SHA256
1
0
forked from pool/systemd

Accepting request 570496 from home:fbui:systemd:Factory

- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)

OBS-URL: https://build.opensuse.org/request/show/570496
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1006
This commit is contained in:
Franck Bui 2018-01-29 10:07:56 +00:00 committed by Git OBS Bridge
parent ddfb80eac1
commit fcc2b807d7
5 changed files with 167 additions and 70 deletions

View File

@ -0,0 +1,33 @@
#
# By default, /tmp doesn't use tmpfs on SUSE distros.
#
# This service is either run automatically during the firstboot (i.e.
# only once) of the system.
#
# Or it can also be (manually) started during systemd update (%post)
# only and only if tmp.mount wasn't already installed by the admin in
# /usr/lib during %pre. In this case tmp.mount should also masked.
#
# In any cases this service will never mask tmp.mount if the service
# has been created by either the admin or fstab-generator.
#
[Unit]
Description=Mask tmp.mount by default on SUSE systems
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=tmp.mount
ConditionPathIsReadWrite=/etc
ConditionPathExists=!/usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c ' \
case "$(systemctl show -pFragmentPath tmp.mount)" in \
FragmentPath=/usr/lib/systemd/system/tmp.mount) \
systemctl mask --now tmp.mount ;; \
FragmentPath=/usr/share/systemd/tmp.mount) \
ln -sf /usr/lib/systemd/system/tmp.mount /etc/systemd/system/ ;; \
esac'
ExecStartPost=/usr/bin/touch /usr/lib/systemd/system/.disable-tmpfs-for-tmp~done

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
This was done to make sure that tmpfs wouldn't be used for /tmp by
defaut in case the dir layout created by the installer did not
create a customized tmp.mount.
But it had the bad side effect to break "rpm -V systemd" and updates
of systemd via delta-RPMs.
Now instead of removing tmp.mount unit file, we mask it (still only
if no other tmp.mount would override the default one). It's the
official way to disable tmpfs on /tmp after all.
Since we cannot rely on the presence of fstab during package
installations, we introduced a service which is run once on the
first boot and which figures out if tmpfs would be used. If so it
masks the unit.
We also handle the upgrade path and make sure to preserve admin's
settings (if any).
Another advantage of this is that we will only need to remove the
introduced service the day when tmpfs will be the default for SUSE
distros.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com

View File

@ -148,6 +148,7 @@ Source7: libgcrypt.m4
Source11: after-local.service Source11: after-local.service
Source12: systemd-sysv-install Source12: systemd-sysv-install
Source14: kbd-model-map.legacy Source14: kbd-model-map.legacy
Source15: suse-disable-tmpfs-for-tmp.service
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh Source101: scripts-systemd-upgrade-from-pre-210.sh
@ -513,11 +514,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
# customized for openSUSE distros. # customized for openSUSE distros.
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/ install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
# We keep a copy of tmp.mount because it may be removed if not used # Install the service which will disable/mask tmpfs for /tmp (if
# (see %post): we want to be sure tmpfs won't be used for /tmp by # needed) on first boot.
# default on Suse distros. install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
# don't enable wall ask password service, it spams every console (bnc#747783) # don't enable wall ask password service, it spams every console (bnc#747783)
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
@ -648,12 +648,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
%find_lang systemd %find_lang systemd
# Build of installation images uses a hard coded list of packages with
# a %pre that needs to be run during the build. systemd is one of them
# so keep the section even if it's empty.
%pre %pre
# Build of installation images uses an hard coded list of some if [ $1 -gt 1 ] ; then
# packages with a %pre that needs to be run during the # Check if tmp.mount has been restored by either the admin or
# build. Unfortunately, systemd in one of them. To make thing simpler # was added at package installation. In both cases do nothing
# we use a %pre section even if it is not needed. # and prevent the service to be executed during %post for the
exit 0 # former case.
if test -e %{_unitdir}/tmp.mount; then
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
fi
fi
%post %post
# Make /etc/machine-id an empty file during package installation. On # Make /etc/machine-id an empty file during package installation. On
@ -695,16 +702,6 @@ if [ $1 -eq 1 ]; then
%endif %endif
fi >/dev/null fi >/dev/null
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
# make sure it wont be activated since it's the default for Suse
# distros. This unit can be pulled (implicitely) in various ways
# (private /tmp, etc..) and it's required by the basic.target
# explicitly since v220.
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
enabled) ;;
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
esac
# v228 wrongly set world writable suid root permissions on timestamp # v228 wrongly set world writable suid root permissions on timestamp
# files used by permanent timers. Fix the timestamps that might have # files used by permanent timers. Fix the timestamps that might have
# been created by the affected versions of systemd (bsc#1020601). # been created by the affected versions of systemd (bsc#1020601).
@ -720,6 +717,7 @@ done
# This includes all hacks needed when upgrading from SysV. # This includes all hacks needed when upgrading from SysV.
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || : %{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
if [ $1 -gt 1 ]; then
# Convert /var/lib/machines subvolume to make it suitable for # Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed # rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time. # to create it at installation time.
@ -735,8 +733,14 @@ done
# is still created at the wrong place due to the call to # is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there # tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues. # shouldn't be any issues.
if [ $1 -gt 1 ]; then
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || : %{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
# Should we mask tmpfs ? If tmp.mount was already installed in
# /usr/lib then this is a nop as sysadmin restored the unit
# most likely to use tmpfs (see %pre) otherwise mask the mount
# unit unless it's overriden by a tmp.mount unit installed
# either by sysadmin or fstab-generator.
systemctl start suse-disable-tmpfs-for-tmp.service || :
fi fi
%postun %postun

