forked from pool/systemd
Accepting request 452442 from home:fbui:systemd:Factory
- Don't ship ldconfig.service anymore This service was introduced to support stateless systems that support offline /usr updates properly. AFAIK we don't support any such system for now, so disable it. If it's wrong it's easy enough to restore it back. Related to bsc#1019470. - Be more consistent with indentation (*no* functional changes) Indentation should use 8 spaces now (no tabs). - Import commit 2559bc0c076b58f0a649056e79ca90fe5f1d556c 9c4a759ab systemctl: 'show' don't exit with a failure status if the requested property does not exist [SUSE] (bsc#1021062) f9194193b systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266) 2a6653335 rule: don't automatically online standby memory on s390x (bsc#997682) - Fix permission set on /var/lib/systemd/linger/* Those files are created by logind which run with umask(0022), so they are not world writable and shouldn't be affected by bsc#1020601. But it's cleaner to not let files forever with their setuid bit set for no good reason. - Fix permissions set on permanent timer timestamp files (bsc#1020601) (CVE-2016-10156) This change makes sure to fix the permissions of the timestamp files which could have been created by an affected version of systemd. Local unprivileged users could have run arbitrary code as root if systemd previously created world writable suid root files such as permanent timer stamp files. OBS-URL: https://build.opensuse.org/request/show/452442 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=967
This commit is contained in:
parent
fc9cb37b75
commit
4994b8e166
@ -1,3 +1,3 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:a0f63b20f91eeed656a9d2bf9ad453cd7cfbb786663714b9b17886624f5ea69c
|
oid sha256:cc6ee1dab9013b879e3ae500b79875651c4462e23a9b9fbeab06597828ee00a3
|
||||||
size 3211060
|
size 3211676
|
||||||
|
@ -1,3 +1,54 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 15:37:23 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't ship ldconfig.service anymore
|
||||||
|
|
||||||
|
This service was introduced to support stateless systems that
|
||||||
|
support offline /usr updates properly.
|
||||||
|
|
||||||
|
AFAIK we don't support any such system for now, so disable it. If
|
||||||
|
it's wrong it's easy enough to restore it back.
|
||||||
|
|
||||||
|
Related to bsc#1019470.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 15:17:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Be more consistent with indentation (*no* functional changes)
|
||||||
|
|
||||||
|
Indentation should use 8 spaces now (no tabs).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:38:59 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Import commit 2559bc0c076b58f0a649056e79ca90fe5f1d556c
|
||||||
|
|
||||||
|
9c4a759ab systemctl: 'show' don't exit with a failure status if the requested property does not exist [SUSE] (bsc#1021062)
|
||||||
|
f9194193b systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266)
|
||||||
|
2a6653335 rule: don't automatically online standby memory on s390x (bsc#997682)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:36:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Fix permission set on /var/lib/systemd/linger/*
|
||||||
|
|
||||||
|
Those files are created by logind which run with umask(0022), so
|
||||||
|
they are not world writable and shouldn't be affected by
|
||||||
|
bsc#1020601. But it's cleaner to not let files forever with their
|
||||||
|
setuid bit set for no good reason.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:33:04 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Fix permissions set on permanent timer timestamp files (bsc#1020601) (CVE-2016-10156)
|
||||||
|
|
||||||
|
This change makes sure to fix the permissions of the timestamp files
|
||||||
|
which could have been created by an affected version of systemd.
