- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1006
This commit is contained in:
Franck Bui 2018-01-29 10:07:56 +00:00 committed by Git OBS Bridge
parent 3a145899c2
commit be9abca41b
5 changed files with 167 additions and 70 deletions

View File

@ -0,0 +1,33 @@
#
# By default, /tmp doesn't use tmpfs on SUSE distros.
#
# This service is either run automatically during the firstboot (i.e.
# only once) of the system.
#
# Or it can also be (manually) started during systemd update (%post)
# only and only if tmp.mount wasn't already installed by the admin in
# /usr/lib during %pre. In this case tmp.mount should also masked.
#
# In any cases this service will never mask tmp.mount if the service
# has been created by either the admin or fstab-generator.
#
[Unit]
Description=Mask tmp.mount by default on SUSE systems
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=tmp.mount
ConditionPathIsReadWrite=/etc
ConditionPathExists=!/usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c ' \
case "$(systemctl show -pFragmentPath tmp.mount)" in \
FragmentPath=/usr/lib/systemd/system/tmp.mount) \
systemctl mask --now tmp.mount ;; \
FragmentPath=/usr/share/systemd/tmp.mount) \
ln -sf /usr/lib/systemd/system/tmp.mount /etc/systemd/system/ ;; \
esac'
ExecStartPost=/usr/bin/touch /usr/lib/systemd/system/.disable-tmpfs-for-tmp~done

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
This was done to make sure that tmpfs wouldn't be used for /tmp by
defaut in case the dir layout created by the installer did not
create a customized tmp.mount.
But it had the bad side effect to break "rpm -V systemd" and updates
of systemd via delta-RPMs.
Now instead of removing tmp.mount unit file, we mask it (still only
if no other tmp.mount would override the default one). It's the
official way to disable tmpfs on /tmp after all.
Since we cannot rely on the presence of fstab during package
installations, we introduced a service which is run once on the
first boot and which figures out if tmpfs would be used. If so it
masks the unit.
We also handle the upgrade path and make sure to preserve admin's
settings (if any).
Another advantage of this is that we will only need to remove the
introduced service the day when tmpfs will be the default for SUSE
distros.
-------------------------------------------------------------------
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com

View File

@ -148,6 +148,7 @@ Source7: libgcrypt.m4
Source11: after-local.service
Source12: systemd-sysv-install
Source14: kbd-model-map.legacy
Source15: suse-disable-tmpfs-for-tmp.service
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh
@ -513,11 +514,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
# customized for openSUSE distros.
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
# We keep a copy of tmp.mount because it may be removed if not used
# (see %post): we want to be sure tmpfs won't be used for /tmp by
# default on Suse distros.
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
# Install the service which will disable/mask tmpfs for /tmp (if
# needed) on first boot.
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
# don't enable wall ask password service, it spams every console (bnc#747783)
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
@ -648,12 +648,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
%find_lang systemd
# Build of installation images uses a hard coded list of packages with
# a %pre that needs to be run during the build. systemd is one of them
# so keep the section even if it's empty.
%pre
# Build of installation images uses an hard coded list of some
# packages with a %pre that needs to be run during the
# build. Unfortunately, systemd in one of them. To make thing simpler
# we use a %pre section even if it is not needed.
exit 0
if [ $1 -gt 1 ] ; then
# Check if tmp.mount has been restored by either the admin or
# was added at package installation. In both cases do nothing
# and prevent the service to be executed during %post for the
# former case.
if test -e %{_unitdir}/tmp.mount; then
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
fi
fi
%post
# Make /etc/machine-id an empty file during package installation. On
@ -695,16 +702,6 @@ if [ $1 -eq 1 ]; then
%endif
fi >/dev/null
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
# make sure it wont be activated since it's the default for Suse
# distros. This unit can be pulled (implicitely) in various ways
# (private /tmp, etc..) and it's required by the basic.target
# explicitly since v220.
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
enabled) ;;
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
esac
# v228 wrongly set world writable suid root permissions on timestamp
# files used by permanent timers. Fix the timestamps that might have
# been created by the affected versions of systemd (bsc#1020601).
@ -720,23 +717,30 @@ done
# This includes all hacks needed when upgrading from SysV.
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
# Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time.
#
# The convertion might only be problematic for openSUSE distros
# (TW/Factory) where previous versions had already created the
# subvolume at the wrong place (via tmpfiles for example) and user
# started to populate and use it. In this case we'll let the user fix
# it manually.
#
# For SLE12 this subvolume was only introduced during the upgrade from
# v210 to v228 when we added this workaround. Note that the subvolume
# is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues.
if [ $1 -gt 1 ]; then
# Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time.
#
# The convertion might only be problematic for openSUSE distros
# (TW/Factory) where previous versions had already created the
# subvolume at the wrong place (via tmpfiles for example) and user
# started to populate and use it. In this case we'll let the user fix
# it manually.
#
# For SLE12 this subvolume was only introduced during the upgrade from
# v210 to v228 when we added this workaround. Note that the subvolume
# is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues.
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
# Should we mask tmpfs ? If tmp.mount was already installed in
# /usr/lib then this is a nop as sysadmin restored the unit
# most likely to use tmpfs (see %pre) otherwise mask the mount
# unit unless it's overriden by a tmp.mount unit installed
# either by sysadmin or fstab-generator.
systemctl start suse-disable-tmpfs-for-tmp.service || :
fi
%postun

