From 57e89f22288d2de7f68a128d881fb5f0e2c3788f18fd553bc8867b7f83ddcad8 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Fri, 10 Jan 2020 13:22:59 +0000
Subject: [PATCH] bsc#1159740 and bsc#1158910

OBS-URL: https://build.opensuse.org/package/show/Publishing:TeXLive/texlive-filesystem?expand=0&rev=115
---
 texlive-filesystem.changes |  8 +++++
 texlive-filesystem.spec    | 64 +++++++++++++++++++++-----------------
 texlive.cron               |  7 +++--
 3 files changed, 47 insertions(+), 32 deletions(-)

diff --git a/texlive-filesystem.changes b/texlive-filesystem.changes
index bb579a9..b9b9f8c 100644
--- a/texlive-filesystem.changes
+++ b/texlive-filesystem.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jan 10 12:35:50 UTC 2020 - Dr. Werner Fink <werner@suse.de>
+
+- Set default user for ls-R files and font cache directories
+  to user nobody (bsc#1159740) 
+- Use setpriv to switch to nobody:mktex before clearing
+  font cache directories (bsc#1158910)
+
 -------------------------------------------------------------------
 Thu Dec 19 08:04:39 UTC 2019 - Dr. Werner Fink <werner@suse.de>
 
diff --git a/texlive-filesystem.spec b/texlive-filesystem.spec
index 4132477..ea70507 100644
--- a/texlive-filesystem.spec
+++ b/texlive-filesystem.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package texlive-filesystem
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2020 SUSE LLC.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -56,12 +56,16 @@ Requires(pre):  ed
 Requires(pre):  findutils
 Requires(pre):  grep
 Requires(pre):  sed
+Requires(pre):  group(nobody)
+Requires(pre):  user(nobody)
 Requires(verify): permissions
 Obsoletes:      tetex
 BuildRequires:  cron
 BuildRequires:  ed
 BuildRequires:  fontconfig
 #BuildConflicts: texinfo
+BuildRequires:  group(nobody)
+BuildRequires:  user(nobody)
 Source10:       rc.config.texlive
 Source11:       update.texlive
 Source12:       texlive.cron
@@ -151,6 +155,7 @@ Prefix:         %{_bindir}
 %define _appdefdir	%{_x11data}/app-defaults
 #
 %define texgrp          mktex
+%define nobody          nobody
 #define texgid          505
 #
 %description
@@ -15273,6 +15278,7 @@ popd
     do
 	echo '%% ls-R -- filename database for kpathsea; do not change this line.' > \
 	%{buildroot}${dir}/ls-R
+	chmod 0664 %{buildroot}${dir}/ls-R
     done
     ln -sf %{_texmfvardir}/dist/ls-R %{buildroot}%{_texmfdistdir}/
     ln -sf %{_texmfvardir}/main/ls-R %{buildroot}%{_texmfmaindir}/
@@ -15287,11 +15293,11 @@ popd
     mkdir -p %{buildroot}%{_sysconfdir}/permissions.d
     (cat > %{buildroot}%{_sysconfdir}/permissions.d/texlive.texlive) <<-EOF
 	%{_libexecdir}/mktex/public	root:%{texgrp}	2755
-	%{_texmfconfdir}/ls-R		root:%{texgrp}	0664
-	%{_fontcache}/ls-R		root:%{texgrp}	0664
-	%{_texmfvardir}/ls-R		root:%{texgrp}	0664
-	%{_texmfvardir}/dist/ls-R	root:%{texgrp}	0664
-	%{_texmfvardir}/main/ls-R	root:%{texgrp}	0664
+	%{_texmfconfdir}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_fontcache}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/dist/ls-R  %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/main/ls-R  %{nobody}:%{texgrp}	0664
 	%{_texmfvardir}/		root:root	1755
 	%{_texmfvardir}/dist/		root:root	1755
 	%{_texmfvardir}/main/		root:root	1755
@@ -15300,18 +15306,18 @@ popd
 	%{_texmfvardir}/fonts/dvips/	root:root	1755
 	%{_texmfvardir}/fonts/pdftex/	root:root	1755
 	%{_texmfcache}/			root:root	1755
-	%{_fontcache}/			root:%{texgrp}	1775
-	%{_fontcache}/pk/		root:%{texgrp}	1775
-	%{_fontcache}/source/		root:%{texgrp}	1775
-	%{_fontcache}/tfm/		root:%{texgrp}	1775
+	%{_fontcache}/		   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/pk/	   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/source/	   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/tfm/	   %{nobody}:%{texgrp}	1775
 	EOF
     (cat > %{buildroot}%{_sysconfdir}/permissions.d/texlive) <<-EOF
 	%{_libexecdir}/mktex/public	root:%{texgrp}	0755
-	%{_texmfconfdir}/ls-R		root:%{texgrp}	0664
-	%{_fontcache}/ls-R		root:%{texgrp}	0664
-	%{_texmfvardir}/ls-R		root:%{texgrp}	0664
-	%{_texmfvardir}/dist/ls-R	root:%{texgrp}	0664
-	%{_texmfvardir}/main/ls-R	root:%{texgrp}	0664
+	%{_texmfconfdir}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_fontcache}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/ls-R	   %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/dist/ls-R  %{nobody}:%{texgrp}	0664
+	%{_texmfvardir}/main/ls-R  %{nobody}:%{texgrp}	0664
 	%{_texmfvardir}/		root:root	1755
 	%{_texmfvardir}/dist/		root:root	1755
 	%{_texmfvardir}/main/		root:root	1755
@@ -15320,10 +15326,10 @@ popd
 	%{_texmfvardir}/fonts/dvips/	root:root	1755
 	%{_texmfvardir}/fonts/pdftex/	root:root	1755
 	%{_texmfcache}/			root:root	1755
-	%{_fontcache}/			root:%{texgrp}	1775
-	%{_fontcache}/pk/		root:%{texgrp}	1775
-	%{_fontcache}/source/		root:%{texgrp}	1775
-	%{_fontcache}/tfm/		root:%{texgrp}	1775
+	%{_fontcache}/		   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/pk/	   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/source/	   %{nobody}:%{texgrp}	1775
+	%{_fontcache}/tfm/	   %{nobody}:%{texgrp}	1775
 	EOF
 
