From 3b253a59012d4b4cc692ded128c1ffe6f4ed815565489054be028282496dc6b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 23 Oct 2024 11:53:04 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main at revision 1eb0b0115bfd4fb5ffdaba86023e3f6a --- .gitattributes | 23 + at-3.1.13-documentation-dir.patch | 17 + at-3.1.13-tomorrow.patch | 20 + at-3.1.14-makefile-deps.patch | 22 + at-3.1.14-parse-suse-sysconfig.patch | 92 +++ at-3.1.16-handle_malformed_jobs.patch | 31 + at-3.1.8-denylist.patch | 39 ++ at-3.2.2.patch | 147 +++++ at-adjust_load_to_cpu_count.patch | 59 ++ at-backport-old-privs.patch | 108 ++++ at-piddir.patch | 16 + at.changes | 879 ++++++++++++++++++++++++++ at.spec | 171 +++++ at_3.2.5.orig.tar.gz | 3 + atd.pamd | 11 + atd.service | 9 + sysconfig.atd | 20 + system-user-at.conf | 2 + 18 files changed, 1669 insertions(+) create mode 100644 .gitattributes create mode 100644 at-3.1.13-documentation-dir.patch create mode 100644 at-3.1.13-tomorrow.patch create mode 100644 at-3.1.14-makefile-deps.patch create mode 100644 at-3.1.14-parse-suse-sysconfig.patch create mode 100644 at-3.1.16-handle_malformed_jobs.patch create mode 100644 at-3.1.8-denylist.patch create mode 100644 at-3.2.2.patch create mode 100644 at-adjust_load_to_cpu_count.patch create mode 100644 at-backport-old-privs.patch create mode 100644 at-piddir.patch create mode 100644 at.changes create mode 100644 at.spec create mode 100644 at_3.2.5.orig.tar.gz create mode 100644 atd.pamd create mode 100644 atd.service create mode 100644 sysconfig.atd create mode 100644 system-user-at.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/at-3.1.13-documentation-dir.patch b/at-3.1.13-documentation-dir.patch new file mode 100644 index 0000000..fbbe797 --- /dev/null +++ b/at-3.1.13-documentation-dir.patch @@ -0,0 +1,17 @@ +--- + at.1.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: at-3.2.0/at.1.in +=================================================================== +--- at-3.2.0.orig/at.1.in ++++ at-3.2.0/at.1.in +@@ -136,7 +136,7 @@ the past, the job will run as soon as po + it will run more likely at 8:05pm. + .PP + The definition of the time specification can be found in +-.IR @prefix@/share/doc/at/timespec . ++.IR @prefix@/share/doc/packages/at/timespec . + .PP + For both + .BR at " and " batch , diff --git a/at-3.1.13-tomorrow.patch b/at-3.1.13-tomorrow.patch new file mode 100644 index 0000000..730ab34 --- /dev/null +++ b/at-3.1.13-tomorrow.patch @@ -0,0 +1,20 @@ +--- + parsetime.y | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: at-3.2.0/parsetime.y +=================================================================== +--- at-3.2.0.orig/parsetime.y ++++ at-3.2.0/parsetime.y +@@ -518,6 +518,11 @@ parsetime(time_t currtime, int argc, cha + else + unsetenv("TZ"); + } ++ /* exectime zeroes its seconds, thus we need +60, ++ * else "now" will be scheduled to tomorrow */ ++ if (currtime > exectime + 60) { ++ exectime += 24*3600; ++ } + if (exectime < currtime) + panic("refusing to create job destined in the past"); + return exectime; diff --git a/at-3.1.14-makefile-deps.patch b/at-3.1.14-makefile-deps.patch new file mode 100644 index 0000000..47f7b2b --- /dev/null +++ b/at-3.1.14-makefile-deps.patch @@ -0,0 +1,22 @@ +--- + Makefile.in | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +Index: at-3.2.0/Makefile.in +=================================================================== +--- at-3.2.0.orig/Makefile.in ++++ at-3.2.0/Makefile.in +@@ -77,9 +77,12 @@ at: $(ATOBJECTS) + atd: $(RUNOBJECTS) + $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + +-y.tab.c y.tab.h: parsetime.y ++y.tab.c y.tab.h: stamp-yacc; @: ++stamp-yacc: parsetime.y + $(YACC) -d parsetime.y ++ touch $@ + ++lex.yy.o: y.tab.h + lex.yy.c: parsetime.l + $(LEX) -i parsetime.l + diff --git a/at-3.1.14-parse-suse-sysconfig.patch b/at-3.1.14-parse-suse-sysconfig.patch new file mode 100644 index 0000000..251aea0 --- /dev/null +++ b/at-3.1.14-parse-suse-sysconfig.patch @@ -0,0 +1,92 @@ +From: Cristian Rodríguez +Last updated by: Jan Engelhardt + +http://bugzilla.novell.com/780259 + +--- + Makefile.in | 4 ++-- + atd.c | 21 +++++++++++++++++++++ + configure.ac | 2 ++ + 3 files changed, 25 insertions(+), 2 deletions(-) + +Index: at-3.2.0/Makefile.in +=================================================================== +--- at-3.2.0.orig/Makefile.in ++++ at-3.2.0/Makefile.in +@@ -29,7 +29,7 @@ LEX = @LEX@ + LEXLIB = @LEXLIB@ + + CC = @CC@ +-CFLAGS = -I$(srcdir) @CFLAGS@ ++CFLAGS = -I$(srcdir) @CFLAGS@ @HX_CFLAGS@ + LDFLAGS = @LDFLAGS@ + LFILE = $(ATJOB_DIR)/.SEQ + DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" \ +@@ -37,7 +37,7 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" + -DDAEMON_USERNAME=\"$(DAEMON_USERNAME)\" \ + -DDAEMON_GROUPNAME=\"$(DAEMON_GROUPNAME)\" \ + -DLFILE=\"$(LFILE)\" -Wall +-LIBS = @LIBS@ ++LIBS = @LIBS@ @HX_LIBS@ + LIBOBJS = @LIBOBJS@ + INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ +Index: at-3.2.0/atd.c +=================================================================== +--- at-3.2.0.orig/atd.c ++++ at-3.2.0/atd.c +@@ -74,6 +74,10 @@ + #include + #endif + ++#include ++#include ++#include ++ + /* Local headers */ + + #include "privs.h" +@@ -798,6 +802,7 @@ main(int argc, char *argv[]) + * for execution and yet another one, optionally, for sending mail. + * Files which already have run are removed during the next invocation. + */ ++ struct HXmap *sc_map; + int c; + time_t next_invocation; + struct sigaction act; +@@ -875,6 +880,22 @@ main(int argc, char *argv[]) + } + } + ++ sc_map = HX_shconfig_map("/etc/sysconfig/atd"); ++ if (sc_map != NULL) { ++ char *v; ++ ++ v = HXmap_get(sc_map, "ATD_BATCH_INTERVAL"); ++ if (v != NULL && strlen(v) > 0) { ++ batch_interval = strtol(v, NULL, 0); ++ syslog(LOG_INFO, "sysconfig requested batch_interval to be set to %d\n", batch_interval); ++ } ++ v = HXmap_get(sc_map, "ATD_LOADAVG"); ++ if (v != NULL && strlen(v) > 0) { ++ load_avg = strtod(v, NULL); ++ syslog(LOG_INFO, "sysconfig requested load_avg to be set to %f\n", load_avg); ++ } ++ } ++ + namep = argv[0]; + if (chdir(ATJOB_DIR) != 0) + perr("Cannot change to " ATJOB_DIR); +Index: at-3.2.0/configure.ac +=================================================================== +--- at-3.2.0.orig/configure.ac ++++ at-3.2.0/configure.ac +@@ -54,6 +54,8 @@ AC_CHECK_LIB(fl,yywrap, + [Define to 1 if we need to provide our own yywrap()]) + ) + ++PKG_CHECK_MODULES([HX], [libHX]) ++ + AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + dnl Checks for header files. + AC_HEADER_DIRENT diff --git a/at-3.1.16-handle_malformed_jobs.patch b/at-3.1.16-handle_malformed_jobs.patch new file mode 100644 index 0000000..66f267d --- /dev/null +++ b/at-3.1.16-handle_malformed_jobs.patch @@ -0,0 +1,31 @@ +Index: at-3.1.13/atd.c +=================================================================== +--- at-3.1.13.orig/atd.c ++++ at-3.1.13/atd.c +@@ -103,6 +103,7 @@ int selinux_enabled=0; + + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 ++#define RETRY_INTERVAL CHECK_INTERVAL + + /* Global variables */ + +@@ -845,12 +846,17 @@ run_loop() + + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. ++ * ++ * To prevent pointless CPU heating with permanent errors, ++ * next execution is scheduled with RETRY_INTERVAL inserted. