Hello community, here is the log from the commit of package mlocate for openSUSE:Factory checked in at 2013-10-31 10:25:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mlocate (Old) and /work/SRC/openSUSE:Factory/.mlocate.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mlocate" Changes: -------- --- /work/SRC/openSUSE:Factory/mlocate/mlocate.changes 2013-09-09 21:30:41.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mlocate.new/mlocate.changes 2013-10-31 10:25:20.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Oct 29 13:10:50 UTC 2013 - [email protected] + +- As discussed run updatedb as nobody and do not use the locate + group at all. Wrt bug#847801. + +------------------------------------------------------------------- Old: ---- mlocate-cron.conf New: ---- sysconfig.locate ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mlocate.spec ++++++ --- /var/tmp/diff_new_pack.SJWPLm/_old 2013-10-31 10:25:21.000000000 +0100 +++ /var/tmp/diff_new_pack.SJWPLm/_new 2013-10-31 10:25:21.000000000 +0100 @@ -26,7 +26,7 @@ Source0: https://fedorahosted.org/releases/m/l/%name/%name-%version.tar.xz Source1: updatedb.conf Source2: %name.cron -Source3: %name-cron.conf +Source3: sysconfig.locate BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake @@ -36,6 +36,7 @@ BuildRequires: xz Requires(pre): permissions Requires(pre): pwdutils +Requires(post): %{fillup_prereq} Requires: cron Provides: findutils:/usr/bin/locate # findutils is at version 4.5 so we need newer @@ -53,56 +54,55 @@ User must be member of locate group in order to use this package. -%package lang -Summary: Language translation files for mlocate -Group: System/Localization - -%description lang -A new locate implementation. The m character -stands for merging, because updatedb reuses the -existing database to avoid re-reading most of the -file system. - -This package installs language translation files -for mlocate if required by multilingual -environments. +%lang_package %prep %setup -q +# do not check for visibilty by default as we go with nobody +sed -i \ + -e 's:conf_check_visibility = true:conf_check_visibility = false:g' \ + src/conf.c + %build export CFLAGS="%optflags -fPIE" export LDFLAGS="-pie" -%configure --localstatedir=%_localstatedir/lib --enable-nls -make groupname=locate +%configure \ + --localstatedir=%_localstatedir/lib \ + --enable-nls \ + --disable-rpath +make groupname=nobody %install rm -rf %buildroot -make DESTDIR=%buildroot groupname=locate install +make DESTDIR=%buildroot groupname=nobody install %find_lang %name || echo -n >> %name.lang +# DB file mkdir -p %buildroot%_localstatedir/lib/%name echo -n >> %buildroot%_localstatedir/lib/%name/%name.db +# Config mkdir -p %buildroot%_sysconfdir install -p -m 644 %SOURCE1 %buildroot%_sysconfdir -install -p -m 644 %SOURCE3 %buildroot%_sysconfdir +# Cron mkdir -p %buildroot%_sysconfdir/cron.daily install -p -m 755 %SOURCE2 %buildroot%_sysconfdir/cron.daily +# Sysconfig settings +install -D -m 644 %{SOURCE3} %{buildroot}/var/adm/fillup-templates/sysconfig.locate -%pre -getent group locate >/dev/null || groupadd -r locate -exit 0 +%post +%{fillup_only -n locate} %files %defattr(-,root,root,-) %doc AUTHORS ChangeLog README NEWS COPYING %config(noreplace) %_sysconfdir/updatedb.conf -%config(noreplace) %_sysconfdir/mlocate-cron.conf %_sysconfdir/cron.daily/%name.cron -%attr(0710,root,locate) %_bindir/locate +%attr(0755,root,root) %_bindir/locate %_bindir/updatedb %_mandir/man*/* -%dir %attr(0710,root,locate) %_localstatedir/lib/mlocate +%dir %_localstatedir/lib/mlocate %ghost %_localstatedir/lib/mlocate/mlocate.db +/var/adm/fillup-templates/* %files lang -f %name.lang %defattr(-,root,root,-) ++++++ mlocate.cron ++++++ --- /var/tmp/diff_new_pack.SJWPLm/_old 2013-10-31 10:25:21.000000000 +0100 +++ /var/tmp/diff_new_pack.SJWPLm/_new 2013-10-31 10:25:21.000000000 +0100 @@ -21,8 +21,13 @@ trap "rm -f ${LOCKFILE}" EXIT # source the user specified variables -if [ -f /etc/mlocate-cron.conf ]; then - . /etc/mlocate-cron.conf +if [ -f /etc/sysconfig/locate ] ; then + . /etc/sysconfig/locate +fi + +# check if user said he want the db generated +if [ -z "$RUN_UPDATEDB" ] || [ "$RUN_UPDATEDB" != "yes" ] ; then + exit 0 fi # check the config file @@ -41,7 +46,15 @@ # run the updatedb if possible if [ -x /usr/bin/updatedb ]; then - /usr/bin/updatedb -f "${NODEVS}" + if [ -n "${RUN_UPDATEDB_AS}" ] ; then + # change the perms to the var directory to our desired user + chown -R "${RUN_UPDATEDB_AS}":root /var/lib/mlocate + # change the user and run the updatedb under it + /usr/bin/su "${RUN_UPDATEDB_AS}" -c /usr/bin/updatedb -- -f "${NODEVS}" + else + # just run it as root + /usr/bin/updatedb -f "${NODEVS}" + fi else echo >&2 "Warning: \"/usr/bin/updatedb\" is not executable, unable to run updatedb." exit 0 ++++++ sysconfig.locate ++++++ ## Path: Applications/Locate ## Description: Configuration of updatedb # # NOTE: These variables only apply to cron updatedb service only # NOTE: For the app-wide settings see /etc/updatedb.conf # ## Type: yesno ## Default: yes # # Should updatedb (for locate) be started by cron.daily ("yes" or "no") # RUN_UPDATEDB=yes ## Type: string(nobody, root, ...) ## Default: nobody # # updatedb has a parameter "--localuser". # It runs the "find" command as this user. Some people think this is a # security hole if set to 'root' (because some directory information can # be read which is normally protected). Others think it is useful to hold # all files in the database. # So if you want full information in locate db, set RUN_UPDATEDB_AS=root. # If you want security use RUN_UPDATEDB_AS=nobody. # RUN_UPDATEDB_AS=nobody ## Type: integer ## Default: 19 # nice value to run at: see -n in nice(1) NICE="19" ## Type: integer ## Default: 2 # ionice class to run at: see -c in ionice(1) # you have to install sys-apps/util-linux manually IONICE_CLASS="2" ## Type: integer ## Default: 7 # ionice priority to run at: see -n in ionice(1) IONICE_PRIORITY="7" ++++++ updatedb.conf ++++++ --- /var/tmp/diff_new_pack.SJWPLm/_old 2013-10-31 10:25:21.000000000 +0100 +++ /var/tmp/diff_new_pack.SJWPLm/_new 2013-10-31 10:25:21.000000000 +0100 @@ -7,7 +7,7 @@ PRUNEFS="afs anon_inodefs auto autofs bdev binfmt binfmt_misc cgroup cifs coda configfs cramfs cpuset debugfs devpts devtmps devfs devpts ecryptfs eventpollfs exofs futexfs ftpfs fuse fusectl gfs gfs2 hostfs hugetlbfs inotifyfs iso9660 jffs2 lustre misc mqueue ncpfs nfs NFS nfs4 nfsd nnpfs ocfs ocfs2 pipefs proc ramfs rpc_pipefs securityfs selinuxfs sfs shfs smbfs sockfs spufs sshfs subfs supermount sysfs tmpfs ubifs udf usbfs vboxsf vperfctrfs" # Paths which are pruned from updatedb database -PRUNEPATHS="/tmp /var/tmp /var/cache /var/lock /var/run /var/spool" +PRUNEPATHS="/tmp /var/tmp /var/cache /var/lock /var/run /var/spool /mnt /cdrom /usr/tmp /proc /media /sys /.snapshots /var/run/media" # Folder names that are pruned from updatedb database PRUNENAMES=".git .hg .svn CVS" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
