Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package clone-master-clean-up for openSUSE:Factory checked in at 2023-04-05 21:28:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clone-master-clean-up (Old) and /work/SRC/openSUSE:Factory/.clone-master-clean-up.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "clone-master-clean-up" Wed Apr 5 21:28:46 2023 rev:4 rq:1077560 version:1.11 Changes: -------- --- /work/SRC/openSUSE:Factory/clone-master-clean-up/clone-master-clean-up.changes 2020-08-18 12:02:51.303421929 +0200 +++ /work/SRC/openSUSE:Factory/.clone-master-clean-up.new.19717/clone-master-clean-up.changes 2023-04-05 21:36:09.062738315 +0200 @@ -1,0 +2,38 @@ +Tue Feb 7 12:26:43 UTC 2023 - Peter Varkoly <vark...@suse.com> + +- Bump version to 1.11 +- clone-master-clean-up fails when /etc/iscsi/initiatorname.iscsi doesn't exist + The entire section is wrapped in a test for the existence of this file. + (bsc#1207993) + +------------------------------------------------------------------- +Fri Oct 28 11:41:37 UTC 2022 - Peter Varkoly <vark...@suse.com> + +- Bump version to 1.10 +- clone-master-clean-up fails if postfix is not installed (bsc#1204835) + Check if the directory does exists. + +------------------------------------------------------------------- +Fri Sep 23 14:49:49 UTC 2022 - Peter Varkoly <vark...@suse.com> + +- Bump version to 1.9 +- [clone-master-clean-up] Cleannup initiatorname.iscsi + Remove all no comment files + (bsc#1203024) + +------------------------------------------------------------------- +Thu Sep 22 09:08:16 UTC 2022 - Peter Varkoly <vark...@suse.com> + +- Bump version to 1.8 +- clone-master-clean-up fails to remove btrfs snapshots + (bsc#1203651) + +------------------------------------------------------------------- +Tue Aug 30 15:02:45 UTC 2022 - abr...@suse.com + +- Bump version to 1.7 +- CVE-2021-32000: fix some potentially dangerous file system + operations + (bsc#1181050) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clone-master-clean-up.spec ++++++ --- /var/tmp/diff_new_pack.ravx1m/_old 2023-04-05 21:36:09.550741100 +0200 +++ /var/tmp/diff_new_pack.ravx1m/_new 2023-04-05 21:36:09.554741123 +0200 @@ -1,7 +1,7 @@ # # spec file for package clone-master-clean-up # -# Copyright (c) 2017-2020 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: clone-master-clean-up -Version: 1.6 +Version: 1.11 Release: 0 Summary: Tool to clean up a system for cloning preparation License: GPL-2.0-or-later ++++++ clone-master-clean-up.1 ++++++ --- /var/tmp/diff_new_pack.ravx1m/_old 2023-04-05 21:36:09.686741877 +0200 +++ /var/tmp/diff_new_pack.ravx1m/_new 2023-04-05 21:36:09.690741900 +0200 @@ -14,7 +14,7 @@ .\" * GNU General Public License for more details. .\" */ .\" -.TH clone-master-clean-up "1" "May 2017" "" "Clean-Up For Cloning Preparation" +.TH clone-master-clean-up "1" "September 2022" "" "Clean-Up For Cloning Preparation" .SH NAME clone\-master\-clean\-up - Clean up a system for cloning preparation. @@ -77,7 +77,7 @@ .IP \[bu] SUSE registration, all software repositories. .IP \[bu] -SSH host keys, user SSH keys, user authorized keys, user shell history. +SSH host keys, root user SSH keys, root user authorized keys, root user shell history. .IP \[bu] User mails and user cron jobs. .IP \[bu] ++++++ clone-master-clean-up.sh ++++++ --- /var/tmp/diff_new_pack.ravx1m/_old 2023-04-05 21:36:09.714742036 +0200 +++ /var/tmp/diff_new_pack.ravx1m/_new 2023-04-05 21:36:09.722742082 +0200 @@ -4,6 +4,7 @@ # Author: Howard Guo <h...