|
||||||
|
|
||||||
|
Local unprivileged users could have run arbitrary code as root if
|
||||||
|
systemd previously created world writable suid root files such as
|
||||||
|
permanent timer stamp files.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com
|
Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
@ -423,43 +423,44 @@ systemd_cryptsetup_LDFLAGS =\\\
|
|||||||
|
|
||||||
# keep split-usr until all packages have moved their systemd rules to /usr
|
# keep split-usr until all packages have moved their systemd rules to /usr
|
||||||
%configure \
|
%configure \
|
||||||
--docdir=%{_docdir}/systemd \
|
--docdir=%{_docdir}/systemd \
|
||||||
--with-pamlibdir=/%{_lib}/security \
|
--with-pamlibdir=/%{_lib}/security \
|
||||||
--with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \
|
--with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \
|
||||||
--with-dbussessionservicedir=%{_datadir}/dbus-1/services \
|
--with-dbussessionservicedir=%{_datadir}/dbus-1/services \
|
||||||
--with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \
|
--with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \
|
||||||
--with-certificate-root=%{_sysconfdir}/pki/systemd \
|
--with-certificate-root=%{_sysconfdir}/pki/systemd \
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
--disable-myhostname \
|
--disable-myhostname \
|
||||||
--disable-manpages \
|
--disable-manpages \
|
||||||
%endif
|
%endif
|
||||||
--enable-selinux \
|
--enable-selinux \
|
||||||
--enable-split-usr \
|
--enable-split-usr \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--disable-lto \
|
--disable-lto \
|
||||||
--disable-tests \
|
--disable-tests \
|
||||||
--without-kill-user-processes \
|
--without-kill-user-processes \
|
||||||
--with-rc-local-script-path-start=/etc/init.d/boot.local \
|
--with-rc-local-script-path-start=/etc/init.d/boot.local \
|
||||||
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
|
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
|
||||||
--with-debug-shell=/bin/bash \
|
--with-debug-shell=/bin/bash \
|
||||||
--disable-smack \
|
--disable-smack \
|
||||||
--disable-ima \
|
--disable-ima \
|
||||||
--disable-adm-group \
|
--disable-adm-group \
|
||||||
--disable-wheel-group \
|
--disable-wheel-group \
|
||||||
|
--disable-ldconfig \
|
||||||
%if %{without networkd}
|
%if %{without networkd}
|
||||||
--disable-networkd \
|
--disable-networkd \
|
||||||
%endif
|
%endif
|
||||||
%if %{without machined}
|
%if %{without machined}
|
||||||
--disable-machined \
|
--disable-machined \
|
||||||
%endif
|
%endif
|
||||||
%if %{without sysvcompat}
|
%if %{without sysvcompat}
|
||||||
--with-sysvinit-path= \
|
--with-sysvinit-path= \
|
||||||
--with-sysvrcnd-path= \
|
--with-sysvrcnd-path= \
|
||||||
%endif
|
%endif
|
||||||
%if %{without resolved}
|
%if %{without resolved}
|
||||||
--disable-resolved \
|
--disable-resolved \
|
||||||
%endif
|
%endif
|
||||||
--disable-kdbus
|
--disable-kdbus
|
||||||
|
|
||||||
make %{?_smp_mflags} V=e
|
make %{?_smp_mflags} V=e
|
||||||
|
|
||||||
@ -663,24 +664,24 @@ systemctl daemon-reexec || :
|
|||||||
|
|
||||||
# Try to read default runlevel from the old inittab if it exists
|
# Try to read default runlevel from the old inittab if it exists
|
||||||
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
|
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
|
||||||
runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
|
runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
|
||||||
if [ -n "$runlevel" ] ; then
|
if [ -n "$runlevel" ] ; then
|
||||||
ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || :
|
ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || :
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create default config in /etc at first install.
|
# Create default config in /etc at first install.
|
||||||
# Later package updates should not overwrite these settings.
|
# Later package updates should not overwrite these settings.
|
||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
# Enable systemd services according to the distro defaults.
|
# Enable systemd services according to the distro defaults.
|
||||||
# Note: systemctl might abort prematurely if it fails on one
|
# Note: systemctl might abort prematurely if it fails on one
|
||||||
# unit.
|
# unit.
|
||||||
systemctl preset remote-fs.target || :
|
systemctl preset remote-fs.target || :
|
||||||
systemctl preset getty@.service || :
|
systemctl preset getty@.service || :
|
||||||
systemctl preset systemd-networkd.service || :
|
systemctl preset systemd-networkd.service || :
|
||||||
systemctl preset systemd-networkd-wait-online.service || :
|
systemctl preset systemd-networkd-wait-online.service || :
|
||||||
systemctl preset systemd-timesyncd.service || :
|
systemctl preset systemd-timesyncd.service || :
|
||||||
systemctl preset systemd-resolved.service || :
|
systemctl preset systemd-resolved.service || :
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# since v207 /etc/sysctl.conf is no longer parsed, however
|
# since v207 /etc/sysctl.conf is no longer parsed, however
|
||||||
@ -691,8 +692,8 @@ fi
|
|||||||
|
|
||||||
# migrate any symlink which may refer to the old path
|
# migrate any symlink which may refer to the old path
|
||||||
for f in $(find /etc/systemd/system -type l -xtype l); do
|
for f in $(find /etc/systemd/system -type l -xtype l); do
|
||||||
new_target="/usr$(readlink $f)"
|
new_target="/usr$(readlink $f)"
|
||||||
[ -f "$new_target" ] && ln -s -f $new_target $f || :
|
[ -f "$new_target" ] && ln -s -f $new_target $f || :
|
||||||
done
|
done
|
||||||
|
|
||||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
||||||
@ -705,6 +706,18 @@ enabled) ;;
|
|||||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# Same for user lingering created by logind.