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)-1); + lock_name[sizeof(lock_name)-1] = 0; + lock_name[0] = '='; + unlink(lock_name); +- next_job = now; ++ if (next_job > now + RETRY_INTERVAL) { ++ next_job = now + RETRY_INTERVAL; ++ } + nothing_to_do = 0; + } + continue; diff --git a/at-3.1.8-denylist.patch b/at-3.1.8-denylist.patch new file mode 100644 index 0000000..a8e87a2 --- /dev/null +++ b/at-3.1.8-denylist.patch @@ -0,0 +1,39 @@ +--- + at.deny | 24 ++++++------------------ + 1 file changed, 6 insertions(+), 18 deletions(-) + +Index: at-3.2.0/at.deny +=================================================================== +--- at-3.2.0.orig/at.deny ++++ at-3.2.0/at.deny +@@ -1,24 +1,12 @@ +-alias +-backup ++root + bin + daemon +-ftp +-games +-gnats +-guest +-irc + lp + mail ++news ++uucp ++games + man ++wwwrun ++ftp + nobody +-operator +-proxy +-qmaild +-qmaill +-qmailp +-qmailq +-qmailr +-qmails +-sync +-sys +-www-data diff --git a/at-3.2.2.patch b/at-3.2.2.patch new file mode 100644 index 0000000..9227b75 --- /dev/null +++ b/at-3.2.2.patch @@ -0,0 +1,147 @@ +Index: at-3.2.2/Makefile.in +=================================================================== +--- at-3.2.2.orig/Makefile.in ++++ at-3.2.2/Makefile.in +@@ -95,43 +95,43 @@ atrun: atrun.in + $(CC) -c $(CFLAGS) $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdatadir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) +- chmod 1770 $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdatadir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(docdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) ++ chmod 1770 $(DESTDIR)$(ATJOB_DIR) $(DESTDIR)$(ATSPOOL_DIR) + touch $(DESTDIR)$(LFILE) + chmod 600 $(DESTDIR)$(LFILE) +- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(DESTDIR)$(LFILE) +- test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(DESTDIR)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(DESTDIR)$(bindir) ++ test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -m 640 at.deny $(DESTDIR)$(etcdir)/ ++ $(INSTALL) -m 6755 at $(DESTDIR)$(bindir) + $(LN_S) -f at $(DESTDIR)$(bindir)/atq + $(LN_S) -f at $(DESTDIR)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 batch-job $(DESTDIR)$(atdatadir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man8dir) +- $(INSTALL) -g root -o root -m 755 atd $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(DESTDIR)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 batch-job $(DESTDIR)$(atdatadir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man8dir) ++ $(INSTALL) -m 755 atd $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 atrun $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(DESTDIR)$(man1dir)/ + cd $(DESTDIR)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(DESTDIR)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(DESTDIR)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ ++ $(INSTALL) -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ + cd $(DESTDIR)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(DESTDIR)$(atdocdir) + rm -f $(DESTDIR)$(mandir)/cat1/at.1* $(DESTDIR)$(mandir)/cat1/batch.1* \ + $(DESTDIR)$(mandir)/cat1/atq.1* + rm -f $(DESTDIR)$(mandir)/cat1/atd.8* + if test x"$(systemdsystemunitdir)" != xno; then \ +- $(INSTALL) -o root -g root -m 755 -d $(DESTDIR)$(systemdsystemunitdir); \ +- $(INSTALL) -o root -g root -m 644 atd.service $(DESTDIR)$(systemdsystemunitdir); \ ++ $(INSTALL) -m 755 -d $(DESTDIR)$(systemdsystemunitdir); \ ++ $(INSTALL) -m 644 atd.service $(DESTDIR)$(systemdsystemunitdir); \ + fi + + dist: checkin $(DIST) $(LIST) Filelist.asc +Index: at-3.2.2/Problems +=================================================================== +--- at-3.2.2.orig/Problems ++++ at-3.2.2/Problems +@@ -5,7 +5,7 @@ Possible reasons why at may not run for + + make -f Makefile.old install + +-- You may not have a user or group 'daemon' on your system. ++- You may not have a user or group 'at' on your system. + + - If you find numerous 'try again' error messages in your syslog files, + you have too many processes running; recompile your kernel for a +Index: at-3.2.2/atd.c +=================================================================== +--- at-3.2.2.orig/atd.c ++++ at-3.2.2/atd.c +@@ -388,7 +388,12 @@ run_file(const char *filename, uid_t uid + if ((fflags = fcntl(fd_in, F_GETFD)) < 0) + perr("Error in fcntl"); + +- fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); ++ /* ++ ** fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); ++ ** What's that? This fcntl() removes the CLOSE_ON_EXEC flag. ++ */ ++ if(fcntl(fd_in, F_SETFD, fflags | FD_CLOEXEC) < 0) ++ perr("Error in fcntl"); + + /* + * If the spool directory is mounted via NFS `atd' isn't able to +@@ -512,6 +517,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +@@ -699,7 +707,8 @@ run_loop() + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. + */ +- strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ strncpy(lock_name, dirent->d_name, sizeof(lock_name)-1); ++ lock_name[sizeof(lock_name)-1] = 0; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -733,7 +742,8 @@ run_loop() + */ + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { +- strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ strncpy(batch_name, dirent->d_name, sizeof(batch_name)-1); ++ batch_name[sizeof(batch_name)-1] = 0; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; +Index: at-3.2.2/configure.ac +=================================================================== +--- at-3.2.2.orig/configure.ac ++++ at-3.2.2/configure.ac +@@ -150,7 +150,7 @@ AC_DEFINE_UNQUOTED(PIDFILE, "$PIDDIR/atd + AC_MSG_RESULT($PIDDIR) + + AC_MSG_CHECKING(location of spool directory) +-if test -d /var/spool/atjobs ; then ++if test -d /var/spool ; then + sp=/var/spool + AC_MSG_RESULT(Using existing /var/spool/at{jobs|run}) + elif test -d /var/spool/cron ; then diff --git a/at-adjust_load_to_cpu_count.patch b/at-adjust_load_to_cpu_count.patch new file mode 100644 index 0000000..405359c --- /dev/null +++ b/at-adjust_load_to_cpu_count.patch @@ -0,0 +1,59 @@ +Index: at-3.1.23/at.1.in +=================================================================== +--- at-3.1.23.orig/at.1.in ++++ at-3.1.23/at.1.in +@@ -68,6 +68,9 @@ deletes jobs, identified by their job nu + executes commands when system load levels permit; in other words, when the load average + drops below @LOADAVG_MX@, or the value specified in the invocation of + .BR atd . ++Note that because of the load meaning on Linux, ++this number is multiplied by the amount of CPUs when compared to the ++system loadavg. + .PP + .B At + allows fairly complex time +Index: at-3.1.23/atd.c +=================================================================== +--- at-3.1.23.orig/atd.c ++++ at-3.1.23/atd.c +@@ -625,6 +625,7 @@ run_loop() + int run_batch; + static time_t next_batch = 0; + double currlavg[3]; ++ int cpu_count = 1; + + /* Main loop. Open spool directory for reading and look over all the + * files in there. If the filename indicates that the job should be run, +@@ -775,7 +776,14 @@ run_loop() + #ifdef GETLOADAVG_PRIVILEGED + END_PRIV + #endif +- if (currlavg[0] < load_avg) { ++#ifdef _SC_NPROCESSORS_ONLN ++ cpu_count = sysconf(_SC_NPROCESSORS_ONLN); ++ if (cpu_count < 1) { ++ cpu_count = 1; ++ } ++#endif ++ ++ if (currlavg[0] < load_avg * cpu_count) { + run_file(batch_name, batch_uid, batch_gid); + run_batch--; + } +Index: at-3.1.23/atd.8.in +=================================================================== +--- at-3.1.23.orig/atd.8.in ++++ at-3.1.23/atd.8.in +@@ -20,10 +20,8 @@ runs jobs queued by + .B \-l + Specifies a limiting load factor, over which batch jobs should + not be run, instead of the compile-time choice of @LOADAVG_MX@. +-For an SMP system with +-.I n +-CPUs, you will probably want to set this higher than +-.IR n\-1. ++This number is multiplied by the amount of CPUs when comparing ++to /proc/loadavg, because loadavg is a sum over all processors on Linux. + .TP 8 + .B \-b + Specify the minimum interval in seconds between the start of two diff --git a/at-backport-old-privs.patch b/at-backport-old-privs.patch new file mode 100644 index 0000000..3995f1a --- /dev/null +++ b/at-backport-old-privs.patch @@ -0,0 +1,108 @@ +From: Michal Vyskocil +Subject: Backport old privs + +at since 3.10 have substantially changed the priviledge model, which is tied to +Debian setup of at. As SUSE does use a different layout, this patch introduces +back the PRIV_START/PRIV_END + fchown where needed. + +References: https://bugzilla.novell.com/show_bug.cgi?id=849720 + +--- + at.c | 31 ++++++++++--------------------- + 1 file changed, 10 insertions(+), 21 deletions(-) + +Index: at-3.2.4/at.c +=================================================================== +--- at-3.2.4.orig/at.c ++++ at-3.2.4/at.c +@@ -155,18 +155,11 @@ sigc(int signo) + /* If the user presses ^C, remove the spool file and exit + */ + if (fcreated) { +- /* + PRIV_START + +- We need the unprivileged uid here since the file is owned by the real +- (not effective) uid. +- */ +- setregid(real_gid, effective_gid); + unlink(atfile); +- setregid(effective_gid, real_gid); +- /* ++ + PRIV_END +- */ + } + exit(EXIT_FAILURE); + } +@@ -326,18 +319,14 @@ writefile(time_t runtimer, char queue) + * bit. Yes, this is a kluge. + */ + cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); +- seteuid(real_uid); + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY | O_SYNC, S_IRUSR)) == -1) + perr("Cannot create atjob file %.500s", atfile); +- seteuid(effective_uid); + + if ((fd2 = dup(fd)) < 0) + perr("Error in dup() of job file"); + +- /* + if (fchown(fd2, real_uid, real_gid) != 0) + perr("Cannot give away file"); +- */ + + PRIV_END + +@@ -729,11 +718,7 @@ process_jobs(int argc, char **argv, int + switch (what) { + case ATRM: + +- /* +- We need the unprivileged uid here since the file is owned by the real +- (not effective) uid. +- */ +- setregid(real_gid, effective_gid); ++ PRIV_START + + if (queue == '=') { + fprintf(stderr, "Warning: deleting running job\n"); +@@ -743,7 +728,7 @@ process_jobs(int argc, char **argv, int + rc = EXIT_FAILURE; + } + +- setregid(effective_gid, real_gid); ++ PRIV_END + done = 1; + + break; +@@ -753,22 +738,26 @@ process_jobs(int argc, char **argv, int + FILE *fp; + int ch; + +- setregid(real_gid, effective_gid); +- fp = fopen(dirent->d_name, "r"); ++ PRIV_START ++ ++ fp = fopen(dirent->d_name, "r"); ++ ++ PRIV_END + + if (fp) { + while ((ch = getc(fp)) != EOF) { + putchar(ch); + } + done = 1; ++ PRIV_START + fclose(fp); ++ PRIV_END + fp = NULL; + } + else { + perr("Cannot open %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } +- setregid(effective_gid, real_gid); + } + break; + diff --git a/at-piddir.patch b/at-piddir.patch new file mode 100644 index 0000000..add94cc --- /dev/null +++ b/at-piddir.patch @@ -0,0 +1,16 @@ +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +Index: at-3.2.0/configure.ac +=================================================================== +--- at-3.2.0.orig/configure.ac ++++ at-3.2.0/configure.ac +@@ -130,6 +130,7 @@ elif test -d /usr/run ; then + else + PIDDIR="$ETCDIR" + fi ++PIDDIR=/run + AC_DEFINE_UNQUOTED(PIDFILE, "$PIDDIR/atd.pid", [What is the name of our PID file?]) + AC_MSG_RESULT($PIDDIR) + diff --git a/at.changes b/at.changes new file mode 100644 index 0000000..8c03afd --- /dev/null +++ b/at.changes @@ -0,0 +1,879 @@ +------------------------------------------------------------------- +Tue Dec 27 13:35:20 UTC 2022 - Stefan Schubert + +- Migration of PAM settings to /usr/lib/pam.d + +------------------------------------------------------------------- +Wed May 18 12:31:43 UTC 2022 - Dominique Leuenberger + +- Update to version 3.2.5: + + Fix: atd forgets to run a job in the queue (deb#1004972). + +------------------------------------------------------------------- +Wed Mar 23 11:44:56 UTC 2022 - Callum Farmer + +- Switch to dynamic UIDs instead of hardcoding 25 + +------------------------------------------------------------------- +Tue Mar 15 17:51:31 UTC 2022 - Danilo Spinella + +- Drop systemd hardening as it breaks some jobs, fixes bsc#1196219 + * Remove harden_atd.service.patch + +------------------------------------------------------------------- +Tue Feb 22 16:24:52 UTC 2022 - Danilo Spinella + +- Update to version 3.2.4: + * Upstream SUSE patches +- Update to version 3.2.3: + * Fix two typos on documentation + * Upstream SUSE patches + * Various improvements to the code and the build system +- Refresh patches: + * at-3.1.16-handle_malformed_jobs.patch + * at-3.2.2.patch + * at-backport-old-privs.patch + * harden_atd.service.patch +- Drop upstreamed patches: + * at-3.1.13-leak-fix.patch + * at-3.1.13-massive_batch.patch + * at-3.1.14-joblist.patch + * at-3.1.14-usePOSIXtimers.patch + * at-3.1.8-jobdir-mtime.patch + * at-atq-timeformat.patch + * at-secure_getenv.patch + +------------------------------------------------------------------- +Tue