aaa_base/aaa_base.spec
Dirk Mueller 1e4375852a - Update to version 84.87+git20240906.742565b:
* yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763)
  * Avoid unnecessary /bin/bash dependency
  * sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117)

OBS-URL: https://build.opensuse.org/package/show/Base:System/aaa_base?expand=0&rev=793
2024-09-06 09:06:52 +00:00

295 lines
8.9 KiB
RPMSpec

#
# spec file for package aaa_base
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# icecream 0
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
%if 0%{?_build_in_place}
%define git_version %(git log '-n1' '--date=format:%Y%m%d' '--no-show-signature' "--pretty=format:+git%cd.%h")
BuildRequires: git-core
%else
# this is required for obs' source validator. It's
# 20-files-present-and-referenced ignores all conditionals. So the
# definition of git_version actually happens always.
%define git_version %{nil}
%endif
Name: aaa_base
Version: 84.87+git20240906.742565b%{git_version}
Release: 0
Summary: openSUSE Base Package
License: GPL-2.0-or-later
Group: System/Fhs
URL: https://github.com/openSUSE/aaa_base
Source: aaa_base-%{version}.tar
Source1: README.packaging.txt
Source99: aaa_base-rpmlintrc
Requires: /bin/mktemp
Requires: /usr/bin/cat
Requires: /usr/bin/date
Requires: /usr/bin/grep
Requires: /usr/bin/mv
Requires: /usr/bin/sed
Requires: /usr/bin/tput
Requires: /usr/bin/xz
Requires: distribution-release
Requires: filesystem
# required for nsswitch.conf usrfiles fixes in post script
Requires(post): (glibc >= 2.30 if glibc)
Requires(post): fillup
Recommends: aaa_base-extras
Recommends: iproute2
Recommends: iputils
Recommends: logrotate
Recommends: netcfg
Recommends: udev
# do not require systemd - aaa_base is in the build environment and we don't
# want to pull in tons of dependencies
Conflicts: sysvinit-init
# run osc service mr to recreate
%description
This package installs several important configuration files and central scripts.
%package extras
Summary: SUSE Linux Base Package (recommended part)
Group: System/Fhs
Requires: %{name} = %{version}
Requires: /usr/bin/find
Requires: cpio
Requires(post): fillup
Provides: aaa_base:/etc/DIR_COLORS
%description extras
The parts of aaa_base that should be installed by default but are not
strictly required to run a system. (bash completions and convenience hacks).
%package malloccheck
Summary: SUSE Linux Base Package (malloc checking)
Group: System/Fhs
Requires: %{name} = %{version}
%description malloccheck
This package sets environment variables that enable stricter
malloc checks to catch potential heap corruptions. It's not
installed by default as it may degrade performance.
%package wsl
Summary: SUSE Linux Base Package (Windows Subsystem for Linux)
Group: System/Fhs
Requires: %{name} = %{version}
%description wsl
This package includes some special settings needed on Windows Subsystem
for Linux. It should only be installed on WSL and not on regular Linux
systems.
%package yama-enable-ptrace
Summary: sysctl setting to allow ptrace with the YAMA LSM enabled
Group: System/Fhs
Requires: %{name} = %{version}
%description yama-enable-ptrace
When the YAMA LSM is enabled, ptrace is restriced by default. On
developer systems this has an impact on e.g. strace and gdb. So
this package contains a setting that allows ptrace again.
See https://docs.kernel.org/admin-guide/LSM/Yama.html
%prep
%setup -q
%build
%make_build CFLAGS="%{optflags}" CC="%{__cc}"
%install
%make_install
mkdir -p %{buildroot}/etc/sysctl.d
#
# make sure it does not creep in again
test -d %{buildroot}/root/.gnupg && exit 1
# TODO: get rid of that at some point in the future
mkdir -p %{buildroot}/etc/init.d
for i in boot.local after.local ; do
install -m 755 /dev/null %{buildroot}/etc/init.d/$i
done
# keep as ghost for migration
touch %buildroot/etc/inittab
# Backup directories
install -d -m 755 %{buildroot}/var/adm/backup/{rpmdb,sysconfig}
mkdir -p %{buildroot}%{_fillupdir}
%if "%{_fillupdir}" != "/var/adm/fillup-templates"
for f in %{buildroot}/var/adm/fillup-templates/* ; do
test -e "$f" || continue
mv $f %{buildroot}%{_fillupdir}/
done
rm -vrf %{buildroot}/var/adm/fillup-templates
%endif
%if "%{_fillupdir}" != "/usr/share/fillup-templates"
