aaa_base/aaa_base.post at master · mtomaschewski/aaa_base · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/bin/bash
#
#
# post.sh - to be done after extraction
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
#
# Run this script in C-Locale, or some tools will fail.
export LC_ALL=C
#
# to make sure, /var/lib/YaST/bin/bootsetup runs fine, delete
# /usr/lib/YaST/.configured2
test -e /usr/lib/YaST/.configured2 && rm -f /usr/lib/YaST/.configured2
#
# there are some installation with an etc/psdevtab, which is only readable
# for root - this slows ps for any other user. starting ps as root, creates
# it, when it doesn't exist (readable). So simply delete it.
#
test -e /etc/psdevtab && rm -f /etc/psdevtab
#
# if the old nsswitch.conf contains dns6, replace it with dns
#
test -f /etc/nsswitch.conf.rpmnew && grep dns6 /etc/nsswitch.conf >/dev/null 2>&1 && {
   sed -i -e "s|dns6|dns|g" /etc/nsswitch.conf
}
# GMT might already be in sysconfig/clock
%{rename_sysconfig_variable -f /etc/sysconfig/clock GMT HWCLOCK}

# just do a one-time migration of the time setting from /etc/sysconfig/clock
# to /etc/adjtime as systemd now use the later as reference
#
if test ! -e /etc/adjtime
then
    echo -e "0.0 0 0.0\n0\nUTC" > /etc/adjtime
fi
if test -s /etc/sysconfig/clock
then
    . /etc/sysconfig/clock
    if test -n "$HWCLOCK"
    then
	sed -ri '\@^##[[:blank:]]+Type:[[:blank:]]+string\(-u,--utc,--localtime\)@,\@^HWCLOCK=@c\
#\
# Be aware that the time reference of the CMOS/HW clock has been\
# forwarded to /etc/adjtime, the file used by hwclock(8) and\
# systemd(1) as reference for the CMOS/HW clock.\
' /etc/sysconfig/clock
	case "$HWCLOCK" in
	*-l*) sed -ri 's@^UTC$@LOCAL@' /etc/adjtime ;;
	*)    sed -ri 's@^LOCAL$@UTC@' /etc/adjtime ;;
	esac
    fi
fi

%{remove_and_set -n security CONSOLE_SHUTDOWN}
%{remove_and_set -n suseconfig CHECK_INITTAB}
%{remove_and_set -n suseconfig HALT_SOUND}

if ! [ -d /etc/sysconfig ] ; then
  mkdir -p /etc/sysconfig
fi
for i in language backup boot \
	suseconfig clock proxy windowmanager \
	cron news shutdown ; do
%{fillup_only -n $i}
done
if [ -e /etc/sysconfig/sysctl ]; then
	echo "merging /etc/sysconfig/sysctl into /etc/sysctl.conf ..."
	/lib/aaa_base/convert_sysctl
	mv /etc/sysconfig/sysctl /etc/sysconfig/sysctl.rpmsave
fi
test -e /etc/sysctl.conf || cat <<EOF >/etc/sysctl.conf
####
#
# /etc/sysctl.conf is meant for local sysctl settings
#
# sysctl reads settings from the following locations:
#   /boot/sysctl.conf-<kernelversion>
#   /lib/sysctl.d/*.conf
#   /usr/lib/sysctl.d/*.conf
#   /usr/local/lib/sysctl.d/*.conf
#   /etc/sysctl.d/*.conf
#   /run/sysctl.d/*.conf
#   /etc/sysctl.conf
#
# To disable or override a distribution provided file just place a
# file with the same name in /etc/sysctl.d/
#
# See sysctl.conf(5), sysctl.d(5) and sysctl(8) for more information
#
####
EOF
# migrate HALT_SOUND value if set before
if [ -n "$HALT_SOUND" -a "$HALT_SOUND" != "no" ] ; then
    sed -i -e "s|^HALT_SOUND=.*|HALT_SOUND=\"$HALT_SOUND\"|" /etc/sysconfig/shutdown
fi
# fix sysconfig backup dir
if grep -q RCCONFIG_BACKUP_DIR../var/adm/backup/rpmdb /etc/sysconfig/backup; then
    sed -i -e "s|^RCCONFIG_BACKUP_DIR=.*|RCCONFIG_BACKUP_DIR=\"/var/adm/backup/sysconfig\"|" \
	/etc/sysconfig/backup
    mkdir -p /var/adm/backup/sysconfig
    mv /var/adm/backup/rpmdb/sysconfig[-_]* /var/adm/backup/sysconfig 2>/dev/null
fi

if grep -q "SEND_OUTPUT_ON_NO_ERROR=\"yes\"" /etc/sysconfig/cron ; then
  if test ! -f /var/adm/bnc_622203_fixed ; then
    sed -i -e "s|^SEND_OUTPUT_ON_NO_ERROR=\"yes\"|SEND_OUTPUT_ON_NO_ERROR=\"no\"|" \
        /etc/sysconfig/cron
    touch /var/adm/bnc_622203_fixed
  fi
fi

