Accepting request 516227 from hardware

- This package should not provide the user/group powerman
  as it is the only user of this group: powermand runs as
  this user/group and writes its data as this user/group.
  This gives the sysadmin some control over who to give
  access. There is no other application requiring this 
  user/group.

- run systemd-tmpfiles --create ... before starting service (bsc#1053481). (forwarded request 516226 from eeich)

OBS-URL: https://build.opensuse.org/request/show/516227
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/powerman?expand=0&rev=24
This commit is contained in:
Yuchen Lin 2017-08-12 18:29:14 +00:00 committed by Git OBS Bridge
commit b1c53f06fd
4 changed files with 225 additions and 6 deletions

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Fri Aug 11 19:47:51 UTC 2017 - eich@suse.com
- This package should not provide the user/group powerman
as it is the only user of this group: powermand runs as
this user/group and writes its data as this user/group.
This gives the sysadmin some control over who to give
access. There is no other application requiring this
user/group.
-------------------------------------------------------------------
Fri Aug 11 18:04:54 UTC 2017 - eich@suse.com
- run systemd-tmpfiles --create ... before starting service (bsc#1053481).
-------------------------------------------------------------------
Thu Jun 15 15:20:21 UTC 2017 - jjolly@suse.com
- powerman service configured to start as powerman:powerman user
- Fixed autoconf files to allow for dynamic user and group in
powerman.service file
- service-dynamic-user-autofiles.patch
- Updated configure file with only necessary changes from
autoconf changes
- service-dynamic-user-configure.patch
- Added %config to /etc/powerman/*.dev files
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Apr 2 21:28:34 UTC 2017 - meissner@suse.com Sun Apr 2 21:28:34 UTC 2017 - meissner@suse.com

View File

@ -21,6 +21,9 @@
%define _with_tcp_wrappers 1 %define _with_tcp_wrappers 1
%undefine _with_genders %undefine _with_genders
%define powerman_g %name
%define powerman_u %name
Name: powerman Name: powerman
Version: 2.3.24 Version: 2.3.24
Release: 0 Release: 0
@ -29,6 +32,8 @@ License: GPL-2.0+
Group: Productivity/Clustering/HA Group: Productivity/Clustering/HA
Url: https://github.com/chaos/powerman Url: https://github.com/chaos/powerman
Source0: https://github.com/chaos/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/chaos/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch1: service-dynamic-user-autofiles.patch
Patch2: service-dynamic-user-configure.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: pkg-config BuildRequires: pkg-config
@ -41,11 +46,10 @@ BuildRequires: net-snmp-devel
BuildRequires: genders BuildRequires: genders
%endif %endif
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
%if 0%{?suse_version} >= 1330
Requires(pre): user(daemon)
%endif
%{?systemd_requires} %{?systemd_requires}
Requires(pre): shadow
%description %description
PowerMan is a tool for manipulating remote power control (RPC) devices from a PowerMan is a tool for manipulating remote power control (RPC) devices from a
central location. Several RPC varieties are supported natively by PowerMan and central location. Several RPC varieties are supported natively by PowerMan and
@ -68,11 +72,15 @@ Header files, pkg-config file and man pages for developing applications using Po
%prep %prep
%setup -q %setup -q
%patch1 -p1
%patch2 -p1
%build %build
%configure \ %configure \
--disable-static\ --disable-static\
--with-httppower \ --with-httppower \
--with-user=%{powerman_u} \
--with-group=%{powerman_g} \
%{?_with_snmppower:--with-snmppower} \ %{?_with_snmppower:--with-snmppower} \
%{?_with_genders:--with-genders} \ %{?_with_genders:--with-genders} \
%{?_with_tcp_wrappers:--with-tcp-wrappers} \ %{?_with_tcp_wrappers:--with-tcp-wrappers} \
@ -85,7 +93,7 @@ find %{buildroot} -type f -name "*.la" -delete -print
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%{__mkdir} -p %{buildroot}%{_tmpfilesdir} %{__mkdir} -p %{buildroot}%{_tmpfilesdir}
cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf <<EOF cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf <<EOF
d /var/run/powerman 0755 daemon root - d /var/run/powerman 0755 %{powerman_u} %{powerman_g} -
EOF EOF
mv %{buildroot}%{_sysconfdir}/powerman/powerman.conf.example %{buildroot}%{_sysconfdir}/powerman/powerman.conf mv %{buildroot}%{_sysconfdir}/powerman/powerman.conf.example %{buildroot}%{_sysconfdir}/powerman/powerman.conf
rm -r %{buildroot}%{_libdir}/stonith rm -r %{buildroot}%{_libdir}/stonith
@ -93,10 +101,14 @@ rm -r %{buildroot}%{_libdir}/stonith
%pre %pre
%service_add_pre %{name}.service %service_add_pre %{name}.service
%define powerman_descr "Power Manager service"
getent group %powerman_g >/dev/null || groupadd -r %powerman_g
getent passwd %powerman_u >/dev/null || useradd -r -g %powerman_g -M -s /bin/false -c %powerman_descr %powerman_u
exit 0
%post %post
%service_add_post %{name}.service
systemd-tmpfiles --create %{_tmpfilesdir}/powerman.conf systemd-tmpfiles --create %{_tmpfilesdir}/powerman.conf
%service_add_post %{name}.service
%preun %preun
%service_del_preun %{name}.service %service_del_preun %{name}.service
@ -118,7 +130,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/powerman.conf
%dir %{_sysconfdir}/powerman %dir %{_sysconfdir}/powerman
%attr(0644,root,root) %{_unitdir}/%{name}.service %attr(0644,root,root) %{_unitdir}/%{name}.service
%config %{_sysconfdir}/powerman/powerman.conf %config %{_sysconfdir}/powerman/powerman.conf
%{_sysconfdir}/powerman/*.dev %config %{_sysconfdir}/powerman/*.dev
%{_tmpfilesdir}/powerman.conf %{_tmpfilesdir}/powerman.conf
%files devel %files devel

