Accepting request 1179991 from systemsmanagement

OBS-URL: https://build.opensuse.org/request/show/1179991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clone-master-clean-up?expand=0&rev=5

clone-master-clean-up.1

@@ -14,7 +14,7 @@
 .\" * GNU General Public License for more details.
 .\" */
 .\" 
-.TH clone-master-clean-up "1" "May 2017" "" "Clean-Up For Cloning Preparation"
+.TH clone-master-clean-up "1" "September 2022" "" "Clean-Up For Cloning Preparation"
 .SH NAME
 clone\-master\-clean\-up - Clean up a system for cloning preparation.
 
@@ -77,7 +77,7 @@ The program asks for confirmation before proceeding with cleanup. If you proceed
 .IP \[bu]
 SUSE registration, all software repositories.
 .IP \[bu]
-SSH host keys, user SSH keys, user authorized keys, user shell history.
+SSH host keys, root user SSH keys, root user authorized keys, root user shell history.
 .IP \[bu]
 User mails and user cron jobs.
 .IP \[bu]
@@ -91,6 +91,12 @@ System random seeds.
 .IP \[bu]
 Systemd journal.
 .IP \[bu]
+machine ID.
+.IP \[bu]
+Salt client ID.
+.IP \[bu]
+osad authentication configuration file and the system ID.
+.IP \[bu]
 Domain and host names.
 .IP \[bu]
 /etc/hostname, /etc/hosts, /etc/resolv.conf are restored to original.

clone-master-clean-up.changes

@@ -1,3 +1,77 @@
+-------------------------------------------------------------------
+Tue Mar 19 06:28:29 UTC 2024 - Peter Varkoly <varkoly@suse.com>
+
+- Error message about 'journald.conf' (bsc#1221533)
+  Check if journald.conf does exist.
+- 1.12 
+
+-------------------------------------------------------------------
+Tue Feb  7 12:26:43 UTC 2023 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.11
+- clone-master-clean-up fails when /etc/iscsi/initiatorname.iscsi doesn't exist
+  The entire section is wrapped in a test for the existence of this file.
+  (bsc#1207993)
+
+-------------------------------------------------------------------
+Fri Oct 28 11:41:37 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.10
+- clone-master-clean-up fails if postfix is not installed (bsc#1204835)
+  Check if the directory does exists.
+
+-------------------------------------------------------------------
+Fri Sep 23 14:49:49 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.9
+- [clone-master-clean-up] Cleannup initiatorname.iscsi
+  Remove all no comment files
+  (bsc#1203024)
+
+-------------------------------------------------------------------
+Thu Sep 22 09:08:16 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.8
+- clone-master-clean-up fails to remove btrfs snapshots
+  (bsc#1203651)
+
+-------------------------------------------------------------------
+Tue Aug 30 15:02:45 UTC 2022 - abriel@suse.com
+
+- Bump version to 1.7
+- CVE-2021-32000: fix some potentially dangerous file system
+  operations
+  (bsc#1181050)
+
+-------------------------------------------------------------------
+Wed Aug 12 15:44:30 UTC 2020 - abriel@suse.com
+
+- Bump version to 1.6
+- cleanup salt client ID and osad authentication configuration
+  file and the system ID
+  (bsc#1174147)
+- change the path of the template file in the comments of
+  custom_remove.template and clone-master-clean-up.sh
+  (jsc#TEAM-490)
+
+-------------------------------------------------------------------
+Tue Oct  8 13:24:41 UTC 2019 - abriel@suse.com
+
+- Bump version to 1.5
+- Don't show output from pushd/popd
+- Make snapper snapshot removal more generic
+  The output format is not really meant for machine reading, it's
+  format has changed thus the simple parser broke.
+  This now makes the parser more generic (using data from d-bus),
+  also now it is ensured the snapshots are deleted in the correct
+  order.
+  (bsc#1149322)
+
+-------------------------------------------------------------------
+Tue Aug 27 07:06:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Use noun phrase in descriptions.
+
 -------------------------------------------------------------------
 Wed Aug  7 11:00:14 UTC 2019 - Egbert Eich <eich@suse.com>
 
@@ -74,4 +148,3 @@ Fri Oct 23 09:05:07 UTC 2015 - hguo@suse.com
 Mon Sep 14 12:35:46 UTC 2015 - hguo@suse.com
 