#
# Backup gshadow file and remove it (merge passwords into
# /etc/group before).
#
if [ -f /etc/gshadow -a -x /usr/sbin/grpunconv ]; then
  cp -p /etc/gshadow /etc/gshadow-`date "+%Y%m%d"`
  chmod 600 /etc/gshadow-`date "+%Y%m%d"`
  /usr/sbin/grpunconv
fi

#
# handle password files
#
for i in passwd group shadow ; do
    test -e /var/adm/fillup-templates/$i.aaa_base || continue
    echo -n "Updating etc/$i..."
  if test -f /etc/$i ; then
    cp /etc/$i /etc/$i.tmp
    rm -f /etc/$i.add
    sort -k 1,1 -t: -u /etc/$i /var/adm/fillup-templates/$i.aaa_base \
    | sort -k 1,1 -t: /etc/$i - | uniq -u > /etc/$i.add
    cat /etc/$i.add >> /etc/$i
    rm -f /etc/$i.add
    if cmp -s /etc/$i /etc/$i.tmp ; then
	echo "unchanged"
    else
	echo "modified"
    fi
    rm -f /etc/$i.tmp
    # If we have a NIS system, we have to make sure, that "^+" is at the end
    grep -v "^+" /etc/$i > /etc/$i.tmp || :
    grep "^+" /etc/$i >> /etc/$i.tmp || :
    test -s /etc/$i.tmp && cat /etc/$i.tmp > /etc/$i
    rm -f /etc/$i.tmp
  else
    cat /var/adm/fillup-templates/$i.aaa_base > /etc/$i
    echo "new"
  fi
done
# check/fix owner and permission of shadow files
for i in /etc/shadow ; do
    chmod 640 $i
    chgrp shadow $i
done
#
# Change primary group of nobody to nobody
# and change mistakenly root:users group to root:root (bnc#843230)
#
if [ -x /usr/sbin/usermod ]; then
  /usr/sbin/usermod -g nobody nobody 2> /dev/null ||:

  /usr/sbin/usermod -g root root 2> /dev/null ||:
fi

#
# create mtab if it does not exist
#
if test ! -e /etc/mtab; then
    ln -sf /proc/self/mounts /etc/mtab
fi
#
# make sure that several log files exist
#
if test ! -d /var/log ; then
    mkdir -p /var/log
fi

while read file owner mode; do
    test -e "$file" || touch "$file"
    chmod "$mode" "$file"
    chown "$owner" "$file"
done <<EOT
/root/.bash_history root:root 600
/var/log/lastlog    root:root 644
/var/log/faillog    root:root 600
/var/log/wtmp       root:utmp 664
/var/log/btmp       root:root 600
/run/utmp       root:utmp 664
EOT

if test -e /usr/sbin/usrdel.local -a ! -e /usr/sbin/userdel.local ; then
    cp /usr/sbin/usrdel.local /usr/sbin/userdel.local
fi
if test ! -e /usr/sbin/userdel.local ; then
    mkdir -p /usr/sbin
    cat << EOT > /usr/sbin/userdel.local
#!/bin/bash
#
# Here you can add your own stuff, that should be done for every user who
# will be deleted.
#
# When you delete a user with YaST, this script will be called
# with the login name as parameter.  The rest of data can be taken
# from /etc/passwd.
#
EOT
    chmod 744 /usr/sbin/userdel.local
fi

# change all /media mounts (subfs) to noauto
if test -f /etc/fstab ; then
sed  -i -e '/^[[:space:]]*#/{p;d}' -e '/[[:space:]]subfs.*noauto/{p;d}' -e '/\/media.*fs=\(cdfss\|floppyfss\)/s/\([[:space:]]subfs[[:space:]][[:space:]]*\)/\1noauto,/' /etc/fstab
fi

exit 0