Attachment 7940 Details for Bug 35887 – Миграция на /run и /run/lock

[patch] Миграция на /run и /run/lock

run-migration.patch (text/plain), 9.37 KB, created by Антон Мидюков on 2019-01-12 16:50:58 MSK

(hide)

Description:

Filename:

MIME Type:

Creator: Антон Мидюков

Created: 2019-01-12 16:50:58 MSK

Size: 9.37 KB

patch

obsolete

>diff --git a/.gear/rules b/.gear/rules
>index cb10a838..964224b4 100644
>--- a/.gear/rules
>+++ b/.gear/rules
>@@ -1 +1,2 @@
> tar: . name=@name@-@version@-@release@
>+copy?: *.patch
>diff --git a/alt/sshd.init b/alt/sshd.init
>index c722e0ae..238eb7c9 100755
>--- a/alt/sshd.init
>+++ b/alt/sshd.init
>@@ -7,7 +7,7 @@
> #
> # processname: sshd
> # config: /etc/openssh/sshd_config
>-# pidfile: /var/run/sshd.pid
>+# pidfile: run/sshd.pid
> 
> WITHOUT_RC_COMPAT=1
> 
>@@ -19,8 +19,8 @@ SourceIfNotEmpty /etc/sysconfig/network
> 
> EXTRAOPTIONS=
> PROCESSNAME=sshd
>-PIDFILE=/var/run/$PROCESSNAME.pid
>-LOCKFILE=/var/lock/subsys/$PROCESSNAME
>+PIDFILE=run/$PROCESSNAME.pid
>+LOCKFILE=/run/lock/subsys/$PROCESSNAME
> 
> # Source config.
> SourceIfNotEmpty /etc/sysconfig/$PROCESSNAME
>diff --git a/openssh.spec b/openssh.spec
>index fdd4993d..73603195 100644
>--- a/openssh.spec
>+++ b/openssh.spec
>@@ -1,6 +1,6 @@
> Name: openssh
> Version: 7.9p1
>-Release: alt1
>+Release: alt2
> 
> Summary: OpenSSH free Secure Shell (SSH) implementation
> License: BSD-style
>@@ -8,6 +8,7 @@ Group: Networking/Remote access
> Url: http://www.openssh.com/portable.html
> # git://git.altlinux.org/gears/o/openssh.git
> Source: %name-%version-%release.tar
>+Patch: replaced_rundir-7.9p1.patch
> 
> %define confdir %_sysconfdir/%name
> %define _chrootdir /var/empty
>@@ -156,6 +157,7 @@ not invoked directly.
> 
> %prep
> %setup -n %name-%version-%release
>+%patch -p1
> 
> %build
> %autoreconf
>diff --git a/replaced_rundir-7.9p1.patch b/replaced_rundir-7.9p1.patch
>new file mode 100644
>index 00000000..5c8fe047
>--- /dev/null
>+++ b/replaced_rundir-7.9p1.patch
>@@ -0,0 +1,230 @@
>+diff --git a/Makefile.in b/Makefile.in
>+index 126b2c74..f53bb732 100644
>+--- a/Makefile.in
>++++ b/Makefile.in
>+@@ -138,7 +138,7 @@ PATHSUBS	= \
>+ 	-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
>+ 	-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
>+ 	-e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \
>+-	-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
>++	-e 's|/run/sshd.pid|$(piddir)/sshd.pid|g' \
>+ 	-e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
>+ 	-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
>+ 	-e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
>+diff --git a/configure.ac b/configure.ac
>+index 68fd22b2..8b38aa1b 100644
>+--- a/configure.ac
>++++ b/configure.ac
>+@@ -3146,11 +3146,11 @@ AC_ARG_WITH([prngd-port],
>+ 
>+ # PRNGD Unix domain socket
>+ AC_ARG_WITH([prngd-socket],
>+-	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
>++	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/run/egd-pool)],
>+ 	[
>+ 		case "$withval" in
>+ 		yes)
>+-			withval="/var/run/egd-pool"
>++			withval="/run/egd-pool"
>+ 			;;
>+ 		no)
>+ 			withval=""
>+@@ -3179,7 +3179,7 @@ AC_ARG_WITH([prngd-socket],
>+ 		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
>+ 			AC_MSG_CHECKING([for PRNGD/EGD socket])
>+ 			# Insert other locations here
>+-			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
