* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-4.sme
- fix networking [SME: 12541] - require rsyslog [SME: 12544] - remove unsupported rsyslog option -c [SME: 12545] - remove duplicate entry logrotate for btmp and wtmp [SME: 12547] - rework systemd-default script (error and smartmatches) [SME: 12543] - fix self signed cert templates [SME: 12551]
This commit is contained in:
parent
081e7b8655
commit
0777b5a082
@ -20,7 +20,7 @@ my $filename = "/etc/systemd/system-preset/49-koozali.preset";
|
|||||||
my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf";
|
my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf";
|
||||||
my %services;
|
my %services;
|
||||||
my %files;
|
my %files;
|
||||||
my @WantedBy;
|
my @WantedBy;my %wantedBy;
|
||||||
|
|
||||||
# expand preset file
|
# expand preset file
|
||||||
esmith::templates::processTemplate({
|
esmith::templates::processTemplate({
|
||||||
@ -36,7 +36,7 @@ esmith::templates::processTemplate({
|
|||||||
});
|
});
|
||||||
|
|
||||||
# make sure our target is enabled
|
# make sure our target is enabled
|
||||||
system("/usr/bin/systemctl enable sme-server.target");
|
system("/usr/bin/systemctl enable sme-server.target 2>/dev/null");
|
||||||
# force the main default target in /usr/lib
|
# force the main default target in /usr/lib
|
||||||
#ln -fs sme-server.target /lib/systemd/system/default.target
|
#ln -fs sme-server.target /lib/systemd/system/default.target
|
||||||
my $old_qfn = "sme-server.target";
|
my $old_qfn = "sme-server.target";
|
||||||
@ -76,7 +76,7 @@ foreach my $d (@presetdirpaths) {
|
|||||||
my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`;
|
my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`;
|
||||||
chomp $smewants;
|
chomp $smewants;
|
||||||
my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g );
|
my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g );
|
||||||
|
my %smewants = map { $_ => 1 } @smematches;
|
||||||
|
|
||||||
# parse all files on reverse order : lower number take precedence
|
# parse all files on reverse order : lower number take precedence
|
||||||
# we ignore joker lines *
|
# we ignore joker lines *
|
||||||
@ -111,15 +111,15 @@ foreach my $filen (reverse sort keys %files) {
|
|||||||
$services{$service}=$stats;
|
$services{$service}=$stats;
|
||||||
|
|
||||||
# list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target
|
# list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target
|
||||||
next if (/^$service$/ ~~ @WantedBy);
|
next if ( exists($wantedBy{$service}));
|
||||||
if ( /^$service$/ ~~ @smematches ) {
|
if (exists($smewants{$service}) ) {
|
||||||
push(@WantedBy, $service);
|
$wantedBy{$service}=1;
|
||||||
#print "want $service \n";
|
#print "want $service \n";
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
||||||
chomp $wanted;
|
chomp $wanted;
|
||||||
push(@WantedBy , $service) unless ( $wanted eq "") ;
|
$wantedBy{$service}=1 unless ( $wanted eq "");
|
||||||
#print "want $service \n" unless ( $wanted eq "") ;
|
#print "want $service \n" unless ( $wanted eq "") ;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -166,7 +166,7 @@ foreach my $fi (@dirfiles) {
|
|||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
# if not wanted remove
|
# if not wanted remove
|
||||||
unless ( /^$fi$/ ~~ @WantedBy) {
|
unless ( exists($wantedBy{$fi})){
|
||||||
print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n";
|
print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n";
|
||||||
unlink "$d$fi";
|
unlink "$d$fi";
|
||||||
}
|
}
|
||||||
@ -176,7 +176,7 @@ foreach my $fi (@dirfiles) {
|
|||||||
# we only do it for sme-server.target, ignoring the remaining of WantedBy
|
# we only do it for sme-server.target, ignoring the remaining of WantedBy
|
||||||
foreach my $service (sort keys %services) {
|
foreach my $service (sort keys %services) {
|
||||||
my $wanted= "not";
|
my $wanted= "not";
|
||||||
$wanted = "want" if ( /^$service$/ ~~ @WantedBy );
|
$wanted = "want" if ( exists($wantedBy{$service}));#( /^$service$/ ~~ @WantedBy );
|
||||||
my $status = $services{$service};
|
my $status = $services{$service};
|
||||||
my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
||||||
my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
|
||||||
@ -223,8 +223,7 @@ foreach my $fi (@dirfiles) {
|
|||||||
my $service = $fi;
|
my $service = $fi;
|
||||||
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
|
||||||
chomp $wanted;
|
chomp $wanted;
|
||||||
#unless ( /^$fi$/ ~~ @WantedBy ) {
|
unless ( exists($wantedBy{$fi})) {
|
||||||
unless (grep(/^$fi$/, @WantedBy ) ) {
|
|
||||||
print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n";
