From cf54f21688c893c4142e4c38e62290e704aa90762b31a2bf29e85e6f8c2e9a18 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov Date: Thu, 9 Jan 2025 13:29:03 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=265 --- _lastrevision | 2 +- ...elinux-context-for-minion-service-bs.patch | 65 ++++++ salt.changes | 15 ++ salt.spec | 188 ++---------------- 4 files changed, 101 insertions(+), 169 deletions(-) create mode 100644 revert-setting-selinux-context-for-minion-service-bs.patch diff --git a/_lastrevision b/_lastrevision index 6801793..e94004b 100644 --- a/_lastrevision +++ b/_lastrevision @@ -1 +1 @@ -f2c8ab9e975fc8439911820ad3ecf395dcd1d33b \ No newline at end of file +d7c50289494a6b41234aee2204209083e30fbd8d \ No newline at end of file diff --git a/revert-setting-selinux-context-for-minion-service-bs.patch b/revert-setting-selinux-context-for-minion-service-bs.patch new file mode 100644 index 0000000..7ba3190 --- /dev/null +++ b/revert-setting-selinux-context-for-minion-service-bs.patch @@ -0,0 +1,65 @@ +From 7217fccdce5df73fda1a8378dc7120642ffe8181 Mon Sep 17 00:00:00 2001 +From: Victor Zhestkov +Date: Mon, 16 Dec 2024 15:31:26 +0300 +Subject: [PATCH] Revert setting SELinux context for minion service + (bsc#1233667) + +This reverts commit d933c8f0795fdada84a01a2cc754586fa720993d. +--- + pkg/common/salt-minion.service | 1 - + pkg/old/deb/salt-minion.service | 1 - + pkg/old/suse/salt-minion.service | 1 - + pkg/old/suse/salt-minion.service.rhel7 | 1 - + 4 files changed, 4 deletions(-) + +diff --git a/pkg/common/salt-minion.service b/pkg/common/salt-minion.service +index 696d0263c3..69aff18c58 100644 +--- a/pkg/common/salt-minion.service ++++ b/pkg/common/salt-minion.service +@@ -9,7 +9,6 @@ Type=notify + NotifyAccess=all + LimitNOFILE=8192 + ExecStart=/usr/bin/salt-minion +-SELinuxContext=system_u:system_r:unconfined_t:s0 + + [Install] + WantedBy=multi-user.target +diff --git a/pkg/old/deb/salt-minion.service b/pkg/old/deb/salt-minion.service +index b0ad82c133..7e6cf14654 100644 +--- a/pkg/old/deb/salt-minion.service ++++ b/pkg/old/deb/salt-minion.service +@@ -8,7 +8,6 @@ KillMode=process + NotifyAccess=all + LimitNOFILE=8192 + ExecStart=/usr/bin/salt-minion +-SELinuxContext=system_u:system_r:unconfined_t:s0 + + [Install] + WantedBy=multi-user.target +diff --git a/pkg/old/suse/salt-minion.service b/pkg/old/suse/salt-minion.service +index b99ef06352..12f28314cb 100644 +--- a/pkg/old/suse/salt-minion.service ++++ b/pkg/old/suse/salt-minion.service +@@ -10,7 +10,6 @@ ExecStart=/usr/bin/salt-minion + KillMode=process + Restart=on-failure + RestartSec=15 +-SELinuxContext=system_u:system_r:unconfined_t:s0 + + [Install] + WantedBy=multi-user.target +diff --git a/pkg/old/suse/salt-minion.service.rhel7 b/pkg/old/suse/salt-minion.service.rhel7 +index 92cc66d32f..6917267714 100644 +--- a/pkg/old/suse/salt-minion.service.rhel7 ++++ b/pkg/old/suse/salt-minion.service.rhel7 +@@ -9,7 +9,6 @@ ExecStart=/usr/bin/salt-minion + KillMode=process + Restart=on-failure + RestartSec=15 +-SELinuxContext=system_u:system_r:unconfined_t:s0 + + [Install] + WantedBy=multi-user.target +-- +2.47.1 + diff --git a/salt.changes b/salt.changes index b027582..c59cdfb 100644 --- a/salt.changes +++ b/salt.