Accepting request 534175 from home:dmolkentin:branches:security:dehydrated

- In the timer service, execute root post run hooks in ExecStartPost

- Fix run of root hooks 
- Simplify root hook execution, this is also more robust

OBS-URL: https://build.opensuse.org/request/show/534175
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=15
This commit is contained in:
Marcus Rückert 2017-10-17 02:03:39 +00:00 committed by Git OBS Bridge
parent 4089aed6d0
commit bce49d6f11
3 changed files with 14 additions and 2 deletions

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Mon Oct 16 09:27:28 UTC 2017 - daniel.molkentin@suse.com
- In the timer service, execute root post run hooks in ExecStartPost
-------------------------------------------------------------------
Mon Oct 16 04:43:22 UTC 2017 - daniel.molkentin@suse.com
- Fix run of root hooks
- Simplify root hook execution, this is also more robust
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 5 13:36:39 UTC 2017 - daniel.molkentin@suse.com Thu Oct 5 13:36:39 UTC 2017 - daniel.molkentin@suse.com

View File

@ -2,4 +2,4 @@ SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root MAILTO=root
25 3 * * * root test -e /etc/dehydrated/config && /usr/bin/dehydrated --cron && for i in $(find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f); do $i; done; 25 3 * * * root test -e /etc/dehydrated/config && /usr/bin/dehydrated --cron && find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f -exec {} \;

View File

@ -6,7 +6,7 @@ Wants=acmeresponder.socket
[Service] [Service]
Type=oneshot Type=oneshot
ExecStartPre-=/usr/bin/sh -c 'for i in $(find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f); do $i; done;' ExecStartPost=-/usr/bin/find -L @POSTRUNHOOKS_DIR@ -maxdepth 1 -executable -type f -exec {} ;
ExecStart=/usr/bin/dehydrated --cron ExecStart=/usr/bin/dehydrated --cron
# dehydrated --cron will drop permissions and run critical code as dehydrated user. # dehydrated --cron will drop permissions and run critical code as dehydrated user.