Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package nvmetcli for openSUSE:Factory checked in at 2022-12-03 15:22:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nvmetcli (Old) and /work/SRC/openSUSE:Factory/.nvmetcli.new.1835 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nvmetcli" Sat Dec 3 15:22:40 2022 rev:11 rq:1039820 version:0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/nvmetcli/nvmetcli.changes 2020-03-31 17:16:04.759659379 +0200 +++ /work/SRC/openSUSE:Factory/.nvmetcli.new.1835/nvmetcli.changes 2022-12-03 15:22:41.888038613 +0100 @@ -1,0 +2,6 @@ +Fri Nov 25 11:39:56 UTC 2022 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_nvmet.service.patch + +------------------------------------------------------------------- New: ---- harden_nvmet.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nvmetcli.spec ++++++ --- /var/tmp/diff_new_pack.yYOhPN/_old 2022-12-03 15:22:42.676043180 +0100 +++ /var/tmp/diff_new_pack.yYOhPN/_new 2022-12-03 15:22:42.680043203 +0100 @@ -1,7 +1,7 @@ # # spec file for package nvmetcli # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,17 +22,18 @@ Summary: Command line interface for the kernel NVMe nvmet License: Apache-2.0 Group: System/Management -Url: http://git.infradead.org/users/hch/nvmetcli.git +URL: http://git.infradead.org/users/hch/nvmetcli.git Source: nvmetcli-v%{version}.tar.gz Patch1: %{name}-update-python-to-python3.patch Patch2: 0001-nvmetcli-don-t-remove-ANA-Group-1-on-clear.patch +Patch3: harden_nvmet.service.patch BuildRequires: python3-devel BuildRequires: python3-setuptools Requires: python3-configshell-fb Requires: python3-kmod Requires(post): systemd -Requires(postun): systemd -Requires(preun): systemd +Requires(postun):systemd +Requires(preun):systemd BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -46,6 +47,7 @@ %setup -q -n nvmetcli-v%{version} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build python3 setup.py build ++++++ harden_nvmet.service.patch ++++++ Index: nvmetcli-v0.7/nvmet.service =================================================================== --- nvmetcli-v0.7.orig/nvmet.service +++ nvmetcli-v0.7/nvmet.service @@ -4,6 +4,16 @@ Requires=sys-kernel-config.mount After=sys-kernel-config.mount network.target local-fs.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/nvmetcli restore
