- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1006
This commit is contained in:
parent
3a145899c2
commit
be9abca41b
33
suse-disable-tmpfs-for-tmp.service
Normal file
33
suse-disable-tmpfs-for-tmp.service
Normal file
@ -0,0 +1,33 @@
|
||||
#
|
||||
# By default, /tmp doesn't use tmpfs on SUSE distros.
|
||||
#
|
||||
# This service is either run automatically during the firstboot (i.e.
|
||||
# only once) of the system.
|
||||
#
|
||||
# Or it can also be (manually) started during systemd update (%post)
|
||||
# only and only if tmp.mount wasn't already installed by the admin in
|
||||
# /usr/lib during %pre. In this case tmp.mount should also masked.
|
||||
#
|
||||
# In any cases this service will never mask tmp.mount if the service
|
||||
# has been created by either the admin or fstab-generator.
|
||||
#
|
||||
[Unit]
|
||||
Description=Mask tmp.mount by default on SUSE systems
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=systemd-remount-fs.service
|
||||
Before=tmp.mount
|
||||
ConditionPathIsReadWrite=/etc
|
||||
ConditionPathExists=!/usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/bin/sh -c ' \
|
||||
case "$(systemctl show -pFragmentPath tmp.mount)" in \
|
||||
FragmentPath=/usr/lib/systemd/system/tmp.mount) \
|
||||
systemctl mask --now tmp.mount ;; \
|
||||
FragmentPath=/usr/share/systemd/tmp.mount) \
|
||||
ln -sf /usr/lib/systemd/system/tmp.mount /etc/systemd/system/ ;; \
|
||||
esac'
|
||||
ExecStartPost=/usr/bin/touch /usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
|
||||
|
||||
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
|
||||
|
||||
This was done to make sure that tmpfs wouldn't be used for /tmp by
|
||||
defaut in case the dir layout created by the installer did not
|
||||
create a customized tmp.mount.
|
||||
|
||||
But it had the bad side effect to break "rpm -V systemd" and updates
|
||||
of systemd via delta-RPMs.
|
||||
|
||||
Now instead of removing tmp.mount unit file, we mask it (still only
|
||||
if no other tmp.mount would override the default one). It's the
|
||||
official way to disable tmpfs on /tmp after all.
|
||||
|
||||
Since we cannot rely on the presence of fstab during package
|
||||
installations, we introduced a service which is run once on the
|
||||
first boot and which figures out if tmpfs would be used. If so it
|
||||
masks the unit.
|
||||
|
||||
We also handle the upgrade path and make sure to preserve admin's
|
||||
settings (if any).
