From bce49d6f1195d72a13fdd16c5466da0b080af4ac2adbb2fb4a4d9b23100a223b Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Tue, 17 Oct 2017 02:03:39 +0000 Subject: [PATCH] Accepting request 534175 from home:dmolkentin:branches:security:dehydrated - In the timer service, execute root post run hooks in ExecStartPost - Fix run of root hooks - Simplify root hook execution, this is also more robust OBS-URL: https://build.opensuse.org/request/show/534175 OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=15 --- dehydrated.changes | 12 ++++++++++++ dehydrated.cron.in | 2 +- dehydrated.service.in | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/dehydrated.changes b/dehydrated.changes index 071ea65..aca8222 100644 --- a/dehydrated.changes +++ b/dehydrated.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Oct 16 09:27:28 UTC 2017 - daniel.molkentin@suse.com + +- In the timer service, execute root post run hooks in ExecStartPost + +------------------------------------------------------------------- +Mon Oct 16 04:43:22 UTC 2017 - daniel.molkentin@suse.com + +- Fix run of root hooks + +- Simplify root hook execution, this is also more robust + ------------------------------------------------------------------- Thu Oct 5 13:36:39 UTC 2017 - daniel.molkentin@suse.com diff --git a/dehydrated.cron.in b/dehydrated.cron.in index ba90790..fc2157b 100644 --- a/dehydrated.cron.in +++ b/dehydrated.cron.in @@ -2,4 +2,4 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root -25 3 * * * root test -e /etc/dehydrated/config && /usr/bin/dehydrated --cron && for i in $(find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f); do $i; done; +25 3 * * * root test -e /etc/dehydrated/config && /usr/bin/dehydrated --cron && find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f -exec {} \; diff --git a/dehydrated.service.in b/dehydrated.service.in index 5f1fad2..baf2ba2 100644 --- a/dehydrated.service.in +++ b/dehydrated.service.in @@ -6,7 +6,7 @@ Wants=acmeresponder.socket [Service] Type=oneshot -ExecStartPre-=/usr/bin/sh -c 'for i in $(find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f); do $i; done;' +ExecStartPost=-/usr/bin/find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f -exec {} ; ExecStart=/usr/bin/dehydrated --cron # dehydrated --cron will drop permissions and run critical code as dehydrated user.