From 8fd32a3697b2f1506abc22af71f210a0121297a0fd542c708034d5c4c4873dee Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Wed, 10 Jan 2018 21:22:38 +0000 Subject: [PATCH 1/5] Accepting request 563443 from home:eeich:branches:network:cluster - Fix conman for non-root user: * create rundir * create logdir * set user/group only when set to non-root * fix rundir and logdir in config file on update. OBS-URL: https://build.opensuse.org/request/show/563443 OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=19 --- conman.changes | 9 +++++++++ conman.spec | 40 ++++++++++++++++++++++++++++++++++------ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/conman.changes b/conman.changes index e43b8f1..9eb8a34 100644 --- a/conman.changes +++ b/conman.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com + +- Fix conman for non-root user: + * create rundir + * create logdir + * set user/group only when set to non-root + * fix rundir and logdir in config file on update. + ------------------------------------------------------------------- Thu Nov 23 13:54:08 UTC 2017 - rbrown@suse.com diff --git a/conman.spec b/conman.spec index 1980cb9..fbc8315 100644 --- a/conman.spec +++ b/conman.spec @@ -1,7 +1,7 @@ # # spec file for package conman # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ %if 0%{?have_systemd} %if 0%{?sle_version} >= 150000 || 0%{?is_opensuse} + %define conmandir conman/ %define conman_g %name %define conman_u %name %else @@ -130,14 +131,21 @@ for i in $(find %{buildroot}/usr/lib/conman) ; do fi fi done + +%if 0%{?conmandir:1} +mkdir -p %{buildroot}%{_tmpfilesdir} +cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf < /dev/null; then cat <> %{buildroot}/etc/conman.conf SERVER keepalive=ON -SERVER logdir="/var/log/conman" -SERVER logfile="/var/log/conman.log" +SERVER logdir="/var/log/%{conmandir}" +SERVER logfile="/var/log/%{conmandir}conman.log" SERVER loopback=ON -SERVER pidfile="/var/run/conman.pid" -SERVER resetcmd="powerman -0 %N; sleep 3; powerman -1 %N" +SERVER pidfile="/var/run/%{conmandir}conman.pid" SERVER tcpwrappers=ON SERVER timestamp=1h GLOBAL seropts="115200,8n1" @@ -149,10 +157,12 @@ fi %if 0%{?have_systemd} %pre %service_add_pre conman.service -%define conman_home "%_localstatedir%_rundir/conman" +%if 0%{?conmandir:1} +%define conman_home "%_localstatedir%_rundir/%conmandir" %define conman_descr "Connection Manager service" getent group %conman_g >/dev/null || groupadd -r %conman_g getent passwd %conman_u >/dev/null || useradd -r -g %conman_g -d %conman_home -s /bin/false -c %conman_descr %conman_u +%endif exit 0 %endif @@ -166,7 +176,21 @@ exit 0 %post %fillup_only conman %if 0%{?have_systemd} +%{?tmpfiles_create:%{tmpfiles_create %{_tmpfilesdir}/%{name}.conf}} %service_add_post conman.service +if [ $1 -eq 2 ]; then + tmpfile=$(mktemp /tmp/tmp-XXXX) + sed -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{conmandir}\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{conmandir}conman.log\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{conmandir}conman.pid\"@" \ + < /etc/conman.conf > $tmpfile + if ! cmp /etc/conman.conf $tmpfile; then + mv $tmpfile /etc/conman.conf + chown %conman_u:%conman_g /etc/conman.conf + else + rm $tmpfile + fi +fi %endif %postun @@ -189,6 +213,10 @@ exit 0 %doc THANKS %config(noreplace) %attr(-,%conman_u,%conman_g) %{_sysconfdir}/conman.conf %config(noreplace) %{_sysconfdir}/logrotate.d/conman +%if 0%{?conmandir:1} +%dir %attr(-,%conman_u,%conman_g) %{_localstatedir}/log/conman +%{_tmpfilesdir}/%{name}.conf +%endif %{_fillupdir}/sysconfig.conman %{_bindir}/* %{_sbindir}/* From 19e3b46f49bcdbba1cf2035ff04e73da49ed2c2bd950218bad948d5794598e19 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Thu, 11 Jan 2018 15:30:21 +0000 Subject: [PATCH 2/5] Accepting request 563618 from home:eeich:branches:network:cluster - Added an update message if configuration was changed automatically. OBS-URL: https://build.opensuse.org/request/show/563618 OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=20 --- conman.