Bugzilla – Bug 1217398
AUDIT-FIND: find + chown construct in %post
Last modified: 2023-12-11 12:51:37 UTC
In the spec file 716 if getent passwd avahi > /dev/null; then 717 # Change ownership of /var/lib/avahi-autoipd after upgrade from openSUSE <= 12.3 and SLE <= 11. 718 find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown avahi-autoipd:avahi-autoipd {} + 719 fi stumbled over this due to the recent changes. Couple of questions: 1, is this still needed? Based on the comment we might be able to drop it 2, why do we have the find + chown construct? Is there a directory structure below /var/lib/avahi-autoipd In any case: please add -h to chown please to prevent it from following symlinks.
(In reply to Johannes Segitz from comment #0) > In the spec file > 716 if getent passwd avahi > /dev/null; then > 717 # Change ownership of /var/lib/avahi-autoipd after upgrade from > openSUSE <= 12.3 and SLE <= 11. > 718 find %{_localstatedir}/lib/avahi-autoipd -user avahi -exec chown > avahi-autoipd:avahi-autoipd {} + > 719 fi > > stumbled over this due to the recent changes. Couple of questions: > 1, is this still needed? Based on the comment we might be able to drop it Always a good question to know if/when all systems migrated this. > 2, why do we have the find + chown construct? Is there a directory structure > below /var/lib/avahi-autoipd The structure can contain directories and files; > In any case: please add -h to chown please to prevent it from following > symlinks. https://build.opensuse.org/request/show/1128131
(In reply to Dominique Leuenberger from comment #1) > > 1, is this still needed? Based on the comment we might be able to drop it > > Always a good question to know if/when all systems migrated this. Upgrades from everything older than SLE12 to post SLE15 are no longer supported. So support for migrations from SLE <= 11 should be removed. Every line of code less in %pre/%post install scripts is a big win, especially with transactional-update, image based updates and hermetic /usr.
yes, tricky to say when everyone migrated, but I agree with Thorsten. The comment implies this is for really old systems. I would also prefer to have this fully dropped
(In reply to Johannes Segitz from comment #3) > yes, tricky to say when everyone migrated, but I agree with Thorsten. The > comment implies this is for really old systems. I would also prefer to have > this fully dropped This has been addressed in avahi: 3+Thu Nov 23 07:48:14 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org> 4+ 5+- avahi-autoipd: drop the post script part migrating the user 6+ owning files in /var/lib/avahi-autoipd: the code was aiding 7+ migrations from SLE<=11/openSUSE<=12.3, which are no longer in 8+ scope for upgrades nowadays. 9+ 10+------------------------------------------------------------------- 11+Wed Nov 22 12:55:06 UTC 2023 - Dominique Leuenberger <dimstar@opensuse.org> 12+ 13+- avahi-autoipd: guard %post chown with -h, to not follow symlinks 14+ (boo#1217398). 15+