osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/meta-telephony/+/36618?usp=email )
Change subject: Remove User= and Group= from systemd service files ...................................................................... Remove User= and Group= from systemd service files Service files of Osmocom programs will have User= and Group= in the future, so these don't run as root. It was decided that for OE-based systems, we will still run them as root for now. Related: OS#5684, OS#4107 Change-Id: I68a8fba034aeb0e2923b2958b8d6842410d8b23c --- M recipes-osmocom/libosmo-sccp/libosmo-sccp.inc M recipes-osmocom/osmo-bsc/osmo-bsc.inc M recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc M recipes-osmocom/osmo-ggsn/osmo-ggsn.inc M recipes-osmocom/osmo-hlr/osmo-hlr.inc M recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc M recipes-osmocom/osmo-mgw/osmo-mgw.inc M recipes-osmocom/osmo-msc/osmo-msc.inc M recipes-osmocom/osmo-pcap/osmo-pcap.inc M recipes-osmocom/osmo-sgsn/osmo-sgsn.inc M recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc 11 files changed, 81 insertions(+), 18 deletions(-) git pull ssh://gerrit.osmocom.org:29418/meta-telephony refs/changes/18/36618/1 diff --git a/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc b/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc index 0f1f28d..34454b1 100644 --- a/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc +++ b/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc @@ -3,7 +3,7 @@ HOMEPAGE = "https://osmocom.org/projects/libosmo-sccp"; LICENSE = "AGPLv3" -INC_PR="r2.${META_TELEPHONY_OSMO_INC}" +INC_PR="r3.${META_TELEPHONY_OSMO_INC}" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" @@ -18,10 +18,14 @@ # access symbols not starting with osmo_* EXTRA_OECONF_remove = "--disable-static" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-stp.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-stp.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-stp.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-stp.service" } PACKAGES =+ "osmo-stp" diff --git a/recipes-osmocom/osmo-bsc/osmo-bsc.inc b/recipes-osmocom/osmo-bsc/osmo-bsc.inc index 50e8f9b..1c56123 100644 --- a/recipes-osmocom/osmo-bsc/osmo-bsc.inc +++ b/recipes-osmocom/osmo-bsc/osmo-bsc.inc @@ -5,7 +5,7 @@ DEPENDS = "sqlite3 libpcap libosmocore libosmo-abis libosmo-sccp libosmo-netif osmo-mgw" -INC_PR="r2.${META_TELEPHONY_OSMO_INC}" +INC_PR="r3.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -14,10 +14,14 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } PACKAGES =+ "meas-utils ipaccess-utils bs11-utils abisip-find" diff --git a/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc b/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc index aff20fa..6c87dda 100644 --- a/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc +++ b/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc @@ -5,7 +5,7 @@ DEPENDS = "libosmocore" -INC_PR="r1.${META_TELEPHONY_OSMO_INC}" +INC_PR="r2.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -14,10 +14,14 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } SYSTEMD_SERVICE_osmo-gbproxy = "osmo-gbproxy.service" diff --git a/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc b/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc index 58b93f0..276ac47 100644 --- a/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc +++ b/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc @@ -5,7 +5,7 @@ DEPENDS = "libosmocore" -INC_PR="r3.${META_TELEPHONY_OSMO_INC}" +INC_PR="r4.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -14,10 +14,14 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } PACKAGES =+ " libgtp libgtp-dev libgtp-staticdev osmo-sgsnemu" diff --git a/recipes-osmocom/osmo-hlr/osmo-hlr.inc b/recipes-osmocom/osmo-hlr/osmo-hlr.inc index 4229e7b..77b1c94 100644 --- a/recipes-osmocom/osmo-hlr/osmo-hlr.inc +++ b/recipes-osmocom/osmo-hlr/osmo-hlr.inc @@ -5,7 +5,7 @@ DEPENDS = "libtalloc libosmocore libosmo-abis sqlite3 sqlite3-native" -INC_PR="r3.${META_TELEPHONY_OSMO_INC}" +INC_PR="r4.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -21,6 +21,10 @@ # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } PACKAGECONFIG ??