Fix cronie and OSTree conflicts

The cronie recipe needs the `/var/spool/cron` directory to operate.
Other recipes, such as ntp, modify files in that directory to create
periodic jobs.

The OSTree image class ignores files on `/var/` as they are system
persistent and not managed by OSTree.

This commit modifies the cronie recipe to use
`/usr/share/cronie-spool/` and makes the image generation class move
the files from `/var/spool/cron` into that path.

3 files changed, 47 insertions, 0 deletions

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 8c9f262..29f267d 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -82,6 +82,12 @@ IMAGE_CMD_ostree () {
                 ln -sf var/rootdirs/home home
         fi
 
+    # Move cron jobs if exist
+    if [ -d "var/spool/cron" ] && [ "$(ls -A var/spool/cron)" ] &&
+        [ -d "usr/share/cronie-spool" ] ; then
+        mv var/spool/cron/* usr/share/cronie-spool/
+    fi
+
         # Move persistent directories to /var
         dirs="opt mnt media srv"
 
diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend
new file mode 100644
index 0000000..18842d6
--- /dev/null
+++ b/recipes-extended/cronie/cronie_%.bbappend
@@ -0,0 +1,9 @@
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://Disable-hard-link-check-by-default.patch "
+export SPOOL_DIR = "${datadir}/cronie-spool"
+FILES_${PN} += "${datadir}/cronie-spool"
+
+do_install_append () {
+    install -d ${D}${datadir}/cronie-spool/
+}
diff --git a/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch
new file mode 100644
index 0000000..cd3bfbe
--- /dev/null
+++ b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch
@@ -0,0 +1,32 @@
+From 9ef211dcb89edbad605c49964faf302fb97b6ba9 Mon Sep 17 00:00:00 2001
+From: Guy Shapiro <guy.shapiro@mobi-wize.com>
+Date: Thu, 24 Aug 2017 10:58:14 +0300
+Subject: [PATCH] Disable hard link check by default
+
+Without the "-p" flag, cronie does several checks on the
+crontab files. Those checks prevent crontrab files from being
+editable by unauthorized users.
+One of those checks won't permit loading file that is
+hard link count greater than 1.
+
+When OSTree manages crontab file, it uses hard links.
+All those user checks are irrelevant in the case embedded system, so
+disable them by default.
+
+Signed-off-by: Guy Shapiro <guy.shapiro@mobi-wize.com>
+---
+ crond.sysconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crond.sysconfig b/crond.sysconfig
+index ee23703..1cb083f 100644
+--- a/crond.sysconfig
++++ b/crond.sysconfig
+@@ -1,3 +1,3 @@
+ # Settings for the CRON daemon.
+ # CRONDARGS= :  any extra command-line startup arguments for crond
+-CRONDARGS=
++CRONDARGS="-p"
+-- 
+2.1.4
+