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/conman.spec b/conman.spec index fbc8315..c8da9bb 100644 --- a/conman.spec +++ b/conman.spec @@ -187,6 +187,11 @@ if [ $1 -eq 2 ]; then if ! cmp /etc/conman.conf $tmpfile; then mv $tmpfile /etc/conman.conf chown %conman_u:%conman_g /etc/conman.conf + cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt < Date: Thu, 15 Feb 2018 16:49:10 +0000 Subject: [PATCH 3/5] * fix rundir and logdir in config file on update (boo#1081217). (FATE#324170). OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=21 --- conman.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conman.changes b/conman.changes index 9eb8a34..16f82ec 100644 --- a/conman.changes +++ b/conman.changes @@ -5,7 +5,7 @@ Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com * create rundir * create logdir * set user/group only when set to non-root - * fix rundir and logdir in config file on update. + * fix rundir and logdir in config file on update (boo#1081217). ------------------------------------------------------------------- Thu Nov 23 13:54:08 UTC 2017 - rbrown@suse.com @@ -38,6 +38,7 @@ Fri Oct 6 13:59:27 UTC 2017 - eich@suse.com * Fixed UDS console resource leak of pathname during config processing. * Fixed all gcc, clang, and Coverity Scan warnings. * Improved scalability of daemon. + (FATE#324170). ------------------------------------------------------------------- Mon Aug 14 13:42:48 UTC 2017 - eich@suse.com From 03841e12c507658cfff11c28c152f38ada5e3d828483f512872d3e109c7bbe05 Mon Sep 17 00:00:00 2001 From: Egbert Eich Date: Fri, 16 Feb 2018 23:47:46 +0000 Subject: [PATCH 4/5] Accepting request 577502 from home:eeich:branches:network:cluster - Add the conman user to the group of the ttyS* devices (boo#1081217). OBS-URL: https://build.opensuse.org/request/show/577502 OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=22 --- conman.changes | 6 ++++++ conman.spec | 45 +++++++++++++++++++++++++++++---------------- 2 files changed, 35 insertions(+), 16 deletions(-) diff --git a/conman.changes b/conman.changes index 16f82ec..db551c3 100644 --- a/conman.changes +++ b/conman.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Feb 16 13:15:00 UTC 2018 - eich@suse.com + +- Add the conman user to the group of the ttyS* devices + (boo#1081217). + ------------------------------------------------------------------- Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com diff --git a/conman.spec b/conman.spec index c8da9bb..417d543 100644 --- a/conman.spec +++ b/conman.spec @@ -137,7 +137,7 @@ mkdir -p %{buildroot}%{_tmpfilesdir} cat >> %{buildroot}%{_tmpfilesdir}/%{name}.conf < /dev/null; then cat <> %{buildroot}/etc/conman.conf @@ -160,8 +160,17 @@ fi %if 0%{?conmandir:1} %define conman_home "%_localstatedir%_rundir/%conmandir" %define conman_descr "Connection Manager service" -getent group %conman_g >/dev/null || groupadd -r %conman_g -getent passwd %conman_u >/dev/null || useradd -r -g %conman_g -d %conman_home -s /bin/false -c %conman_descr %conman_u +shopt -s nullglob +for i in /dev/ttyS[0-9] /dev/ttyS[1-9][0-9] +do TTYS_GRP=$(stat --format="%G" $i); break +done +addgrp=0; addusr=0 +getent group %conman_g >/dev/null || addgrp=1 +[ $addgrp -eq 1 ] && groupadd -r %conman_g +getent passwd %conman_u >/dev/null || addusr=1 +[ $addusr -eq 1 ] && useradd -r -g %conman_g ${TTYS_GRP:+-G $TTYS_GRP} \ + -d %conman_home -s /bin/false -c %conman_descr %conman_u +[ $addgrp -eq 1 -a $addusr -eq 1 ] && touch %_tmppath/conman_userudate %endif exit 0 %endif @@ -178,23 +187,27 @@ exit 0 %if 