|
||||||
|
for username in $(ls /var/lib/systemd/linger/* 2>/dev/null); do
|
||||||
|
chmod 0644 $username
|
||||||
|
done
|
||||||
|
|
||||||
|
# v228 wrongly set world writable suid root permissions on timestamp
|
||||||
|
# files used by permanent timers. Fix the timestamps that might have
|
||||||
|
# been created by the affected versions of systemd (bsc#1020601).
|
||||||
|
for stamp in $(ls /var/lib/systemd/timers/stamp-*.timer 2>/dev/null); do
|
||||||
|
chmod 0644 $stamp
|
||||||
|
done
|
||||||
|
|
||||||
# Convert /var/lib/machines subvolume to make it suitable for
|
# Convert /var/lib/machines subvolume to make it suitable for
|
||||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||||
# to create it at installation time.
|
# to create it at installation time.
|
||||||
@ -733,35 +746,36 @@ if [ $1 -ge 1 ]; then
|
|||||||
fi
|
fi
|
||||||
%if ! 0%{?bootstrap}
|
%if ! 0%{?bootstrap}
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
pam-config -d --systemd || :
|
pam-config -d --systemd || :
|
||||||
fi
|
fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
systemctl disable remote-fs.target || :
|
systemctl disable remote-fs.target || :
|
||||||
systemctl disable getty@.service || :
|
systemctl disable getty@.service || :
|
||||||
systemctl disable systemd-networkd.service || :
|
systemctl disable systemd-networkd.service || :
|
||||||
systemctl disable systemd-networkd-wait-online.service || :
|
systemctl disable systemd-networkd-wait-online.service || :
|
||||||
systemctl disable systemd-timesyncd.service || :
|
systemctl disable systemd-timesyncd.service || :
|
||||||
systemctl disable systemd-resolved.service || :
|
systemctl disable systemd-resolved.service || :
|
||||||
|
|
||||||
rm -f /etc/systemd/system/default.target
|
rm -f /etc/systemd/system/default.target
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
%pretrans -n udev%{?mini} -p <lua>
|
%pretrans -n udev%{?mini} -p <lua>
|
||||||
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
||||||
posix.symlink("/lib/udev", "/usr/lib/udev")
|
posix.symlink("/lib/udev", "/usr/lib/udev")
|
||||||
end
|
end
|
||||||
|
|
||||||
%pre -n udev%{?mini}
|
%pre -n udev%{?mini}
|
||||||
%regenerate_initrd_post
|
%regenerate_initrd_post
|
||||||
|
|
||||||
if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then
|
if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then
|
||||||
rm /usr/lib/udev
|
rm /usr/lib/udev
|
||||||
mv /lib/udev /usr/lib
|
mv /lib/udev /usr/lib
|
||||||
ln -s /usr/lib/udev /lib/udev
|
ln -s /usr/lib/udev /lib/udev
|
||||||
elif [ ! -e /lib/udev ]; then
|
elif [ ! -e /lib/udev ]; then
|
||||||
ln -s /usr/lib/udev /lib/udev
|
ln -s /usr/lib/udev /lib/udev
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create "tape"/"input" group which is referenced by some udev rules
|
# Create "tape"/"input" group which is referenced by some udev rules
|
||||||
@ -806,8 +820,8 @@ systemctl daemon-reload || :
|
|||||||
%post logger
|
%post logger
|
||||||
systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || :
|
systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || :
|
||||||
if [ "$1" -eq 1 ]; then
|
if [ "$1" -eq 1 ]; then
|
||||||
# tell journal to start logging on disk if directory didn't exist before
|
# tell journal to start logging on disk if directory didn't exist before
|
||||||
systemctl --no-block restart systemd-journal-flush.service >/dev/null || :
|
systemctl --no-block restart systemd-journal-flush.service >/dev/null || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post -n nss-myhostname -p /sbin/ldconfig
|
%post -n nss-myhostname -p /sbin/ldconfig
|
||||||
|
@ -1,3 +1,54 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 15:37:23 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't ship ldconfig.service anymore
|
||||||
|
|
||||||
|
This service was introduced to support stateless systems that
|
||||||
|
support offline /usr updates properly.
