From c1bab9bb4db790618dc9ad3ecf449c7d6d58278c124ec351eda4d28b31c0c849 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 9 Jul 2021 11:44:38 +0000 Subject: [PATCH] Accepting request 898848 from home:lnussel:usrmove - Mark /boot, /home, /mnt, /opt, /srv and /usr/local as %ghost and create from lua in case mounted eg from a read-only fs such as NFS. Except for the latter also mark them as 0555 while we are at it (boo#1186894) OBS-URL: https://build.opensuse.org/request/show/898848 OBS-URL: https://build.opensuse.org/package/show/Base:System/filesystem?expand=0&rev=209 --- directory.list | 26 ----------- directory.list64 | 1 - filesystem.changes | 8 ++++ filesystem.spec | 111 +++++++++++++++++++++++++-------------------- ghost.list | 26 +++++++++++ ghost.list64 | 1 + 6 files changed, 98 insertions(+), 75 deletions(-) create mode 100644 ghost.list64 diff --git a/directory.list b/directory.list index fd308d7..011a1b5 100644 --- a/directory.list +++ b/directory.list @@ -1,4 +1,3 @@ -0755 root root /boot 0755 root root /dev 0755 root root /etc 0755 root root /etc/X11 @@ -23,16 +22,10 @@ 0755 root root /etc/opt 0755 root root /etc/xdg 0755 root root /etc/xdg/autostart -0755 root root /home -0755 root root /mnt -0755 root root /opt 0700 root root /root 0700 root root /root/.gnupg 0755 root root /root/bin 0755 root root /run -0755 root root /srv/www -0755 root root /srv/www/cgi-bin -0755 root root /srv/www/htdocs 1777 root root /tmp 0755 root root /usr 0555 root root /usr/bin @@ -69,25 +62,6 @@ 0755 root root /usr/lib/tmpfiles.d 0755 root root /usr/lib/udev 0755 root root /usr/lib/udev/rules.d -0755 root root /usr/local -0755 root root /usr/local/bin -0755 root root /usr/local/include -0755 root root /usr/local/lib -0755 root root /usr/local/libexec -0755 root root /usr/local/man -0755 root root /usr/local/man/man1 -0755 root root /usr/local/man/man2 -0755 root root /usr/local/man/man3 -0755 root root /usr/local/man/man4 -0755 root root /usr/local/man/man5 -0755 root root /usr/local/man/man6 -0755 root root /usr/local/man/man7 -0755 root root /usr/local/man/man8 -0755 root root /usr/local/man/man9 -0755 root root /usr/local/man/mann -0755 root root /usr/local/sbin -0755 root root /usr/local/share -0755 root root /usr/local/src 0555 root root /usr/sbin 0555 root root /usr/share # TODO make 0555 diff --git a/directory.list64 b/directory.list64 index 35a202c..65ad82d 100644 --- a/directory.list64 +++ b/directory.list64 @@ -1,4 +1,3 @@ 0555 root root /usr/lib64 0555 root root /usr/lib64/pkgconfig 0755 root root /usr/lib64/browser-plugins -0755 root root /usr/local/lib64 diff --git a/filesystem.changes b/filesystem.changes index cc2b613..e87e44d 100644 --- a/filesystem.changes +++ b/filesystem.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jun 9 15:46:59 UTC 2021 - Ludwig Nussel + +- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as + %ghost and create from lua in case mounted eg from a read-only fs + such as NFS. Except for the latter also mark them as 0555 while we + are at it (boo#1186894) + ------------------------------------------------------------------- Wed Jun 9 06:13:42 UTC 2021 - Thorsten Kukuk diff --git a/filesystem.spec b/filesystem.spec index ab9efc3..c71bbe7 100644 --- a/filesystem.spec +++ b/filesystem.spec @@ -43,6 +43,7 @@ Source2: languages Source3: ghost.list Source4: languages.man Source64: directory.list64 +Source65: ghost.list64 Source99: LICENSE.txt %description @@ -53,8 +54,68 @@ the home directories of system users. %setup -c -n filesystem -T cp %{SOURCE0} . cp %{SOURCE1} . +cp %{SOURCE3} . +%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64 +cat %{SOURCE65} >> ghost.list +%endif %build +cat > pretrans.lua <<'EOF' +os.remove ("/usr/include/X11") +os.remove ("/usr/lib/X11") +if not posix.readlink("/var/run") then + os.rename("/var/run","/var/run.rpmsave.tmpx") +end +if not posix.readlink("/var/lock") then + os.rename("/var/lock","/var/lock.rpmsave.tmpx") +end +if not posix.stat("/var/run") then + posix.symlink("/run","/var/run") +end +if not posix.stat("/var/lock") then + posix.symlink("/run/lock","/var/lock") +end +if posix.stat("/var/run.rpmsave.tmpx") then + os.execute("mv /var/run.rpmsave.tmpx/* /var/run") + os.remove("/var/run.rpmsave.tmpx") +end +if posix.stat("/var/lock.rpmsave.tmpx") then + os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock") + os.remove("/var/lock.rpmsave.tmpx") +end +%if 0%{?usrmerged} +needmigrate = false +local dirs = {"/bin", + "/sbin", +%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64 + "/lib64", +%endif + "/lib" } +for i in pairs(dirs) do + local t = posix.stat(dirs[i], "type") + if t == nil then + posix.symlink("usr"..dirs[i], dirs[i]) + elseif t == "directory" then + needmigrate = true + end +end +if needmigrate then + assert(os.execute("/usr/libexec/convertfs")) +end +%endif +local ghosts = { +EOF +while read MOD OWN GRP NAME ; do + [ "$OWN" = root -a "$GRP" = root ] + echo "[\"$NAME\"] = $MOD," +done < ghost.list >> pretrans.lua +cat >> pretrans.lua <<'EOF' +} +for i in pairs(ghosts) do + posix.mkdir(i) + posix.chmod(i, ghosts[i]) +end +EOF %install function create_dir () { @@ -117,7 +178,7 @@ while read MOD OWN GRP NAME ; do create_dir $MOD $OWN $GRP $NAME done < directory.list # ghost files next -cat %{SOURCE3} | while read MOD OWN GRP NAME ; do +cat ghost.list | while read MOD OWN GRP NAME ; do create_dir $MOD $OWN $GRP $NAME "%%ghost " done # arch specific leftovers @@ -244,53 +305,7 @@ install -m 0644 fs-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-tmp.conf install -m 0644 fs-var.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var.conf install -m 0644 fs-var-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var-tmp.conf -%pretrans -p -os.remove ("/usr/include/X11") -os.remove ("/usr/lib/X11") -if not posix.readlink("/var/run") then - os.rename("/var/run","/var/run.rpmsave.tmpx") -end -if not posix.readlink("/var/lock") then - os.rename("/var/lock","/var/lock.rpmsave.tmpx") -end -if not posix.stat("/var/run") then - posix.symlink("/run","/var/run") -end -if not posix.stat("/var/lock") then - posix.symlink("/run/lock","/var/lock") -end -if posix.stat("/var/run.rpmsave.tmpx") then - os.execute("mv /var/run.rpmsave.tmpx/* /var/run") - os.remove("/var/run.rpmsave.tmpx") -end -if posix.stat("/var/lock.rpmsave.tmpx") then - os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock") - os.remove("/var/lock.rpmsave.tmpx") -end -%if 0%{?usrmerged} -needmigrate = false -local dirs = {"/bin", - "/sbin", -%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64 - "/lib64", -%endif - "/lib" } -for i in pairs(dirs) do - local t = posix.stat(dirs[i], "type") - if t == nil then - posix.symlink("usr"..dirs[i], dirs[i]) - elseif t == "directory" then - needmigrate = true - end -end -if needmigrate then - assert(os.execute("/usr/libexec/convertfs")) -end -%endif -posix.mkdir("/proc") -posix.chmod("/proc", 0555) -posix.mkdir("/sys") -posix.chmod("/sys", 0555) +%pretrans -p -f pretrans.lua %files -f filesystem.list /usr/lib/tmpfiles.d/fs-tmp.conf diff --git a/ghost.list b/ghost.list index 6770cde..af5145b 100644 --- a/ghost.list +++ b/ghost.list @@ -1,2 +1,28 @@ +0555 root root /boot +0555 root root /home +0555 root root /mnt +0555 root root /opt 0555 root root /proc +0555 root root /srv/www +0555 root root /srv/www/cgi-bin +0555 root root /srv/www/htdocs 0555 root root /sys +0755 root root /usr/local +0755 root root /usr/local/bin +0755 root root /usr/local/include +0755 root root /usr/local/lib +0755 root root /usr/local/libexec +0755 root root /usr/local/man +0755 root root /usr/local/man/man1 +0755 root root /usr/local/man/man2 +0755 root root /usr/local/man/man3 +0755 root root /usr/local/man/man4 +0755 root root /usr/local/man/man5 +0755 root root /usr/local/man/man6 +0755 root root /usr/local/man/man7 +0755 root root /usr/local/man/man8 +0755 root root /usr/local/man/man9 +0755 root root /usr/local/man/mann +0755 root root /usr/local/sbin +0755 root root /usr/local/share +0755 root root /usr/local/src diff --git a/ghost.list64 b/ghost.list64 new file mode 100644 index 0000000..0741d2e --- /dev/null +++ b/ghost.list64 @@ -0,0 +1 @@ +0755 root root /usr/local/lib64