|
||||
|
||||
Another advantage of this is that we will only need to remove the
|
||||
introduced service the day when tmpfs will be the default for SUSE
|
||||
distros.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
||||
|
||||
|
@ -148,6 +148,7 @@ Source7: libgcrypt.m4
|
||||
Source11: after-local.service
|
||||
Source12: systemd-sysv-install
|
||||
Source14: kbd-model-map.legacy
|
||||
Source15: suse-disable-tmpfs-for-tmp.service
|
||||
|
||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||
@ -513,11 +514,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
||||
# customized for openSUSE distros.
|
||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||
|
||||
# We keep a copy of tmp.mount because it may be removed if not used
|
||||
# (see %post): we want to be sure tmpfs won't be used for /tmp by
|
||||
# default on Suse distros.
|
||||
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
||||
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
||||
# Install the service which will disable/mask tmpfs for /tmp (if
|
||||
# needed) on first boot.
|
||||
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
||||
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
||||
|
||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||
@ -648,12 +648,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
||||
|
||||
%find_lang systemd
|
||||
|
||||
# Build of installation images uses a hard coded list of packages with
|
||||
# a %pre that needs to be run during the build. systemd is one of them
|
||||
# so keep the section even if it's empty.
|
||||
%pre
|
||||
# Build of installation images uses an hard coded list of some
|
||||
# packages with a %pre that needs to be run during the
|
||||
# build. Unfortunately, systemd in one of them. To make thing simpler
|
||||
# we use a %pre section even if it is not needed.
|
||||
exit 0
|
||||
if [ $1 -gt 1 ] ; then
|
||||
# Check if tmp.mount has been restored by either the admin or
|
||||
# was added at package installation. In both cases do nothing
|
||||
# and prevent the service to be executed during %post for the
|
||||
# former case.
|
||||
if test -e %{_unitdir}/tmp.mount; then
|
||||
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
||||
fi
|
||||
fi
|
||||
|
||||
%post
|
||||
# Make /etc/machine-id an empty file during package installation. On
|
||||
@ -695,16 +702,6 @@ if [ $1 -eq 1 ]; then
|
||||
%endif
|
||||
fi >/dev/null
|
||||
|
||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
||||
# make sure it wont be activated since it's the default for Suse
|
||||
# distros. This unit can be pulled (implicitely) in various ways
|
||||
# (private /tmp, etc..) and it's required by the basic.target
|
||||
# explicitly since v220.
|
||||
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
|
||||
enabled) ;;
|
||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
||||
esac
|
||||
|
||||
# v228 wrongly set world writable suid root permissions on timestamp
|
||||
# files used by permanent timers. Fix the timestamps that might have
|
||||
# been created by the affected versions of systemd (bsc#1020601).
|
||||
@ -720,23 +717,30 @@ done
|
||||
# This includes all hacks needed when upgrading from SysV.
|
||||
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
||||
|
||||
# Convert /var/lib/machines subvolume to make it suitable for
|
||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||
# to create it at installation time.
|
||||
#
|
||||
# The convertion might only be problematic for openSUSE distros
|
||||
# (TW/Factory) where previous versions had already created the
|
||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||
# started to populate and use it. In this case we'll let the user fix
|
||||
# it manually.
|
||||
#
|
||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||
# is still created at the wrong place due to the call to
|
||||
# tmpfiles_create macro previously however it's empty so there
|
||||
# shouldn't be any issues.
|
||||
if [ $1 -gt 1 ]; then
|
||||
# Convert /var/lib/machines subvolume to make it suitable for
|
||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||
# to create it at installation time.
|
||||
#
|
||||
# The convertion might only be problematic for openSUSE distros
|
||||
# (TW/Factory) where previous versions had already created the
|
||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||
# started to populate and use it. In this case we'll let the user fix
|
||||
# it manually.
|
||||
#
|
||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||
# is still created at the wrong place due to the call to
|
||||
# tmpfiles_create macro previously however it's empty so there
|
||||
# shouldn't be any issues.
|
||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||
|
||||
# Should we mask tmpfs ? If tmp.mount was already installed in
|
||||
# /usr/lib then this is a nop as sysadmin restored the unit
|
||||
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
||||
# unit unless it's overriden by a tmp.mount unit installed
|
||||
# either by sysadmin or fstab-generator.
|
||||
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
||||
fi
|
||||
|
||||
%postun
|
||||
|
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
|
||||
|
||||
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
|
||||
|
||||
This was done to make sure that tmpfs wouldn't be used for /tmp by
|
||||
defaut in case the dir layout created by the installer did not
|
||||
create a customized tmp.mount.
|
||||
|
||||
But it had the bad side effect to break "rpm -V systemd" and updates
|
||||
of systemd via delta-RPMs.
|
||||
|
||||
Now instead of removing tmp.mount unit file, we mask it (still only
|
||||
if no other tmp.mount would override the default one). It's the
|
||||
official way to disable tmpfs on /tmp after all.
|
||||
|
||||
Since we cannot rely on the presence of fstab during package
|
||||
installations, we introduced a service which is run once on the
|
||||
first boot and which figures out if tmpfs would be used. If so it
|
||||
masks the unit.
|
||||
|
||||
We also handle the upgrade path and make sure to preserve admin's
|
||||
settings (if any).