|
||||||
|
|
||||||
|
AFAIK we don't support any such system for now, so disable it. If
|
||||||
|
it's wrong it's easy enough to restore it back.
|
||||||
|
|
||||||
|
Related to bsc#1019470.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 15:17:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Be more consistent with indentation (*no* functional changes)
|
||||||
|
|
||||||
|
Indentation should use 8 spaces now (no tabs).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:38:59 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Import commit 2559bc0c076b58f0a649056e79ca90fe5f1d556c
|
||||||
|
|
||||||
|
9c4a759ab systemctl: 'show' don't exit with a failure status if the requested property does not exist [SUSE] (bsc#1021062)
|
||||||
|
f9194193b systemctl: remove duplicate entries showed by list-dependencies (#5049) (bsc#1012266)
|
||||||
|
2a6653335 rule: don't automatically online standby memory on s390x (bsc#997682)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:36:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Fix permission set on /var/lib/systemd/linger/*
|
||||||
|
|
||||||
|
Those files are created by logind which run with umask(0022), so
|
||||||
|
they are not world writable and shouldn't be affected by
|
||||||
|
bsc#1020601. But it's cleaner to not let files forever with their
|
||||||
|
setuid bit set for no good reason.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 25 14:33:04 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Fix permissions set on permanent timer timestamp files (bsc#1020601) (CVE-2016-10156)
|
||||||
|
|
||||||
|
This change makes sure to fix the permissions of the timestamp files
|
||||||
|
which could have been created by an affected version of systemd.
|
||||||
|
|
||||||
|
Local unprivileged users could have run arbitrary code as root if
|
||||||
|
systemd previously created world writable suid root files such as
|
||||||
|
permanent timer stamp files.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com
|
Tue Jan 10 10:54:20 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
130
systemd.spec
130
systemd.spec
@ -421,43 +421,44 @@ systemd_cryptsetup_LDFLAGS =\\\
|
|||||||
|
|
||||||
# keep split-usr until all packages have moved their systemd rules to /usr
|
# keep split-usr until all packages have moved their systemd rules to /usr
|
||||||
%configure \
|
%configure \
|
||||||
--docdir=%{_docdir}/systemd \
|
--docdir=%{_docdir}/systemd \
|
||||||
--with-pamlibdir=/%{_lib}/security \
|
--with-pamlibdir=/%{_lib}/security \
|
||||||
--with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \
|
--with-dbuspolicydir=%{_sysconfdir}/dbus-1/system.d \
|
||||||
--with-dbussessionservicedir=%{_datadir}/dbus-1/services \
|
--with-dbussessionservicedir=%{_datadir}/dbus-1/services \
|
||||||
--with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \
|
--with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \
|
||||||
--with-certificate-root=%{_sysconfdir}/pki/systemd \
|
--with-certificate-root=%{_sysconfdir}/pki/systemd \
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
--disable-myhostname \
|
--disable-myhostname \
|
||||||
--disable-manpages \
|
--disable-manpages \
|
||||||
%endif
|
%endif
|
||||||
--enable-selinux \
|
--enable-selinux \
|
||||||
--enable-split-usr \
|
--enable-split-usr \
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--disable-lto \
|
--disable-lto \
|
||||||
--disable-tests \
|
--disable-tests \
|
||||||
--without-kill-user-processes \
|
--without-kill-user-processes \
|
||||||
--with-rc-local-script-path-start=/etc/init.d/boot.local \
|
--with-rc-local-script-path-start=/etc/init.d/boot.local \
|
||||||
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
|
--with-rc-local-script-path-stop=/etc/init.d/halt.local \
