Accepting request 1077560 from systemsmanagement

OBS-URL: https://build.opensuse.org/request/show/1077560
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/clone-master-clean-up?expand=0&rev=4

clone-master-clean-up.1

@@ -14,7 +14,7 @@
 .\" * GNU General Public License for more details.
 .\" */
 .\" 
-.TH clone-master-clean-up "1" "May 2017" "" "Clean-Up For Cloning Preparation"
+.TH clone-master-clean-up "1" "September 2022" "" "Clean-Up For Cloning Preparation"
 .SH NAME
 clone\-master\-clean\-up - Clean up a system for cloning preparation.
 
@@ -77,7 +77,7 @@ The program asks for confirmation before proceeding with cleanup. If you proceed
 .IP \[bu]
 SUSE registration, all software repositories.
 .IP \[bu]
-SSH host keys, user SSH keys, user authorized keys, user shell history.
+SSH host keys, root user SSH keys, root user authorized keys, root user shell history.
 .IP \[bu]
 User mails and user cron jobs.
 .IP \[bu]

clone-master-clean-up.changes

@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue Feb  7 12:26:43 UTC 2023 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.11
+- clone-master-clean-up fails when /etc/iscsi/initiatorname.iscsi doesn't exist
+  The entire section is wrapped in a test for the existence of this file.
+  (bsc#1207993)
+
+-------------------------------------------------------------------
+Fri Oct 28 11:41:37 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.10
+- clone-master-clean-up fails if postfix is not installed (bsc#1204835)
+  Check if the directory does exists.
+
+-------------------------------------------------------------------
+Fri Sep 23 14:49:49 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.9
+- [clone-master-clean-up] Cleannup initiatorname.iscsi
+  Remove all no comment files
+  (bsc#1203024)
+
+-------------------------------------------------------------------
+Thu Sep 22 09:08:16 UTC 2022 - Peter Varkoly <varkoly@suse.com>
+
+- Bump version to 1.8
+- clone-master-clean-up fails to remove btrfs snapshots
+  (bsc#1203651)
+
+-------------------------------------------------------------------
+Tue Aug 30 15:02:45 UTC 2022 - abriel@suse.com
+
+- Bump version to 1.7
+- CVE-2021-32000: fix some potentially dangerous file system
+  operations
+  (bsc#1181050)
+
 -------------------------------------------------------------------
 Wed Aug 12 15:44:30 UTC 2020 - abriel@suse.com
 

clone-master-clean-up.sh

@@ -4,6 +4,7 @@
 # Author: Howard Guo <hguo@suse.com>
 
 set -e
+shopt -s nullglob
 # bsc#1092378
 DROP_IN_FILE=/etc/clone-master-clean-up/custom_remove
 SYSCONF_FILE=/etc/sysconfig/clone-master-clean-up
@@ -16,10 +17,21 @@ trap 'err_exit $LINENO' ERR
 
 [ "$UID" != "0" ] && echo 'Please run this program as root user.' && exit 1
 
-echo 'The script will delete all SSH keys, log data, and more. Type YES and enter to proceed.'
+echo -e 'The script will delete root SSH keys, log data, and more.\n' \
+     'WARNING: This should only be used on a pristine system\n' \
+     'WARNING: with no populated /home directories!\n' \
+     'Type YES and enter to proceed.'
 read -r answer
 [ "$answer" != "YES" ] && exit 1
 
+if [ -n "$(echo /home/*/.ssh/* /home/*/.*_history)" ]; then
+    echo -e 'There seem to be populated /home directories on this system\n' \
+         'Cloning such systems is not recommended.\n' \
+         'Type YES if you still would like to proceed.'
+    read answer
+    [ "$answer" != "YES" ] && exit 1
+fi
+
 # source config file
 if [ -r "$SYSCONF_FILE" ]; then
     . "$SYSCONF_FILE"
@@ -45,22 +57,33 @@ find /etc/zypp \( -iname 'suse*' -o -iname 'scc*' \) -delete
 echo "Removing zypper anonymous ID"
 rm -rf /var/lib/zypp/AnonymousUniqueId
 
-echo 'Removing SSH host keys, user SSH keys, authorized keys, and shell history'
+echo 'Removing SSH host keys, root user SSH keys, authorized keys, and shell history'
-rm -rf /etc/ssh/ssh_host*key* /root/.ssh/* /home/*/.ssh/* /home/*/.*_history &> /dev/null
+rm -rf /etc/ssh/ssh_host*key* /root/.ssh/*  &> /dev/null
 
 echo 'Removing all mails and cron-jobs'
 rm -rf /var/spool/mail/*
 rm -rf /var/spool/cron/{lastrun,tabs}/*
 
 echo "Clean up postfix"
-rm -rf /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}/*
+for i in /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}; do
+    if [ -d "$i" ]; then
+        # descend following symlink and check if it was symlink, if not, recursively delete entries in this directory. 'rm -rf' doesn't follow symlinks.
+        cd -P "$i"
+        [ "$i" != "$PWD" ] && continue
+        info=( $(stat --printf="%u %g" ".") )
+        owner=${info[0]}
+        group=${info[1]}
+        setpriv --clear-groups --reuid "$owner" --regid "$group" rm -rf ./*
+    fi
+done
 
 echo 'Removing all temporary files'
 rm -rf /tmp/* /tmp/.* /var/tmp/* /var/tmp/.* &> /dev/null || true
 
