Ultimately ipc, service discovery, and security all need to be codesigned to work together. Systemd is unfortunately trying to work in an ecosystem where it does not have the luxury of a clean first principles approach. Generally I would argue moving off of dbus and onto varlink is in the right direction. I'm not sure what you think is brittle about the approach of using ipc and a schema for the data sent over it. If they had gone in the other direction and mandated grpc ala http instead, would that have been "less brittle"?
That IMO does not, in any respect, excuse the signature design. This JSON+blobs design is totally new other than needing to support a handful of preexisting fields. And it’s very much the case that a lot of the record is trusted in the sense that loading malicious data could compromise the integrity or availability of the machine.
So structure it like that! Have a whole file that is signed or otherwise integrity-checked in its entirely. Have another file with fields that are per-(user,machine) and integrity-check that. “Integrity-check” means that you validate the binary contents of the file before you even attempt to parse it, and then you parse the literal bytes that you checked.
It’s not the nineties anymore, and architects should know better.