|
||||||
--with-debug-shell=/bin/bash \
|
--with-debug-shell=/bin/bash \
|
||||||
--disable-smack \
|
--disable-smack \
|
||||||
--disable-ima \
|
--disable-ima \
|
||||||
--disable-adm-group \
|
--disable-adm-group \
|
||||||
--disable-wheel-group \
|
--disable-wheel-group \
|
||||||
|
--disable-ldconfig \
|
||||||
%if %{without networkd}
|
%if %{without networkd}
|
||||||
--disable-networkd \
|
--disable-networkd \
|
||||||
%endif
|
%endif
|
||||||
%if %{without machined}
|
%if %{without machined}
|
||||||
--disable-machined \
|
--disable-machined \
|
||||||
%endif
|
%endif
|
||||||
%if %{without sysvcompat}
|
%if %{without sysvcompat}
|
||||||
--with-sysvinit-path= \
|
--with-sysvinit-path= \
|
||||||
--with-sysvrcnd-path= \
|
--with-sysvrcnd-path= \
|
||||||
%endif
|
%endif
|
||||||
%if %{without resolved}
|
%if %{without resolved}
|
||||||
--disable-resolved \
|
--disable-resolved \
|
||||||
%endif
|
%endif
|
||||||
--disable-kdbus
|
--disable-kdbus
|
||||||
|
|
||||||
make %{?_smp_mflags} V=e
|
make %{?_smp_mflags} V=e
|
||||||
|
|
||||||
@ -661,24 +662,24 @@ systemctl daemon-reexec || :
|
|||||||
|
|
||||||
# Try to read default runlevel from the old inittab if it exists
|
# Try to read default runlevel from the old inittab if it exists
|
||||||
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
|
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
|
||||||
runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
|
runlevel=$(awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
|
||||||
if [ -n "$runlevel" ] ; then
|
if [ -n "$runlevel" ] ; then
|
||||||
ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || :
|
ln -sf /usr/lib/systemd/system/runlevel$runlevel.target /etc/systemd/system/default.target || :
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create default config in /etc at first install.
|
# Create default config in /etc at first install.
|
||||||
# Later package updates should not overwrite these settings.
|
# Later package updates should not overwrite these settings.
|
||||||
if [ $1 -eq 1 ]; then
|
if [ $1 -eq 1 ]; then
|
||||||
# Enable systemd services according to the distro defaults.
|
# Enable systemd services according to the distro defaults.
|
||||||
# Note: systemctl might abort prematurely if it fails on one
|
# Note: systemctl might abort prematurely if it fails on one
|
||||||
# unit.
|
# unit.
|
||||||
systemctl preset remote-fs.target || :
|
systemctl preset remote-fs.target || :
|
||||||
systemctl preset getty@.service || :
|
systemctl preset getty@.service || :
|
||||||
systemctl preset systemd-networkd.service || :
|
systemctl preset systemd-networkd.service || :
|
||||||
systemctl preset systemd-networkd-wait-online.service || :
|
systemctl preset systemd-networkd-wait-online.service || :
|
||||||
systemctl preset systemd-timesyncd.service || :
|
systemctl preset systemd-timesyncd.service || :
|
||||||
systemctl preset systemd-resolved.service || :
|
systemctl preset systemd-resolved.service || :
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# since v207 /etc/sysctl.conf is no longer parsed, however
|
# since v207 /etc/sysctl.conf is no longer parsed, however
|
||||||
@ -689,8 +690,8 @@ fi
|
|||||||
|
|
||||||
# migrate any symlink which may refer to the old path
|
# migrate any symlink which may refer to the old path
|
||||||
for f in $(find /etc/systemd/system -type l -xtype l); do
|
for f in $(find /etc/systemd/system -type l -xtype l); do
|
||||||
new_target="/usr$(readlink $f)"
|
new_target="/usr$(readlink $f)"
|
||||||
[ -f "$new_target" ] && ln -s -f $new_target $f || :
|
[ -f "$new_target" ] && ln -s -f $new_target $f || :
|
||||||
done
|
done
|
||||||
|
|
||||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
||||||
@ -703,6 +704,18 @@ enabled) ;;