Nov 23 12:32:11 UTC 2021 - Johannes Segitz + +- Drop ProtectSystem and ProtectHome hardening. Unfortunately they're + breaking at jobs (boo#1192294) + +------------------------------------------------------------------- +Thu Nov 18 11:23:33 UTC 2021 - Danilo Spinella + +- Tumbleweed is not affected by the following SLE issues: + * jsc#SLE-17611 + * bsc#1181576 + +------------------------------------------------------------------- +Wed Aug 11 08:25:16 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Added patch(es): + * harden_atd.service.patch + Modified: + * atd.service + +------------------------------------------------------------------- +Fri Jul 16 09:09:26 UTC 2021 - Danilo Spinella + +- Update to 3.2.2: + * Add script batch-job +- Refresh patch at-3.1.14.patch into at-3.2.2.patch +- Convert at-3.1.14-parse-suse-sysconfig.patch to UTF-8 + +------------------------------------------------------------------- +Thu Jun 3 11:39:32 UTC 2021 - Callum Farmer + +- Change to using systemd-sysusers + +------------------------------------------------------------------- +Fri Oct 2 21:20:32 UTC 2020 - Jan Engelhardt + +- Update to release 3.2.1 + * Print time of new job before the input of the commands. + * Do not drop seconds on -t option. + * Start using nice levels from 0 instead of 2. + * Correctly handle DST when specifying a UTC time. +- Modernize specfile constructs / drop old ones. +- Do not silence errors from useradd/groupadd. +- Refreshed at-3.1.13-documentation-dir.patch, + at-3.1.13-leak-fix.patch, at-3.1.13-massive_batch.patch, + at-3.1.13-tomorrow.patch, at-3.1.14-joblist.patch, + at-3.1.14-makefile-deps.patch, + at-3.1.14-parse-suse-sysconfig.patch, at-3.1.14.patch, + at-3.1.8-denylist.patch, at-3.1.8-jobdir-mtime.patch, + at-atq-timeformat.patch, at-backport-old-privs.patch, + at-piddir.patch, at-secure_getenv.patch for %autosetup. + +------------------------------------------------------------------- +Wed Feb 19 10:54:34 UTC 2020 - Kristyna Streitova + +- change login shell for at user from /bin/bash to /bin/false as it + shouldn't need a valid login shell + +------------------------------------------------------------------- +Thu Oct 17 13:48:04 UTC 2019 - Richard Brown + +- Remove obsolete Groups tag (fate#326485) + +------------------------------------------------------------------- +Tue Aug 27 15:51:24 UTC 2019 - Kristyna Streitova + +- atd.pamd: integrate pam_keyinit pam module [bsc#1144041] + +------------------------------------------------------------------- +Tue Oct 23 12:36:49 UTC 2018 - kstreitova@suse.com + +- Version update to at 3.1.23 [bsc#1112660] + * 832368-Using_of_the_meaningless_fcntl: Fix call of fcntl by + replacing (long) 1 with FD_CLOEXEC + * 892819-at__improvements_to_atd.service: Improve atd.service, + see bug report 892819 + * 885891-at__stale_batchjobs_after_reboot: Remove stale at jobs + after a boot. + * 897669-897670-Some_fixes_in_the_manuals: Fix some warnings in + manpages at.1 and atd.8 + * 883730-Remove_invalid_email_from_man_page: Remove invalid email + from man pages. + * Draft of a release script + * Finalised script to release software. +- refresh at-atq-timeformat.patch +- refresh at-adjust_load_to_cpu_count.patch + +------------------------------------------------------------------- +Thu Nov 23 13:39:24 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Sat Jul 22 07:21:45 UTC 2017 - tchvatal@suse.com + +- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently + +------------------------------------------------------------------- +Sat Jul 22 07:07:28 UTC 2017 - tchvatal@suse.com + +- Version update to at 3.1.20 to match latest upstream: + * Pam and selinux implemented upstream + * various tiny fixes +- Rebase patches: + * at-3.1.13-documentation-dir.patch + * at-3.1.13-massive_batch.patch + * at-3.1.14-joblist.patch + * at-3.1.14-parse-suse-sysconfig.patch + * at-3.1.14-usePOSIXtimers.patch + * at-3.1.14.patch +- Drop no longer needed patches: + * at-3.1.13-formatbugs.patch + * at-3.1.13-pam-session-as-root.patch + * at-3.1.13-pam.patch + * at-3.1.13-queue-nice-level.patch + * at-3.1.14-selinux.patch + +------------------------------------------------------------------- +Tue Oct 13 13:36:03 UTC 2015 - kstreitova@suse.com + +- add at-3.1.16-handle_malformed_jobs.patch to prevent creation of + the corrupted files and their looping [bnc#945124] + +------------------------------------------------------------------- +Tue Jun 23 16:48:56 UTC 2015 - vcizek@suse.com + +- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX + by the amount of CPUs when comparing to loadavg (bnc#889174) + * added at-adjust_load_to_cpu_count.patch + +------------------------------------------------------------------- +Mon Jun 22 15:07:32 UTC 2015 - tchvatal@suse.com + +- Version bump to 3.1.16 to match latest upstream: + * Fix regression for sec-fix in bash we applied in form of patch + till now - deleting at-3.1.15-sane-envkeys.patch +- Sync/split features to be patch specific, modifying: + * at-3.1.13-pam.patch + * at-3.1.14-parse-suse-sysconfig.patch + * at-3.1.14-selinux.patch + +------------------------------------------------------------------- +Mon Jun 22 15:02:30 UTC 2015 - tchvatal@suse.com + +- Cleanup with spec-cleaner +- Remove systemd conditional (we do not work on sle11 anyway) + +------------------------------------------------------------------- +Thu Jun 4 01:03:54 UTC 2015 - crrodriguez@opensuse.org + +- atd.service: run After=nss-user-lookup.target not after + systemd-user-sessions.service +- atd.service: run After=time-sync.target + +------------------------------------------------------------------- +Mon Oct 6 20:32:38 UTC 2014 - lchiquitto@suse.com + +- Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch, + a simpler fix from upstream [bsc#899160] + +------------------------------------------------------------------- +Fri Oct 3 15:00:43 UTC 2014 - crrodriguez@opensuse.org + +- at-3.1.14-usePOSIXtimers.patch (from Fedora) + Use Posix timers, this + avoid the need of horrible suspend/resume hacks like at.sleep + with pm-utils/systemd + +------------------------------------------------------------------- +Tue Sep 30 13:20:21 UTC 2014 - jengelh@inai.de + +- Add at-sane-envkeys.diff to skip exporting variables with + awkward keys [bsc#899160] + +------------------------------------------------------------------- +Wed Sep 24 12:21:20 UTC 2014 - pgajdos@suse.com + +- updated to 3.1.15: + * pam.conf: require pam_loginuid.so + * atd.service.in: Add Documentation field. + * atd.service.in: Set IgnoreSIGPIPE=false + +------------------------------------------------------------------- +Thu Jul 31 09:26:21 UTC 2014 - alarrosa@suse.com + +- Remove