From c1bab9bb4db790618dc9ad3ecf449c7d6d58278c124ec351eda4d28b31c0c849 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Fri, 9 Jul 2021 11:44:38 +0000
Subject: [PATCH 1/3] Accepting request 898848 from home:lnussel:usrmove

- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as
  %ghost and create from lua in case mounted eg from a read-only fs
  such as NFS. Except for the latter also mark them as 0555 while we
  are at it (boo#1186894)

OBS-URL: https://build.opensuse.org/request/show/898848
OBS-URL: https://build.opensuse.org/package/show/Base:System/filesystem?expand=0&rev=209
---
 directory.list     |  26 -----------
 directory.list64   |   1 -
 filesystem.changes |   8 ++++
 filesystem.spec    | 111 +++++++++++++++++++++++++--------------------
 ghost.list         |  26 +++++++++++
 ghost.list64       |   1 +
 6 files changed, 98 insertions(+), 75 deletions(-)
 create mode 100644 ghost.list64

diff --git a/directory.list b/directory.list
index fd308d7..011a1b5 100644
--- a/directory.list
+++ b/directory.list
@@ -1,4 +1,3 @@
-0755 root root /boot
 0755 root root /dev
 0755 root root /etc
 0755 root root /etc/X11
@@ -23,16 +22,10 @@
 0755 root root /etc/opt
 0755 root root /etc/xdg
 0755 root root /etc/xdg/autostart
-0755 root root /home
-0755 root root /mnt
-0755 root root /opt
 0700 root root /root
 0700 root root /root/.gnupg
 0755 root root /root/bin
 0755 root root /run
-0755 root root /srv/www
-0755 root root /srv/www/cgi-bin
-0755 root root /srv/www/htdocs
 1777 root root /tmp
 0755 root root /usr
 0555 root root /usr/bin
@@ -69,25 +62,6 @@
 0755 root root /usr/lib/tmpfiles.d
 0755 root root /usr/lib/udev
 0755 root root /usr/lib/udev/rules.d
-0755 root root /usr/local
-0755 root root /usr/local/bin
-0755 root root /usr/local/include
-0755 root root /usr/local/lib
-0755 root root /usr/local/libexec
-0755 root root /usr/local/man
-0755 root root /usr/local/man/man1
-0755 root root /usr/local/man/man2
-0755 root root /usr/local/man/man3
-0755 root root /usr/local/man/man4
-0755 root root /usr/local/man/man5
-0755 root root /usr/local/man/man6
-0755 root root /usr/local/man/man7
-0755 root root /usr/local/man/man8
-0755 root root /usr/local/man/man9
-0755 root root /usr/local/man/mann
-0755 root root /usr/local/sbin
-0755 root root /usr/local/share
-0755 root root /usr/local/src
 0555 root root /usr/sbin
 0555 root root /usr/share
 # TODO make 0555
diff --git a/directory.list64 b/directory.list64
index 35a202c..65ad82d 100644
--- a/directory.list64
+++ b/directory.list64
@@ -1,4 +1,3 @@
 0555 root root /usr/lib64
 0555 root root /usr/lib64/pkgconfig
 0755 root root /usr/lib64/browser-plugins
-0755 root root /usr/local/lib64
diff --git a/filesystem.changes b/filesystem.changes
index cc2b613..e87e44d 100644
--- a/filesystem.changes
+++ b/filesystem.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jun  9 15:46:59 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as
+  %ghost and create from lua in case mounted eg from a read-only fs
+  such as NFS. Except for the latter also mark them as 0555 while we
+  are at it (boo#1186894)
+
 -------------------------------------------------------------------
 Wed Jun  9 06:13:42 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/filesystem.spec b/filesystem.spec
index ab9efc3..c71bbe7 100644
--- a/filesystem.spec
+++ b/filesystem.spec
@@ -43,6 +43,7 @@ Source2:        languages
 Source3:        ghost.list
 Source4:        languages.man
 Source64:       directory.list64
+Source65:       ghost.list64
 Source99:       LICENSE.txt
 