 - Initial version, initial release.
-

clone-master-clean-up.sh

@@ -4,6 +4,7 @@
 # Author: Howard Guo <hguo@suse.com>
 
 set -e
+shopt -s nullglob
 # bsc#1092378
 DROP_IN_FILE=/etc/clone-master-clean-up/custom_remove
 SYSCONF_FILE=/etc/sysconfig/clone-master-clean-up
@@ -16,10 +17,21 @@ trap 'err_exit $LINENO' ERR
 
 [ "$UID" != "0" ] && echo 'Please run this program as root user.' && exit 1
 
-echo 'The script will delete all SSH keys, log data, and more. Type YES and enter to proceed.'
-read answer
+echo -e 'The script will delete root SSH keys, log data, and more.\n' \
+     'WARNING: This should only be used on a pristine system\n' \
+     'WARNING: with no populated /home directories!\n' \
+     'Type YES and enter to proceed.'
+read -r answer
 [ "$answer" != "YES" ] && exit 1
 
+if [ -n "$(echo /home/*/.ssh/* /home/*/.*_history)" ]; then
+    echo -e 'There seem to be populated /home directories on this system\n' \
+         'Cloning such systems is not recommended.\n' \
+         'Type YES if you still would like to proceed.'
+    read answer
+    [ "$answer" != "YES" ] && exit 1
+fi
+
 # source config file
 if [ -r "$SYSCONF_FILE" ]; then
     . "$SYSCONF_FILE"
@@ -29,7 +41,7 @@ else
 fi
 
 echo 'Wiping active swap devices/files (this may take a while)'
-while read swap_name discard; do
+while read -r swap_name discard; do
   uuid=$(env $(blkid -o export "$swap_name") printenv UUID)
   echo "Turning off swap device/file $swap_name (UUID $uuid)"
   swapoff "$swap_name"
@@ -45,22 +57,33 @@ find /etc/zypp \( -iname 'suse*' -o -iname 'scc*' \) -delete
 echo "Removing zypper anonymous ID"
 rm -rf /var/lib/zypp/AnonymousUniqueId
 
-echo 'Removing SSH host keys, user SSH keys, authorized keys, and shell history'
-rm -rf /etc/ssh/ssh_host*key* /root/.ssh/* /home/*/.ssh/* /home/*/.*_history &> /dev/null
+echo 'Removing SSH host keys, root user SSH keys, authorized keys, and shell history'
+rm -rf /etc/ssh/ssh_host*key* /root/.ssh/*  &> /dev/null
 
 echo 'Removing all mails and cron-jobs'
 rm -rf /var/spool/mail/*
 rm -rf /var/spool/cron/{lastrun,tabs}/*
 
 echo "Clean up postfix"
-rm -rf /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}/*
+for i in /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}; do
+    if [ -d "$i" ]; then
+        # descend following symlink and check if it was symlink, if not, recursively delete entries in this directory. 'rm -rf' doesn't follow symlinks.
+        cd -P "$i"
+        [ "$i" != "$PWD" ] && continue
+        info=( $(stat --printf="%u %g" ".") )
+        owner=${info[0]}
+        group=${info[1]}
+        setpriv --clear-groups --reuid "$owner" --regid "$group" rm -rf ./*
+    fi
+done
 
 echo 'Removing all temporary files'
 rm -rf /tmp/* /tmp/.* /var/tmp/* /var/tmp/.* &> /dev/null || true
 
-echo 'Clearing log files and removing log archives'
-find /var/log -type f -exec truncate -s 0 {} \;
+echo 'Removing log archives'
 find /var/log \( -iname '*.old' -o -iname '*.xz' -o -iname '*.gz' \) -delete
+echo 'Clearing log files'
+find /var/log -type f -exec truncate -s 0 {} \;
 
 echo 'Clearing HANA firewall script'
 rm -rf /etc/hana-firewall.d/generated_hana_firewall_script
@@ -71,15 +94,25 @@ for seed in /var/lib/systemd/random-seed /var/lib/misc/random-seed; do
 done
 
 echo 'Clearing systemd journal'
-pushd /etc/systemd
-cp journald.conf journald.conf.bak
+pushd /etc/systemd > /dev/null
+[ -e journald.conf ] && cp journald.conf journald.conf.bak
 echo -e '\nSystemMaxUse=1K' >> journald.conf
 systemctl restart systemd-journald
-mv journald.conf.bak journald.conf
-popd
+rm journald.conf
+[ -e journald.conf.bak ] && mv journald.conf.bak journald.conf
+popd > /dev/null
 