= "\ diff --git a/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc b/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc index 6bf01d3..c83ce12 100644 --- a/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc +++ b/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc @@ -5,7 +5,7 @@ DEPENDS = "libosmocore libosmo-netif libosmo-sccp osmo-iuh libasn1c lksctp-tools osmo-mgw" -INC_PR="r1.${META_TELEPHONY_OSMO_INC}" +INC_PR="r2.${META_TELEPHONY_OSMO_INC}" # Workaround to oe-core meta/site/* CONFIG_SITE files passed to autoconf forcing unavailability of netinet/sctp.h. # Patch fixing issue upstream: https://patchwork.openembedded.org/patch/168892/ @@ -19,8 +19,13 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } SYSTEMD_SERVICE_${PN} = "${PN}.service" diff --git a/recipes-osmocom/osmo-mgw/osmo-mgw.inc b/recipes-osmocom/osmo-mgw/osmo-mgw.inc index a9a60b4..5e740db 100644 --- a/recipes-osmocom/osmo-mgw/osmo-mgw.inc +++ b/recipes-osmocom/osmo-mgw/osmo-mgw.inc @@ -5,7 +5,7 @@ DEPENDS = "libosmocore libosmo-netif" -INC_PR="r3.${META_TELEPHONY_OSMO_INC}" +INC_PR="r4.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -14,10 +14,14 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } PACKAGES =+ "libosmo-mgcp libosmo-mgcp-dev libosmo-mgcp-client libosmo-mgcp-client-dev" diff --git a/recipes-osmocom/osmo-msc/osmo-msc.inc b/recipes-osmocom/osmo-msc/osmo-msc.inc index c60fd07..23a762a 100644 --- a/recipes-osmocom/osmo-msc/osmo-msc.inc +++ b/recipes-osmocom/osmo-msc/osmo-msc.inc @@ -5,7 +5,7 @@ DEPENDS = "libdbi libosmocore libosmo-abis libosmo-sccp libosmo-netif osmo-mgw osmo-hlr" -INC_PR="r3.${META_TELEPHONY_OSMO_INC}" +INC_PR="r4.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -18,10 +18,14 @@ PACKAGECONFIG[iu] = "--enable-iu,--disable-iu,libasn1c osmo-iuh," PACKAGECONFIG[smpp] = "--enable-smpp,--disable-smpp,libsmpp34," -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } RDEPENDS_${PN} = "libdbd-sqlite3" diff --git a/recipes-osmocom/osmo-pcap/osmo-pcap.inc b/recipes-osmocom/osmo-pcap/osmo-pcap.inc index 3f39103..e64ca88 100644 --- a/recipes-osmocom/osmo-pcap/osmo-pcap.inc +++ b/recipes-osmocom/osmo-pcap/osmo-pcap.inc @@ -5,7 +5,7 @@ DEPENDS = "libosmocore zeromq libpcap gnutls" -INC_PR="r1.${META_TELEPHONY_OSMO_INC}" +INC_PR="r2.${META_TELEPHONY_OSMO_INC}" inherit autotools pkgconfig systemd @@ -14,12 +14,18 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service" sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service" + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service" } PACKAGES =+ "osmo-pcap-server osmo-pcap-client" diff --git a/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc b/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc index 9463047..10fe745 100644 --- a/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc +++ b/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc @@ -16,12 +16,18 @@ PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" PACKAGECONFIG[iu] = "--enable-iu,--disable-iu,libasn1c libosmo-sccp osmo-iuh," -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service" sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service" + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service" } PACKAGES =+ "osmo-gtphub-doc osmo-gtphub" diff --git a/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc b/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc index 7aabf20..7c473b3 100644 --- a/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc +++ b/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc @@ -14,10 +14,14 @@ " PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir" -# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): do_install_append() { + # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340): sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service" + + # Run as root (OS#5684): + sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service" + sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service" } SYSTEMD_SERVICE_${PN} = "${PN}.service" -- To view, visit https://gerrit.osmocom.org/c/meta-telephony/+/36618?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: meta-telephony Gerrit-Branch: 201705 Gerrit-Change-Id: I68a8fba034aeb0e2923b2958b8d6842410d8b23c Gerrit-Change-Number: 36618 Gerrit-PatchSet: 1 Gerrit-Owner: osmith <osm...@sysmocom.de> Gerrit-MessageType: newchange