|
||||
|
||||
Another advantage of this is that we will only need to remove the
|
||||
introduced service the day when tmpfs will be the default for SUSE
|
||||
distros.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
||||
|
||||
|
74
systemd.spec
74
systemd.spec
@ -146,6 +146,7 @@ Source7: libgcrypt.m4
|
||||
Source11: after-local.service
|
||||
Source12: systemd-sysv-install
|
||||
Source14: kbd-model-map.legacy
|
||||
Source15: suse-disable-tmpfs-for-tmp.service
|
||||
|
||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||
@ -511,11 +512,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
||||
# customized for openSUSE distros.
|
||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||
|
||||
# We keep a copy of tmp.mount because it may be removed if not used
|
||||
# (see %post): we want to be sure tmpfs won't be used for /tmp by
|
||||
# default on Suse distros.
|
||||
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
||||
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
||||
# Install the service which will disable/mask tmpfs for /tmp (if
|
||||
# needed) on first boot.
|
||||
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
||||
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
||||
|
||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||
@ -646,12 +646,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
||||
|
||||
%find_lang systemd
|
||||
|
||||
# Build of installation images uses a hard coded list of packages with
|
||||
# a %pre that needs to be run during the build. systemd is one of them
|
||||
# so keep the section even if it's empty.
|
||||
%pre
|
||||
# Build of installation images uses an hard coded list of some
|
||||
# packages with a %pre that needs to be run during the
|
||||
# build. Unfortunately, systemd in one of them. To make thing simpler
|
||||
# we use a %pre section even if it is not needed.
|
||||
exit 0
|
||||
if [ $1 -gt 1 ] ; then
|
||||
# Check if tmp.mount has been restored by either the admin or
|
||||
# was added at package installation. In both cases do nothing
|
||||
# and prevent the service to be executed during %post for the
|
||||
# former case.
|
||||
if test -e %{_unitdir}/tmp.mount; then
|
||||
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
||||
fi
|
||||
fi
|
||||
|
||||
%post
|
||||
# Make /etc/machine-id an empty file during package installation. On
|
||||
@ -693,16 +700,6 @@ if [ $1 -eq 1 ]; then
|
||||
%endif
|
||||
fi >/dev/null
|
||||
|
||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
||||
# make sure it wont be activated since it's the default for Suse
|
||||
# distros. This unit can be pulled (implicitely) in various ways
|
||||
# (private /tmp, etc..) and it's required by the basic.target
|
||||
# explicitly since v220.
|
||||
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
|
||||
enabled) ;;
|
||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
||||
esac
|
||||
|
||||
# v228 wrongly set world writable suid root permissions on timestamp
|
||||
# files used by permanent timers. Fix the timestamps that might have
|
||||
# been created by the affected versions of systemd (bsc#1020601).
|
||||
@ -718,23 +715,30 @@ done
|
||||
# This includes all hacks needed when upgrading from SysV.
|
||||
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
||||
|
||||
# Convert /var/lib/machines subvolume to make it suitable for
|
||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||
# to create it at installation time.
|
||||
#
|
||||
# The convertion might only be problematic for openSUSE distros
|
||||
# (TW/Factory) where previous versions had already created the
|
||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||
# started to populate and use it. In this case we'll let the user fix
|
||||
# it manually.
|
||||
#
|
||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||
# is still created at the wrong place due to the call to
|
||||
# tmpfiles_create macro previously however it's empty so there
|
||||
# shouldn't be any issues.
|
||||
if [ $1 -gt 1 ]; then
|
||||
# Convert /var/lib/machines subvolume to make it suitable for
|
||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||
# to create it at installation time.
|
||||
#
|
||||
# The convertion might only be problematic for openSUSE distros
|
||||
# (TW/Factory) where previous versions had already created the
|
||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||
# started to populate and use it. In this case we'll let the user fix
|
||||
# it manually.
|
||||
#
|
||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||
# is still created at the wrong place due to the call to
|
||||
# tmpfiles_create macro previously however it's empty so there
|
||||
# shouldn't be any issues.
|
||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||
|
||||
# Should we mask tmpfs ? If tmp.mount was already installed in
|
||||
# /usr/lib then this is a nop as sysadmin restored the unit
|
||||
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
||||
# unit unless it's overriden by a tmp.mount unit installed
|
||||
# either by sysadmin or fstab-generator.
|
||||
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
||||
fi
|
||||
|
||||
%postun
|
||||
|
Loading…
Reference in New Issue
Block a user