-echo 'Clearing systemd machine ID file'
+echo 'Clearing machine ID file'
+# on distributions that support systemd
 truncate -s 0 /etc/machine-id
+# on distributions that do not support systemd
+[ ! -f /etc/machine-id ] && truncate -s 0 /var/lib/dbus/machine-id
+
+echo 'Removing Salt client ID'
+[ -f /etc/salt/minion_id ] && rm -f /etc/salt/minion_id
+
+echo 'Removing osad authentication configuration file and the system ID'
+rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}
 
 echo 'Removing domain name and set host name from DHCP in network config'
 sed -i 's/^NETCONFIG_DNS_STATIC_SEARCHLIST=.*$/NETCONFIG_DNS_STATIC_SEARCHLIST=""/g' /etc/sysconfig/network/config
@@ -108,14 +141,55 @@ EOF
 echo 'Enabling YaST Firstboot if necessary'
 [ -e /etc/YaST2/firstboot.xml ] && touch /var/lib/YaST2/reconfig_system
 
+
 if [ "$CMCU_RSNAP" = "yes" ]; then
-    if [ -d /.snapshots ]; then
-        echo "Remove all btrfs snapshots from /.snapshot"
-        for s in `snapper list | awk '/pre/||/post/{print $3}'`; do
-            snapper delete $s
-        done
-    fi
+  if [ -d /.snapshots ]; then
+    echo "Removing all pre/post btrfs snapshots from /.snapshot"
+    presnapshots=$(dbus-send --type=method_call --system --print-reply \
+                             --dest=org.opensuse.Snapper \
+                             /org/opensuse/Snapper \
+                             org.opensuse.Snapper.ListSnapshots string:root \
+                             2>/dev/null | awk -- "
+BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0}
+/array \[/ {arr++}
+/struct {/ {if (arr==1) cnt++}
+/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}}
+/\]/ {arr--}
+# Don't delete current snapshot
+/string "current"/ {if (arr==1 && cnt==1) del=0}
+# ID: 1st uint32 value of each top struct in top array
+/uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2}
+# Type: 1st uint16 value of each top struct in top array
+/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==1 ){del=1}}}}
+")
+    for i in $presnapshots
+    do
+       /usr/bin/snapper delete --sync $i
+    done
+    postsnapshots=$(dbus-send --type=method_call --system --print-reply \
+                             --dest=org.opensuse.Snapper \
+                             /org/opensuse/Snapper \
+                             org.opensuse.Snapper.ListSnapshots string:root \
+                             2>/dev/null | awk -- "
+BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0}
+/array \[/ {arr++}
+/struct {/ {if (arr==1) cnt++}
+/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}}
+/\]/ {arr--}
+# Don't delete current snapshot
+/string "current"/ {if (arr==1 && cnt==1) del=0}
+# ID: 1st uint32 value of each top struct in top array
+/uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2}
+# Type: 1st uint16 value of each top struct in top array
+/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==2 ){del=1}}}}
+")
+    for i in $postsnapshots
+    do
+       /usr/bin/snapper delete --sync $i
+    done
+  fi
 fi
+
 if [ "$CMCU_ZYPP_REPOS" = "yes" ]; then
     echo "Clean up all zypper repositories"
     rm -rf /etc/zypp/repos.d/*
@@ -136,7 +210,7 @@ EOF
 fi
 
 echo 'Would you like to give root user a new password? Type YES to set a new password, otherwise simply press Enter.'
-read answer
+read -r answer
 [ "$answer" == "YES" ] && passwd root
 
 if [ "$CMCU_EC2" = "yes" ]; then
@@ -151,22 +225,22 @@ fi
 
 if [ "$CMCU_USERIDS" = "yes" ]; then
     echo "clean up user ids >= 1000"
-    for i in `awk -F ":" '$3 >= 1000 && $1 !~ /nobody/ {print $1}' /etc/passwd`; do
-        userdel -r $i
+    for i in $(awk -F ":" '$3 >= 1000 && $1 !~ /nobody/ {print $1}' /etc/passwd); do
+        userdel -r "$i"
     done
 fi
 
 echo "swap the uuid strings with dev strings in /etc/fstab"
 > /tmp/fstab.tmp
-while read disk remain; do
+while read -r disk remain; do
     case "$disk" in
     UUID=*)
         uuid=${disk#UUID=}
-        new_disk=`/usr/sbin/blkid -U $uuid`
+        new_disk=$(/usr/sbin/blkid -U "$uuid")
         ;;
     LABEL=*)
         label=${disk#LABEL=}
-        new_disk=`/usr/sbin/blkid -L $label`
+        new_disk=$(/usr/sbin/blkid -L "$label")
         ;;
     *)
         new_disk="$disk"
@@ -180,12 +254,12 @@ fi
 rm -rf /tmp/fstab.tmp
 