a relative path that is not needed in the service symlink + +------------------------------------------------------------------- +Mon Jul 28 03:32:36 UTC 2014 - crrodriguez@opensuse.org + +- Remove extra remains of sysvinit compat. +- Restore needed call to fillup_only that went lost in the + sysvinit change. + +------------------------------------------------------------------- +Fri Jul 25 09:20:31 UTC 2014 - pgajdos@suse.com + +- introduced -o switch for atq [bnc#879402] + * added at-atq-timeformat.patch + +------------------------------------------------------------------- +Mon Jun 16 14:27:26 UTC 2014 - vdziewiecki@suse.com + +-Removed init script +-fix bnc#880364 - at pam file is not calling pam_loginuid + +------------------------------------------------------------------- +Mon Mar 3 10:21:36 UTC 2014 - aj@ajaissle.de + +- New upstream release 3.1.14 + + Add systemd service file. (deb#639634) + + Initialize jobno before using it. + + No longer try to compile and run a trivial C program. (deb#632301) + + Add -M option to usage message. + + Use LDFLAGS when linking programs. + +- Rebased the following patches: + * at-3.1.13.patch as at-3.1.14.patch + * at-3.1.13-joblist.patch as at-3.1.14-joblist.patch + * at-3.1.13-selinux.patch as at-3.1.14-selinux.patch + * at-parse-suse-sysconfig.patch as at-3.1.14-parse-suse-sysconfig.patch + * at-makefile-deps.patch as at-3.1.14-makefile-deps.patch + +- Dropped at-3.1.13-pie.patch (obsolete, now using LDFLAGS) + +- Changed systemd service file [Unit] -> "Description" to match upstream + +- Spec: cleanup + use some macros + +------------------------------------------------------------------- +Thu Jan 23 21:15:53 UTC 2014 - aj@ajaissle.de + +- Fixed leaking the exit code of systemctl in atd.sh. A change + to at.sleep prevents leaking systemctl exit code as well as + simplifies the script. + +------------------------------------------------------------------- +Tue Nov 12 15:37:29 UTC 2013 - mvyskocil@suse.com + +- use old privs model (fixes bnc#849720) + * at-backport-old-privs.patch +- do not install sysvinit script and service file together +- add sticky bit to atjobs + +------------------------------------------------------------------- +Tue Oct 22 06:38:25 UTC 2013 - meissner@suse.com + +- adding service hook was in %verifyscript section not in %post + +------------------------------------------------------------------- +Sun Oct 6 23:02:00 UTC 2013 - crrodriguez@opensuse.org + +- at-secure_getenv.patch at must use secure_getenv. + +------------------------------------------------------------------- +Mon Jul 15 13:50:37 UTC 2013 - werner@suse.de + +- No http://0pointer.de/public/systemd-units/atd.service anymore + +------------------------------------------------------------------- +Sat Jul 13 00:09:02 UTC 2013 - crrodriguez@opensuse.org + +- systemd: start as non-forking service +- systemd: start after systemd-user-sessions.service + +------------------------------------------------------------------- +Sat Jul 13 00:05:41 UTC 2013 - crrodriguez@opensuse.org + +- Use /run not /var/run to store the pid file + +------------------------------------------------------------------- +Thu Jun 20 01:52:46 UTC 2013 - crrodriguez@opensuse.org + +- at.sleep move away from pm-utils to systemd-sleep + +------------------------------------------------------------------- +Tue Jun 18 15:09:18 UTC 2013 - schwab@suse.de + +- at-makefile-deps.patch: fix makefile dependencies + +------------------------------------------------------------------- +Tue Jun 11 13:09:18 UTC 2013 - lang@b1-systems.de + +- updated to upstream 3.1.13 +- ported patches to new source code in session with Stefan Seyfried +- removed unnecessary patches + +------------------------------------------------------------------- +Sun Apr 14 06:45:53 UTC 2013 - crrodriguez@opensuse.org + +- Ordering after syslog.target is no longer recommended. + +------------------------------------------------------------------- +Wed Feb 6 14:17:35 UTC 2013 - opensuse@cboltz.de + +- fix author information in at-parse-suse-sysconfig.patch (bnc#780259#c25) + +------------------------------------------------------------------- +Sun Jan 6 20:43:45 UTC 2013 - jengelh@inai.de + +- Use simpler HXmap_get in at-parse-suse-sysconfig.patch + (bnc#780259) + +------------------------------------------------------------------- +Wed Nov 28 21:46:58 UTC 2012 - crrodriguez@opensuse.org + +- When sysconfig variables are empty, do not set stuff to zero + just use the defaults. + +------------------------------------------------------------------- +Wed Nov 28 20:51:49 UTC 2012 - crrodriguez@opensuse.org + +- Fix systemd unit and sysconfig parsing the right way. + +------------------------------------------------------------------- +Mon Nov 26 18:11:09 UTC 2012 - opensuse@cboltz.de + +- use /etc/sysconfig/atd variables in atd.service (bnc#780259#c4) + +------------------------------------------------------------------- +Thu Sep 13 21:24:09 UTC 2012 - opensuse@cboltz.de + +- fix atd.service (bnc#780259) + +------------------------------------------------------------------- +Tue Dec 20 19:56:52 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 11:26:55 UTC 2011 - coolo@suse.com + +- remove call to suse_update_config (very old work around) + +------------------------------------------------------------------- +Mon Dec 5 19:19:40 UTC 2011 - crrodriguez@opensuse.org + +- Fix rpmlint warnings + +------------------------------------------------------------------- +Mon Dec 5 19:05:48 UTC 2011 - crrodriguez@opensuse.org + +- Support systemd. + +------------------------------------------------------------------- +Sat Sep 17 13:28:30 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri May 13 07:45:00 UTC 2011 - vcizek@novell.com + +- added missing license to distribution (bnc#693355) + +------------------------------------------------------------------- +Tue Apr 19 07:40:28 UTC 2011 - vcizek@novell.com + +- wrong jobdir mtime handling fixed (bnc#680113) + thanks to Ingo Schwarze + +------------------------------------------------------------------- +Tue Apr 5 15:36:24 UTC 2011 - vcizek@novell.com + +- fixed atd-atrm race condition (bnc#679857) + +------------------------------------------------------------------- +Tue Mar 1 15:33:34 UTC 2011 - vcizek@novell.com + +- fixed bug introduced with at-3.1.8-tomorrow.patch (bnc#672586) + +------------------------------------------------------------------- +Mon Feb 7 16:10:28 CET 2011 - jslaby@suse.de + +- source pm-utils functions in suspend/resume script to avoid + errors + +------------------------------------------------------------------- +Tue Feb 1 09:49:43 UTC 2011 - vcizek@novell.com + +- at now shifts jobs with passed