forked from pool/systemd
Accepting request 574512 from home:fbui:systemd:Factory
- Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224) - Don't build seccomp support in the mini package OBS-URL: https://build.opensuse.org/request/show/574512 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1010
This commit is contained in:
parent
3a769c401e
commit
dc9b88ddb3
@ -1,33 +0,0 @@
|
|||||||
#
|
|
||||||
# By default, /tmp doesn't use tmpfs on SUSE distros.
|
|
||||||
#
|
|
||||||
# This service is either run automatically during the firstboot (i.e.
|
|
||||||
# only once) of the system.
|
|
||||||
#
|
|
||||||
# Or it can also be (manually) started during systemd update (%post)
|
|
||||||
# only and only if tmp.mount wasn't already installed by the admin in
|
|
||||||
# /usr/lib during %pre. In this case tmp.mount should also masked.
|
|
||||||
#
|
|
||||||
# In any cases this service will never mask tmp.mount if the service
|
|
||||||
# has been created by either the admin or fstab-generator.
|
|
||||||
#
|
|
||||||
[Unit]
|
|
||||||
Description=Mask tmp.mount by default on SUSE systems
|
|
||||||
DefaultDependencies=no
|
|
||||||
Conflicts=shutdown.target
|
|
||||||
After=systemd-remount-fs.service
|
|
||||||
Before=tmp.mount
|
|
||||||
ConditionPathIsReadWrite=/etc
|
|
||||||
ConditionPathExists=!/usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStart=/bin/sh -c ' \
|
|
||||||
case "$(systemctl show -pFragmentPath tmp.mount)" in \
|
|
||||||
FragmentPath=/usr/lib/systemd/system/tmp.mount) \
|
|
||||||
systemctl mask --now tmp.mount ;; \
|
|
||||||
FragmentPath=/usr/share/systemd/tmp.mount) \
|
|
||||||
ln -sf /usr/lib/systemd/system/tmp.mount /etc/systemd/system/ ;; \
|
|
||||||
esac'
|
|
||||||
ExecStartPost=/usr/bin/touch /usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
|
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 9 07:59:56 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224)
|
||||||
|
|
||||||
|
The previous fix couldn't work on platforms using a RO
|
||||||
|
rootfs. Therefore we don't ship /usr/lib/systemd/system/tmp.mnt but
|
||||||
|
we still ship a copy in /var.
|
||||||
|
|
||||||
|
Users who want to use tmpfs on /tmp are supposed to add a symlink in
|
||||||
|
/etc/ pointing to the copy shipped in /var.
|
||||||
|
|
||||||
|
To support the update path we automatically create the symlink if
|
||||||
|
tmp.mount in use is located in /usr.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 6 16:11:40 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't build seccomp support in the mini package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 6 15:12:42 UTC 2018 - fbui@suse.com
|
Tue Feb 6 15:12:42 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
@ -70,6 +70,9 @@ BuildRequires: pkgconfig(liblz4)
|
|||||||
BuildRequires: pkgconfig(liblzma)
|
BuildRequires: pkgconfig(liblzma)
|
||||||
BuildRequires: pkgconfig(libqrencode)
|
BuildRequires: pkgconfig(libqrencode)
|
||||||
BuildRequires: pkgconfig(libselinux) >= 2.1.9
|
BuildRequires: pkgconfig(libselinux) >= 2.1.9
|
||||||
|
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
|
||||||
|
BuildRequires: pkgconfig(libseccomp) >= 2.3.1
|
||||||
|
%endif
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: gperf
|
BuildRequires: gperf
|
||||||
@ -97,9 +100,6 @@ BuildRequires: pkgconfig(zlib)
|
|||||||
BuildRequires: pkgconfig(libcurl)
|
BuildRequires: pkgconfig(libcurl)
