diff --git a/logrotate-3.19.0-man_logrotate.patch b/logrotate-3.19.0-man_logrotate.patch new file mode 100644 index 0000000..be46a01 --- /dev/null +++ b/logrotate-3.19.0-man_logrotate.patch @@ -0,0 +1,40 @@ +diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in +--- logrotate-3.19.0.orig/logrotate.8.in 2022-02-24 11:18:24.202811846 +0100 ++++ logrotate-3.19.0/logrotate.8.in 2022-02-24 11:28:25.137690351 +0100 +@@ -48,6 +48,17 @@ + is given on the command line, every file in that directory is used as + a config file. + .P ++If \fBlogrotate\fR is called via \fBsystemd\fR(1), following order of ++parsed config files is defined in the \fIlogrotate.service\fR file: ++.TS ++tab(:); ++l l l. ++\fI/usr/etc/logrotate.conf\fR:Default configuration file defined by the vendor. ++\fI/usr/etc/logrotate.d/*\fR:Directory for additional configuration files defined by the vendor. ++\fI/etc/logrotate.conf\fR:Default configuration file defined by the administrator. (optional) ++\fI/etc/logrotate.d/*\fR:Directory for additional configuration files defined by the administrator. (optional) ++.TE ++.P + If no command line arguments are given, \fBlogrotate\fR will print + version and copyright information, along with a short usage summary. If + any errors occur while rotating logs, \fBlogrotate\fR will exit with +@@ -76,7 +87,7 @@ + acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR + will exit with value 3. The default state file is \fI@STATE_FILE_PATH@\fR. + If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will +-not try to write the state file. ++not try to lock or write the state file. + + .TP + \fB\-\-skip-state-lock\fR +@@ -752,7 +763,8 @@ + tab(:); + l l l. + \fI@STATE_FILE_PATH@\fR:Default state file. +-\fI/etc/logrotate.conf\fR:Configuration options. ++\fI/usr/etc/logrotate.conf\fR:Configuration options defined by the vendor. ++\fI/etc/logrotate.conf\fR:Configuration options defined by the administrator. + .TE + + diff --git a/logrotate-3.19.0-systemd_add_home_env.patch b/logrotate-3.19.0-systemd_add_home_env.patch deleted file mode 100644 index c8ac9ad..0000000 --- a/logrotate-3.19.0-systemd_add_home_env.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ur logrotate-3.19.0.orig/examples/logrotate.service logrotate-3.19.0/examples/logrotate.service ---- logrotate-3.19.0.orig/examples/logrotate.service 2020-08-21 15:02:38.000000000 +0200 -+++ logrotate-3.19.0/examples/logrotate.service 2022-01-07 21:28:10.258744210 +0100 -@@ -12,6 +12,7 @@ - Nice=19 - IOSchedulingClass=best-effort - IOSchedulingPriority=7 -+Environment=HOME=/root - - # hardening options - # details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html diff --git a/logrotate.changes b/logrotate.changes index f280155..43f00cd 100644 --- a/logrotate.changes +++ b/logrotate.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Thu Feb 24 10:36:07 UTC 2022 - Stefan Schubert + +- Added own logrotate.service file in order to define a new order + of parsed config files: + /usr/etc/logrotate.conf Default configuration file defined by + the vendor. + /usr/etc/logrotate.d/* Directory for additional configuration + files defined by the vendor. + /etc/logrotate.conf Default configuration file defined by + the administrator. (optional) + /etc/logrotate.d/* Directory for additional configuration + files defined by the administrator. + (optional) +- New logrotate.service includes logrotate-3.19.0-systemd_add_home_env + patch. +- Adapted man page: logrotate-3.19.0-man_logrotate.patch + ------------------------------------------------------------------- Fri Jan 7 20:23:36 UTC 2022 - Michael Ströder diff --git