time without a date to tomorrow + (bnc#668485) + +------------------------------------------------------------------- +Wed Nov 10 12:51:25 UTC 2010 - coolo@novell.com + +- own parent directories + +------------------------------------------------------------------- +Tue Sep 28 04:53:33 UTC 2010 - cristian.rodriguez@opensuse.org + +- /etc/at.deny has wrong account name [bnc#632250] + +------------------------------------------------------------------- +Tue Jul 20 20:29:11 UTC 2010 - cristian.rodriguez@opensuse.org + +- wake up atd after suspend [bnc#592349] + +------------------------------------------------------------------- +Sat Jul 17 02:24:46 UTC 2010 - cristian.rodriguez@opensuse.org + +- improve spec file +- Should Recommend smtp_daemon + +------------------------------------------------------------------- +Wed Nov 18 17:18:44 UTC 2009 - mseben@novell.com + +- added pam conversion function (reworked pam.patch) fate#306386 + +------------------------------------------------------------------- +Tue Nov 3 19:09:06 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Thu Aug 27 12:16:43 CEST 2009 - mseben@novell.com + +- closedir.patch renamed to leak-fix.patch and added others fixs + of resource leaks (bnc#533454) + +------------------------------------------------------------------- +Thu Aug 13 20:50:51 UTC 2009 - mseben@novell.com + +- added closedir.patch fix missing call of closedir() (bnc#523346) + +------------------------------------------------------------------- +Thu May 14 15:59:43 CEST 2009 - puzel@suse.cz + +- added at-3.1.8-pam-session-as-root.patch (bnc#329210, bnc#408986) + +------------------------------------------------------------------- +Mon Mar 2 16:52:17 CET 2009 - sebo@suse.de + +- added cleanup_perm.patch to fix permissions for unlink (bnc#478733) + +------------------------------------------------------------------- +Thu Feb 12 14:52:56 CET 2009 - mseben@suse.cz + +- fixed nice level of queues : queue-nice-level.patch [bnc#225463] + +------------------------------------------------------------------- +Thu Jan 8 10:38:35 CET 2009 - prusnak@suse.cz + +- corrected selinux.patch [bnc#463521] + +------------------------------------------------------------------- +Wed Oct 8 18:34:53 CEST 2008 - bwalle@suse.de + +- Fix documentation directory in at(1). + +------------------------------------------------------------------- +Mon Sep 1 13:52:04 CEST 2008 - puzel@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Tue Apr 8 17:32:59 CEST 2008 - mrueckert@suse.de + +- add at-3.1.8_massive_batch.patch: (bnc#347126) + properly handle sighup when multiple jobs are submitted at the + same time + +------------------------------------------------------------------- +Fri May 11 15:09:08 CEST 2007 - mrueckert@suse.de + +- remove postfix from the build requires. (#225469) + +------------------------------------------------------------------- +Thu Mar 29 10:37:51 CEST 2007 - meissner@suse.de + +- buildrequires flex,bison + +------------------------------------------------------------------- +Mon Mar 19 17:07:09 CET 2007 - mrueckert@suse.de + +- readd at-3.1.8-pam.diff: (#222563) + The breaking part of the setreuid(daemon_uid,daemon_uid) in + perm.c. uid 25 can not write audit messages. As upstream removed + the pam code in perm.c aswell, we do the same here. + +------------------------------------------------------------------- +Mon Dec 18 18:21:06 CET 2006 - ro@suse.de + +- added sysconfig variables ATD_BATCH_INTERVAL + and ATD_LOADAVG (fate#301318) + +------------------------------------------------------------------- +Tue Nov 28 17:17:39 CET 2006 - mrueckert@suse.de + +- remove at-3.1.8-pam.diff it just breaks at. + +------------------------------------------------------------------- +Tue Nov 21 11:36:25 CET 2006 - ro@suse.de + +- added PRIV_START/END calls around pam_start sections (#222412) + +------------------------------------------------------------------- +Fri Sep 1 14:17:31 CEST 2006 - kukuk@suse.de + +- Add pam_loginuid.so to atd.pamd + +------------------------------------------------------------------- +Wed Jan 25 21:34:30 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 00:09:32 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Mon Dec 5 12:17:38 CET 2005 - kukuk@suse.de + +- Disable SELinux + +------------------------------------------------------------------- +Mon Aug 29 11:01:42 CEST 2005 - kukuk@suse.de + +- Make pam config file non-executeable + +------------------------------------------------------------------- +Thu Aug 25 13:48:55 CEST 2005 - kukuk@suse.de + +- Remove pam_loginuid.so [may fix #112802] + +------------------------------------------------------------------- +Mon Aug 15 17:27:16 CEST 2005 - kukuk@suse.de + +- Update to at-3.1.8-11 tarball (includes old patches) +- Add PAM support + +------------------------------------------------------------------- +Thu Jun 2 11:03:30 CEST 2005 - kukuk@suse.de + +- Compile with -fpie/-pie +- Update SELinux patch + +------------------------------------------------------------------- +Sat Feb 5 10:28:59 CET 2005 - meissner@suse.de + +- mark up for format string using functions. +- fixed one error output + +------------------------------------------------------------------- +Tue May 25 15:17:28 CEST 2004 - ro@suse.de + +- added "-t" docu to manpage + +------------------------------------------------------------------- +Thu Mar 25 16:53:11 CET 2004 - mmj@suse.de + +- Add postfix to # neededforbuild + +------------------------------------------------------------------- +Tue Mar 23 16:41:53 CET 2004 - thomas@suse.de + +- Added patch for EAL3 man-pages + +------------------------------------------------------------------- +Tue Mar 23 09:19:22 CET 2004 - thomas@suse.de + +- Added patch for LAuS + +------------------------------------------------------------------- +Wed Jan 28 09:38:31 CET 2004 - kukuk@suse.de + +- Add patch for SELinux + +------------------------------------------------------------------- +Mon Oct 27 12:58:41 CET 2003 - ro@suse.de + +- package /usr/bin/at as 4750,root,trusted as in permissions.secure +- add verify (not mode) for /usr/bin/at +- add run_permissions macro to postinstall + +------------------------------------------------------------------- +Mon Oct 20 01:38:35 CEST 2003 - ro@suse.de + +- don't build as root + +------------------------------------------------------------------- +Tue Oct 7 17:11:27 CEST 2003 - ro@suse.de + +- support "at -l -q queue" and "-t timespec" (#31957) + (ported from FreeBSD) + +------------------------------------------------------------------- +Fri Aug 29 11:18:58 CEST 2003 - kukuk@suse.de + +- Create at as system account [Bug #29611] + +------------------------------------------------------------------- +Fri