@suse.com> set -e +shopt -s nullglob # bsc#1092378 DROP_IN_FILE=/etc/clone-master-clean-up/custom_remove SYSCONF_FILE=/etc/sysconfig/clone-master-clean-up @@ -16,10 +17,21 @@ [ "$UID" != "0" ] && echo 'Please run this program as root user.' && exit 1 -echo 'The script will delete all SSH keys, log data, and more. Type YES and enter to proceed.' +echo -e 'The script will delete root SSH keys, log data, and more.\n' \ + 'WARNING: This should only be used on a pristine system\n' \ + 'WARNING: with no populated /home directories!\n' \ + 'Type YES and enter to proceed.' read -r answer [ "$answer" != "YES" ] && exit 1 +if [ -n "$(echo /home/*/.ssh/* /home/*/.*_history)" ]; then + echo -e 'There seem to be populated /home directories on this system\n' \ + 'Cloning such systems is not recommended.\n' \ + 'Type YES if you still would like to proceed.' + read answer + [ "$answer" != "YES" ] && exit 1 +fi + # source config file if [ -r "$SYSCONF_FILE" ]; then . "$SYSCONF_FILE" @@ -45,22 +57,33 @@ echo "Removing zypper anonymous ID" rm -rf /var/lib/zypp/AnonymousUniqueId -echo 'Removing SSH host keys, user SSH keys, authorized keys, and shell history' -rm -rf /etc/ssh/ssh_host*key* /root/.ssh/* /home/*/.ssh/* /home/*/.*_history &> /dev/null +echo 'Removing SSH host keys, root user SSH keys, authorized keys, and shell history' +rm -rf /etc/ssh/ssh_host*key* /root/.ssh/* &> /dev/null echo 'Removing all mails and cron-jobs' rm -rf /var/spool/mail/* rm -rf /var/spool/cron/{lastrun,tabs}/* echo "Clean up postfix" -rm -rf /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}/* +for i in /var/spool/postfix/{active,corrupt,deferred,hold,maildrop,saved,bounce,defer,flush,incoming,trace}; do + if [ -d "$i" ]; then + # descend following symlink and check if it was symlink, if not, recursively delete entries in this directory. 'rm -rf' doesn't follow symlinks. + cd -P "$i" + [ "$i" != "$PWD" ] && continue + info=( $(stat --printf="%u %g" ".") ) + owner=${info[0]} + group=${info[1]} + setpriv --clear-groups --reuid "$owner" --regid "$group" rm -rf ./* + fi +done echo 'Removing all temporary files' rm -rf /tmp/* /tmp/.* /var/tmp/* /var/tmp/.* &> /dev/null || true -echo 'Clearing log files and removing log archives' -find /var/log -type f -exec truncate -s 0 {} \; +echo 'Removing log archives' find /var/log \( -iname '*.old' -o -iname '*.xz' -o -iname '*.gz' \) -delete +echo 'Clearing log files' +find /var/log -type f -exec truncate -s 0 {} \; echo 'Clearing HANA firewall script' rm -rf /etc/hana-firewall.d/generated_hana_firewall_script @@ -119,55 +142,51 @@ if [ "$CMCU_RSNAP" = "yes" ]; then -SNAPPER_CMD="snapper delete" - if [ -d /.snapshots ]; then - echo "Removing all pre/post btrfs snapshots from /.snapshot" - snapshots=$(dbus-send --type=method_call --system --print-reply \ - --dest=org.opensuse.Snapper \ - /org/opensuse/Snapper \ - org.opensuse.Snapper.ListSnapshots string:root \ - 2>/dev/null | awk -- " + if [ -d /.snapshots ]; then + echo "Removing all pre/post btrfs snapshots from /.snapshot" + presnapshots=$(dbus-send --type=method_call --system --print-reply \ + --dest=org.opensuse.Snapper \ + /org/opensuse/Snapper \ + org.opensuse.Snapper.ListSnapshots string:root \ + 2>/dev/null | awk -- " BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0} /array \[/ {arr++} /struct {/ {if (arr==1) cnt++} -/}/ {if(arr==1&&--cnt==0){if(del==1) print id \"|\" lst;del=0;u4=0;u2=0}} +/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}} /\]/ {arr--} # Don't delete current snapshot /string "current"/ {if (arr==1 && cnt==1) del=0} # ID: 1st uint32 value of each top struct in top array /uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2} # Type: 1st uint16 value of each top struct in top array -/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==1 || \$2==2){del=1}}}} +/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==1 ){del=1}}}} ") - - # Create chains - OFS=$IFS - IFS=" " - while read line; do - [[ $line =~ ([^\|]+)\|(.*) ]] - last[${BASH_REMATCH[1]}]=${BASH_REMATCH[2]}; - [ -z "${next[${BASH_REMATCH[1]}]}" ] && next[${BASH_REMATCH[1]}]=0 - next[${BASH_REMATCH[2]}]=${BASH_REMATCH[1]} - done <<< $snapshots - IFS=$OFS - # Find end of each chain and work backwards - for i in ${!next[@]}; do - [ -n "${next[$i]}" ] || continue # unpopulated - a=${next[$i]}; unset next[$i]; b=$i - while true; do - if [ $a -eq 0 ] - then - while true; do - unset next[$b]; $SNAPPER_CMD $b - b=${last[$b]} - [ $b -eq 0 ] && break 2 - done - else - b=$a; a=${next[$a]}; unset next[$b] - fi - done - done - fi + for i in $presnapshots + do + /usr/bin/snapper delete --sync $i + done + postsnapshots=$(dbus-send --type=method_call --system --print-reply \ + --dest=org.opensuse.Snapper \ + /org/opensuse/Snapper \ + org.opensuse.Snapper.ListSnapshots string:root \ + 2>/dev/null | awk -- " +BEGIN {arr=0; cnt=0; u2=0; u4=0; del=0} +/array \[/ {arr++} +/struct {/ {if (arr==1) cnt++} +/}/ {if(arr==1&&--cnt==0){if(del==1) print id ;del=0;u4=0;u2=0}} +/\]/ {arr--} +# Don't delete current snapshot +/string "current"/ {if (arr==1 && cnt==1) del=0} +# ID: 1st uint32 value of each top struct in top array +/uint32/ {if (arr==1 && cnt==1) if (++u4==1)id=\$2; else if (u4==2)lst=\$2} +# Type: 1st uint16 value of each top struct in top array +/uint16/ {if (arr==1 && cnt==1){if (++u2==1) {if (\$2==2 ){del=1}}}} +") + for i in $postsnapshots + do + /usr/bin/snapper delete --sync $i + done + fi fi if [ "$CMCU_ZYPP_REPOS" = "yes" ]; then @@ -234,7 +253,7 @@ rm -rf /tmp/fstab.tmp echo "Clean up network files (except interfaces using dhcp boot protocol)" -# additional files like bondig interfaces or vlans can be found in +# additional files like bondig interfaces or vlans can be found in # /usr/share/clone-master-clean-up/custom_remove.template for intf in /etc/sysconfig/network/ifcfg-eth*; do bprot=$(grep "^BOOTPROTO=" "$intf" | sed "s/^BOOTPROTO=//") @@ -271,6 +290,11 @@ done < $DROP_IN_FILE fi +if [ -e /etc/iscsi/initiatorname.iscsi ]; then + echo 'Clean up initiatorname.iscsi' + sed -i '/^[^#]/d' /etc/iscsi/initiatorname.iscsi +fi + echo 'Finished. The system is now sparkling clean. Feel free to shut it down and image it.'