0%{?have_systemd} %{?tmpfiles_create:%{tmpfiles_create %{_tmpfilesdir}/%{name}.conf}} %service_add_post conman.service -if [ $1 -eq 2 ]; then - tmpfile=$(mktemp /tmp/tmp-XXXX) - sed -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{conmandir}\"@" \ - -e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{conmandir}conman.log\"@" \ - -e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{conmandir}conman.pid\"@" \ - < /etc/conman.conf > $tmpfile - if ! cmp /etc/conman.conf $tmpfile; then - mv $tmpfile /etc/conman.conf - chown %conman_u:%conman_g /etc/conman.conf - cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt < $tmpfile + if ! cmp /etc/conman.conf $tmpfile; then + mv $tmpfile /etc/conman.conf + chown %conman_u:%conman_g /etc/conman.conf + cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt < Date: Sat, 17 Feb 2018 11:05:48 +0000 Subject: [PATCH 5/5] Accepting request 577586 from home:eeich:branches:network:cluster - Only update config file for new user once, save backup copy. OBS-URL: https://build.opensuse.org/request/show/577586 OBS-URL: https://build.opensuse.org/package/show/network:cluster/conman?expand=0&rev=23 --- conman.changes | 2 ++ conman.spec | 36 +++++++++++++++++++----------------- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/conman.changes b/conman.changes index db551c3..81d85e4 100644 --- a/conman.changes +++ b/conman.changes @@ -3,6 +3,8 @@ Fri Feb 16 13:15:00 UTC 2018 - eich@suse.com - Add the conman user to the group of the ttyS* devices (boo#1081217). +- Only update config file for new user once, save backup + copy. ------------------------------------------------------------------- Wed Jan 10 19:27:27 UTC 2018 - eich@suse.com diff --git a/conman.spec b/conman.spec index 417d543..64ef5bd 100644 --- a/conman.spec +++ b/conman.spec @@ -168,9 +168,9 @@ addgrp=0; addusr=0 getent group %conman_g >/dev/null || addgrp=1 [ $addgrp -eq 1 ] && groupadd -r %conman_g getent passwd %conman_u >/dev/null || addusr=1 -[ $addusr -eq 1 ] && useradd -r -g %conman_g ${TTYS_GRP:+-G $TTYS_GRP} \ - -d %conman_home -s /bin/false -c %conman_descr %conman_u -[ $addgrp -eq 1 -a $addusr -eq 1 ] && touch %_tmppath/conman_userudate +[ $addusr -eq 1 ] && useradd -r -g %conman_g -d %conman_home \ + -s /bin/false -c %conman_descr %conman_u +[ -n "$TTYS_GRP" ] && usermod -a -G $TTYS_GRP %conman_u %endif exit 0 %endif @@ -183,36 +183,38 @@ exit 0 %endif %post +%define migrated conman_user_migrated %fillup_only conman %if 0%{?have_systemd} %{?tmpfiles_create:%{tmpfiles_create %{_tmpfilesdir}/%{name}.conf}} %service_add_post conman.service -if [ -e %_tmppath/conman_userudate ] -then - rm %_tmppath/conman_userudate - if [ $1 -eq 2 ]; then - tmpfile=$(mktemp /tmp/tmp-XXXX) - sed -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{conmandir}\"@" \ - -e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{conmandir}conman.log\"@" \ - -e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{conmandir}conman.pid\"@" \ - < /etc/conman.conf > $tmpfile - if ! cmp /etc/conman.conf $tmpfile; then +[ -d %_localstatedir/lib/conman ] || mkdir %_localstatedir/lib/conman || : +if [ $1 -eq 2 -a ! -e %_localstatedir/lib/conman/%migrated ]; then + tmpfile=$(mktemp /tmp/tmp-XXXX) + sed -e "s@^\(server\)\|\(SERVER\) \+logdir=.*@SERVER logdir=\"/var/log/%{conmandir}\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+logfile=.*@SERVER logfile=\"/var/log/%{conmandir}conman.log\"@" \ + -e "s@^\(server\)\|\(SERVER\) \+pidfile=.*@SERVER pidfile=\"/var/run/%{conmandir}conman.pid\"@" \ + < /etc/conman.conf > $tmpfile + if ! cmp /etc/conman.conf $tmpfile; then + mv /etc/conman.conf /etc/conman.conf.rpmsave mv $tmpfile /etc/conman.conf chown %conman_u:%conman_g /etc/conman.conf cat > %_localstatedir/adm/update-messages/%{name}-%{version}-%{release}-%{name}.txt <