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Jan 9 12:57:12 UTC 2025 - Pablo Suárez Hernández + +- Revert setting SELinux context for minion service (bsc#1233667) +- Remove System V init support + * Make systemd the only supported init system by removing System V init + and insserv references + * Ensure package builds with no init system dependencies if built + without systemd (for example for use in containers) + * Apply some spec-cleaner suggestions (update copyright year, sort + requirements, adjust spacing) + +- Added: + * revert-setting-selinux-context-for-minion-service-bs.patch + ------------------------------------------------------------------- Tue Nov 26 14:53:34 UTC 2024 - Victor Zhestkov diff --git a/salt.spec b/salt.spec index 70eabdf..69f3f7f 100644 --- a/salt.spec +++ b/salt.spec @@ -1,7 +1,7 @@ # # spec file for package salt # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,8 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # + + %global debug_package %{nil} %if 0%{?suse_version} > 1500 @@ -49,6 +51,10 @@ %bcond_without docs %bcond_with builddocs +%if %{without systemd} +%define service_del_preun echo %{*} +%endif + %{?sle15allpythons} %define skip_python2 1 %if 0%{?rhel} == 8 || (0%{?suse_version} == 1500 && 0%{?sle_version} < 150400) @@ -79,7 +85,7 @@ Release: 0 Summary: A parallel remote execution system License: Apache-2.0 Group: System/Management -Url: https://saltproject.io/ +URL: https://saltproject.io/ Source: v%{version}.tar.gz Source1: README.SUSE Source2: salt-tmpfiles.d @@ -490,6 +496,8 @@ Patch146: handle-logger-flushing-already-closed-file-686.patch # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/66757 # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/66760 Patch147: make-minion-reconnecting-on-changing-master-ip-bsc-1.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/690 +Patch148: revert-setting-selinux-context-for-minion-service-bs.patch ### IMPORTANT: The line below is used as a snippet marker. Do not touch it. ### SALT PATCHES LIST END @@ -513,7 +521,6 @@ Provides: user(salt) Provides: group(salt) %if 0%{?suse_version} -Requires(pre): %fillup_prereq Requires(pre): shadow %endif @@ -539,10 +546,6 @@ Requires: iproute %if %{with systemd} BuildRequires: pkgconfig(systemd) %{?systemd_ordering} -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif %endif %if %{with fish_completion} @@ -597,10 +600,10 @@ BuildRequires: %{python_module setuptools} # requirements/base.txt %if 0%{?rhel} || 0%{?fedora} BuildRequires: python3-jinja2 +BuildRequires: python3-m2crypto BuildRequires: python3-markupsafe BuildRequires: python3-msgpack > 0.3 BuildRequires: python3-zmq >= 2.2.0 -BuildRequires: python3-m2crypto %else BuildRequires: %{python_module Jinja2} BuildRequires: %{python_module MarkupSafe} @@ -656,11 +659,11 @@ Requires(postun):update-alternatives # requirements/base.txt %if 0%{?rhel} || 0%{?fedora} Requires: python3-jinja2 -Requires: yum +Requires: python3-m2crypto Requires: python3-markupsafe Requires: python3-msgpack > 0.3 -Requires: python3-m2crypto Requires: python3-zmq >= 2.2.0 +Requires: yum %if 0%{?rhel} == 8 || 0%{?fedora} >= 30 Requires: dnf @@ -823,14 +826,7 @@ Requires: pmtools %endif %if %{with systemd} %{?systemd_requires} -BuildRequires: systemd -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif -%endif -%if 0%{?suse_version} -Requires(pre): %fillup_prereq +BuildRequires: systemd %endif %description master @@ -852,13 +848,6 @@ Requires(pre): libzypp(plugin:system) >= 0 %if %{with systemd} %{?systemd_requires} -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif -%endif -%if 0%{?suse_version} -Requires(pre): %fillup_prereq %endif %description minion @@ -871,13 +860,6 @@ Group: System/Management Requires: %{name} = %{version}-%{release} %if %{with systemd} %{?systemd_requires} -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif -%endif -%if 0%{?suse_version} -Requires(pre): %fillup_prereq %endif %description proxy @@ -887,7 +869,6 @@ Examples include network gear that has an API but runs a proprietary OS, devices with limited CPU or memory, or devices that could run a minion, but for security reasons, will not. - %package syndic Summary: The syndic component for saltstack Group: System/Management @@ -895,13 +876,6 @@ Requires: %{name} = %{version}-%{release} Requires: %{name}-master = %{version}-%{release} %if %{with systemd} %{?systemd_requires} -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif -%endif -%if 0%{?suse_version} -Requires(pre): %fillup_prereq %endif %description syndic @@ -919,13 +893,6 @@ Recommends: sshpass %endif %if %{with systemd} %{?systemd_requires} -%else -%if 0%{?suse_version} -Requires(pre): %insserv_prereq -%endif -%endif -%if 0%{?suse_version} -Requires(pre): %fillup_prereq %endif %description ssh @@ -1222,22 +1189,6 @@ ln -s service %{buildroot}%{_sbindir}/rcsalt-syndic ln -s service %{buildroot}%{_sbindir}/rcsalt-minion ln -s service %{buildroot}%{_sbindir}/rcsalt-api install -Dpm 644 %{S:2} %{buildroot}/usr/lib/tmpfiles.d/salt.conf -%else -mkdir -p %{buildroot}%{_initddir} -## install init scripts -install -Dpm 0755 pkg/old/suse/salt-master %{buildroot}%{_initddir}/salt-master -install -Dpm 0755 pkg/old/suse/salt-syndic %{buildroot}%{_initddir}/salt-syndic -install -Dpm 0755 pkg/old/suse/salt-minion %{buildroot}%{_initddir}/salt-minion -install -Dpm 0755 pkg/old/suse/salt-api %{buildroot}%{_initddir}/salt-api -ln -sf %{_initddir}/salt-master %{buildroot}%{_sbindir}/rcsalt-master -ln -sf %{_initddir}/salt-syndic %{buildroot}%{_sbindir}/rcsalt-syndic -ln -sf %{_initddir}/salt-minion %{buildroot}%{_sbindir}/rcsalt-minion -ln -sf %{_initddir}/salt-api %{buildroot}%{_sbindir}/rcsalt-api -%endif - -## Install sysV salt-minion watchdog for SLES11 and RHEL6 -%if 0%{?rhel} == 6 || 0%{?suse_version} == 1110 -install -Dpm 0755 scripts/suse/watchdog/salt-daemon-watcher %{buildroot}%{_bindir}/salt-daemon-watcher %endif # @@ -1348,14 +1299,9 @@ dbus-uuidgen --ensure %if %{with systemd} %if 0%{?suse_version} %service_add_post salt-proxy@.service -%fillup_only %else %systemd_post salt-proxy@.service %endif -%else -%if 0%{?suse_version} -%fillup_and_insserv -%endif %endif %postun proxy @@ -1365,11 +1311,6 @@ dbus-uuidgen --ensure %else %systemd_postun_with_restart salt-proxy@.service %endif -%else -%if 0%{?suse_version} -%insserv_cleanup -%restart_on_update salt-proxy -%endif %endif %preun syndic @@ -1379,15 +1320,6 @@ dbus-uuidgen --ensure %else %systemd_preun salt-syndic.service %endif -%else -%if 0%{?suse_version} -%stop_on_removal salt-syndic -%else - if [ $1 -eq 0 ] ; then - /sbin/service salt-syndic stop >/dev/null 2>&1 - /sbin/chkconfig --del salt-syndic - fi -%endif %endif %pre syndic @@ -1401,14 +1333,9 @@ dbus-uuidgen --ensure %if %{with systemd} %if 0%{?suse_version} %service_add_post salt-syndic.service -%fillup_only %else %systemd_post salt-syndic.service %endif -%else -%if 0%{?suse_version} -%fillup_and_insserv -%endif %endif %postun syndic @@ -1418,11 +1345,6 @@ dbus-uuidgen --ensure %else %systemd_postun_with_restart salt-syndic.service %endif -%else -%if 0%{?suse_version} -%insserv_cleanup -%restart_on_update salt-syndic -%endif %endif %preun master @@ -1432,15 +1354,6 @@ dbus-uuidgen --ensure %else %systemd_preun salt-master.service %endif -%else -%if 0%{?suse_version} -%stop_on_removal salt-master -%else - if [ $1 -eq 0 ] ; then - /sbin/service salt-master stop >/dev/null 2>&1 - /sbin/chkconfig --del salt-master - fi -%endif %endif %pre master @@ -1476,16 +1389,9 @@ if [ "${systemd_ver%%.