 %description
@@ -53,8 +54,68 @@ the home directories of system users.
 %setup -c -n filesystem -T
 cp %{SOURCE0} .
 cp %{SOURCE1} .
+cp %{SOURCE3} .
+%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
+cat %{SOURCE65} >> ghost.list
+%endif
 
 %build
+cat > pretrans.lua <<'EOF'
+os.remove ("/usr/include/X11")
+os.remove ("/usr/lib/X11")
+if not posix.readlink("/var/run") then
+   os.rename("/var/run","/var/run.rpmsave.tmpx")
+end
+if not posix.readlink("/var/lock") then
+   os.rename("/var/lock","/var/lock.rpmsave.tmpx")
+end
+if not posix.stat("/var/run") then
+  posix.symlink("/run","/var/run")
+end
+if not posix.stat("/var/lock") then
+  posix.symlink("/run/lock","/var/lock")
+end
+if posix.stat("/var/run.rpmsave.tmpx") then
+  os.execute("mv /var/run.rpmsave.tmpx/* /var/run")
+  os.remove("/var/run.rpmsave.tmpx")
+end
+if posix.stat("/var/lock.rpmsave.tmpx") then
+  os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock")
+  os.remove("/var/lock.rpmsave.tmpx")
+end
+%if 0%{?usrmerged}
+needmigrate = false
+local dirs = {"/bin",
+  "/sbin",
+%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
+  "/lib64",
+%endif
+  "/lib" }
+for i in pairs(dirs) do
+  local t = posix.stat(dirs[i], "type")
+  if t == nil then
+    posix.symlink("usr"..dirs[i], dirs[i])
+  elseif t == "directory" then
+    needmigrate = true
+  end
+end
+if needmigrate then
+    assert(os.execute("/usr/libexec/convertfs"))
+end
+%endif
+local ghosts = {
+EOF
+while read MOD OWN GRP NAME ; do
+	[ "$OWN" = root -a "$GRP" = root ]
+	echo "[\"$NAME\"] = $MOD,"
+done < ghost.list >> pretrans.lua 
+cat >> pretrans.lua <<'EOF'
+}
+for i in pairs(ghosts) do
+  posix.mkdir(i)
+  posix.chmod(i, ghosts[i])
+end
+EOF
 
 %install
 function create_dir () {
@@ -117,7 +178,7 @@ while read MOD OWN GRP NAME ; do
     create_dir $MOD $OWN $GRP $NAME
 done < directory.list
 # ghost files next
-cat %{SOURCE3} | while read MOD OWN GRP NAME ; do
+cat ghost.list | while read MOD OWN GRP NAME ; do
     create_dir $MOD $OWN $GRP $NAME "%%ghost "
 done
 # arch specific leftovers
@@ -244,53 +305,7 @@ install -m 0644  fs-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-tmp.conf
 install -m 0644  fs-var.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var.conf
 install -m 0644  fs-var-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var-tmp.conf
 
-%pretrans -p <lua>
-os.remove ("/usr/include/X11")
-os.remove ("/usr/lib/X11")
-if not posix.readlink("/var/run") then
-   os.rename("/var/run","/var/run.rpmsave.tmpx")
-end
-if not posix.readlink("/var/lock") then
-   os.rename("/var/lock","/var/lock.rpmsave.tmpx")
-end
-if not posix.stat("/var/run") then
-  posix.symlink("/run","/var/run")
-end
-if not posix.stat("/var/lock") then
-  posix.symlink("/run/lock","/var/lock")
-end
-if posix.stat("/var/run.rpmsave.tmpx") then
-  os.execute("mv /var/run.rpmsave.tmpx/* /var/run")
-  os.remove("/var/run.rpmsave.tmpx")
-end
-if posix.stat("/var/lock.rpmsave.tmpx") then
-  os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock")
-  os.remove("/var/lock.rpmsave.tmpx")
-end
-%if 0%{?usrmerged}
-needmigrate = false
-local dirs = {"/bin",
-  "/sbin",
-%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
-  "/lib64",
-%endif
-  "/lib" }
-for i in pairs(dirs) do
-  local t = posix.stat(dirs[i], "type")
-  if t == nil then
-    posix.symlink("usr"..dirs[i], dirs[i])
-  elseif t == "directory" then
-    needmigrate = true
-  end
-end
-if needmigrate then
-    assert(os.execute("/usr/libexec/convertfs"))
-end
-%endif
-posix.mkdir("/proc")
-posix.chmod("/proc", 0555)
-posix.mkdir("/sys")
-posix.chmod("/sys", 0555)
+%pretrans -p <lua> -f pretrans.lua
 