|
||||||
BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33
|
BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33
|
||||||
%endif
|
%endif
|
||||||
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
|
|
||||||
BuildRequires: pkgconfig(libseccomp) >= 2.3.1
|
|
||||||
%endif
|
|
||||||
%if %{with gnuefi}
|
%if %{with gnuefi}
|
||||||
BuildRequires: gnu-efi
|
BuildRequires: gnu-efi
|
||||||
%endif
|
%endif
|
||||||
@ -146,7 +146,6 @@ Source6: baselibs.conf
|
|||||||
Source11: after-local.service
|
Source11: after-local.service
|
||||||
Source12: systemd-sysv-install
|
Source12: systemd-sysv-install
|
||||||
Source14: kbd-model-map.legacy
|
Source14: kbd-model-map.legacy
|
||||||
Source15: suse-disable-tmpfs-for-tmp.service
|
|
||||||
|
|
||||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||||
@ -421,6 +420,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
-Drc-local=/etc/init.d/boot.local \
|
-Drc-local=/etc/init.d/boot.local \
|
||||||
-Dhalt-local=/etc/init.d/halt.local \
|
-Dhalt-local=/etc/init.d/halt.local \
|
||||||
-Ddebug-shell=/bin/bash \
|
-Ddebug-shell=/bin/bash \
|
||||||
|
-Dseccomp=auto \
|
||||||
-Dselinux=auto \
|
-Dselinux=auto \
|
||||||
-Dapparmor=auto \
|
-Dapparmor=auto \
|
||||||
-Dsmack=false \
|
-Dsmack=false \
|
||||||
@ -499,10 +499,11 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
|||||||
# customized for openSUSE distros.
|
# customized for openSUSE distros.
|
||||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||||
|
|
||||||
# Install the service which will disable/mask tmpfs for /tmp (if
|
# Remove tmp.mount from the unit search path as /tmp doesn't use tmpfs
|
||||||
# needed) on first boot.
|
# by default on SUSE distros. We still keep a copy in /var for those
|
||||||
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
# who want to switch to tmpfs: it's still can be copied in /etc.
|
||||||
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
||||||
|
mv %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
||||||
|
|
||||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||||
@ -634,13 +635,10 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
|||||||
# so keep the section even if it's empty.
|
# so keep the section even if it's empty.
|
||||||
%pre
|
%pre
|
||||||
if [ $1 -gt 1 ] ; then
|
if [ $1 -gt 1 ] ; then
|
||||||
# Check if tmp.mount has been restored by either the admin or
|
case "$(systemctl show -pFragmentPath tmp.mount)" in
|
||||||
# was added at package installation. In both cases do nothing
|
FragmentPath=/usr/lib/systemd/system/tmp.mount)
|
||||||
# and prevent the service to be executed during %post for the
|
ln -sf %{_datadir}/systemd/tmp.mount /etc/systemd/system/ || :
|
||||||
# former case.
|
esac
|
||||||
if test -e %{_unitdir}/tmp.mount; then
|
|
||||||
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -715,13 +713,6 @@ if [ $1 -gt 1 ]; then
|
|||||||
# tmpfiles_create macro previously however it's empty so there
|
# tmpfiles_create macro previously however it's empty so there
|
||||||
# shouldn't be any issues.
|
# shouldn't be any issues.
|
||||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||||
|
|
||||||
# Should we mask tmpfs ? If tmp.mount was already installed in
|
|
||||||
# /usr/lib then this is a nop as sysadmin restored the unit
|
|
||||||
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
|
||||||
# unit unless it's overriden by a tmp.mount unit installed
|
|
||||||
# either by sysadmin or fstab-generator.
|
|
||||||
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
|
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 9 07:59:56 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't ship /usr/lib/systemd/system/tmp.mnt at all (bsc#1071224)
|
||||||
|
|
||||||
|
The previous fix couldn't work on platforms using a RO
|
||||||
|
rootfs. Therefore we don't ship /usr/lib/systemd/system/tmp.mnt but
|
||||||
|
we still ship a copy in /var.
|
||||||
|
|
||||||
|
Users who want to use tmpfs on /tmp are supposed to add a symlink in
|
||||||
|
/etc/ pointing to the copy shipped in /var.
