From d670ac9b366f43c18ccf2fdcc9b5353a20b625d6fca956c8c08b4bac93171ce6 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 20 Aug 2020 20:27:28 +0000 Subject: [PATCH] Accepting request 827614 from devel:kubic - Update to version 2.4 - fixes for autorelabel in initrd - Use systemds tmpfiles.d/tmp.conf to relabel /tmp and cleanup /tmp after 10 days and /var/tmp after 30 days - Don't install tmp.mount.d/selinux.conf on Factory [bsc#1175379] - Add tmp.mount for SUSE MicroOS 5.0 [jsc#SMO-2] - SELinux support [jsc#SMO-15] - overwrite tmp.mount options with SELinux label for /tmp - Add generator to label mount points if required - Add dracut module to relabel core system if required OBS-URL: https://build.opensuse.org/request/show/827614 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/microos-tools?expand=0&rev=10 --- microos-tools-2.3.tar.xz | 3 --- microos-tools-2.4.tar.xz | 3 +++ microos-tools.changes | 25 ++++++++++++++++++++++--- microos-tools.spec | 12 +++++++++--- tmp.mount | 25 +++++++++++++++++++++++++ 5 files changed, 59 insertions(+), 9 deletions(-) delete mode 100644 microos-tools-2.3.tar.xz create mode 100644 microos-tools-2.4.tar.xz create mode 100644 tmp.mount diff --git a/microos-tools-2.3.tar.xz b/microos-tools-2.3.tar.xz deleted file mode 100644 index 6518019..0000000 --- a/microos-tools-2.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5d3cc2db01288366ae14e1e699378b7d89ffa68e181b5e3b05e85f6ba60cbaa -size 75236 diff --git a/microos-tools-2.4.tar.xz b/microos-tools-2.4.tar.xz new file mode 100644 index 0000000..4b88927 --- /dev/null +++ b/microos-tools-2.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e4315e295786375fc854009b37fb73f3e4d68cef8e05c8f8c9e5590defad32b8 +size 75256 diff --git a/microos-tools.changes b/microos-tools.changes index 12aa0c7..d34296e 100644 --- a/microos-tools.changes +++ b/microos-tools.changes @@ -1,10 +1,29 @@ +------------------------------------------------------------------- +Tue Aug 18 14:33:56 UTC 2020 - Thorsten Kukuk + +- Update to version 2.4 + - fixes for autorelabel in initrd + - Use systemds tmpfiles.d/tmp.conf to relabel /tmp and cleanup + /tmp after 10 days and /var/tmp after 30 days + +------------------------------------------------------------------- +Tue Aug 18 08:45:41 UTC 2020 - Thorsten Kukuk + +- Don't install tmp.mount.d/selinux.conf on Factory [bsc#1175379] + +------------------------------------------------------------------- +Fri Aug 14 08:56:00 UTC 2020 - Thorsten Kukuk + +- Add tmp.mount for SUSE MicroOS 5.0 [jsc#SMO-2] + ------------------------------------------------------------------- Wed Aug 12 07:32:04 UTC 2020 - Thorsten Kukuk - Update to version 2.3 - - overwrite tmp.mount options with SELinux label for /tmp - - Add generator to label mount points if required - - Add dracut module to relabel core system if required + - SELinux support [jsc#SMO-15] + - overwrite tmp.mount options with SELinux label for /tmp + - Add generator to label mount points if required + - Add dracut module to relabel core system if required - Add locale-check to reset locale to system default if the one set by SSH does not exist [bsc#1156175] - Set TMPDIR for salt to not use /tmp (preparation for noexec) diff --git a/microos-tools.spec b/microos-tools.spec index c8ff49d..a67996e 100644 --- a/microos-tools.spec +++ b/microos-tools.spec @@ -17,13 +17,14 @@ Name: microos-tools -Version: 2.3 +Version: 2.4 Release: 0 Summary: Files and Scripts for openSUSE MicroOS License: GPL-2.0-or-later Group: Development/Tools/Other URL: https://github.com/kubic-project/microos-tools Source: microos-tools-%{version}.tar.xz +Source1: tmp.mount Source99: microos-tools-rpmlintrc BuildRequires: distribution-release BuildRequires: pkgconfig @@ -44,6 +45,9 @@ Files, scripts and directories for openSUSE Kubic. %install %make_install +%if 0%{?suse_version} <= 1500 +install -m 0644 %{SOURCE1} %{buildroot}/%{_unitdir}/ +%endif %pre %service_add_pre setup-systemd-proxy-env.service printenv.service @@ -75,11 +79,13 @@ Files, scripts and directories for openSUSE Kubic. %{_unitdir}/setup-systemd-proxy-env.service %dir %{_unitdir}/sysinit.target.wants %{_unitdir}/sysinit.target.wants/MicroOS-firstboot.service -%dir %{_unitdir}/tmp.mount.d -%{_unitdir}/tmp.mount.d/selinux.conf +%if 0%{?suse_version} <= 1500 +%{_unitdir}/tmp.mount +%endif %dir %{_unitdir}/salt-minion.service.d %{_unitdir}/salt-minion.service.d/TMPDIR.conf %{_tmpfilesdir}/salt-minion-tmpdir.conf +%{_tmpfilesdir}/tmp.conf %{_sysctldir}/30-corefiles.conf %{_libexecdir}/MicroOS-firstboot %{_sbindir}/setup-systemd-proxy-env diff --git a/tmp.mount b/tmp.mount new file mode 100644 index 0000000..fcd7735 --- /dev/null +++ b/tmp.mount @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory (/tmp) +Documentation=https://systemd.io/TEMPORARY_DIRECTORIES +Documentation=man:file-hierarchy(7) +Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target +After=swap.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,nosuid,nodev