Accepting request 1134354 from home:jeff_mahoney:branches:security:sensor

- Added workaround for missing Maintainers tag in Debian-based packages. obs-service-format_spec_file strips the Packager tag from the spec file before committing. The build service replaces it with its own. debbuild expects the Packager field to be present to generate the Maintainers tag in the output but it only receives the "cleaned" spec file. - Added Recommends: auditd - Technically not *required* but Velociraptor's audit client enables audit and then listens on the multicast socket. Without a listener on the unicast socket, the kernel will spam the system log with events. - Fixed debian packaging: * /etc/sysconfig -> /etc/default * %postun for systemd service cleanup * Note: obs-service-format_spec_file strips the Packager tag that debbuild uses to generate the Maintainer tag OBS-URL: https://build.opensuse.org/request/show/1134354 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
2023-12-21 00:29:28 +00:00 · 2023-12-21 00:29:28 +00:00 · 0c4d6def1a
commit 0c4d6def1a
parent befaca9186
4 changed files with 64 additions and 2 deletions
--- a/velociraptor-client.service
+++ b/velociraptor-client.service
@ -9,6 +9,7 @@ UMask=0027
 MemoryHigh=4G
 MemoryMax=8G
 EnvironmentFile=-/etc/sysconfig/velociraptor-client
+EnvironmentFile=-/etc/default/velociraptor-client
 Environment=TMPDIR=/var/lib/velociraptor-client/tmp
 ExecStart=/usr/bin/velociraptor-client client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS

--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Dec 20 21:08:36 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Added workaround for missing Maintainers tag in Debian-based packages.
+  obs-service-format_spec_file strips the Packager tag from the spec file
+  before committing.  The build service replaces it with its own.  debbuild
+  expects the Packager field to be present to generate the Maintainers tag
+  in the output but it only receives the "cleaned" spec file.
+
+-------------------------------------------------------------------
+Tue Dec 19 21:53:37 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Added Recommends: auditd
+  - Technically not *required* but Velociraptor's audit client enables
+    audit and then listens on the multicast socket.  Without a listener
+    on the unicast socket, the kernel will spam the system log with events.
+
+-------------------------------------------------------------------
+Tue Dec 19 19:29:06 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Fixed debian packaging:
+  * /etc/sysconfig -> /etc/default
+  * %postun for systemd service cleanup
+  * Note: obs-service-format_spec_file strips the Packager tag that
+    debbuild uses to generate the Maintainer tag
+
 -------------------------------------------------------------------
 Tue Dec 19 14:24:44 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

--- a/velociraptor.service
+++ b/velociraptor.service
@ -7,6 +7,7 @@ UMask=0027
 User=velociraptor
 Group=velociraptor
 EnvironmentFile=-/etc/sysconfig/velociraptor
+EnvironmentFile=-/etc/default/velociraptor
 Environment=TMPDIR=/var/lib/velociraptor/tmp
 ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS

--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -1057,6 +1057,14 @@ ExclusiveArch:  x86_64 ppc64le aarch64 s390x
 ExclusiveArch:  do_not_build
 %endif

+# Not *required* but without it, we spam the system log
+Recommends:     auditd
+
+%if "%{vendor}" == "debbuild"
+%define mtag Packager: https://www.suse.com
+%mtag
+%endif
+
 %if %{build_server}
 %description
 Velociraptor is a tool for collecting host based state information
@ -1159,8 +1167,14 @@ sysconfig_file_source=%{SOURCE8}
 config_file=client.config
 %endif

-install -D -m 0644 "$service_file_source" %{buildroot}%{_unitdir}/%{name}.service
+%if 0%{?suse_version}
 install -D -m 0644 "$sysconfig_file_source" %{buildroot}%{_fillupdir}/sysconfig.%{name}
+%endif
+%if "%{vendor}" == "debbuild"
+install -D -m 0644 "$sysconfig_file_source" %{buildroot}/%{_sysconfdir}/default/%{name}
+%endif
+
+install -D -m 0644 "$service_file_source" %{buildroot}%{_unitdir}/%{name}.service
 install -D -m 0640 "$config_file_source" "%{buildroot}%{_sysconfdir}/velociraptor/$config_file"
 install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/%{name}

@ -1170,7 +1184,12 @@ install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}
 %doc README.md
 %{_bindir}/%{name}
 %{_unitdir}/%{name}.service
+%if 0%{?suse_version}
 %{_fillupdir}/sysconfig.%{name}
+%endif
+%if "%{vendor}" == "debbuild"
+%{_sysconfdir}/default/%{name}
+%endif

 %dir %attr(-, root, velociraptor) %{_sysconfdir}/velociraptor

@ -1184,7 +1203,7 @@ install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}
 %{_sysusersdir}/system-user-velociraptor.conf
 %endif

-%if "%{_vendor}" != "debbuild"
+%if 0%{?suse_version}
 %if %{build_server}
 %pre -f velociraptor-user.pre
 %else
@ -1202,7 +1221,22 @@ install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}

 %postun
 %service_del_postun %{name}.service
+%endif

+%if "%{_vendor}" != "debbuild"
+%postun
+# Automatically added by dh_installsystemd/13.11.4
+if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
+	systemctl --system daemon-reload >/dev/null || true
+fi
+# End automatically added section
+# Automatically added by dh_installsystemd/13.11.4
+if [ "$1" = "purge" ]; then
+	if [ -x "/usr/bin/deb-systemd-helper" ]; then
+		deb-systemd-helper purge 'velociraptor-client.service' >/dev/null || true
+	fi
+fi
+# End automatically added section
 %endif

 %changelog