Accepting request 957379 from home:schubi2

- Added own logrotate.service file in order to define a new order
  of parsed config files:
  /usr/etc/logrotate.conf   Default configuration file defined by
                            the vendor.
  /usr/etc/logrotate.d/*    Directory for additional configuration
                            files defined by the vendor.
  /etc/logrotate.conf       Default configuration file defined by
                            the administrator. (optional)
  /etc/logrotate.d/*        Directory for additional configuration
                            files defined by the administrator.
                            (optional)
- New logrotate.service includes logrotate-3.19.0-systemd_add_home_env
  patch.
- Adapted man page: logrotate-3.19.0-man_logrotate.patch

OBS-URL: https://build.opensuse.org/request/show/957379
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=94

logrotate-3.19.0-man_logrotate.patch

@@ -0,0 +1,40 @@
+diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in
+--- logrotate-3.19.0.orig/logrotate.8.in	2022-02-24 11:18:24.202811846 +0100
++++ logrotate-3.19.0/logrotate.8.in	2022-02-24 11:28:25.137690351 +0100
+@@ -48,6 +48,17 @@
+ is given on the command line, every file in that directory is used as
+ a config file.
+ .P
++If \fBlogrotate\fR is called via \fBsystemd\fR(1), following  order of
++parsed config files is defined in the \fIlogrotate.service\fR file:
++.TS
++tab(:);
++l l l.
++\fI/usr/etc/logrotate.conf\fR:Default configuration file defined by the vendor.
++\fI/usr/etc/logrotate.d/*\fR:Directory for additional configuration files defined by the vendor.
++\fI/etc/logrotate.conf\fR:Default configuration file defined by the administrator. (optional)
++\fI/etc/logrotate.d/*\fR:Directory for additional configuration files defined by the administrator. (optional)
++.TE
++.P
+ If no command line arguments are given, \fBlogrotate\fR will print
+ version and copyright information, along with a short usage summary.  If
+ any errors occur while rotating logs, \fBlogrotate\fR will exit with
+@@ -76,7 +87,7 @@
+ acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR
+ will exit with value 3.  The default state file is \fI@STATE_FILE_PATH@\fR.
+ If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will
+-not try to write the state file.
++not try to lock or write the state file.
+ 
+ .TP
+ \fB\-\-skip-state-lock\fR
+@@ -752,7 +763,8 @@
+ tab(:);
+ l l l.
+ \fI@STATE_FILE_PATH@\fR:Default state file.
+-\fI/etc/logrotate.conf\fR:Configuration options.
++\fI/usr/etc/logrotate.conf\fR:Configuration options defined by the vendor.
++\fI/etc/logrotate.conf\fR:Configuration options defined by the administrator.
+ .TE
+ 
+ 

logrotate-3.19.0-systemd_add_home_env.patch

@@ -1,11 +0,0 @@
-diff -ur logrotate-3.19.0.orig/examples/logrotate.service logrotate-3.19.0/examples/logrotate.service
---- logrotate-3.19.0.orig/examples/logrotate.service	2020-08-21 15:02:38.000000000 +0200
-+++ logrotate-3.19.0/examples/logrotate.service	2022-01-07 21:28:10.258744210 +0100
-@@ -12,6 +12,7 @@
- Nice=19
- IOSchedulingClass=best-effort
- IOSchedulingPriority=7
-+Environment=HOME=/root
- 
- # hardening options
- #  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html

logrotate.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Feb 24 10:36:07 UTC 2022 - Stefan Schubert <schubi@suse.de>
+
+- Added own logrotate.service file in order to define a new order
+  of parsed config files:
+  /usr/etc/logrotate.conf   Default configuration file defined by
+                            the vendor.
+  /usr/etc/logrotate.d/*    Directory for additional configuration
+                            files defined by the vendor.
+  /etc/logrotate.conf       Default configuration file defined by
+                            the administrator. (optional)
+  /etc/logrotate.d/*        Directory for additional configuration
+                            files defined by the administrator.
+                            (optional)
+- New logrotate.service includes logrotate-3.19.0-systemd_add_home_env
+  patch.
+- Adapted man page: logrotate-3.19.0-man_logrotate.patch  
+
 -------------------------------------------------------------------
 Fri Jan  7 20:23:36 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