 %if %{with zypper_posttrans}
@@ -15397,7 +15403,7 @@ do
     test $error = 0 || continue
     mv ${tmp} ${dir}/ls-R || error=1
     test $error = 0 || continue
-    chown root:%{texgrp} ${dir}/ls-R || error=1
+    chown %{nobody}:%{texgrp} ${dir}/ls-R || error=1
     test $error = 0 || continue
     chmod 0664 ${dir}/ls-R || error=1
     test $error = 0 || continue
@@ -26858,18 +26864,18 @@ rm -f /var/run/texlive/run-update
 %dir %attr(1755,root,root) %{_texmfvardir}/web2c/tex
 %dir %attr(1755,root,root) %{_texmfvardir}/web2c/xetex
 %dir %attr(1755,root,root) %{_texmfcache}
-%dir %attr(1775,root,%{texgrp}) %verify(not mode) %{_fontcache}
-%dir %attr(1775,root,%{texgrp}) %verify(not mode) %{_fontcache}/pk
-%dir %attr(1775,root,%{texgrp}) %verify(not mode) %{_fontcache}/source
-%dir %attr(1775,root,%{texgrp}) %verify(not mode) %{_fontcache}/tfm
+%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}
+%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/pk
+%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/source
+%dir %attr(1775,%{nobody},%{texgrp}) %verify(not mode) %{_fontcache}/tfm
 %dir %{_texmfvardir}/md5
 %verify(link) %{_texmfmaindir}/ls-R
 %verify(link) %{_texmfdistdir}/ls-R
-%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfconfdir}/ls-R
-%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_fontcache}/ls-R
-%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/ls-R
-%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/dist/ls-R
-%ghost %config(noreplace) %attr(0664,root,%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/main/ls-R
+%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfconfdir}/ls-R
+%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_fontcache}/ls-R
+%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/ls-R
+%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/dist/ls-R
+%ghost %config(noreplace) %attr(0664,%{nobody},%{texgrp}) %verify(not md5 size mtime mode) %{_texmfvardir}/main/ls-R
 %{_fillupdir}/sysconfig.texlive
 %if %{with zypper_posttrans}
 /var/adm/update-scripts/%{name}-%{version}-%{release}-zypper
diff --git a/texlive.cron b/texlive.cron
index b1ae031..c8030ce 100644
--- a/texlive.cron
+++ b/texlive.cron
@@ -11,6 +11,7 @@ type -f -p kpsewhich >& /dev/null || exit 0
 type -f -p mktexlsr  >& /dev/null || exit 0
 type -f -p find      >& /dev/null || exit 0
 type -f -p xargs     >& /dev/null || exit 0
+type -f -p setpriv   >& /dev/null || exit 0
 type -f -p rm        >& /dev/null || exit 0
 test -r /etc/sysconfig/texlive && . /etc/sysconfig/texlive
 
@@ -23,7 +24,7 @@ if test "$CLEAR_TEXMF_FONTS" = "yes" -a -n "$VARTEXFONTS" ; then
 	test -d $p/pk/	    && find $p/pk/	\( -type f -and -atime +20 \) -print0
 	test -d $p/tfm/	    && find $p/tfm/	\( -type f -and -atime +60 \) -print0
 	test -d $p/source/  && find $p/source/	\( -type f -and -atime +60 \) -print0
-    done > >(exec -a xargs xargs -r -L100 -0 -- rm -f)
+    done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -f)
 fi
 if test -n "$VARTEXFONTS" ; then
     for p in $VARTEXFONTS ; do
@@ -31,10 +32,10 @@ if test -n "$VARTEXFONTS" ; then
 	test -d $p/tfm/	    && find $p/tfm/	\( -type f -and -not -name '*.tfm' \) -print0
 	test -d $p/source/  && find $p/source/	\( -type f -and -not -name '*.mf'  \) -print0
 	test -d $p/	    && find $p/		\( -type f -and -path '*/[^[:alnum:]]*' \) -print0
-    done > >(exec -a xargs xargs -r -L100 -0 -- rm -f)
+    done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -f)
     for p in $VARTEXFONTS ; do
 	test -d $p/ && find $p/ -depth -type d -and -path '*/[^[:alnum:]]*'
-    done > >(exec -a xargs xargs -r -L100 -0 -- rm -fr)
+    done > >(exec -a xargs xargs -r -L100 -0 -- setpriv --reuid nobody --regid mktex --init-groups rm -fr)
 fi
 
 #