diff --git a/powerman.changes b/powerman.changes index 5551a39..4aba77e 100644 --- a/powerman.changes +++ b/powerman.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Fri Aug 11 19:47:51 UTC 2017 - eich@suse.com + +- This package should not provide the user/group powerman + as it is the only user of this group: powermand runs as + this user/group and writes its data as this user/group. + This gives the sysadmin some control over who to give + access. There is no other application requiring this + user/group. + +------------------------------------------------------------------- +Fri Aug 11 18:04:54 UTC 2017 - eich@suse.com + +- run systemd-tmpfiles --create ... before starting service (bsc#1053481). + +------------------------------------------------------------------- +Thu Jun 15 15:20:21 UTC 2017 - jjolly@suse.com + +- powerman service configured to start as powerman:powerman user + - Fixed autoconf files to allow for dynamic user and group in + powerman.service file + - service-dynamic-user-autofiles.patch + - Updated configure file with only necessary changes from + autoconf changes + - service-dynamic-user-configure.patch +- Added %config to /etc/powerman/*.dev files + ------------------------------------------------------------------- Sun Apr 2 21:28:34 UTC 2017 - meissner@suse.com diff --git a/powerman.spec b/powerman.spec index d012d9c..62e1335 100644 --- a/powerman.spec +++ b/powerman.spec @@ -21,6 +21,9 @@ %define _with_tcp_wrappers 1 %undefine _with_genders +%define powerman_g %name +%define powerman_u %name + Name: powerman Version: 2.3.24 Release: 0 @@ -29,6 +32,8 @@ License: GPL-2.0+ Group: Productivity/Clustering/HA Url: https://github.com/chaos/powerman Source0: https://github.com/chaos/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz +Patch1: service-dynamic-user-autofiles.patch +Patch2: service-dynamic-user-configure.patch BuildRequires: fdupes BuildRequires: ncurses-devel BuildRequires: pkg-config @@ -41,11 +46,10 @@ BuildRequires: net-snmp-devel BuildRequires: genders %endif BuildRequires: pkgconfig(systemd) -%if 0%{?suse_version} >= 1330 -Requires(pre): user(daemon) -%endif %{?systemd_requires} +Requires(pre): shadow + %description PowerMan is a tool for manipulating remote power control (RPC) devices from a central location. Several RPC varieties are supported natively by PowerMan and @@ -68,11 +72,15 @@ Header files, pkg-config file and man pages for developing applications using Po %prep %setup -q +%patch1 -p1 +%patch2 -p1 %build %configure \ --disable-static\ --with-httppower \ + --with-user=%{powerman_u} \ + --with-group=%{powerman_g} \ %{?_with_snmppower:--with-snmppower} \ %{?_with_genders:--with-genders} \ %{?_with_tcp_wrappers:--with-tcp-wrappers} \ @@ -85,7 +93,7 @@ find %{buildroot} -type f -name "*.la" -delete -print ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %{__mkdir} -p %{buildroot}%{_tmpfilesdir} cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf </dev/null || groupadd -r %powerman_g +getent passwd %powerman_u >/dev/null || useradd -r -g %powerman_g -M -s /bin/false -c %powerman_descr %powerman_u +exit 0 %post -%service_add_post %{name}.service systemd-tmpfiles --create %{_tmpfilesdir}/powerman.conf +%service_add_post %{name}.service %preun %service_del_preun %{name}.service @@ -118,7 +130,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/powerman.conf %dir %{_sysconfdir}/powerman %attr(0644,root,root) %{_unitdir}/%{name}.service %config %{_sysconfdir}/powerman/powerman.conf -%{_sysconfdir}/powerman/*.dev +%config %{_sysconfdir}/powerman/*.dev %{_tmpfilesdir}/powerman.conf %files devel diff --git a/service-dynamic-user-autofiles.patch b/service-dynamic-user-autofiles.patch new file mode 100644 index 0000000..ac6e6c1 --- /dev/null +++ b/service-dynamic-user-autofiles.patch @@ -0,0 +1,96 @@ +Index: powerman-2.3.24/scripts/powerman.service +=================================================================== +--- powerman-2.3.24.orig/scripts/powerman.service ++++ /dev/null +@@ -1,16 +0,0 @@ +-[Unit] +-Description=PowerMan +-After=syslog.target network.target +- +-[Service] +-Type=forking +-PrivateTmp=yes +-User=daemon +-Group=daemon +-ExecStart=/usr/sbin/powermand +-RuntimeDirectory=powerman +-RuntimeDirectoryMode=0755 +-PIDFile=/var/run/powerman/powermand.pid +- +-[Install] +-WantedBy=multi-user.target +Index: powerman-2.3.24/scripts/powerman.service.in +=================================================================== +--- /dev/null ++++ powerman-2.3.24/scripts/powerman.service.in +@@ -0,0 +1,16 @@ ++[Unit] ++Description=PowerMan ++After=syslog.target network.target ++ ++[Service] ++Type=forking ++PrivateTmp=yes ++User=@RUN_AS_USER@ ++Group=@RUN_AS_GROUP@ ++ExecStart=/usr/sbin/powermand ++RuntimeDirectory=powerman ++RuntimeDirectoryMode=0755 ++PIDFile=/var/run/powerman/powermand.pid ++ ++[Install] ++WantedBy=multi-user.target +Index: powerman-2.3.24/configure.ac +=================================================================== +--- powerman-2.3.24.orig/configure.ac ++++ powerman-2.3.24/configure.ac +@@ -91,7 +91,7 @@ AC_DEFINE(WITH_LSD_NOMEM_ERROR_FUNC, 1, + # whether to install pkg-config file for API + AC_PKGCONFIG + +-# what user to run daemon as ++# what user and group to run daemon as + AC_RUNAS + + ## +@@ -112,6 +112,7 @@ AC_CONFIG_FILES( \ + etc/Makefile \ + scripts/Makefile \ + scripts/powerman \ ++ scripts/powerman.service \ + heartbeat/Makefile \ + man/Makefile \ + man/powerman.1 \ +Index: powerman-2.3.24/config/ac_runas.m4 +=================================================================== +--- powerman-2.3.24.orig/config/ac_runas.m4 ++++ powerman-2.3.24/config/ac_runas.m4 +@@ -1,6 +1,7 @@ + AC_DEFUN([AC_RUNAS], + [ + RUN_AS_USER="daemon" ++ RUN_AS_GROUP="daemon" + AC_MSG_CHECKING(user to run as) + AC_ARG_WITH(user, + AC_HELP_STRING([--with-user=username], [user for powerman daemon (daemon)]), +@@ -16,4 +17,20 @@ AC_DEFUN([AC_RUNAS], + [Powerman daemon user]) + AC_MSG_RESULT(${RUN_AS_USER}) + AC_SUBST(RUN_AS_USER) ++ ++ AC_MSG_CHECKING(group to run as) ++ AC_ARG_WITH(group, ++ AC_HELP_STRING([--with-group=groupname], [group for powerman daemon (daemon)]), ++ [ case "${withval}" in ++ yes|no) ++ ;; ++ *) ++ RUN_AS_GROUP="${withval}" ++ ;; ++ esac], ++ ) ++ AC_DEFINE_UNQUOTED(RUN_AS_GROUP, "${RUN_AS_GROUP}", ++ [Powerman daemon group]) ++ AC_MSG_RESULT(${RUN_AS_GROUP}) ++ AC_SUBST(RUN_AS_GROUP) + ]) diff --git a/service-dynamic-user-configure.patch b/service-dynamic-user-configure.patch new