View File

@ -0,0 +1,96 @@
Index: powerman-2.3.24/scripts/powerman.service
===================================================================
--- powerman-2.3.24.orig/scripts/powerman.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=PowerMan
-After=syslog.target network.target
-
-[Service]
-Type=forking
-PrivateTmp=yes
-User=daemon
-Group=daemon
-ExecStart=/usr/sbin/powermand
-RuntimeDirectory=powerman
-RuntimeDirectoryMode=0755
-PIDFile=/var/run/powerman/powermand.pid
-
-[Install]
-WantedBy=multi-user.target
Index: powerman-2.3.24/scripts/powerman.service.in
===================================================================
--- /dev/null
+++ powerman-2.3.24/scripts/powerman.service.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=PowerMan
+After=syslog.target network.target
+
+[Service]
+Type=forking
+PrivateTmp=yes
+User=@RUN_AS_USER@
+Group=@RUN_AS_GROUP@
+ExecStart=/usr/sbin/powermand
+RuntimeDirectory=powerman
+RuntimeDirectoryMode=0755
+PIDFile=/var/run/powerman/powermand.pid
+
+[Install]
+WantedBy=multi-user.target
Index: powerman-2.3.24/configure.ac
===================================================================
--- powerman-2.3.24.orig/configure.ac
+++ powerman-2.3.24/configure.ac
@@ -91,7 +91,7 @@ AC_DEFINE(WITH_LSD_NOMEM_ERROR_FUNC, 1,
# whether to install pkg-config file for API
AC_PKGCONFIG
-# what user to run daemon as
+# what user and group to run daemon as
AC_RUNAS
##
@@ -112,6 +112,7 @@ AC_CONFIG_FILES( \
etc/Makefile \
scripts/Makefile \
scripts/powerman \
+ scripts/powerman.service \
heartbeat/Makefile \
man/Makefile \
man/powerman.1 \
Index: powerman-2.3.24/config/ac_runas.m4
===================================================================
--- powerman-2.3.24.orig/config/ac_runas.m4
+++ powerman-2.3.24/config/ac_runas.m4
@@ -1,6 +1,7 @@
AC_DEFUN([AC_RUNAS],
[
RUN_AS_USER="daemon"
+ RUN_AS_GROUP="daemon"
AC_MSG_CHECKING(user to run as)
AC_ARG_WITH(user,
AC_HELP_STRING([--with-user=username], [user for powerman daemon (daemon)]),
@@ -16,4 +17,20 @@ AC_DEFUN([AC_RUNAS],
[Powerman daemon user])
AC_MSG_RESULT(${RUN_AS_USER})
AC_SUBST(RUN_AS_USER)
+
+ AC_MSG_CHECKING(group to run as)
+ AC_ARG_WITH(group,
+ AC_HELP_STRING([--with-group=groupname], [group for powerman daemon (daemon)]),
+ [ case "${withval}" in
+ yes|no)
+ ;;
+ *)
+ RUN_AS_GROUP="${withval}"
+ ;;
+ esac],
+ )
+ AC_DEFINE_UNQUOTED(RUN_AS_GROUP, "${RUN_AS_GROUP}",
+ [Powerman daemon group])
+ AC_MSG_RESULT(${RUN_AS_GROUP})
+ AC_SUBST(RUN_AS_GROUP)
])