 echo "Clean up network files (except interfaces using dhcp boot protocol)"
-# additional files like bondig interfaces or vlans can be found in 
-# /var/adm/clone-master-clean-up/custom_remove.template
-for intf in `ls -1 /etc/sysconfig/network/ifcfg-eth*`; do
-    bprot=`grep "^BOOTPROTO=" $intf | sed "s/^BOOTPROTO=//"`
+# additional files like bondig interfaces or vlans can be found in
+# /usr/share/clone-master-clean-up/custom_remove.template
+for intf in /etc/sysconfig/network/ifcfg-eth*; do
+    bprot=$(grep "^BOOTPROTO=" "$intf" | sed "s/^BOOTPROTO=//")
     if ! [[ "$bprot" =~ dhcp ]]; then
-        rm -rf $intf
+        rm -rf "$intf"
     fi
 done
 if [ -d /var/lib/wicked ]; then
@@ -217,5 +291,10 @@ if [ -r "$DROP_IN_FILE" ]; then
     done < $DROP_IN_FILE
 fi
 
+if [ -e /etc/iscsi/initiatorname.iscsi ]; then
+    echo 'Clean up initiatorname.iscsi'
+    sed -i '/^[^#]/d' /etc/iscsi/initiatorname.iscsi
+fi
+
 echo 'Finished. The system is now sparkling clean. Feel free to shut it down and image it.'
 

clone-master-clean-up.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package clone-master-clean-up
 #
-# Copyright (c) 2017 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,16 +12,17 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
 Name:           clone-master-clean-up
-Version:        1.4
+Version:        1.12
 Release:        0
-License:        GPL-2.0+
-Summary:        Clean up a system for cloning preparation
-Url:            https://www.suse.com
+Summary:        Tool to clean up a system for cloning preparation
+License:        GPL-2.0-or-later
 Group:          System/Management
+URL:            https://www.suse.com
 Source0:        clone-master-clean-up.sh
 Source1:        clone-master-clean-up.1
 Source2:        sysconfig.clone-master-clean-up
@@ -29,7 +30,10 @@ Source3:        custom_remove.template
 Source10:       LICENSE
 Source11:       README.md
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Requires:       systemd sed curl coreutils
+Requires:       coreutils
+Requires:       curl
+Requires:       sed
+Requires:       systemd
 Requires(post): %fillup_prereq
 BuildArch:      noarch
 
@@ -37,9 +41,9 @@ BuildArch:      noarch
   %define _fillupdir /var/adm/fillup-templates
 %endif
 
-
 %description
-Clean up a system for cloning preparation by cleaning up usage history and log files, etc.
+A tool to clean up a system for cloning preparation by cleaning up
+usage history and log files, etc.
 
 %prep
 
@@ -65,8 +69,8 @@ mkdir -p %{buildroot}/%{_sysconfdir}/%{name}/
 %fillup_only -n clone-master-clean-up
 
 %files
-%doc %{basename:%{S:11}}
-%license %{basename:%{S:10}}
+%doc README.md
+%license LICENSE
 %{_sbindir}/*
 %{_mandir}/man1/*
 %{_fillupdir}/*
@@ -74,3 +78,5 @@ mkdir -p %{buildroot}/%{_sysconfdir}/%{name}/
 %dir %{_sysconfdir}/%{name}
 %{_datadir}/%{name}/custom_remove.template
 %ghost %config %{_sysconfdir}/%{name}/custom_remove
+
+%changelog

custom_remove.template

@@ -5,8 +5,8 @@
 # use cases.
 # See some examples for additional needed clean ups below.
 # 
-# Please copy the template file '/var/adm/clone-master-clean-up/custom_remove.template'
-# to '/var/adm/clone-master-clean-up/custom_remove' and un-comment the parts
+# Please copy the template file '/usr/share/clone-master-clean-up/custom_remove.template'
+# to '/etc/clone-master-clean-up/custom_remove' and un-comment the parts
 # you need or add additional parts, which will fit your needs.
 # Please be careful, the template file will be changed during future package
 # updates. So do NOT change the content. It will get lost. Always make changes