rpm/filesystem
SHA256
1
0
Fork 0
forked from pool/filesystem
Code Pull Requests Activity

Accepting request 909691 from Base:System

Browse Source 
- Leave subdirectories of /srv mode 755 as the apache openqa test relies on it
  atm. Only set /srv itself to 555

- implement mkdir_p for ghost files as components may not exist
- move usrmerge conversion to %pre instead of %pretrans (boo#1188847)
- get rid of usrmerged macro usage, usrmerge is on in Factory always

- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as
  %ghost and create from lua in case mounted eg from a read-only fs
  such as NFS. Except for the latter also mark them as 0555 while we
  are at it (boo#1186894)

OBS-URL: https://build.opensuse.org/request/show/909691
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/filesystem?expand=0&rev=159
This commit is contained in:
Dominique Leuenberger 2021-08-03 20:48:31 +00:00 committed by Git OBS Bridge
commit 84c03c26d5
6 changed files with 125 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
directory.list
View File

@ -1,4 +1,3 @@
0755 root root /boot
0755 root root /dev 0755 root root /dev
0755 root root /etc 0755 root root /etc
0755 root root /etc/X11 0755 root root /etc/X11
@ -23,16 +22,10 @@
0755 root root /etc/opt 0755 root root /etc/opt
0755 root root /etc/xdg 0755 root root /etc/xdg
0755 root root /etc/xdg/autostart 0755 root root /etc/xdg/autostart
0755 root root /home
0755 root root /mnt
0755 root root /opt
0700 root root /root 0700 root root /root
0700 root root /root/.gnupg 0700 root root /root/.gnupg
0755 root root /root/bin 0755 root root /root/bin
0755 root root /run 0755 root root /run
0755 root root /srv/www
0755 root root /srv/www/cgi-bin
0755 root root /srv/www/htdocs
1777 root root /tmp 1777 root root /tmp
0755 root root /usr 0755 root root /usr
0555 root root /usr/bin 0555 root root /usr/bin
@ -69,25 +62,6 @@
0755 root root /usr/lib/tmpfiles.d 0755 root root /usr/lib/tmpfiles.d
0755 root root /usr/lib/udev 0755 root root /usr/lib/udev
0755 root root /usr/lib/udev/rules.d 0755 root root /usr/lib/udev/rules.d
0755 root root /usr/local
0755 root root /usr/local/bin
0755 root root /usr/local/include
0755 root root /usr/local/lib
0755 root root /usr/local/libexec
0755 root root /usr/local/man
0755 root root /usr/local/man/man1
0755 root root /usr/local/man/man2
0755 root root /usr/local/man/man3
0755 root root /usr/local/man/man4
0755 root root /usr/local/man/man5
0755 root root /usr/local/man/man6
0755 root root /usr/local/man/man7
0755 root root /usr/local/man/man8
0755 root root /usr/local/man/man9
0755 root root /usr/local/man/mann
0755 root root /usr/local/sbin
0755 root root /usr/local/share
0755 root root /usr/local/src
0555 root root /usr/sbin 0555 root root /usr/sbin
0555 root root /usr/share 0555 root root /usr/share
# TODO make 0555 # TODO make 0555

1
directory.list64
View File

@ -1,4 +1,3 @@
0555 root root /usr/lib64 0555 root root /usr/lib64
0555 root root /usr/lib64/pkgconfig 0555 root root /usr/lib64/pkgconfig
0755 root root /usr/lib64/browser-plugins 0755 root root /usr/lib64/browser-plugins
0755 root root /usr/local/lib64

21
filesystem.changes
View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Mon Aug 2 07:55:40 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
- Leave subdirectories of /srv mode 755 as the apache openqa test relies on it
atm. Only set /srv itself to 555
-------------------------------------------------------------------
Thu Jul 29 11:52:33 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
- implement mkdir_p for ghost files as components may not exist
- move usrmerge conversion to %pre instead of %pretrans (boo#1188847)
- get rid of usrmerged macro usage, usrmerge is on in Factory always
-------------------------------------------------------------------
Wed Jun 9 15:46:59 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as
%ghost and create from lua in case mounted eg from a read-only fs
such as NFS. Except for the latter also mark them as 0555 while we
are at it (boo#1186894)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 9 06:13:42 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> Wed Jun 9 06:13:42 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