View File

@ -0,0 +1,84 @@
Index: powerman-2.3.24/configure
===================================================================
--- powerman-2.3.24.orig/configure
+++ powerman-2.3.24/configure
@@ -788,6 +788,7 @@ ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
+RUN_AS_GROUP
RUN_AS_USER
pkgconfigdir
WITH_PKG_CONFIG_FALSE
@@ -970,6 +971,7 @@ with_ncurses
with_tcp_wrappers
with_pkgconfig_dir
with_user
+with_group
'
ac_precious_vars='build_alias
host_alias
@@ -1643,6 +1645,7 @@ Optional Packages:
where to install pkg-config *.pc files
(EPREFIX/lib/pkgconfig)
--with-user=username user for powerman daemon (daemon)
+ --with-group=groupname group for powerman daemon (daemon)
Some influential environment variables:
CC C compiler command
@@ -15307,9 +15310,10 @@ fi
-# what user to run daemon as
+# what user and group to run daemon as
RUN_AS_USER="daemon"
+ RUN_AS_GROUP="daemon"
{ $as_echo "$as_me:$LINENO: checking user to run as" >&5
$as_echo_n "checking user to run as... " >&6; }
@@ -15333,11 +15337,34 @@ _ACEOF
$as_echo "${RUN_AS_USER}" >&6; }
+ { $as_echo "$as_me:$LINENO: checking group to run as" >&5
+$as_echo_n "checking group to run as... " >&6; }
+
+# Check whether --with-group was given.
+if test "${with_group+set}" = set; then :
+ withval=$with_group; case "${withval}" in
+ yes|no)
+ ;;
+ *)
+ RUN_AS_GROUP="${withval}"
+ ;;
+ esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define RUN_AS_GROUP "${RUN_AS_GROUP}"
+_ACEOF
+
+ { $as_echo "$as_me:$LINENO: result: ${RUN_AS_GROUP}" >&5
+$as_echo "${RUN_AS_GROUP}" >&6; }
+
+
##
# Epilogue.
##
-ac_config_files="$ac_config_files Makefile powerman.spec libpowerman/Makefile libpowerman/libpowerman.pc liblsd/Makefile libcommon/Makefile powerman/Makefile powermand/Makefile httppower/Makefile snmppower/Makefile plmpower/Makefile etc/Makefile scripts/Makefile scripts/powerman heartbeat/Makefile man/Makefile man/powerman.1 man/libpowerman.3 man/powerman.conf.5 man/powerman.dev.5 man/httppower.8 man/plmpower.8 man/powermand.8 man/vpcd.8 test/Makefile"
+ac_config_files="$ac_config_files Makefile powerman.spec libpowerman/Makefile libpowerman/libpowerman.pc liblsd/Makefile libcommon/Makefile powerman/Makefile powermand/Makefile httppower/Makefile snmppower/Makefile plmpower/Makefile etc/Makefile scripts/Makefile scripts/powerman scripts/powerman.service heartbeat/Makefile man/Makefile man/powerman.1 man/libpowerman.3 man/powerman.conf.5 man/powerman.dev.5 man/httppower.8 man/plmpower.8 man/powermand.8 man/vpcd.8 test/Makefile"
cat >confcache <<\_ACEOF
@@ -16282,6 +16309,7 @@ do
"etc/Makefile") CONFIG_FILES="$CONFIG_FILES etc/Makefile" ;;
"scripts/Makefile") CONFIG_FILES="$CONFIG_FILES scripts/Makefile" ;;
"scripts/powerman") CONFIG_FILES="$CONFIG_FILES scripts/powerman" ;;
+ "scripts/powerman.service") CONFIG_FILES="$CONFIG_FILES scripts/powerman.service" ;;
"heartbeat/Makefile") CONFIG_FILES="$CONFIG_FILES heartbeat/Makefile" ;;
"man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
"man/powerman.1") CONFIG_FILES="$CONFIG_FILES man/powerman.1" ;;