>++			for sock in /run/egd-pool /dev/egd-pool /etc/entropy; do
>+ 				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
>+ 					PRNGD_SOCKET="$sock"
>+ 					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
>+@@ -4943,7 +4943,7 @@ AC_ARG_WITH([bsd-auth],
>+ )
>+ 
>+ # Where to place sshd.pid
>+-piddir=/var/run
>++piddir=/run
>+ # make sure the directory exists
>+ if test ! -d $piddir ; then
>+ 	piddir=`eval echo ${sysconfdir}`
>+@@ -5127,7 +5127,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
>+ ])
>+ if test -z "$conf_utmp_location"; then
>+ 	if test x"$system_utmp_path" = x"no" ; then
>+-		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
>++		for f in /etc/utmp /usr/adm/utmp /run/utmp; do
>+ 			if test -f $f ; then
>+ 				conf_utmp_location=$f
>+ 			fi
>+diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
>+index 28f28e41..602e9909 100644
>+--- a/contrib/suse/rc.sshd
>++++ b/contrib/suse/rc.sshd
>+@@ -99,8 +99,8 @@ case "$1" in
>+ 
>+         # Status has a slightly different for the status command:
>+         # 0 - service running
>+-        # 1 - service dead, but /var/run/  pid  file exists
>+-        # 2 - service dead, but /var/lock/ lock file exists
>++        # 1 - service dead, but /run/  pid  file exists
>++        # 2 - service dead, but /run/lock/ lock file exists
>+         # 3 - service not running
>+ 
>+ 	checkproc -p $SSHD_PIDFILE $SSHD_BIN
>+diff --git a/pathnames.h b/pathnames.h
>+index 6fb4767c..0a3773e4 100644
>+--- a/pathnames.h
>++++ b/pathnames.h
>+@@ -19,7 +19,7 @@
>+ #endif
>+ 
>+ #ifndef _PATH_SSH_PIDDIR
>+-#define _PATH_SSH_PIDDIR		"/var/run"
>++#define _PATH_SSH_PIDDIR		"/run"
>+ #endif
>+ 
>+ /*
>+diff --git a/regress/Makefile b/regress/Makefile
>+index 647b4a04..49311c35 100644
>+--- a/regress/Makefile
>++++ b/regress/Makefile
>+@@ -122,7 +122,7 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
>+ 		t8.out t8.out.pub t9.out t9.out.pub testdata \
>+ 		user_*key* user_ca* user_key*
>+ 
>+-SUDO_CLEAN+=	/var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME}
>++SUDO_CLEAN+=	/run/testdata_${USERNAME} /run/keycommand_${USERNAME}
>+ 
>+ # Enable all malloc(3) randomisations and checks
>+ TEST_ENV=      "MALLOC_OPTIONS=CFGJRSUX"
>+diff --git a/regress/keys-command.sh b/regress/keys-command.sh
>+index 4029e2c7..e277e327 100644
>+--- a/regress/keys-command.sh
>++++ b/regress/keys-command.sh
>+@@ -3,9 +3,9 @@
>+ 
>+ tid="authorized keys from command"
>+ 
>+-if [ -z "$SUDO" -a ! -w /var/run ]; then
>++if [ -z "$SUDO" -a ! -w /run ]; then
>+ 	echo "skipped (SUDO not set)"
>+-	echo "need SUDO to create file in /var/run, test won't work without"
>++	echo "need SUDO to create file in /run, test won't work without"
>+ 	exit 0
>+ fi
>+ 
>+@@ -17,9 +17,9 @@ chmod a+rw $OBJ/keys-command-args
>+ expected_key_text=`awk '{ print $2 }' < $OBJ/rsa.pub`
>+ expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'`
>+ 
>+-# Establish a AuthorizedKeysCommand in /var/run where it will have
>++# Establish a AuthorizedKeysCommand in /run where it will have
>+ # acceptable directory permissions.
>+-KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
>++KEY_COMMAND="/run/keycommand_${LOGNAME}"
>+ cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'"
>+ #!/bin/sh
>+ echo args: "\$@" >> $OBJ/keys-command-args
>+@@ -76,7 +76,7 @@ if [ -x $KEY_COMMAND ]; then
>+ 		fail "connect failed"