|
print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,16 +1 @@
|
|||||||
# no packages own wtmp and btmp -- we'll rotate them here
|
|
||||||
/var/log/wtmp \{
|
|
||||||
monthly
|
|
||||||
create 0664 root utmp
|
|
||||||
minsize 1M
|
|
||||||
rotate 1
|
|
||||||
\}
|
|
||||||
|
|
||||||
/var/log/btmp \{
|
|
||||||
missingok
|
|
||||||
monthly
|
|
||||||
create 0600 root utmp
|
|
||||||
rotate 1
|
|
||||||
\}
|
|
||||||
|
|
||||||
# system-specific logs may be also be configured here.
|
# system-specific logs may be also be configured here.
|
||||||
|
@ -1 +1 @@
|
|||||||
SYSLOGD_OPTIONS="-c 5"
|
SYSLOGD_OPTIONS=""
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
/proc/interrupts
|
/proc/interrupts
|
||||||
/proc/ioports
|
/proc/ioports
|
||||||
/proc/bus/pci/devices
|
/proc/bus/pci/devices
|
||||||
/proc/rtc
|
/proc/driver/rtc
|
||||||
/proc/uptime
|
/proc/uptime
|
||||||
)),
|
)),
|
||||||
"$KeySize")
|
"$KeySize")
|
||||||
|
@ -53,7 +53,7 @@ sub key_exists_good_size {
|
|||||||
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
|
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
|
||||||
my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`;
|
my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`;
|
||||||
chomp $signatureKeySize;
|
chomp $signatureKeySize;
|
||||||
$signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p;
|
$signatureKeySize =~ s/^.*Private-Key: \((.*) bit.*\)/$1/p;
|
||||||
if ( $signatureKeySize == $KeySize ) {
|
if ( $signatureKeySize == $KeySize ) {
|
||||||
#print "key size is correct ($KeySize)\n";
|
#print "key size is correct ($KeySize)\n";
|
||||||
# key exists and key size is correct, we can proceed
|
# key exists and key size is correct, we can proceed
|
||||||
@ -86,7 +86,7 @@ sub cert_exists_good_size {
|
|||||||
#openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"
|
#openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"
|
||||||
my $signatureKeySize = `openssl x509 -text -noout -in $crt | grep "Public-Key" | head -1`;
|
my $signatureKeySize = `openssl x509 -text -noout -in $crt | grep "Public-Key" | head -1`;
|
||||||
chomp $signatureKeySize;
|
chomp $signatureKeySize;
|
||||||
$signatureKeySize =~ s/^ *Public-Key: \((.*) bit\)/$1/p;
|
$signatureKeySize =~ s/^.*Public-Key: \((.*) bit\)/$1/p;
|
||||||
if ( $signatureKeySize == $KeySize ) {
|
if ( $signatureKeySize == $KeySize ) {
|
||||||
#print "$signatureKeySize\n";
|
#print "$signatureKeySize\n";
|
||||||
# cert is correct size and exists, we can proceed.
|
# cert is correct size and exists, we can proceed.
|
||||||
|
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
|
|||||||
%define name smeserver-base
|
%define name smeserver-base
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
%define version 11.0.0
|
%define version 11.0.0
|
||||||
%define release 3
|
%define release 4
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: %{release}%{?dist}
|
Release: %{release}%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
@ -18,7 +18,10 @@ Requires: pwauth
|
|||||||
Requires: smeserver-lib >= 2.2.0-2
|
Requires: smeserver-lib >= 2.2.0-2
|
||||||
Requires: server-manager-images, server-manager
|
Requires: server-manager-images, server-manager
|
||||||
Requires: smeserver-formmagick >= 1.4.0-12
|
Requires: smeserver-formmagick >= 1.4.0-12
|
||||||
|
Requires: plymouth
|
||||||
Requires: initscripts >= 6.67-1es17
|
Requires: initscripts >= 6.67-1es17
|
||||||
|
Requires: network-scripts
|
||||||
|
Requires: rsyslog
|
||||||
Requires: smeserver-daemontools >= 1.7.1-04
|
Requires: smeserver-daemontools >= 1.7.1-04
|
||||||
Requires: perl(Locale::gettext)
|
Requires: perl(Locale::gettext)
|
||||||
Requires: perl(Crypt::Cracklib)
|
Requires: perl(Crypt::Cracklib)
|
||||||
@ -178,6 +181,14 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-4.sme
|
||||||
|
- fix networking [SME: 12541]
|
||||||
|
- require rsyslog [SME: 12544]
|
||||||
|
- remove unsupported rsyslog option -c [SME: 12545]
|
||||||
|
- remove duplicate entry logrotate for btmp and wtmp [SME: 12547]
|
||||||
|
- rework systemd-default script (error and smartmatches) [SME: 12543]
|
||||||
|
- fix self signed cert templates [SME: 12551]
|
||||||
|
|
||||||
* Sat Mar 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-3.sme
|
* Sat Mar 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-3.sme
|
||||||
- fix requirement for el8 SME11 [SME: 12521]
|
- fix requirement for el8 SME11 [SME: 12521]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user