*}" -lt 228 ]; then fi %if 0%{?suse_version} %service_add_post salt-master.service -%fillup_only %else %systemd_post salt-master.service %endif -%else -%if 0%{?suse_version} -%fillup_and_insserv -%else - /sbin/chkconfig --add salt-master -%endif %endif %postun master @@ -1495,15 +1401,6 @@ fi %else %systemd_postun_with_restart salt-master.service %endif -%else -%if 0%{?suse_version} -%restart_on_update salt-master -%insserv_cleanup -%else - if [ "$1" -ge "1" ] ; then - /sbin/service salt-master condrestart >/dev/null 2>&1 || : - fi -%endif %endif %preun minion @@ -1513,15 +1410,6 @@ fi %else %systemd_preun salt-minion.service %endif -%else -%if 0%{?suse_version} -%stop_on_removal salt-minion -%else - if [ $1 -eq 0 ] ; then - /sbin/service salt-minion stop >/dev/null 2>&1 - /sbin/chkconfig --del salt-minion - fi -%endif %endif %pre minion @@ -1535,16 +1423,9 @@ fi %if %{with systemd} %if 0%{?suse_version} %service_add_post salt-minion.service -%fillup_only %else %systemd_post salt-minion.service %endif -%else -%if 0%{?suse_version} -%fillup_and_insserv -%else - /sbin/chkconfig --add salt-minion -%endif %endif %postun minion @@ -1554,15 +1435,6 @@ fi %else %systemd_postun_with_restart salt-minion.service %endif -%else -%if 0%{?suse_version} -%insserv_cleanup -%restart_on_update salt-minion -%else - if [ "$1" -ge "1" ] ; then - /sbin/service salt-minion condrestart >/dev/null 2>&1 || : - fi -%endif %endif %preun api @@ -1590,10 +1462,6 @@ fi %else %systemd_post salt-api.service %endif -%else -%if 0%{?suse_version} -%fillup_and_insserv -%endif %endif %postun api @@ -1603,11 +1471,6 @@ fi %else %systemd_postun_with_restart salt-api.service %endif -%else -%if 0%{?suse_version} -%insserv_cleanup -%restart_on_update -%endif %endif %if 0%{?_alternatives} @@ -1634,11 +1497,9 @@ rm -f %{_localstatedir}/cache/salt/minion/thin/version %files api %defattr(-,root,root) %{_bindir}/salt-api -%{_sbindir}/rcsalt-api %if %{with systemd} +%{_sbindir}/rcsalt-api %{_unitdir}/salt-api.service -%else -%{_initddir}/salt-api %endif %{_mandir}/man1/salt-api.1.* @@ -1664,11 +1525,9 @@ rm -f %{_localstatedir}/cache/salt/minion/thin/version %defattr(-,root,root) %{_bindir}/salt-syndic %{_mandir}/man1/salt-syndic.1.gz -%{_sbindir}/rcsalt-syndic %if %{with systemd} +%{_sbindir}/rcsalt-syndic %{_unitdir}/salt-syndic.service -%else -%{_initddir}/salt-syndic %endif %files minion @@ -1680,7 +1539,9 @@ rm -f %{_localstatedir}/cache/salt/minion/thin/version %dir %attr(0750, root, root) %{_sysconfdir}/salt/minion.d/ %dir %attr(0750, root, root) %{_sysconfdir}/salt/pki/minion/ %dir %attr(0750, root, root) %{_localstatedir}/cache/salt/minion/ +%if %{with systemd} %{_sbindir}/rcsalt-minion +%endif # Install plugin only on SUSE machines %if 0%{?suse_version} @@ -1701,13 +1562,6 @@ rm -f %{_localstatedir}/cache/salt/minion/thin/version %if %{with systemd} %{_unitdir}/salt-minion.service -%else -%config(noreplace) %{_initddir}/salt-minion -%endif - -## Install sysV salt-minion watchdog for SLES11 and RHEL6 -%if 0%{?rhel} == 6 || 0%{?suse_version} == 1110 -%{_bindir}/salt-daemon-watcher %endif %files proxy @@ -1733,11 +1587,9 @@ rm -f %{_localstatedir}/cache/salt/minion/thin/version %if 0%{?suse_version} <= 1500 %config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/salt %endif -%{_sbindir}/rcsalt-master %if %{with systemd} +%{_sbindir}/rcsalt-master %{_unitdir}/salt-master.service -%else -%config(noreplace) %{_initddir}/salt-master %endif # %config(noreplace) %attr(0640, root, salt) %{_sysconfdir}/salt/master