>+ 	fi
>+ else
>+-	echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
>++	echo "SKIPPED: $KEY_COMMAND not executable (/run mounted noexec?)"
>+ fi
>+ 
>+ $SUDO rm -f $KEY_COMMAND
>+diff --git a/regress/principals-command.sh b/regress/principals-command.sh
>+index bcc68e80..da6a9106 100644
>+--- a/regress/principals-command.sh
>++++ b/regress/principals-command.sh
>+@@ -6,9 +6,9 @@ tid="authorized principals command"
>+ rm -f $OBJ/user_ca_key* $OBJ/cert_user_key*
>+ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
>+ 
>+-if [ -z "$SUDO" -a ! -w /var/run ]; then
>++if [ -z "$SUDO" -a ! -w /run ]; then
>+ 	echo "skipped (SUDO not set)"
>+-	echo "need SUDO to create file in /var/run, test won't work without"
>++	echo "need SUDO to create file in /run, test won't work without"
>+ 	exit 0
>+ fi
>+ 
>+@@ -28,9 +28,9 @@ CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'`
>+ CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'`
>+ CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'`
>+ 
>+-# Establish a AuthorizedPrincipalsCommand in /var/run where it will have
>++# Establish a AuthorizedPrincipalsCommand in /run where it will have
>+ # acceptable directory permissions.
>+-PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}"
>++PRINCIPALS_COMMAND="/run/principals_command_${LOGNAME}"
>+ cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'"
>+ #!/bin/sh
>+ test "x\$1" != "x${LOGNAME}" && exit 1
>+@@ -164,5 +164,5 @@ if [ -x $PRINCIPALS_COMMAND ]; then
>+ 	done
>+ else
>+ 	echo "SKIPPED: $PRINCIPALS_COMMAND not executable " \
>+-	    "(/var/run mounted noexec?)"
>++	    "(/run mounted noexec?)"
>+ fi
>+diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh
>+index ba5bd1ef..ab806566 100644
>+--- a/regress/sftp-chroot.sh
>++++ b/regress/sftp-chroot.sh
>+@@ -3,12 +3,12 @@
>+ 
>+ tid="sftp in chroot"
>+ 
>+-CHROOT=/var/run
>++CHROOT=/run
>+ FILENAME=testdata_${USER}
>+ PRIVDATA=${CHROOT}/${FILENAME}
>+ 
>+-if [ -z "$SUDO" -a ! -w /var/run ]; then
>+-	echo "need SUDO to create file in /var/run, test won't work without"
>++if [ -z "$SUDO" -a ! -w /run ]; then
>++	echo "need SUDO to create file in /run, test won't work without"
>+ 	echo SKIPPED
>+ 	exit 0
>+ fi
>+diff --git a/sshd.8 b/sshd.8
>+index d33a50a1..fdd84c8f 100644
>+--- a/sshd.8
>++++ b/sshd.8
>+@@ -958,7 +958,7 @@ during privilege separation in the pre-authentication phase.
>+ The directory should not contain any files and must be owned by root
>+ and not group or world-writable.
>+ .Pp
>+-.It Pa /var/run/sshd.pid
>++.It Pa /run/sshd.pid
>+ Contains the process ID of the
>+ .Nm
>+ listening for connections (if there are several daemons running
>+diff --git a/sshd_config b/sshd_config
>+index 014b16f7..abe467ad 100644
>+--- a/sshd_config
>++++ b/sshd_config
>+@@ -95,7 +95,7 @@
>+ #ClientAliveInterval 0
>+ #ClientAliveCountMax 3
>+ #UseDNS no
>+-#PidFile /var/run/sshd.pid
>++#PidFile /run/sshd.pid
>+ #MaxStartups 10:30:100
>+ #PermitTunnel no
>+ #ChrootDirectory none
>+diff --git a/sshd_config.5 b/sshd_config.5
>+index 47db015f..6bf8ed27 100644
>+--- a/sshd_config.5
>++++ b/sshd_config.5
>+@@ -1363,7 +1363,7 @@ SSH daemon, or
>+ .Cm none
>+ to not write one.
>+ The default is
>+-.Pa /var/run/sshd.pid .
>++.Pa /run/sshd.pid .
>+ .It Cm Port
>+ Specifies the port number that
>+ .Xr sshd 8

Actions: View | Diff

Attachments on bug 35887: 7940