[Pkg-freeipa-devel] [Git][freeipa-team/oddjob][master] 10 commits: Read HOME_MODE and UMASK from /etc/login.defs
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Sun Mar 20 13:53:14 GMT 2022
Timo Aaltonen pushed to branch master at FreeIPA packaging / oddjob
Commits:
c51b28ad by Alexander Bokovoy at 2020-10-08T14:56:07+03:00
Read HOME_MODE and UMASK from /etc/login.defs
shadow-utils changed behavior of UMASK to only apply to runtime
processes. For home directories, HOME_MODE variable was introduced
instead.
Read HOME_MODE and fall back to UMASK if that does not exist.
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
dfb0f7aa by Alexander Bokovoy at 2020-12-14T18:16:29+02:00
Enforce stable LC_ALL=C.UTF-8 in jobs environment
FreeIPA uses oddjobd to run Python scripts. It also expects that the
execution environment uses UTF-8 encoding. On RHEL 8.4 default
configuration changed to provide LC_ALL=en_US which uses ISO-8859-1
encoding instead of UTF-8.
Enforce C.UTF-8 to not depend on the system defaults.
Resolves: rhbz#1907481
Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>
- - - - -
375f661f by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Initialize srv before use
- - - - -
c539e931 by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Release 0.34.7
- - - - -
c64cbce7 by Timo Aaltonen at 2021-01-07T08:56:08+02:00
Merge branch 'upstream'
- - - - -
ef43a16c by Timo Aaltonen at 2021-01-07T08:56:51+02:00
New upstream version.
- - - - -
80800b64 by Timo Aaltonen at 2022-03-20T15:44:02+02:00
control: Drop libldap2-dev from build-depends. (Closes: #1007972)
- - - - -
03cfbad7 by Timo Aaltonen at 2022-03-20T15:44:47+02:00
control: Bump policy to 4.6.0.
- - - - -
0f18110d by Timo Aaltonen at 2022-03-20T15:45:18+02:00
control: Bump debhelper-compat to 13.
- - - - -
7b467653 by Timo Aaltonen at 2022-03-20T15:52:37+02:00
releasing package oddjob version 0.34.7-1
- - - - -
10 changed files:
- configure.ac
- debian/changelog
- debian/control
- debian/rules
- oddjob.spec
- scripts/oddjobd.service.in
- src/mkhomedir.c
- src/oddjob_dbus.c
- src/oddjobd-mkhomedir.conf.5.in
- src/pam_oddjob_mkhomedir.8.in
Changes:
=====================================
configure.ac
=====================================
@@ -1,4 +1,4 @@
-AC_INIT(oddjob,0.34.4)
+AC_INIT(oddjob,0.34.7)
AC_PREREQ(2.59)
PACKAGE_NAME_CAPS=`echo $PACKAGE_NAME | tr '[a-z]' '[A-Z]'`
AC_DEFINE_UNQUOTED(PACKAGE_NAME_CAPS,"$PACKAGE_NAME_CAPS",[Define to the package name, in caps.])
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+oddjob (0.34.7-1) unstable; urgency=medium
+
+ * New upstream version.
+ * control: Drop libldap2-dev from build-depends. (Closes: #1007972)
+ * control: Bump policy to 4.6.0.