for f in %{buildroot}/usr/share/fillup-templates/* ; do
test -e "$f" || continue
mv $f %{buildroot}%{_fillupdir}/
done
rm -vrf %{buildroot}/usr/share/fillup-templates
%endif
%pre
%service_add_pre soft-reboot-cleanup.service
%preun
%service_del_preun soft-reboot-cleanup.service
%post
export LC_ALL=C
#XXX Fix /etc/nsswitch.conf to include usrfiles [bsc#1162916]
if [ -e /etc/nsswitch.conf ]; then
for key in services protocols rpc ; do
if ! grep -q ^${key}.*usrfiles /etc/nsswitch.conf ; then
cp /etc/nsswitch.conf /etc/nsswitch.conf.pre-usrfiles.${key}
sed -i -e "s|^\(${key}:.*[[:space:]]\)files\([[:space:]].*\)*$|\1files usrfiles\2|" /etc/nsswitch.conf
fi
done
fi
%{fillup_only -n language}
%{fillup_only -n proxy}
%service_add_post soft-reboot-cleanup.service
%postun
%service_del_postun_without_restart soft-reboot-cleanup.service
%pre extras
%service_add_pre backup-rpmdb.service backup-rpmdb.timer backup-sysconfig.service backup-sysconfig.timer check-battery.service check-battery.timer
%post extras
%fillup_only -n backup
%service_add_post backup-rpmdb.service backup-rpmdb.timer backup-sysconfig.service backup-sysconfig.timer check-battery.service check-battery.timer
%preun extras
%service_del_preun backup-rpmdb.service backup-rpmdb.timer backup-sysconfig.service backup-sysconfig.timer check-battery.service check-battery.timer
%postun extras
%service_del_postun backup-rpmdb.service backup-rpmdb.timer backup-sysconfig.service backup-sysconfig.timer check-battery.service check-battery.timer
%post yama-enable-ptrace
# check if yama is active
if [ -f /proc/sys/kernel/yama/ptrace_scope ]; then
# automatically disable ptrace protection upon install if systemd is not
# available. Usually system will automatically apply the setting
if ! type -p systemd-notify > /dev/null || ! systemd-notify --booted; then
# don't do it on transactional systems to avoid altering the state of the
# system before reboot
if [ -z "${TRANSACTIONAL_UPDATE}" ]; then
# can't use sysctl since that would cause us to require procps, which is
# bad for container size
echo 0 > /proc/sys/kernel/yama/ptrace_scope || :
fi
fi
fi
%files
%license COPYING
%ghost %config(noreplace) /etc/sysctl.conf
%config /etc/bash.bashrc
%config /etc/csh.cshrc
%config /etc/csh.login
%config /etc/inputrc
%config /etc/mime.types
%config /etc/profile
/usr/etc/DIR_COLORS
/usr/etc/csh.cshrc
/usr/etc/csh.login
/usr/etc/bash.bashrc
/usr/etc/profile
/usr/etc/inputrc
/usr/etc/inputrc.keys
/usr/etc/profile.d/alljava.csh
/usr/etc/profile.d/alljava.sh
/usr/etc/profile.d/lang.csh
/usr/etc/profile.d/lang.sh
/usr/etc/profile.d/profile.csh
/usr/etc/profile.d/profile.sh
/usr/etc/profile.d/xdg-environment.csh
/usr/etc/profile.d/xdg-environment.sh
/usr/etc/profile.d/alias.ash
/usr/etc/profile.d/alias.bash
/usr/etc/profile.d/alias.tcsh
/usr/etc/profile.d/ls.tcsh
/usr/etc/profile.d/ls.bash
/usr/etc/profile.d/ls.zsh
/usr/etc/profile.d/terminal.sh
/usr/etc/profile.d/terminal.csh
%dir /usr/lib/environment.d
/usr/lib/environment.d/50-xdg.conf
/usr/lib/systemd/system/soft-reboot-cleanup.service
/usr/libexec/soft-reboot-cleanup
%{_tmpfilesdir}/soft-reboot-cleanup.conf
%config /etc/shells
%ghost %dir /etc/init.d
%ghost %config(noreplace) /etc/init.d/boot.local
%ghost %config(noreplace) /etc/init.d/after.local
%ghost %config /etc/inittab
/usr/bin/get_kernel_version
/usr/sbin/service
/usr/sbin/smart_agetty
/usr/bin/filesize
/usr/bin/old
/usr/bin/rpmlocate
/usr/sbin/sysconf_addword
/usr/share/man/man1/smart_agetty.1*
/usr/share/man/man8/service.8*
/usr/lib/sysctl.d/50-default.conf
%ifnarch %ix86 %arm
/usr/lib/sysctl.d/50-pid-max.conf
%endif
/usr/lib/sysctl.d/51-network.conf
%{_fillupdir}/sysconfig.language
%{_fillupdir}/sysconfig.proxy
%files extras
/usr/etc/skel/.emacs
/usr/etc/skel/.inputrc
%dir /usr/lib/base-scripts
/usr/lib/base-scripts/backup-rpmdb
/usr/lib/base-scripts/backup-sysconfig
/usr/lib/base-scripts/check-battery
/usr/lib/systemd/system/[bc]*
/var/adm/backup/rpmdb
/var/adm/backup/sysconfig
%{_fillupdir}/sysconfig.backup
%files malloccheck
/usr/etc/profile.d/malloc-debug.sh
/usr/etc/profile.d/malloc-debug.csh
%files wsl
/usr/etc/profile.d/wsl.csh
/usr/etc/profile.d/wsl.sh
%files yama-enable-ptrace
/usr/lib/sysctl.d/52-yama.conf
%changelog