 %files -f filesystem.list
 /usr/lib/tmpfiles.d/fs-tmp.conf
diff --git a/ghost.list b/ghost.list
index 6770cde..af5145b 100644
--- a/ghost.list
+++ b/ghost.list
@@ -1,2 +1,28 @@
+0555 root root /boot
+0555 root root /home
+0555 root root /mnt
+0555 root root /opt
 0555 root root /proc
+0555 root root /srv/www
+0555 root root /srv/www/cgi-bin
+0555 root root /srv/www/htdocs
 0555 root root /sys
+0755 root root /usr/local
+0755 root root /usr/local/bin
+0755 root root /usr/local/include
+0755 root root /usr/local/lib
+0755 root root /usr/local/libexec
+0755 root root /usr/local/man
+0755 root root /usr/local/man/man1
+0755 root root /usr/local/man/man2
+0755 root root /usr/local/man/man3
+0755 root root /usr/local/man/man4
+0755 root root /usr/local/man/man5
+0755 root root /usr/local/man/man6
+0755 root root /usr/local/man/man7
+0755 root root /usr/local/man/man8
+0755 root root /usr/local/man/man9
+0755 root root /usr/local/man/mann
+0755 root root /usr/local/sbin
+0755 root root /usr/local/share
+0755 root root /usr/local/src
diff --git a/ghost.list64 b/ghost.list64
new file mode 100644
index 0000000..0741d2e
--- /dev/null
+++ b/ghost.list64
@@ -0,0 +1 @@
+0755 root root /usr/local/lib64

From 2897da1e4822df74bb99f5bf49f9cd2341077e3c6a29b30c86cb9369c4a0a5ab Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Fri, 30 Jul 2021 07:45:30 +0000
Subject: [PATCH 2/3] Accepting request 909203 from home:lnussel:usrmove

- implement mkdir_p for ghost files as components may not exist
- move usrmerge conversion to %pre instead of %pretrans (boo#1188847)
- get rid of usrmerged macro usage, usrmerge is on in Factory always

OBS-URL: https://build.opensuse.org/request/show/909203
OBS-URL: https://build.opensuse.org/package/show/Base:System/filesystem?expand=0&rev=210
---
 filesystem.changes |  7 ++++++
 filesystem.spec    | 55 +++++++++++++++++++++++-----------------------
 2 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/filesystem.changes b/filesystem.changes
index e87e44d..5159888 100644
--- a/filesystem.changes
+++ b/filesystem.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jul 29 11:52:33 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- implement mkdir_p for ghost files as components may not exist
+- move usrmerge conversion to %pre instead of %pretrans (boo#1188847)
+- get rid of usrmerged macro usage, usrmerge is on in Factory always
+
 -------------------------------------------------------------------
 Wed Jun  9 15:46:59 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 
diff --git a/filesystem.spec b/filesystem.spec
index c71bbe7..05d83c9 100644
--- a/filesystem.spec
+++ b/filesystem.spec
@@ -30,10 +30,8 @@ Version:        84.87
 Release:        0
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if 0%{?usrmerged}
 # XXX libsolv never sees the rpmlib provides fulfilled
 Requires(pre):  (compat-usrmerge-tools or rpmlib(X-CheckUnifiedSystemdir))
-%endif
 Requires:       group(root)
 Requires:       user(root)
 URL:            https://build.opensuse.org/package/show/openSUSE:Factory/filesystem
@@ -83,7 +81,31 @@ if posix.stat("/var/lock.rpmsave.tmpx") then
   os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock")
   os.remove("/var/lock.rpmsave.tmpx")
 end
-%if 0%{?usrmerged}
+
+local ghosts = {
+EOF
+#
+while read MOD OWN GRP NAME ; do
+	[ "$OWN" = root -a "$GRP" = root ]
+	echo "[\"$NAME\"] = $MOD,"
+done < ghost.list >> pretrans.lua 
+cat >> pretrans.lua <<'EOF'
+}
+function mkdir_p(path)
+    d = ''
+    for p in string.gmatch(path, "([^/]+)") do
+	d = d.."/"..p
+	posix.mkdir(d)
+    end
+end
+for i in pairs(ghosts) do
+  mkdir_p(i)
+  posix.chmod(i, ghosts[i])
+end
+EOF
+#
+#
+cat > pre.lua <<'EOF'
 needmigrate = false
 local dirs = {"/bin",
   "/sbin",
@@ -102,19 +124,6 @@ end
 if needmigrate then
     assert(os.execute("/usr/libexec/convertfs"))
 end
-%endif
-local ghosts = {
-EOF
-while read MOD OWN GRP NAME ; do
-	[ "$OWN" = root -a "$GRP" = root ]
-	echo "[\"$NAME\"] = $MOD,"
-done < ghost.list >> pretrans.lua 
-cat >> pretrans.lua <<'EOF'
-}
-for i in pairs(ghosts) do
-  posix.mkdir(i)
-  posix.chmod(i, ghosts[i])
-end
 EOF
 