file mode 100644 index 0000000..79186cc --- /dev/null +++ b/service-dynamic-user-configure.patch @@ -0,0 +1,84 @@ +Index: powerman-2.3.24/configure +=================================================================== +--- powerman-2.3.24.orig/configure ++++ powerman-2.3.24/configure +@@ -788,6 +788,7 @@ ac_subst_vars='am__EXEEXT_FALSE + am__EXEEXT_TRUE + LTLIBOBJS + LIBOBJS ++RUN_AS_GROUP + RUN_AS_USER + pkgconfigdir + WITH_PKG_CONFIG_FALSE +@@ -970,6 +971,7 @@ with_ncurses + with_tcp_wrappers + with_pkgconfig_dir + with_user ++with_group + ' + ac_precious_vars='build_alias + host_alias +@@ -1643,6 +1645,7 @@ Optional Packages: + where to install pkg-config *.pc files + (EPREFIX/lib/pkgconfig) + --with-user=username user for powerman daemon (daemon) ++ --with-group=groupname group for powerman daemon (daemon) + + Some influential environment variables: + CC C compiler command +@@ -15307,9 +15310,10 @@ fi + + + +-# what user to run daemon as ++# what user and group to run daemon as + + RUN_AS_USER="daemon" ++ RUN_AS_GROUP="daemon" + { $as_echo "$as_me:$LINENO: checking user to run as" >&5 + $as_echo_n "checking user to run as... " >&6; } + +@@ -15333,11 +15337,34 @@ _ACEOF + $as_echo "${RUN_AS_USER}" >&6; } + + ++ { $as_echo "$as_me:$LINENO: checking group to run as" >&5 ++$as_echo_n "checking group to run as... " >&6; } ++ ++# Check whether --with-group was given. ++if test "${with_group+set}" = set; then : ++ withval=$with_group; case "${withval}" in ++ yes|no) ++ ;; ++ *) ++ RUN_AS_GROUP="${withval}" ++ ;; ++ esac ++fi ++ ++ ++cat >>confdefs.h <<_ACEOF ++#define RUN_AS_GROUP "${RUN_AS_GROUP}" ++_ACEOF ++ ++ { $as_echo "$as_me:$LINENO: result: ${RUN_AS_GROUP}" >&5 ++$as_echo "${RUN_AS_GROUP}" >&6; } ++ ++ + + ## + # Epilogue. + ## +-ac_config_files="$ac_config_files Makefile powerman.spec libpowerman/Makefile libpowerman/libpowerman.pc liblsd/Makefile libcommon/Makefile powerman/Makefile powermand/Makefile httppower/Makefile snmppower/Makefile plmpower/Makefile etc/Makefile scripts/Makefile scripts/powerman heartbeat/Makefile man/Makefile man/powerman.1 man/libpowerman.3 man/powerman.conf.5 man/powerman.dev.5 man/httppower.8 man/plmpower.8 man/powermand.8 man/vpcd.8 test/Makefile" ++ac_config_files="$ac_config_files Makefile powerman.spec libpowerman/Makefile libpowerman/libpowerman.pc liblsd/Makefile libcommon/Makefile powerman/Makefile powermand/Makefile httppower/Makefile snmppower/Makefile plmpower/Makefile etc/Makefile scripts/Makefile scripts/powerman scripts/powerman.service heartbeat/Makefile man/Makefile man/powerman.1 man/libpowerman.3 man/powerman.conf.5 man/powerman.dev.5 man/httppower.8 man/plmpower.8 man/powermand.8 man/vpcd.8 test/Makefile" + + + cat >confcache <<\_ACEOF +@@ -16282,6 +16309,7 @@ do + "etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;; + "scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;; + "scripts/powerman") CONFIG_FILES="$CONFIG_FILES scripts/powerman" ;; ++ "scripts/powerman.service") CONFIG_FILES="$CONFIG_FILES scripts/powerman.service" ;; + "heartbeat/Makefile") CONFIG_FILES="$CONFIG_FILES heartbeat/Makefile" ;; + "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;; + "man/powerman.1") CONFIG_FILES="$CONFIG_FILES man/powerman.1" ;;