a/logrotate.default b/logrotate.default index ba72012..481ee46 100644 --- a/logrotate.default +++ b/logrotate.default @@ -20,4 +20,4 @@ compresscmd /usr/bin/xz uncompresscmd /usr/bin/xzdec # RPM packages drop log rotation information into this directory -include /etc/logrotate.d +include /usr/etc/logrotate.d diff --git a/logrotate.service b/logrotate.service new file mode 100644 index 0000000..dff101e --- /dev/null +++ b/logrotate.service @@ -0,0 +1,39 @@ +[Unit] +Description=Rotate log files +Documentation=man:logrotate(8) man:logrotate.conf(5) +RequiresMountsFor=/var/log +ConditionACPower=true + +[Service] +Type=oneshot +ExecStartPre=/bin/sh -c "/usr/bin/systemctl set-environment etc_conf=" ; \ + /bin/sh -c "if [ -f /etc/logrotate.conf ]; then /usr/bin/systemctl set-environment etc_conf=/etc/logrotate.conf; fi" ; \ + /bin/sh -c "/usr/bin/systemctl set-environment etc_dir=" ; \ + /bin/sh -c "if [ -d /etc/logrotate.d ]; then /usr/bin/systemctl set-environment etc_dir=/etc/logrotate.d; fi" +ExecStart=/bin/sh -c "/usr/sbin/logrotate /usr/etc/logrotate.conf ${etc_conf} ${etc_dir}" + +# performance options +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 +Environment=HOME=/root + +# hardening options +# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# no ProtectHome for userdir logs +# no PrivateNetwork for mail deliviery +# no NoNewPrivileges for third party rotate scripts +# no RestrictSUIDSGID for creating setgid directories +LockPersonality=true +MemoryDenyWriteExecute=true +PrivateDevices=true +PrivateTmp=true +ProtectClock=true +ProtectControlGroups=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +RestrictNamespaces=true +RestrictRealtime=true diff --git a/logrotate.spec b/logrotate.spec index 2626202..6f1cb38 100644 --- a/logrotate.spec +++ b/logrotate.spec @@ -16,6 +16,8 @@ # +%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} + Name: logrotate Version: 3.19.0 Release: 0 @@ -27,9 +29,10 @@ Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/ # SUSE specific logrotate configurations Source1: logrotate.wtmp Source2: logrotate.default +Source3: logrotate.service Source10: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc Source100: %{name}-rpmlintrc -Patch0: logrotate-3.19.0-systemd_add_home_env.patch +Patch0: logrotate-3.19.0-man_logrotate.patch BuildRequires: acl BuildRequires: libacl-devel BuildRequires: pkgconfig @@ -63,10 +66,10 @@ It manages plain files only and is not involved in systemd's journal rotation. %install %make_install -mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d -install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/wtmp -install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.conf -install -D -m 0644 examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -m 644 %{SOURCE1} %{buildroot}%{_distconfdir}/logrotate.d/wtmp +install -m 644 %{SOURCE2} %{buildroot}%{_distconfdir}/logrotate.conf +install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 examples/%{name}.timer %{buildroot}%{_unitdir}/%{name}.timer ln -s service %{buildroot}%{_sbindir}/rc%{name} @@ -90,14 +93,18 @@ fi %service_del_postun %{name}.service %{name}.timer %files +%if %{?suse_version} <= 1500 +%dir %{_distconfdir} +%endif +%dir %{_distconfdir}/logrotate.d %license COPYING %doc ChangeLog.md README.md %{_sbindir}/logrotate %{_sbindir}/rc%{name} %{_mandir}/man8/logrotate.8%{?ext_man} %{_mandir}/man5/logrotate.conf.5%{?ext_man} -%config %{_sysconfdir}/logrotate.conf -%config(noreplace) %{_sysconfdir}/logrotate.d/wtmp +%{_distconfdir}/logrotate.conf +%{_distconfdir}/logrotate.d/wtmp %{_unitdir}/%{name}.service %{_unitdir}/%{name}.timer