|
||||||
|
|
||||||
|
To support the update path we automatically create the symlink if
|
||||||
|
tmp.mount in use is located in /usr.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 6 16:11:40 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Don't build seccomp support in the mini package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 6 15:12:42 UTC 2018 - fbui@suse.com
|
Tue Feb 6 15:12:42 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
35
systemd.spec
35
systemd.spec
@ -68,6 +68,9 @@ BuildRequires: pkgconfig(liblz4)
|
|||||||
BuildRequires: pkgconfig(liblzma)
|
BuildRequires: pkgconfig(liblzma)
|
||||||
BuildRequires: pkgconfig(libqrencode)
|
BuildRequires: pkgconfig(libqrencode)
|
||||||
BuildRequires: pkgconfig(libselinux) >= 2.1.9
|
BuildRequires: pkgconfig(libselinux) >= 2.1.9
|
||||||
|
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
|
||||||
|
BuildRequires: pkgconfig(libseccomp) >= 2.3.1
|
||||||
|
%endif
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: gperf
|
BuildRequires: gperf
|
||||||
@ -95,9 +98,6 @@ BuildRequires: pkgconfig(zlib)
|
|||||||
BuildRequires: pkgconfig(libcurl)
|
BuildRequires: pkgconfig(libcurl)
|
||||||
BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33
|
BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33
|
||||||
%endif
|
%endif
|
||||||
%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x
|
|
||||||
BuildRequires: pkgconfig(libseccomp) >= 2.3.1
|
|
||||||
%endif
|
|
||||||
%if %{with gnuefi}
|
%if %{with gnuefi}
|
||||||
BuildRequires: gnu-efi
|
BuildRequires: gnu-efi
|
||||||
%endif
|
%endif
|
||||||
@ -144,7 +144,6 @@ Source6: baselibs.conf
|
|||||||
Source11: after-local.service
|
Source11: after-local.service
|
||||||
Source12: systemd-sysv-install
|
Source12: systemd-sysv-install
|
||||||
Source14: kbd-model-map.legacy
|
Source14: kbd-model-map.legacy
|
||||||
Source15: suse-disable-tmpfs-for-tmp.service
|
|
||||||
|
|
||||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||||
@ -419,6 +418,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
-Drc-local=/etc/init.d/boot.local \
|
-Drc-local=/etc/init.d/boot.local \
|
||||||
-Dhalt-local=/etc/init.d/halt.local \
|
-Dhalt-local=/etc/init.d/halt.local \
|
||||||
-Ddebug-shell=/bin/bash \
|
-Ddebug-shell=/bin/bash \
|
||||||
|
-Dseccomp=auto \
|
||||||
-Dselinux=auto \
|
-Dselinux=auto \
|
||||||
-Dapparmor=auto \
|
-Dapparmor=auto \
|
||||||
-Dsmack=false \
|
-Dsmack=false \
|
||||||
@ -497,10 +497,11 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
|||||||
# customized for openSUSE distros.
|
# customized for openSUSE distros.
|
||||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||||
|
|
||||||
# Install the service which will disable/mask tmpfs for /tmp (if
|
# Remove tmp.mount from the unit search path as /tmp doesn't use tmpfs
|
||||||
# needed) on first boot.
|
# by default on SUSE distros. We still keep a copy in /var for those
|
||||||
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
# who want to switch to tmpfs: it's still can be copied in /etc.
|
||||||
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
||||||
|
mv %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
||||||
|
|
||||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||||
@ -632,13 +633,10 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
|||||||
# so keep the section even if it's empty.
|
# so keep the section even if it's empty.
|
||||||
%pre
|
%pre
|
||||||
if [ $1 -gt 1 ] ; then
|
if [ $1 -gt 1 ] ; then
|
||||||
# Check if tmp.mount has been restored by either the admin or
|
case "$(systemctl show -pFragmentPath tmp.mount)" in
|
||||||
# was added at package installation. In both cases do nothing
|
FragmentPath=/usr/lib/systemd/system/tmp.mount)
|
||||||
# and prevent the service to be executed during %post for the
|
ln -sf %{_datadir}/systemd/tmp.mount /etc/systemd/system/ || :
|
||||||
# former case.
|
esac
|
||||||
if test -e %{_unitdir}/tmp.mount; then
|
|
||||||
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -713,13 +711,6 @@ if [ $1 -gt 1 ]; then
|
|||||||
# tmpfiles_create macro previously however it's empty so there
|
# tmpfiles_create macro previously however it's empty so there
|
||||||
# shouldn't be any issues.
|
# shouldn't be any issues.
|
||||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||||
|
|
||||||
# Should we mask tmpfs ? If tmp.mount was already installed in
|
|
||||||
# /usr/lib then this is a nop as sysadmin restored the unit
|
|
||||||
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
|
||||||
# unit unless it's overriden by a tmp.mount unit installed
|
|
||||||
# either by sysadmin or fstab-generator.
|
|
||||||
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
|
Loading…
Reference in New Issue
Block a user