
+  --filesystem="${STATE_DIRECTORY}/data" \
   --system-own-name=@KOLIBRI_DAEMON_SERVICE@ \
   --command=/app/libexec/kolibri-gnome/kolibri-daemon \
   @KOLIBRI_FLATPAK_ID@ \

src/eos_kolibri_tools/config.py.in

@@ -4,6 +4,5 @@ KOLIBRI_APP_ID = 'org.learningequality.Kolibri'
 KOLIBRI_SYSTEMD_UNIT_NAME = 'eos-kolibri-system-helper'
 
 KOLIBRI_USER = '@KOLIBRI_USER@'
-KOLIBRI_USER_HOME = '@KOLIBRI_USER_HOME@'
 KOLIBRI_DATA_DIR = '@KOLIBRI_DATA_DIR@'
 KOLIBRI_HTTP_PORT = '@KOLIBRI_PORT@'