+ * control: Bump debhelper-compat to 13.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Sun, 20 Mar 2022 15:52:31 +0200
+
oddjob (0.34.6-1) unstable; urgency=medium
* New upstream release. (Closes: #956352, #960089)
=====================================
debian/control
=====================================
@@ -4,11 +4,10 @@ Priority: optional
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton at debian.org>
Build-Depends:
- debhelper-compat (= 12),
+ debhelper-compat (= 13),
dbus,
libdbus-1-dev,
libkrb5-dev,
- libldap2-dev,
libpam-dev,
libsasl2-dev,
libselinux1-dev,
@@ -16,7 +15,7 @@ Build-Depends:
pkg-config,
systemd,
xmlto,
-Standards-Version: 4.5.0
+Standards-Version: 4.6.0
Homepage: https://pagure.io/oddjob/
Vcs-Git: https://salsa.debian.org/freeipa-team/oddjob.git
Vcs-Browser: https://salsa.debian.org/freeipa-team/oddjob
=====================================
debian/rules
=====================================
@@ -30,6 +30,3 @@ override_dh_install:
$(CURDIR)/debian/tmp/lib/${DEB_HOST_MULTIARCH}/
dh_install
-
-override_dh_missing:
- dh_missing --fail-missing
=====================================
oddjob.spec
=====================================
@@ -21,7 +21,7 @@
%endif
Name: oddjob
-Version: 0.34.6
+Version: 0.34.7
Release: 1%{?dist}
Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.sig
@@ -246,6 +246,10 @@ fi
exit 0
%changelog
+* Mon Dec 14 18:44:51 EET 2020 Alexander Bokovoy <abokovoy at redhat.com> - 0.34.7-1
+- Read HOME_MODE and UMASK from /etc/login.defs
+- Default to LC_ALL=C.UTF-8 in systemd service environment
+
* Thu May 7 2020 Nalin Dahyabhai <nalin at redhat.com> - 0.34.6-1
- update license on src/buffer.h
- change /var/run -> /run in systemd service file (Orion Poplawski)
=====================================
scripts/oddjobd.service.in
=====================================
@@ -5,6 +5,7 @@ After=syslog.target network.target dbus.service
[Service]
Type=simple
PIDFile=/run/oddjobd.pid
+Environment=LC_ALL=C.UTF-8
ExecStart=@sbindir@/oddjobd -n -p /run/oddjobd.pid -t 300
[Install]
=====================================
src/mkhomedir.c
=====================================
@@ -264,12 +264,13 @@ mkhomedir(const char *user, int flags)
}
static mode_t
-get_umask(int *configured)
+get_umask(int *configured, const char *variable)
{
FILE *fp;
char buf[BUFSIZ], *p, *end;
mode_t mask = umask(0777);
long tmp;
+ size_t vlen = strlen(variable);
fp = fopen("/etc/login.defs", "r");
if (fp != NULL) {
@@ -279,10 +280,10 @@ get_umask(int *configured)
}
buf[strcspn(buf, "\r\n")] = '\0';
p = buf + strspn(buf, " \t");
- if (strncmp(p, "UMASK", 5) != 0) {
+ if (strncmp(p, variable, vlen) != 0) {
continue;
}
- p += 5;
+ p += vlen;
if (strspn(p, " \t") == 0) {
continue;
}
@@ -308,7 +309,11 @@ main(int argc, char **argv)
int i, configured_umask = 0, flags = FLAG_POPULATE;
openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON);
- override_umask = get_umask(&configured_umask);
+ /* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */
+ override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
+ if (configured_umask == 0) {
+ override_umask = get_umask(&configured_umask, "UMASK");
+ }
umask(override_umask);
skel_dir = "/etc/skel";
=====================================
src/oddjob_dbus.c
=====================================
@@ -634,7 +634,7 @@ static DBusHandlerResult
oddjob_dbus_filter(DBusConnection *conn, DBusMessage *message, void *user_data)
{
struct oddjob_dbus_context *ctx;
- struct oddjob_dbus_service *srv;
+ struct oddjob_dbus_service *srv = NULL;
struct oddjob_dbus_object *obj;
struct oddjob_dbus_interface *interface;
struct oddjob_dbus_method *method;
=====================================
src/oddjobd-mkhomedir.conf.5.in
=====================================
@@ -24,7 +24,8 @@ Override the location of the skeleton directory (by default: \fI/etc/skel\fR).
-u
Specify a umask whose bits are masked off of contents of the skeleton directory
while they are copied to the user's new home directory. The default is read
-from \fB/etc/login.defs\fR.
+from \fB/etc/login.defs\fR by taking \fBHOME_MODE\fR and \fBUMASK\fR values, in
+this order. First found value persists.
.SH SEE ALSO
\fBoddjob.conf\fR(5)
=====================================
src/pam_oddjob_mkhomedir.8.in
=====================================
@@ -14,8 +14,9 @@ if the module is running with superuser privileges. Otherwise, it invokes the
\fImkmyhomedir\fR method.
The location of the skeleton directory and the default umask are determined by
-the configuration for the corresponding service in \fBoddjobd-mkhomedir.conf\fR,
-so they can not be specified as arguments to this module.
+the values of \fBHOME_MODE\fR or \fBUMASK\fR (as a fallback) variables in
+\fI/etc/login.defs\fR, so they can not be specified as arguments to this
+module.
If \fID-Bus\fR has not been configured to allow the calling application to
invoke these methods provided as part of the \fI at NAMESPACE@.oddjob_mkhomedir\fR
View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/86f18680b969915f3465c13c48122e94eed417bb...7b467653850e52877b733eac6429f9c6e347cc37
--
View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/86f18680b969915f3465c13c48122e94eed417bb...7b467653850e52877b733eac6429f9c6e347cc37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220320/10913da4/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list