Merge pull request #132 from mobiwize/morty

Fix cronie and OSTree conflicts
author: Ben Luck <ben+qa@advancedtelematic.com> 2017-09-11 15:52:58 +0200
committer: GitHub <noreply@github.com> 2017-09-11 15:52:58 +0200
commit: 9cf14ec8d924a5f88a3441ee2896a04f74188024 (patch)
tree: 9056902cab20407d707bad353bda854e1f36db58
parent: 025bed34b301513264144c2392c9fd244d05a358 (diff)
parent: 12819a28becb416f8c8b2ed5a61fb7415cd690e5 (diff)
download: meta-updater-9cf14ec8d924a5f88a3441ee2896a04f74188024.tar.gz
3 files changed, 47 insertions, 0 deletions
diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass
index 8c9f262..29f267d 100644
--- a/classes/image_types_ostree.bbclass
+++ b/classes/image_types_ostree.bbclass
@@ -82,6 +82,12 @@ IMAGE_CMD_ostree () {
                ln -sf var/rootdirs/home home
        fi
+    # Move cron jobs if exist
+    if [ -d "var/spool/cron" ] && [ "$(ls -A var/spool/cron)" ] &&
+        [ -d "usr/share/cronie-spool" ] ; then
+        mv var/spool/cron/* usr/share/cronie-spool/
+    fi
        # Move persistent directories to /var
        dirs="opt mnt media srv"
diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend
new file mode 100644
index 0000000..18842d6
--- /dev/null
+++ b/recipes-extended/cronie/cronie_%.bbappend
@@ -0,0 +1,9 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+SRC_URI += "file://Disable-hard-link-check-by-default.patch "
+export SPOOL_DIR = "${datadir}/cronie-spool"
+FILES_${PN} += "${datadir}/cronie-spool"
+do_install_append () {
+    install -d ${D}${datadir}/cronie-spool/
+}
diff --git a/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch
new file mode 100644
index 0000000..cd3bfbe
--- /dev/null
+++ b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch
@@ -0,0 +1,32 @@
+From 9ef211dcb89edbad605c49964faf302fb97b6ba9 Mon Sep 17 00:00:00 2001
+From: Guy Shapiro <guy.shapiro@mobi-wize.com>
+Date: Thu, 24 Aug 2017 10:58:14 +0300
+Subject: [PATCH] Disable hard link check by default
+Without the "-p" flag, cronie does several checks on the
+crontab files. Those checks prevent crontrab files from being
+editable by unauthorized users.
+One of those checks won't permit loading file that is
+hard link count greater than 1.
+When OSTree manages crontab file, it uses hard links.
+All those user checks are irrelevant in the case embedded system, so
+disable them by default.
+Signed-off-by: Guy Shapiro <guy.shapiro@mobi-wize.com>
+---
+ crond.sysconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/crond.sysconfig b/crond.sysconfig
+index ee23703..1cb083f 100644
+--- a/crond.sysconfig
+++ b/crond.sysconfig
+@@ -1,3 +1,3 @@
+ # Settings for the CRON daemon.
+ # CRONDARGS= :  any extra command-line startup arguments for crond
+-CRONDARGS=
+CRONDARGS="-p"
+-- 
+2.1.4
author	Ben Luck <ben+qa@advancedtelematic.com>	2017-09-11 15:52:58 +0200
committer	GitHub <noreply@github.com>	2017-09-11 15:52:58 +0200
commit	9cf14ec8d924a5f88a3441ee2896a04f74188024 (patch)
tree	9056902cab20407d707bad353bda854e1f36db58
parent	025bed34b301513264144c2392c9fd244d05a358 (diff)
parent	12819a28becb416f8c8b2ed5a61fb7415cd690e5 (diff)
download	meta-updater-9cf14ec8d924a5f88a3441ee2896a04f74188024.tar.gz

diff --git a/classes/image_types_ostree.bbclass b/classes/image_types_ostree.bbclass index 8c9f262..29f267d 100644 --- a/classes/image_types_ostree.bbclass +++ b/classes/image_types_ostree.bbclass
@@ -82,6 +82,12 @@ IMAGE_CMD_ostree () {
82	ln -sf var/rootdirs/home home	82	ln -sf var/rootdirs/home home
83	fi	83	fi
84		84
		85	# Move cron jobs if exist
		86	if [ -d "var/spool/cron" ] && [ "$(ls -A var/spool/cron)" ] &&
		87	[ -d "usr/share/cronie-spool" ] ; then
		88	mv var/spool/cron/* usr/share/cronie-spool/
		89	fi
		90
85	# Move persistent directories to /var	91	# Move persistent directories to /var
86	dirs="opt mnt media srv"	92	dirs="opt mnt media srv"
87		93


diff --git a/recipes-extended/cronie/cronie_%.bbappend b/recipes-extended/cronie/cronie_%.bbappend new file mode 100644 index 0000000..18842d6 --- /dev/null +++ b/recipes-extended/cronie/cronie_%.bbappend
@@ -0,0 +1,9 @@
		1
		2	FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
		3	SRC_URI += "file://Disable-hard-link-check-by-default.patch "
		4	export SPOOL_DIR = "${datadir}/cronie-spool"
		5	FILES_${PN} += "${datadir}/cronie-spool"
		6
		7	do_install_append () {
		8	install -d ${D}${datadir}/cronie-spool/
		9	}


diff --git a/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch new file mode 100644 index 0000000..cd3bfbe --- /dev/null +++ b/recipes-extended/cronie/files/Disable-hard-link-check-by-default.patch
@@ -0,0 +1,32 @@
		1	From 9ef211dcb89edbad605c49964faf302fb97b6ba9 Mon Sep 17 00:00:00 2001
		2	From: Guy Shapiro <guy.shapiro@mobi-wize.com>
		3	Date: Thu, 24 Aug 2017 10:58:14 +0300
		4	Subject: [PATCH] Disable hard link check by default
		5
		6	Without the "-p" flag, cronie does several checks on the
		7	crontab files. Those checks prevent crontrab files from being
		8	editable by unauthorized users.
		9	One of those checks won't permit loading file that is
		10	hard link count greater than 1.
		11
		12	When OSTree manages crontab file, it uses hard links.
		13	All those user checks are irrelevant in the case embedded system, so
		14	disable them by default.
		15
		16	Signed-off-by: Guy Shapiro <guy.shapiro@mobi-wize.com>
		17	---
		18	crond.sysconfig \| 2 +-
		19	1 file changed, 1 insertion(+), 1 deletion(-)
		20
		21	diff --git a/crond.sysconfig b/crond.sysconfig
		22	index ee23703..1cb083f 100644
		23	--- a/crond.sysconfig
		24	+++ b/crond.sysconfig
		25	@@ -1,3 +1,3 @@
		26	# Settings for the CRON daemon.
		27	# CRONDARGS= : any extra command-line startup arguments for crond
		28	-CRONDARGS=
		29	+CRONDARGS="-p"
		30	--
		31	2.1.4
		32