* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-4.sme

- fix networking [SME: 12541]
- require rsyslog [SME: 12544]
- remove unsupported rsyslog option -c [SME: 12545]
- remove duplicate entry logrotate for btmp and wtmp [SME: 12547]
- rework systemd-default script (error and smartmatches) [SME: 12543]
- fix self signed cert templates [SME: 12551]
This commit is contained in:
Jean-Philippe Pialasse 2024-03-26 21:07:09 -04:00
parent 081e7b8655
commit 0777b5a082
6 changed files with 26 additions and 31 deletions

View File

@ -20,7 +20,7 @@ my $filename = "/etc/systemd/system-preset/49-koozali.preset";
my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf"; my $filename2 = "/usr/lib/systemd/system/sme-server.target.d/50koozali.conf";
my %services; my %services;
my %files; my %files;
my @WantedBy; my @WantedBy;my %wantedBy;
# expand preset file # expand preset file
esmith::templates::processTemplate({ esmith::templates::processTemplate({
@ -36,7 +36,7 @@ esmith::templates::processTemplate({
}); });
# make sure our target is enabled # make sure our target is enabled
system("/usr/bin/systemctl enable sme-server.target"); system("/usr/bin/systemctl enable sme-server.target 2>/dev/null");
# force the main default target in /usr/lib # force the main default target in /usr/lib
#ln -fs sme-server.target /lib/systemd/system/default.target #ln -fs sme-server.target /lib/systemd/system/default.target
my $old_qfn = "sme-server.target"; my $old_qfn = "sme-server.target";
@ -76,7 +76,7 @@ foreach my $d (@presetdirpaths) {
my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`; my $smewants = `grep -P '^Wants=' /usr/lib/systemd/system/sme-server.target -rs`;
chomp $smewants; chomp $smewants;
my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g ); my @smematches = ( $smewants =~ /([a-zA-Z0-9\-_]+\.service)/g );
my %smewants = map { $_ => 1 } @smematches;
# parse all files on reverse order : lower number take precedence # parse all files on reverse order : lower number take precedence
# we ignore joker lines * # we ignore joker lines *
@ -111,15 +111,15 @@ foreach my $filen (reverse sort keys %files) {
$services{$service}=$stats; $services{$service}=$stats;
# list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target # list all Services explicitely listed in preset that are also in Wants= or with WantedBy= sme-server.target
next if (/^$service$/ ~~ @WantedBy); next if ( exists($wantedBy{$service}));
if ( /^$service$/ ~~ @smematches ) { if (exists($smewants{$service}) ) {
push(@WantedBy, $service); $wantedBy{$service}=1;
#print "want $service \n"; #print "want $service \n";
} }
else { else {
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ; my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
chomp $wanted; chomp $wanted;
push(@WantedBy , $service) unless ( $wanted eq "") ; $wantedBy{$service}=1 unless ( $wanted eq "");
#print "want $service \n" unless ( $wanted eq "") ; #print "want $service \n" unless ( $wanted eq "") ;
} }
@ -166,7 +166,7 @@ foreach my $fi (@dirfiles) {
next; next;
} }
# if not wanted remove # if not wanted remove
unless ( /^$fi$/ ~~ @WantedBy) { unless ( exists($wantedBy{$fi})){
print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n"; print "remove $d$fi as not declared as WantedBy or in Wants for sme-server.target\n";
unlink "$d$fi"; unlink "$d$fi";
} }
@ -176,7 +176,7 @@ foreach my $fi (@dirfiles) {
# we only do it for sme-server.target, ignoring the remaining of WantedBy # we only do it for sme-server.target, ignoring the remaining of WantedBy
foreach my $service (sort keys %services) { foreach my $service (sort keys %services) {
my $wanted= "not"; my $wanted= "not";
$wanted = "want" if ( /^$service$/ ~~ @WantedBy ); $wanted = "want" if ( exists($wantedBy{$service}));#( /^$service$/ ~~ @WantedBy );
my $status = $services{$service}; my $status = $services{$service};
my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not"; my $linkedU = ( -e "/usr/lib/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not"; my $linkedE = ( -e "/etc/systemd/system/sme-server.target.wants/$service" ) ? "linked" : "not";
@ -223,8 +223,7 @@ foreach my $fi (@dirfiles) {
my $service = $fi; my $service = $fi;
my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ; my $wanted = `grep -P '^WantedBy=.*sme-server.target' /usr/lib/systemd/system/$service* /etc/systemd/system/$service* -rsh` ;
chomp $wanted; chomp $wanted;
#unless ( /^$fi$/ ~~ @WantedBy ) { unless ( exists($wantedBy{$fi})) {
unless (grep(/^$fi$/, @WantedBy ) ) {
print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n"; print "$d$fi is not declared as WantedBy or in Wants for sme-server.target\n";
} }
} }

View File

@ -1,16 +1 @@
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp \{
monthly
create 0664 root utmp
minsize 1M
rotate 1
\}
/var/log/btmp \{
missingok
monthly
create 0600 root utmp
rotate 1
\}
# system-specific logs may be also be configured here. # system-specific logs may be also be configured here.

