From aca81012ba8a1c0f7fa0bd747a5d075b512dc6ae58b7304b91914ea3b6b2699a Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Fri, 31 Jan 2020 12:41:42 +0000 Subject: [PATCH 1/3] Introduce a user mktex as replacement for user nobody (boo#1159740) OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive-filesystem?expand=0&rev=123 --- texlive-filesystem.changes | 5 +++ texlive-filesystem.spec | 64 ++++++++++++++++++++------------------ texlive.cron | 7 ++--- 3 files changed, 41 insertions(+), 35 deletions(-) diff --git a/texlive-filesystem.changes b/texlive-filesystem.changes index 817215e..7fa6986 100644 --- a/texlive-filesystem.changes +++ b/texlive-filesystem.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 31 12:32:25 UTC 2020 - Dr. Werner Fink + +- Introduce a user mktex as replacement for user nobody (boo#1159740) + ------------------------------------------------------------------- Wed Jan 22 08:55:38 UTC 2020 - Dr. Werner Fink diff --git a/texlive-filesystem.spec b/texlive-filesystem.spec index 6a21e73..d6d4c65 100644 --- a/texlive-filesystem.spec +++ b/texlive-filesystem.spec @@ -155,8 +155,9 @@ Prefix: %{_bindir} %define _appdefdir %{_x11data}/app-defaults # %define texgrp mktex -%define nobody nobody +%define texusr mktex #define texgid 505 +#define texuid 505 # %description The basic file system layout for TeX Live installation. @@ -15293,11 +15294,11 @@ popd mkdir -p %{buildroot}%{_sysconfdir}/permissions.d (cat > %{buildroot}%{_sysconfdir}/permissions.d/texlive.texlive) <<-EOF %{_libexecdir}/mktex/public root:%{texgrp} 2755 - %{_texmfconfdir}/ls-R %{nobody}:%{texgrp} 0664 - %{_fontcache}/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/dist/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/main/ls-R %{nobody}:%{texgrp} 0664 + %{_texmfconfdir}/ls-R root:%{texgrp} 0664 + %{_fontcache}/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/dist/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/main/ls-R root:%{texgrp} 0664 %{_texmfvardir}/ root:root 1755 %{_texmfvardir}/dist/ root:root 1755 %{_texmfvardir}/main/ root:root 1755 @@ -15306,18 +15307,18 @@ popd %{_texmfvardir}/fonts/dvips/ root:root 1755 %{_texmfvardir}/fonts/pdftex/ root:root 1755 %{_texmfcache}/ root:root 1755 - %{_fontcache}/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/pk/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/source/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/tfm/ %{nobody}:%{texgrp} 1775 + %{_fontcache}/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/pk/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/source/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/tfm/ %{texusr}:%{texgrp} 1775 EOF (cat > %{buildroot}%{_sysconfdir}/permissions.d/texlive) <<-EOF %{_libexecdir}/mktex/public root:%{texgrp} 0755 - %{_texmfconfdir}/ls-R %{nobody}:%{texgrp} 0664 - %{_fontcache}/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/dist/ls-R %{nobody}:%{texgrp} 0664 - %{_texmfvardir}/main/ls-R %{nobody}:%{texgrp} 0664 + %{_texmfconfdir}/ls-R root:%{texgrp} 0664 + %{_fontcache}/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/dist/ls-R root:%{texgrp} 0664 + %{_texmfvardir}/main/ls-R root:%{texgrp} 0664 %{_texmfvardir}/ root:root 1755 %{_texmfvardir}/dist/ root:root 1755 %{_texmfvardir}/main/ root:root 1755 @@ -15326,10 +15327,10 @@ popd %{_texmfvardir}/fonts/dvips/ root:root 1755 %{_texmfvardir}/fonts/pdftex/ root:root 1755 %{_texmfcache}/ root:root 1755 - %{_fontcache}/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/pk/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/source/ %{nobody}:%{texgrp} 1775 - %{_fontcache}/tfm/ %{nobody}:%{texgrp} 1775 + %{_fontcache}/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/pk/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/source/ %{texusr}:%{texgrp} 1775 + %{_fontcache}/tfm/ %{texusr}:%{texgrp} 1775 EOF %if %{with zypper_posttrans} @@ -15387,6 +15388,7 @@ popd %pre %{_bindir}/getent group %{texgrp} > /dev/null 2>&1 || %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp} +%{_bindir}/getent group %{texusr} > /dev/null 2>&1 || %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr} # the ls-R file on update error=0 for dir in %{_texmfconfdir} \ @@ -15397,8 +15399,8 @@ for dir in %{_texmfconfdir} \ do test ! -h ${dir}/ls-R || rm -vf ${dir}/ls-R test -e ${dir}/ls-R || continue - test "$(stat --format '%U:%G' ${dir}/ls-R)" != %{nobody}:%{texgrp} || continue - chown %{nobody}:%{texgrp} ${dir}/ls-R || error=1 + test "$(stat --format '%U:%G' ${dir}/ls-R)" != root:%{texgrp} || continue + chown root:%{texgrp} ${dir}/ls-R || error=1 done test $error = 0 || exit 1 @@ -15417,7 +15419,7 @@ do test $error = 0 || continue mv ${tmp} ${dir}/ls-R || error=1 test $error = 0 || continue - chown %{nobody}:%{texgrp} ${dir}/ls-R || error=1 + chgrp %{texgrp} ${dir}/ls-R || error=1 test $error = 0 || continue chmod 0664 ${dir}/ls-R || error=1 test $error = 0 || continue @@ -26878,18 +26880,18 @@ rm -f /var/run/texlive/run-update %dir %attr(1755,root,root) %{_texmfvardir}/web2c/tex %dir %attr(1755,root,root) %{_texmfvardir}/web2c/xetex %dir %attr(1755,root,root) %{_texmfcache} -%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache} -%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/pk -%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/source -%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/tfm +%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache} +%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/pk +%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/source +%dir %attr(1775,%{texusr},%{texgrp}) %verify(not mode) %{_fontcache}/tfm %dir %{_texmfvardir}/md5 %verify(link) %{_texmfmaindir}/ls-R %verify(link) %{_texmfdistdir}/ls-R -%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfconfdir}/ls-R -%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_fontcache}/ls-R -%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/ls-R -%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/dist/ls-R -%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/main/ls-R +%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfconfdir}/ls-R +%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_fontcache}/ls-R +%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/ls-R +%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/dist/ls-R +%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/main/ls-R %{_fillupdir}/sysconfig.texlive %if %{with zypper_posttrans} /var/adm/update-scripts/%{name}-%{version}-%{release}-zypper diff --git a/texlive.cron b/texlive.cron index c8030ce..b1ae031 100644 --- a/texlive.cron +++ b/texlive.cron @@ -11,7 +11,6 @@ type -f -p kpsewhich >& /dev/null || exit 0 type -f -p mktexlsr >& /dev/null || exit 0 type -f -p find >& /dev/null || exit 0 type -f -p xargs >& /dev/null || exit 0 -type -f -p setpriv >& /dev/null || exit 0 type -f -p rm >& /dev/null || exit 0 test -r /etc/sysconfig/texlive && . /etc/sysconfig/texlive @@ -24,7 +23,7 @@ if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS" ; then test -d $p/pk/ && find $p/pk/ \( -type f -and -atime +20 \) -print0 test -d $p/tfm/ && find $p/tfm/ \( -type f -and -atime +60 \) -print0 test -d $p/source/ && find $p/source/ \( -type f -and -atime +60 \) -print0 - done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -f) + done > >(exec -a xargs xargs -r -L100 -0 -- rm -f) fi if test -n "$VARTEXFONTS" ; then for p in $VARTEXFONTS ; do @@ -32,10 +31,10 @@ if test -n "$VARTEXFONTS" ; then test -d $p/tfm/ && find $p/tfm/ \( -type f -and -not -name '*.tfm' \) -print0 test -d $p/source/ && find $p/source/ \( -type f -and -not -name '*.mf' \) -print0 test -d $p/ && find $p/ \( -type f -and -path '*/[^[:alnum:]]*' \) -print0 - done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -f) + done > >(exec -a xargs xargs -r -L100 -0 -- rm -f) for p in $VARTEXFONTS ; do test -d $p/ && find $p/ -depth -type d -and -path '*/[^[:alnum:]]*' - done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -fr) + done > >(exec -a xargs xargs -r -L100 -0 -- rm -fr) fi # From dbd7350a974510a741c1c620e897eabb7901fc138de88bcb82982627b37cf9bf Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 4 Feb 2020 12:23:01 +0000 Subject: [PATCH 2/3] Use setpriv again but now for every file owner OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive-filesystem?expand=0&rev=124 --- texlive-filesystem.changes | 6 +++++ texlive.cron | 47 +++++++++++++++++++++++++------------- 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/texlive-filesystem.changes b/texlive-filesystem.changes index 7fa6986..455d980 100644 --- a/texlive-filesystem.changes +++ b/texlive-filesystem.