Aug 15 12:57:09 CEST 2003 - ro@suse.de + +- make "at -r" behave like "at -d" (#28753) +- added restart_on_update/stop_on_removal macros + +------------------------------------------------------------------- +Fri Jul 18 13:40:36 CEST 2003 - kukuk@suse.de + +- Fix spec file/Makefile to be able to build as normal user + +------------------------------------------------------------------- +Wed Jun 18 13:00:58 CEST 2003 - ro@suse.de + +- added "X-UnitedLinux-Default-Enabled: no" to init-script + +------------------------------------------------------------------- +Wed Jun 18 12:35:24 CEST 2003 - ro@suse.de + +- don't activate by default + +------------------------------------------------------------------- +Mon May 19 12:08:18 CEST 2003 - ro@suse.de + +- fix filelist + +------------------------------------------------------------------- +Tue May 13 00:28:45 CEST 2003 - ro@suse.de + +- use defattr + +------------------------------------------------------------------- +Tue Mar 11 12:06:25 CET 2003 - ro@suse.de + +- fix postinstall for updates (appeared in #24653) + +------------------------------------------------------------------- +Thu Nov 07 11:49:40 CET 2002 - tcrhak@suse.cz + +- fixed for bison 1.75: end rules with semicolon + +------------------------------------------------------------------- +Fri Aug 23 18:35:48 CEST 2002 - bk@suse.de + +- mark /etc/at.deny as noreplace + +------------------------------------------------------------------- +Mon Aug 19 17:34:31 CEST 2002 - kukuk@suse.de + +- Use $time instead of xntp in init script. + +------------------------------------------------------------------- +Thu Aug 1 16:06:51 CEST 2002 - ro@suse.de + +- added prereqs + +------------------------------------------------------------------- +Mon Jul 1 13:43:39 CEST 2002 - ro@suse.de + +- add ntp to Required-Start in init-script (#15833) + +------------------------------------------------------------------- +Mon May 27 14:15:02 CEST 2002 - ro@suse.de + +- set SIGCHLD handler back to default when starting job + +------------------------------------------------------------------- +Fri May 24 01:22:59 CEST 2002 - ro@suse.de + +- create user in install section + +------------------------------------------------------------------- +Wed May 22 08:55:40 CEST 2002 - kukuk@suse.de + +- Create at user/group in preinstall script + +------------------------------------------------------------------- +Tue Apr 2 14:52:23 CEST 2002 - ro@suse.de + +- don't try to copy config.guess and config.sub + (already done by suse_update_config) + +------------------------------------------------------------------- +Wed Jan 16 09:04:59 CET 2002 - ro@suse.de + +- integrated two patches: + at-3.1.8-heapcorruption.dif and at-3.1.8-o_excl.dif + against heap corruption in time parser for commandline and for + safer opening of a file (O_EXCL). +- removed all generated files from patch and copy config.{sub,guess} + from current automake + +------------------------------------------------------------------- +Wed Jan 9 18:33:30 CET 2002 - kukuk@suse.de + +- Fix path to timespec in at.1 manual page [Bug #12784] + +------------------------------------------------------------------- +Tue Jan 8 20:24:51 CET 2002 - egmont@suselinux.hu + +- removed colons from init script messages + +------------------------------------------------------------------- +Wed Jan 2 11:24:09 CET 2002 - kukuk@suse.de + +- Remove warning about cron and at (never worked before and user + cannot see it) +- Rename init script from at to atd +- Don't source rc.config in init script (not needed any longer) +- Remove $route from init script dependencies (does not exist) + [Bug #12689] +- Use BuildRoot + +------------------------------------------------------------------- +Fri Dec 14 01:44:22 CET 2001 - ro@suse.de + +- removed START_ATD + +------------------------------------------------------------------- +Mon Aug 6 12:25:13 CEST 2001 - ro@suse.de + +- updated rc script + +------------------------------------------------------------------- +Fri Jun 15 17:39:46 CEST 2001 - schwab@suse.de + +- Add %suse_update_config. + +------------------------------------------------------------------- +Tue Nov 28 01:25:30 CET 2000 - ro@suse.de + +- startscript to etc/init.d + +------------------------------------------------------------------- +Mon Sep 25 15:17:50 CEST 2000 - ro@suse.de + +- sorted + +------------------------------------------------------------------- +Wed Feb 16 13:36:10 CET 2000 - dipa@suse.de + +- apply debian patch at_3.1.8-8.diff full section of: at.c, at.1.in, + at.deny, at_allow.5, atd.8.in, at.8.in, batch config.guess, + config.sub, daemon.c, lex.yy.c, panic.c, parsetime.y, y.tab.c + (fix for bug #1766) + +------------------------------------------------------------------- +Fri Feb 4 14:04:36 CET 2000 - ro@suse.de + +- fix missing getlock preload + +------------------------------------------------------------------- +Fri Feb 4 12:02:43 CET 2000 - ro@suse.de + +- applied security fixes from thomas + +------------------------------------------------------------------- +Mon Jan 17 16:20:17 CET 2000 - ro@suse.de + +- man -> usr/share/man + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Tue Dec 8 15:58:09 MET 1998 - ro@suse.de + +- added reload to script (does a restart) + +------------------------------------------------------------------- +Mon Dec 7 11:58:21 MET 1998 - ro@suse.de + +- added symlink /sbin/rcat -> init.d/at + +------------------------------------------------------------------- +Mon Dec 7 11:24:33 MET 1998 - ro@suse.de + +- updated init-script + +------------------------------------------------------------------- +Fri Feb 27 13:38:52 MET 1998 - ro@suse.de + +- installed timespec in docdir / fixed path in manpage + +------------------------------------------------------------------- +Mon Oct 27 09:20:22 MET 1997 - ro@suse.de + +- update to version 3.1.8 + ready for autobuild + +---------------------------------------------------------------------------- +Sun Jun 22 18:57:49 MEST 1997 - florian@suse.de + + +- update to version 3.1.7 + +---------------------------------------------------------------------- +Sun Jun 1 17:41:30 CEST 1997 - bs@suse.de + +- moved fillup stuff to var/adm/fillup-templates + + +---------------------------------------------------------------------- +Wed Nov 13 02:46:13 MET 1996 - bs@suse.de + + +boot script beautified. + +---------------------------------------------------------------------- +Mon Oct 14 13:49:28 MET DST 1996 - bs@suse.de + + +recompiled and added README + + +---------------------------------------------------------------------- +Wed Sep 25 00:22:19 MET DST 1996 - bs@suse.de + +- /var/spool/atspool/atspool