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
This was done to make sure that tmpfs wouldn't be used for /tmp by
defaut in case the dir layout created by the installer did not
create a customized tmp.mount.
But it had the bad side effect to break "rpm -V systemd" and updates
of systemd via delta-RPMs.
Now instead of removing tmp.mount unit file, we mask it (still only
if no other tmp.mount would override the default one). It's the
official way to disable tmpfs on /tmp after all.
Since we cannot rely on the presence of fstab during package
installations, we introduced a service which is run once on the
first boot and which figures out if tmpfs would be used. If so it
masks the unit.
We also handle the upgrade path and make sure to preserve admin's
settings (if any).
Another advantage of this is that we will only need to remove the
introduced service the day when tmpfs will be the default for SUSE
distros.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com

View File

@ -146,6 +146,7 @@ Source7: libgcrypt.m4
Source11: after-local.service Source11: after-local.service
Source12: systemd-sysv-install Source12: systemd-sysv-install
Source14: kbd-model-map.legacy Source14: kbd-model-map.legacy
Source15: suse-disable-tmpfs-for-tmp.service
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
Source101: scripts-systemd-upgrade-from-pre-210.sh Source101: scripts-systemd-upgrade-from-pre-210.sh
@ -511,11 +512,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
# customized for openSUSE distros. # customized for openSUSE distros.
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/ install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
# We keep a copy of tmp.mount because it may be removed if not used # Install the service which will disable/mask tmpfs for /tmp (if
# (see %post): we want to be sure tmpfs won't be used for /tmp by # needed) on first boot.
# default on Suse distros. install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
# don't enable wall ask password service, it spams every console (bnc#747783) # don't enable wall ask password service, it spams every console (bnc#747783)
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
@ -646,12 +646,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
%find_lang systemd %find_lang systemd
# Build of installation images uses a hard coded list of packages with
# a %pre that needs to be run during the build. systemd is one of them
# so keep the section even if it's empty.
%pre %pre
# Build of installation images uses an hard coded list of some if [ $1 -gt 1 ] ; then
# packages with a %pre that needs to be run during the # Check if tmp.mount has been restored by either the admin or
# build. Unfortunately, systemd in one of them. To make thing simpler # was added at package installation. In both cases do nothing
# we use a %pre section even if it is not needed. # and prevent the service to be executed during %post for the
exit 0 # former case.
if test -e %{_unitdir}/tmp.mount; then
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
fi
fi
%post %post
# Make /etc/machine-id an empty file during package installation. On # Make /etc/machine-id an empty file during package installation. On
@ -693,16 +700,6 @@ if [ $1 -eq 1 ]; then
%endif %endif
fi >/dev/null fi >/dev/null
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
# make sure it wont be activated since it's the default for Suse
# distros. This unit can be pulled (implicitely) in various ways
# (private /tmp, etc..) and it's required by the basic.target
# explicitly since v220.
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
enabled) ;;
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
esac
# v228 wrongly set world writable suid root permissions on timestamp # v228 wrongly set world writable suid root permissions on timestamp
# files used by permanent timers. Fix the timestamps that might have # files used by permanent timers. Fix the timestamps that might have
# been created by the affected versions of systemd (bsc#1020601). # been created by the affected versions of systemd (bsc#1020601).
@ -718,6 +715,7 @@ done
# This includes all hacks needed when upgrading from SysV. # This includes all hacks needed when upgrading from SysV.
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || : %{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
if [ $1 -gt 1 ]; then
# Convert /var/lib/machines subvolume to make it suitable for # Convert /var/lib/machines subvolume to make it suitable for
# rollbacks, if needed. See bsc#992573. The installer has been fixed # rollbacks, if needed. See bsc#992573. The installer has been fixed
# to create it at installation time. # to create it at installation time.
@ -733,8 +731,14 @@ done
# is still created at the wrong place due to the call to # is still created at the wrong place due to the call to
# tmpfiles_create macro previously however it's empty so there # tmpfiles_create macro previously however it's empty so there
# shouldn't be any issues. # shouldn't be any issues.
if [ $1 -gt 1 ]; then
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || : %{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
# Should we mask tmpfs ? If tmp.mount was already installed in
# /usr/lib then this is a nop as sysadmin restored the unit
# most likely to use tmpfs (see %pre) otherwise mask the mount
# unit unless it's overriden by a tmp.mount unit installed
# either by sysadmin or fstab-generator.
systemctl start suse-disable-tmpfs-for-tmp.service || :
fi fi
%postun %postun