View File

@ -1 +1 @@
SYSLOGD_OPTIONS="-c 5" SYSLOGD_OPTIONS=""

View File

@ -42,7 +42,7 @@
/proc/interrupts /proc/interrupts
/proc/ioports /proc/ioports
/proc/bus/pci/devices /proc/bus/pci/devices
/proc/rtc /proc/driver/rtc
/proc/uptime /proc/uptime
)), )),
"$KeySize") "$KeySize")

View File

@ -53,7 +53,7 @@ sub key_exists_good_size {
# check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p" # check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`; my $signatureKeySize = `openssl rsa -in $key -text -noout | grep "Private-Key" | head -1`;
chomp $signatureKeySize; chomp $signatureKeySize;
$signatureKeySize =~ s/^ *Private-Key: \((.*) bit\)/$1/p; $signatureKeySize =~ s/^.*Private-Key: \((.*) bit.*\)/$1/p;
if ( $signatureKeySize == $KeySize ) { if ( $signatureKeySize == $KeySize ) {
#print "key size is correct ($KeySize)\n"; #print "key size is correct ($KeySize)\n";
# key exists and key size is correct, we can proceed # key exists and key size is correct, we can proceed
@ -86,7 +86,7 @@ sub cert_exists_good_size {
#openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p" #openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"
my $signatureKeySize = `openssl x509 -text -noout -in $crt | grep "Public-Key" | head -1`; my $signatureKeySize = `openssl x509 -text -noout -in $crt | grep "Public-Key" | head -1`;
chomp $signatureKeySize; chomp $signatureKeySize;
$signatureKeySize =~ s/^ *Public-Key: \((.*) bit\)/$1/p; $signatureKeySize =~ s/^.*Public-Key: \((.*) bit\)/$1/p;
if ( $signatureKeySize == $KeySize ) { if ( $signatureKeySize == $KeySize ) {
#print "$signatureKeySize\n"; #print "$signatureKeySize\n";
# cert is correct size and exists, we can proceed. # cert is correct size and exists, we can proceed.

View File

@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
%define name smeserver-base %define name smeserver-base
Name: %{name} Name: %{name}
%define version 11.0.0 %define version 11.0.0
%define release 3 %define release 4
Version: %{version} Version: %{version}
Release: %{release}%{?dist} Release: %{release}%{?dist}
License: GPL License: GPL
@ -18,7 +18,10 @@ Requires: pwauth
Requires: smeserver-lib >= 2.2.0-2 Requires: smeserver-lib >= 2.2.0-2
Requires: server-manager-images, server-manager Requires: server-manager-images, server-manager
Requires: smeserver-formmagick >= 1.4.0-12 Requires: smeserver-formmagick >= 1.4.0-12
Requires: plymouth
Requires: initscripts >= 6.67-1es17 Requires: initscripts >= 6.67-1es17
Requires: network-scripts
Requires: rsyslog
Requires: smeserver-daemontools >= 1.7.1-04 Requires: smeserver-daemontools >= 1.7.1-04
Requires: perl(Locale::gettext) Requires: perl(Locale::gettext)
Requires: perl(Crypt::Cracklib) Requires: perl(Crypt::Cracklib)
@ -178,6 +181,14 @@ fi
%changelog %changelog
* Tue Mar 26 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-4.sme
- fix networking [SME: 12541]
- require rsyslog [SME: 12544]
- remove unsupported rsyslog option -c [SME: 12545]
- remove duplicate entry logrotate for btmp and wtmp [SME: 12547]
- rework systemd-default script (error and smartmatches) [SME: 12543]
- fix self signed cert templates [SME: 12551]
* Sat Mar 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-3.sme * Sat Mar 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-3.sme
- fix requirement for el8 SME11 [SME: 12521] - fix requirement for el8 SME11 [SME: 12521]