138
filesystem.spec
View File

@ -30,10 +30,8 @@ Version: 84.87
Release: 0 Release: 0
%endif %endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?usrmerged}
# XXX libsolv never sees the rpmlib provides fulfilled # XXX libsolv never sees the rpmlib provides fulfilled
Requires(pre): (compat-usrmerge-tools or rpmlib(X-CheckUnifiedSystemdir)) Requires(pre): (compat-usrmerge-tools or rpmlib(X-CheckUnifiedSystemdir))
%endif
Requires: group(root) Requires: group(root)
Requires: user(root) Requires: user(root)
URL: https://build.opensuse.org/package/show/openSUSE:Factory/filesystem URL: https://build.opensuse.org/package/show/openSUSE:Factory/filesystem
@ -43,6 +41,7 @@ Source2: languages
Source3: ghost.list Source3: ghost.list
Source4: languages.man Source4: languages.man
Source64: directory.list64 Source64: directory.list64
Source65: ghost.list64
Source99: LICENSE.txt Source99: LICENSE.txt
%description %description
@ -53,8 +52,79 @@ the home directories of system users.
%setup -c -n filesystem -T %setup -c -n filesystem -T
cp %{SOURCE0} . cp %{SOURCE0} .
cp %{SOURCE1} . cp %{SOURCE1} .
cp %{SOURCE3} .
%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
cat %{SOURCE65} >> ghost.list
%endif
%build %build
cat > pretrans.lua <<'EOF'
os.remove ("/usr/include/X11")
os.remove ("/usr/lib/X11")
if not posix.readlink("/var/run") then
os.rename("/var/run","/var/run.rpmsave.tmpx")
end
if not posix.readlink("/var/lock") then
os.rename("/var/lock","/var/lock.rpmsave.tmpx")
end
if not posix.stat("/var/run") then
posix.symlink("/run","/var/run")
end
if not posix.stat("/var/lock") then
posix.symlink("/run/lock","/var/lock")
end
if posix.stat("/var/run.rpmsave.tmpx") then
os.execute("mv /var/run.rpmsave.tmpx/* /var/run")
os.remove("/var/run.rpmsave.tmpx")
end
if posix.stat("/var/lock.rpmsave.tmpx") then
os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock")
os.remove("/var/lock.rpmsave.tmpx")
end
local ghosts = {
EOF
#
while read MOD OWN GRP NAME ; do
[ "$OWN" = root -a "$GRP" = root ]
echo "[\"$NAME\"] = $MOD,"
done < ghost.list >> pretrans.lua
cat >> pretrans.lua <<'EOF'
}
function mkdir_p(path)
d = ''
for p in string.gmatch(path, "([^/]+)") do
d = d.."/"..p
posix.mkdir(d)
end
end
for i in pairs(ghosts) do
mkdir_p(i)
posix.chmod(i, ghosts[i])
end
EOF
#
#
cat > pre.lua <<'EOF'
needmigrate = false
local dirs = {"/bin",
"/sbin",
%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
"/lib64",
%endif
"/lib" }
for i in pairs(dirs) do
local t = posix.stat(dirs[i], "type")
if t == nil then
posix.symlink("usr"..dirs[i], dirs[i])
elseif t == "directory" then
needmigrate = true
end
end
if needmigrate then
assert(os.execute("/usr/libexec/convertfs"))
end
EOF
%install %install
function create_dir () { function create_dir () {
@ -90,7 +160,6 @@ echo "%%defattr(-,root,root)" > filesystem.list
%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64 %ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
cat %{SOURCE64} >> directory.list cat %{SOURCE64} >> directory.list
%endif %endif
%if 0%{?usrmerged}
cat >> filesystem.links << EOF cat >> filesystem.links << EOF
usr/bin /bin usr/bin /bin
usr/sbin /sbin usr/sbin /sbin
@ -99,25 +168,15 @@ usr/lib /lib
usr/lib64 /lib64 usr/lib64 /lib64
%endif %endif
EOF EOF
%else
cat >> directory.list << EOF
0555 root root /bin
0555 root root /lib
0555 root root /sbin
%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
0555 root root /lib64
%endif
EOF
%endif
cat >> directory.list <<EOF cat >> directory.list <<EOF