fixed. + +---------------------------------------------------------------------- +Mon Sep 23 14:16:20 MET DST 1996 - bs@suse.de + +- new version 3.0 +- fillup etc/rc.config and sbin/init.d/at added. + +------------------------------------------------------------------------- +Thu Sep 19 15:52:05 MET DST 1996 - bs@suse.de + +switched to version pre-3.0-960812. +New: atd (daemon) +fillup etc/rc.config and sbin/init.d-stuff added. + + +---------------------------------------------------------------------- +Fri Aug 23 16:13:49 MET DST 1996 - florian@suse.de + +allow login names to be up to 16 characters long diff --git a/at.spec b/at.spec new file mode 100644 index 0000000..db74c46 --- /dev/null +++ b/at.spec @@ -0,0 +1,171 @@ +# +# spec file for package at +# +# Copyright (c) 2022 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +Name: at +Version: 3.2.5 +Release: 0 +Summary: A Job Manager +License: GPL-2.0-or-later +URL: http://blog.calhariz.com/index.php/tag/at +Source: http://software.calhariz.com/at/%{name}_%{version}.orig.tar.gz +Source2: atd.pamd +Source3: sysconfig.atd +Source5: atd.service +Source6: system-user-at.conf +Patch0: at-3.2.2.patch +Patch11: at-3.1.13-documentation-dir.patch +#PATCH-FIX-OPENSUSE add proper system users to the deny list +Patch16: at-3.1.8-denylist.patch +#PATCH-FIX-UPSTREAM plan jobs with past time to tomorrow (bnc#672586) +Patch17: at-3.1.13-tomorrow.patch +Patch20: at-3.1.14-parse-suse-sysconfig.patch +#PATCH-FIX-UPSTREAM fix makefile dependencies +Patch21: at-3.1.14-makefile-deps.patch +#PATCH-FIX-OPENSUSE Set pid dir to /run not /var/run +Patch22: at-piddir.patch +#PATCH-FIX-OPENSUSE backport privs from 3.1.8 (bnc#849720) +Patch24: at-backport-old-privs.patch +Patch28: at-adjust_load_to_cpu_count.patch +# PATCH-FIX-UPSTREAM bnc#945124 kstreitova@suse.com -- don't loop on corrupt files and prevent their creation +Patch29: at-3.1.16-handle_malformed_jobs.patch +BuildRequires: autoconf >= 2.69 +BuildRequires: automake +BuildRequires: bison +BuildRequires: flex +BuildRequires: pam-devel +BuildRequires: pkgconfig +BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-tools +BuildRequires: pkgconfig(libHX) +BuildRequires: pkgconfig(libselinux) +Requires(post): %fillup_prereq +Requires(pre): permissions +%sysusers_requires +Recommends: smtp_daemon + +%description +This program allows you to run jobs at specified times. + +%prep +%autosetup -p1 + +%build +export SENDMAIL=%{_sbindir}/sendmail + +autoreconf -fvi + +%configure \ + --with-pam \ + --with-selinux \ + --with-daemon_username=at \ + --with-daemon_groupname=at + +%make_build +%sysusers_generate_pre %{SOURCE6} at system-user-at.conf + +%install +%if 0%{?suse_version} > 1500 +install -d %{buildroot}{%{_pam_vendordir},%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8},%{_fillupdir}} +%else +install -d %{buildroot}{%{_sysconfdir}/pam.d,%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8},%{_fillupdir}} +%endif + +export CFLAGS="%{?optflags}" +export SENDMAIL=%{_sbindir}/sendmail + +make install IROOT=%{buildroot} + +# Don't install docs here in this way +mkdir docs +mv %{buildroot}/%{_prefix}/doc/at/* docs/ + +install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/atd.service +ln -s service %{buildroot}%{_sbindir}/rcatd + +%if 0%{?suse_version} > 1500 +install -m644 %{SOURCE2} %{buildroot}%{_pam_vendordir}/atd +%else +install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/atd +%endif +install -m644 %{SOURCE3} %{buildroot}%{_fillupdir} + +mkdir -p %{buildroot}%{_sysusersdir} +install -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/ + +%pre -f at.pre +%service_add_pre atd.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in pam.d/atd ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%preun +%service_del_preun atd.service + +%post +%{fillup_only -n atd} +%set_permissions %{_bindir}/at +%service_add_post atd.service + +%verifyscript +%verify_permissions -e %{_bindir}/at + +%postun +%service_del_postun atd.service + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in pam.d/atd ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%files +%doc Problems README ChangeLog timespec +%license COPYING Copyright +%config(noreplace) %{_sysconfdir}/at.deny +%{_sbindir}/rcatd +%if 0%{?suse_version} > 1500 +%attr(644,root,root) %{_pam_vendordir}/atd +%else +%config %attr(644,root,root) %{_sysconfdir}/pam.d/atd +%endif +%verify(not mode) %attr(4750,root,trusted) %{_bindir}/at +%{_bindir}/atq +%{_bindir}/atrm +%{_bindir}/batch +%{_mandir}/man?/* +%{_sbindir}/atd +%{_sbindir}/atrun +%attr(700,at,at) %dir %{_localstatedir}/spool/atspool +%attr(1770,at,at) %dir %{_localstatedir}/spool/atjobs +%attr(600,at,at) %{_localstatedir}/spool/atjobs/.SEQ +%{_fillupdir}/sysconfig.atd +%{_unitdir}/atd.service +%{_sysusersdir}/system-user-at.conf +%dir %{_datadir}/at +%{_datadir}/at/batch-job + +%changelog diff --git a/at_3.2.5.orig.tar.gz b/at_3.2.5.orig.tar.gz new file mode 100644 index 0000000..fee8cc0 --- /dev/null +++ b/at_3.2.5.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bb066b389d7c9bb9d84a35738032b85c30cba7d949f758192adc72c9477fd3b8 +size 132660 diff --git a/atd.pamd b/atd.pamd new file mode 100644 index 0000000..61800d1 --- /dev/null +++ b/atd.pamd @@ -0,0 +1,11 @@ +# +# The PAM configuration file for the at daemon +# +# +auth sufficient pam_rootok.so +auth include common-auth +account include common-account +password include common-password +session optional pam_keyinit.so force revoke +session required pam_loginuid.so +session include common-session diff --git a/atd.service b/atd.service new file mode 100644 index 0000000..9afedc1 --- /dev/null +++ b/atd.service @@ -0,0 +1,9 @@ +[Unit] +Description=Deferred execution scheduler +After=nss-user-lookup.target time-sync.target + +[Service] +ExecStart=/usr/sbin/atd -f + +[Install] +WantedBy=multi-user.target diff --git a/sysconfig.atd b/sysconfig.atd new file mode 100644 index 0000000..b6931fc --- /dev/null +++ b/sysconfig.atd @@ -0,0 +1,20 @@ +## Path: System/At +## Description: minimum interval between start of two batch jobs +## Type: string +## Default: "" +## ServiceRestart: atd +# +# minimum interval between start of two batch jobs, "" for default +# +ATD_BATCH_INTERVAL="" + +## Path: System/At +## Description: load limiting factor for atd +## Type: string +## Default: "" +## ServiceRestart: atd +# load limiting factor for atd, "" for default, +# it's multiplied by the amount of CPUs when comparing to /proc/loadavg +# +ATD_LOADAVG="" + diff --git a/system-user-at.conf b/system-user-at.conf new file mode 100644 index 0000000..e870fa5 --- /dev/null +++ b/system-user-at.conf @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u at - "Batch jobs daemon" /var/spool/atjobs -