-echo 'Clearing log files and removing log archives'
+echo 'Removing log archives'
-find /var/log -type f -exec truncate -s 0 {} \;
 find /var/log \( -iname '*.old' -o -iname '*.xz' -o -iname '*.gz' \) -delete
+echo 'Clearing log files'
+find /var/log -type f -exec truncate -s 0 {} \;
 
 echo 'Clearing HANA firewall script'
 rm -rf /etc/hana-firewall.d/generated_hana_firewall_script
@@ -119,10 +142,9 @@ echo 'Enabling YaST Firstboot if necessary'
 
 
 if [ "$CMCU_RSNAP" = "yes" ]; then
-SNAPPER_CMD="snapper delete"
   if [ -d /.snapshots ]; then
     echo "Removing all pre/post btrfs snapshots from /.snapshot"
-	snapshots=$(dbus-send --type=method_call --system --print-reply \
+    presnapshots=$(dbus-send --type=method_call --system --print-reply \
                              --dest=org.opensuse.Snapper \
                              /org/opensuse/Snapper \
                              org.opensuse.Snapper.ListSnapshots string:root \
@@ -130,42 +152,39 @@ SNAPPER_CMD="snapper delete"
 BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0}
 /array \[/ {arr++}
 /struct {/ {if (arr==1) cnt++}
-/}/ {if(arr==1&&--cnt==0){if(del==1) print id \"|\" lst;del=0;u4=0;u2=0}}
+/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}}
 /\]/ {arr--}
 # Don't delete current snapshot
 /string "current"/ {if (arr==1 && cnt==1) del=0}
 # ID: 1st uint32 value of each top struct in top array
 /uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2}
 # Type: 1st uint16 value of each top struct in top array
-/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==1 || \$2==2){del=1}}}}
+/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==1 ){del=1}}}}
 ")
-
+    for i in $presnapshots
-	# Create chains
+    do
-	OFS=$IFS
+       /usr/bin/snapper delete --sync $i
-	IFS=" "
-	while read line; do
-	    [[ $line =~ ([^\|]+)\|(.*) ]]
-	    last[${BASH_REMATCH[1]}]=${BASH_REMATCH[2]};
-	    [ -z "${next[${BASH_REMATCH[1]}]}" ] && next[${BASH_REMATCH[1]}]=0
-	    next[${BASH_REMATCH[2]}]=${BASH_REMATCH[1]}
-	done <<< $snapshots
-	IFS=$OFS
-	# Find end of each chain and work backwards
-	for i in ${!next[@]}; do
-	    [ -n "${next[$i]}" ] || continue # unpopulated
-	    a=${next[$i]}; unset next[$i]; b=$i
-	    while true; do
-		if [ $a -eq 0 ]
-		then
-		    while true; do
-			unset next[$b]; $SNAPPER_CMD $b
-			b=${last[$b]}
-			[ $b -eq 0 ] && break 2
-		    done
-		else
-		    b=$a; a=${next[$a]}; unset next[$b]
-		fi
     done
+    postsnapshots=$(dbus-send --type=method_call --system --print-reply \
+                             --dest=org.opensuse.Snapper \
+                             /org/opensuse/Snapper \
+                             org.opensuse.Snapper.ListSnapshots string:root \
+                             2>/dev/null | awk -- "
+BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0}
+/array \[/ {arr++}
+/struct {/ {if (arr==1) cnt++}
+/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}}
+/\]/ {arr--}
+# Don't delete current snapshot
+/string "current"/ {if (arr==1 && cnt==1) del=0}
+# ID: 1st uint32 value of each top struct in top array
+/uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2}
+# Type: 1st uint16 value of each top struct in top array
+/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==2 ){del=1}}}}
+")
+    for i in $postsnapshots
+    do
+       /usr/bin/snapper delete --sync $i
     done
   fi
 fi
@@ -271,5 +290,10 @@ if [ -r "$DROP_IN_FILE" ]; then
     done < $DROP_IN_FILE
 fi
 
+if [ -e /etc/iscsi/initiatorname.iscsi ]; then
+    echo 'Clean up initiatorname.iscsi'
+    sed -i '/^[^#]/d' /etc/iscsi/initiatorname.iscsi
+fi
+
 echo 'Finished. The system is now sparkling clean. Feel free to shut it down and image it.'
 

clone-master-clean-up.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package clone-master-clean-up
 #
-# Copyright (c) 2017-2020 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           clone-master-clean-up
-Version:        1.6
+Version:        1.11
 Release:        0
 Summary:        Tool to clean up a system for cloning preparation
 License:        GPL-2.0-or-later