 %install
@@ -151,7 +160,6 @@ echo "%%defattr(-,root,root)" > filesystem.list
 %ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
 cat %{SOURCE64} >> directory.list
 %endif
-%if 0%{?usrmerged}
 cat >> filesystem.links << EOF
 usr/bin   /bin
 usr/sbin  /sbin
@@ -160,18 +168,8 @@ usr/lib   /lib
 usr/lib64 /lib64
 %endif
 EOF
-%else
-cat >> directory.list << EOF
-0555 root root /bin
-0555 root root /lib
-0555 root root /sbin
-%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
-0555 root root /lib64
-%endif
-EOF
-%endif
 cat >> directory.list <<EOF
-0755 root root %{?usrmerged:/usr}/lib/modules
+0755 root root /usr/lib/modules
 0755 root root %{_firmwaredir}
 EOF
 while read MOD OWN GRP NAME ; do
@@ -306,6 +304,7 @@ install -m 0644  fs-var.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var.conf
 install -m 0644  fs-var-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var-tmp.conf
 
 %pretrans -p <lua> -f pretrans.lua
+%pre -p <lua> -f pre.lua
 
 %files -f filesystem.list
 /usr/lib/tmpfiles.d/fs-tmp.conf

From a8aa60dcd8e6fd7e3b7448aa97a954ad221394cb7b96ddcdea3c36d6188cc468 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <lnussel@suse.com>
Date: Mon, 2 Aug 2021 07:56:59 +0000
Subject: [PATCH 3/3] - Leave subdirectories of /srv mode 755 as the apache
 openqa test relies on it   atm. Only set /srv itself to 555

OBS-URL: https://build.opensuse.org/package/show/Base:System/filesystem?expand=0&rev=211
---
 filesystem.changes | 6 ++++++
 ghost.list         | 7 ++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/filesystem.changes b/filesystem.changes
index 5159888..f3db083 100644
--- a/filesystem.changes
+++ b/filesystem.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Aug  2 07:55:40 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- Leave subdirectories of /srv mode 755 as the apache openqa test relies on it
+  atm. Only set /srv itself to 555
+
 -------------------------------------------------------------------
 Thu Jul 29 11:52:33 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
 
diff --git a/ghost.list b/ghost.list
index af5145b..042c31e 100644
--- a/ghost.list
+++ b/ghost.list
@@ -3,9 +3,10 @@
 0555 root root /mnt
 0555 root root /opt
 0555 root root /proc
-0555 root root /srv/www
-0555 root root /srv/www/cgi-bin
-0555 root root /srv/www/htdocs
+0555 root root /srv
+0755 root root /srv/www
+0755 root root /srv/www/cgi-bin
+0755 root root /srv/www/htdocs
 0555 root root /sys
 0755 root root /usr/local
 0755 root root /usr/local/bin