0755 root root %{?usrmerged:/usr}/lib/modules 0755 root root /usr/lib/modules
0755 root root %{_firmwaredir} 0755 root root %{_firmwaredir}
EOF EOF
while read MOD OWN GRP NAME ; do while read MOD OWN GRP NAME ; do
create_dir $MOD $OWN $GRP $NAME create_dir $MOD $OWN $GRP $NAME
done < directory.list done < directory.list
# ghost files next # ghost files next
cat %{SOURCE3} | while read MOD OWN GRP NAME ; do cat ghost.list | while read MOD OWN GRP NAME ; do
create_dir $MOD $OWN $GRP $NAME "%%ghost " create_dir $MOD $OWN $GRP $NAME "%%ghost "
done done
# arch specific leftovers # arch specific leftovers
@ -244,53 +303,8 @@ install -m 0644 fs-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-tmp.conf
install -m 0644 fs-var.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var.conf install -m 0644 fs-var.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var.conf
install -m 0644 fs-var-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var-tmp.conf install -m 0644 fs-var-tmp.conf $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/fs-var-tmp.conf
%pretrans -p <lua> %pretrans -p <lua> -f pretrans.lua
os.remove ("/usr/include/X11") %pre -p <lua> -f pre.lua
os.remove ("/usr/lib/X11")
if not posix.readlink("/var/run") then
os.rename("/var/run","/var/run.rpmsave.tmpx")
end
if not posix.readlink("/var/lock") then
os.rename("/var/lock","/var/lock.rpmsave.tmpx")
end
if not posix.stat("/var/run") then
posix.symlink("/run","/var/run")
end
if not posix.stat("/var/lock") then
posix.symlink("/run/lock","/var/lock")
end
if posix.stat("/var/run.rpmsave.tmpx") then
os.execute("mv /var/run.rpmsave.tmpx/* /var/run")
os.remove("/var/run.rpmsave.tmpx")
end
if posix.stat("/var/lock.rpmsave.tmpx") then
os.execute("mv /var/lock.rpmsave.tmpx/* /var/lock")
os.remove("/var/lock.rpmsave.tmpx")
end
%if 0%{?usrmerged}
needmigrate = false
local dirs = {"/bin",
"/sbin",
%ifarch s390x %sparc x86_64 ppc64 ppc aarch64 ppc64le riscv64
"/lib64",
%endif
"/lib" }
for i in pairs(dirs) do
local t = posix.stat(dirs[i], "type")
if t == nil then
posix.symlink("usr"..dirs[i], dirs[i])
elseif t == "directory" then
needmigrate = true
end
end
if needmigrate then
assert(os.execute("/usr/libexec/convertfs"))
end
%endif
posix.mkdir("/proc")
posix.chmod("/proc", 0555)
posix.mkdir("/sys")
posix.chmod("/sys", 0555)
%files -f filesystem.list %files -f filesystem.list
/usr/lib/tmpfiles.d/fs-tmp.conf /usr/lib/tmpfiles.d/fs-tmp.conf

27
ghost.list
View File

@ -1,2 +1,29 @@
0555 root root /boot
0555 root root /home
0555 root root /mnt
0555 root root /opt
0555 root root /proc 0555 root root /proc
0555 root root /srv
0755 root root /srv/www
0755 root root /srv/www/cgi-bin
0755 root root /srv/www/htdocs
0555 root root /sys 0555 root root /sys
0755 root root /usr/local
0755 root root /usr/local/bin
0755 root root /usr/local/include
0755 root root /usr/local/lib
0755 root root /usr/local/libexec
0755 root root /usr/local/man
0755 root root /usr/local/man/man1
0755 root root /usr/local/man/man2
0755 root root /usr/local/man/man3
0755 root root /usr/local/man/man4
0755 root root /usr/local/man/man5
0755 root root /usr/local/man/man6
0755 root root /usr/local/man/man7
0755 root root /usr/local/man/man8
0755 root root /usr/local/man/man9
0755 root root /usr/local/man/mann
0755 root root /usr/local/sbin
0755 root root /usr/local/share
0755 root root /usr/local/src

1
ghost.list64 Normal file
View File

@ -0,0 +1 @@
0755 root root /usr/local/lib64