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
This was done to make sure that tmpfs wouldn't be used for /tmp by
defaut in case the dir layout created by the installer did not
create a customized tmp.mount.
But it had the bad side effect to break "rpm -V systemd" and updates
of systemd via delta-RPMs.
Now instead of removing tmp.mount unit file, we mask it (still only
if no other tmp.mount would override the default one). It's the
official way to disable tmpfs on /tmp after all.
Since we cannot rely on the presence of fstab during package
installations, we introduced a service which is run once on the
first boot and which figures out if tmpfs would be used. If so it
masks the unit.
We also handle the upgrade path and make sure to preserve admin's
settings (if any).
Another advantage of this is that we will only need to remove the
introduced service the day when tmpfs will be the default for SUSE
distros.
-------------------------------------------------------------------
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com

View File

@ -146,6 +146,7 @@ Source7: libgcrypt.m4
Source11: after-local.service
Source12: systemd-sysv-install
Source14: kbd-model-map.legacy
Source15: suse-disable-tmpfs-for-tmp.service
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh
@ -511,11 +512,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
# customized for openSUSE distros.
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
# We keep a copy of tmp.mount because it may be removed if not used
# (see %post): we want to be sure tmpfs won't be used for /tmp by
# default on Suse distros.
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
# Install the service which will disable/mask tmpfs for /tmp (if
# needed) on first boot.
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
# don't enable wall ask password service, it spams every console (bnc#747783)
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
@ -646,12 +646,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
%find_lang systemd
# Build of installation images uses a hard coded list of packages with
# a %pre that needs to be run during the build. systemd is one of them
# so keep the section even if it's empty.
%pre
# Build of installation images uses an hard coded list of some
# packages with a %pre that needs to be run during the
# build. Unfortunately, systemd in one of them. To make thing simpler
# we use a %pre section even if it is not needed.
exit 0
if [ $1 -gt 1 ] ; then
# Check if tmp.mount has been restored by either the admin or
# was added at package installation. In both cases do nothing
# and prevent the service to be executed during %post for the
# former case.
if test -e %{_unitdir}/tmp.mount; then
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
fi
fi
%post
# Make /etc/machine-id an empty file during package installation. On
@ -693,16 +700,6 @@ if [ $1 -eq 1 ]; then
%endif
fi >/dev/null
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
# make sure it wont be activated since it's the default for Suse
# distros. This unit can be pulled (implicitely) in various ways
# (private /tmp, etc..) and it's required by the basic.target
# explicitly since v220.
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
enabled) ;;
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
esac
# v228 wrongly set world writable suid root permissions on timestamp
# files used by permanent timers. Fix the timestamps that might have
# been created by the affected versions of systemd (bsc#1020601).
@ -718,23 +715,30 @@ done
# This includes all hacks needed when upgrading from SysV.
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
# Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time.
#
# The convertion might only be problematic for openSUSE distros
# (TW/Factory) where previous versions had already created the
# subvolume at the wrong place (via tmpfiles for example) and user
# started to populate and use it. In this case we'll let the user fix
# it manually.
#
# For SLE12 this subvolume was only introduced during the upgrade from
# v210 to v228 when we added this workaround. Note that the subvolume
# is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues.
if [ $1 -gt 1 ]; then
# Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time.
#
# The convertion might only be problematic for openSUSE distros
# (TW/Factory) where previous versions had already created the
# subvolume at the wrong place (via tmpfiles for example) and user
# started to populate and use it. In this case we'll let the user fix
# it manually.
#
# For SLE12 this subvolume was only introduced during the upgrade from
# v210 to v228 when we added this workaround. Note that the subvolume
# is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues.
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
# Should we mask tmpfs ? If tmp.mount was already installed in
# /usr/lib then this is a nop as sysadmin restored the unit
# most likely to use tmpfs (see %pre) otherwise mask the mount
# unit unless it's overriden by a tmp.mount unit installed
# either by sysadmin or fstab-generator.
systemctl start suse-disable-tmpfs-for-tmp.service || :
fi
%postun