logrotate.default

@@ -20,4 +20,4 @@ compresscmd /usr/bin/xz
 uncompresscmd /usr/bin/xzdec
 
 # RPM packages drop log rotation information into this directory
-include /etc/logrotate.d
+include /usr/etc/logrotate.d

logrotate.service

@@ -0,0 +1,39 @@
+[Unit]
+Description=Rotate log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+RequiresMountsFor=/var/log
+ConditionACPower=true
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c "/usr/bin/systemctl set-environment etc_conf=" ; \
+   /bin/sh -c "if [ -f /etc/logrotate.conf ]; then /usr/bin/systemctl set-environment etc_conf=/etc/logrotate.conf; fi" ; \
+   /bin/sh -c "/usr/bin/systemctl set-environment etc_dir=" ; \
+   /bin/sh -c "if [ -d /etc/logrotate.d ]; then /usr/bin/systemctl set-environment etc_dir=/etc/logrotate.d; fi"
+ExecStart=/bin/sh -c "/usr/sbin/logrotate /usr/etc/logrotate.conf ${etc_conf} ${etc_dir}"
+
+# performance options
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+Environment=HOME=/root
+
+# hardening options
+#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#  no ProtectHome for userdir logs
+#  no PrivateNetwork for mail deliviery
+#  no NoNewPrivileges for third party rotate scripts
+#  no RestrictSUIDSGID for creating setgid directories
+LockPersonality=true
+MemoryDenyWriteExecute=true
+PrivateDevices=true
+PrivateTmp=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=full
+RestrictNamespaces=true
+RestrictRealtime=true

logrotate.spec

@@ -16,6 +16,8 @@
 #
 
 
+%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
+
 Name:           logrotate
 Version:        3.19.0
 Release:        0
@@ -27,9 +29,10 @@ Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/
 # SUSE specific logrotate configurations
 Source1:        logrotate.wtmp
 Source2:        logrotate.default
+Source3:        logrotate.service
 Source10:       https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
 Source100:      %{name}-rpmlintrc
-Patch0:         logrotate-3.19.0-systemd_add_home_env.patch
+Patch0:         logrotate-3.19.0-man_logrotate.patch
 BuildRequires:  acl
 BuildRequires:  libacl-devel
 BuildRequires:  pkgconfig
@@ -63,10 +66,10 @@ It manages plain files only and is not involved in systemd's journal rotation.
 
 %install
 %make_install
-mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/wtmp
-install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.conf
-install -D -m 0644 examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
+install -m 644 %{SOURCE1} %{buildroot}%{_distconfdir}/logrotate.d/wtmp
+install -m 644 %{SOURCE2} %{buildroot}%{_distconfdir}/logrotate.conf
+install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}.service
 install -D -m 0644 examples/%{name}.timer %{buildroot}%{_unitdir}/%{name}.timer
 ln -s service %{buildroot}%{_sbindir}/rc%{name}
 
@@ -90,14 +93,18 @@ fi
 %service_del_postun %{name}.service %{name}.timer
 
 %files
+%if %{?suse_version} <= 1500
+%dir %{_distconfdir}
+%endif
+%dir %{_distconfdir}/logrotate.d
 %license COPYING
 %doc ChangeLog.md README.md
 %{_sbindir}/logrotate
 %{_sbindir}/rc%{name}
 %{_mandir}/man8/logrotate.8%{?ext_man}
 %{_mandir}/man5/logrotate.conf.5%{?ext_man}
-%config %{_sysconfdir}/logrotate.conf
-%config(noreplace) %{_sysconfdir}/logrotate.d/wtmp
+%{_distconfdir}/logrotate.conf
+%{_distconfdir}/logrotate.d/wtmp
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}.timer