|
|||||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
# Same for user lingering created by logind.
|
||||||
|
for username in $(ls /var/lib/systemd/linger/* 2>/dev/null); do
|
||||||
|
chmod 0644 $username
|
||||||
|
done
|
||||||
|
|
||||||
|
# v228 wrongly set world writable suid root permissions on timestamp
|
||||||
|
# files used by permanent timers. Fix the timestamps that might have
|
||||||
|
# been created by the affected versions of systemd (bsc#1020601).
|
||||||
|
for stamp in $(ls /var/lib/systemd/timers/stamp-*.timer 2>/dev/null); do
|
||||||
|
chmod 0644 $stamp
|
||||||
|
done
|
||||||
|
|
||||||
# Convert /var/lib/machines subvolume to make it suitable for
|
# Convert /var/lib/machines subvolume to make it suitable for
|
||||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||||
# to create it at installation time.
|
# to create it at installation time.
|
||||||
@ -731,35 +744,36 @@ if [ $1 -ge 1 ]; then
|
|||||||
fi
|
fi
|
||||||
%if ! 0%{?bootstrap}
|
%if ! 0%{?bootstrap}
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
pam-config -d --systemd || :
|
pam-config -d --systemd || :
|
||||||
fi
|
fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 -eq 0 ]; then
|
if [ $1 -eq 0 ]; then
|
||||||
systemctl disable remote-fs.target || :
|
systemctl disable remote-fs.target || :
|
||||||
systemctl disable getty@.service || :
|
systemctl disable getty@.service || :
|
||||||
systemctl disable systemd-networkd.service || :
|
systemctl disable systemd-networkd.service || :
|
||||||
systemctl disable systemd-networkd-wait-online.service || :
|
systemctl disable systemd-networkd-wait-online.service || :
|
||||||
systemctl disable systemd-timesyncd.service || :
|
systemctl disable systemd-timesyncd.service || :
|
||||||
systemctl disable systemd-resolved.service || :
|
systemctl disable systemd-resolved.service || :
|
||||||
|
|
||||||
rm -f /etc/systemd/system/default.target
|
rm -f /etc/systemd/system/default.target
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
%pretrans -n udev%{?mini} -p <lua>
|
%pretrans -n udev%{?mini} -p <lua>
|
||||||
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
if posix.stat("/lib/udev") and not posix.stat("/usr/lib/udev") then
|
||||||
posix.symlink("/lib/udev", "/usr/lib/udev")
|
posix.symlink("/lib/udev", "/usr/lib/udev")
|
||||||
end
|
end
|
||||||
|
|
||||||
%pre -n udev%{?mini}
|
%pre -n udev%{?mini}
|
||||||
%regenerate_initrd_post
|
%regenerate_initrd_post
|
||||||
|
|
||||||
if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then
|
if test -L /usr/lib/udev -a /lib/udev -ef /usr/lib/udev ; then
|
||||||
rm /usr/lib/udev
|
rm /usr/lib/udev
|
||||||
mv /lib/udev /usr/lib
|
mv /lib/udev /usr/lib
|
||||||
ln -s /usr/lib/udev /lib/udev
|
ln -s /usr/lib/udev /lib/udev
|
||||||
elif [ ! -e /lib/udev ]; then
|
elif [ ! -e /lib/udev ]; then
|
||||||
ln -s /usr/lib/udev /lib/udev
|
ln -s /usr/lib/udev /lib/udev
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create "tape"/"input" group which is referenced by some udev rules
|
# Create "tape"/"input" group which is referenced by some udev rules
|
||||||
@ -804,8 +818,8 @@ systemctl daemon-reload || :
|
|||||||
%post logger
|
%post logger
|
||||||
systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || :
|
systemd-tmpfiles --create --prefix=%{_localstatedir}/log/journal/ || :
|
||||||
if [ "$1" -eq 1 ]; then
|
if [ "$1" -eq 1 ]; then
|
||||||
# tell journal to start logging on disk if directory didn't exist before
|
# tell journal to start logging on disk if directory didn't exist before
|
||||||
systemctl --no-block restart systemd-journal-flush.service >/dev/null || :
|
systemctl --no-block restart systemd-journal-flush.service >/dev/null || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post -n nss-myhostname -p /sbin/ldconfig
|
%post -n nss-myhostname -p /sbin/ldconfig
|
||||||
|
Loading…
Reference in New Issue
Block a user