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 4 12:20:03 UTC 2020 - Dr. Werner Fink + +- Again use setpriv but now switch to every single owner for clearing + the files of this owner (boo#1159740) + ------------------------------------------------------------------- Fri Jan 31 12:32:25 UTC 2020 - Dr. Werner Fink diff --git a/texlive.cron b/texlive.cron index b1ae031..b7a2e07 100644 --- a/texlive.cron +++ b/texlive.cron @@ -11,6 +11,8 @@ type -f -p kpsewhich >& /dev/null || exit 0 type -f -p mktexlsr >& /dev/null || exit 0 type -f -p find >& /dev/null || exit 0 type -f -p xargs >& /dev/null || exit 0 +type -f -p setpriv >& /dev/null || exit 0 +type -f -p sort >& /dev/null || exit 0 type -f -p rm >& /dev/null || exit 0 test -r /etc/sysconfig/texlive && . /etc/sysconfig/texlive @@ -18,23 +20,36 @@ OLDIFS=$IFS; IFS=':;' VARTEXFONTS="$(kpsewhich --expand-var '$VARTEXFONTS' 2> /dev/null)" IFS=$OLDIFS -if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS" ; then - for p in $VARTEXFONTS ; do - test -d $p/pk/ && find $p/pk/ \( -type f -and -atime +20 \) -print0 - test -d $p/tfm/ && find $p/tfm/ \( -type f -and -atime +60 \) -print0 - test -d $p/source/ && find $p/source/ \( -type f -and -atime +60 \) -print0 - done > >(exec -a xargs xargs -r -L100 -0 -- rm -f) +uids=$(find $VARTEXFONTS/ \( -not -type d \) -printf '%U\n' | sort -u) + +if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS" +then + for uid in ${uids[@]} + do + for p in $VARTEXFONTS + do + test -d $p/pk/ && find $p/pk/ \( -not -type d -and -atime +20 -and -uid $uid \) -print0 + test -d $p/tfm/ && find $p/tfm/ \( -not -type d -and -atime +60 -and -uid $uid \) -print0 + test -d $p/source/ && find $p/source/ \( -not -type d -and -atime +60 -and -uid $uid \) -print0 + done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid --regid mktex --init-groups rm -f) + done fi -if test -n "$VARTEXFONTS" ; then - for p in $VARTEXFONTS ; do - test -d $p/pk/ && find $p/pk/ \( -type f -and -not -name '*.*pk' \) -print0 - test -d $p/tfm/ && find $p/tfm/ \( -type f -and -not -name '*.tfm' \) -print0 - test -d $p/source/ && find $p/source/ \( -type f -and -not -name '*.mf' \) -print0 - test -d $p/ && find $p/ \( -type f -and -path '*/[^[:alnum:]]*' \) -print0 - done > >(exec -a xargs xargs -r -L100 -0 -- rm -f) - for p in $VARTEXFONTS ; do - test -d $p/ && find $p/ -depth -type d -and -path '*/[^[:alnum:]]*' - done > >(exec -a xargs xargs -r -L100 -0 -- rm -fr) +if test -n "$VARTEXFONTS" +then + for uid in ${uids[@]} + do + for p in $VARTEXFONTS + do + test -d $p/pk/ && find $p/pk/ \( -not -type d -and -not -name '*.*pk' -uid $uid \) -print0 + test -d $p/tfm/ && find $p/tfm/ \( -not -type d -and -not -name '*.tfm' -uid $uid \) -print0 + test -d $p/source/ && find $p/source/ \( -not -type d -and -not -name '*.mf' -uid $uid \) -print0 + test -d $p/ && find $p/ \( -not -type d -and -path '*/[^[:alnum:]]*' -uid $uid \) -print0 + done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid --regid mktex --init-groups rm -vf) + for p in $VARTEXFONTS + do + test -d $p/ && find $p/ -depth \( -type d -and -path '*/[^[:alnum:]]*' -and -uid $uid \) -print0 + done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid $uid --regid mktex --init-groups rm -vfr) + done fi # From 740c324db0e478ff39893c0c1138cd4585ff37e0455741d56fcbdebbe6b2d40e Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Wed, 5 Feb 2020 06:57:28 +0000 Subject: [PATCH 3/3] s/group/passwd/ OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive-filesystem?expand=0&rev=125 --- texlive-filesystem.changes | 5 +++++ texlive-filesystem.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/texlive-filesystem.changes b/texlive-filesystem.changes index 455d980..4e0456f 100644 --- a/texlive-filesystem.changes +++ b/texlive-filesystem.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 5 06:56:24 UTC 2020 - Dr. Werner Fink + +- Check passwd not group file for user mktex + ------------------------------------------------------------------- Tue Feb 4 12:20:03 UTC 2020 - Dr. Werner Fink diff --git a/texlive-filesystem.spec b/texlive-filesystem.spec index d6d4c65..fa097b7 100644 --- a/texlive-filesystem.spec +++ b/texlive-filesystem.spec @@ -15387,8 +15387,8 @@ popd %endif %pre -%{_bindir}/getent group %{texgrp} > /dev/null 2>&1 || %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp} -%{_bindir}/getent group %{texusr} > /dev/null 2>&1 || %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr} +%{_bindir}/getent group %{texgrp} > /dev/null 2>&1 || %{_sbindir}/groupadd -r %{?texgid:-g %texgid} %{texgrp} +%{_bindir}/getent passwd %{texusr} > /dev/null 2>&1 || %{_sbindir}/useradd -r %{?texuid:-u %texuid} -g %{texgrp} -d %{_fontcache} -s /bin/false %{texusr} # the ls-R file on update error=0 for dir in %{_texmfconfdir} \