commit 23a1d10797ca19cb82be60ba1e338997575b12c1 Author: Arkadiusz Miśkiewicz <ar...@maven.pl> Date: Sun Apr 14 16:06:19 2024 +0200
Rel 3; fixes from git git.patch | 216 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rc-scripts.spec | 2 +- 2 files changed, 217 insertions(+), 1 deletion(-) --- diff --git a/rc-scripts.spec b/rc-scripts.spec index c4b611e..c803de9 100644 --- a/rc-scripts.spec +++ b/rc-scripts.spec @@ -11,7 +11,7 @@ Summary(pl.UTF-8): inittab i skrypty startowe z katalogu /etc/rc.d Summary(tr.UTF-8): inittab ve /etc/rc.d dosyaları Name: rc-scripts Version: 0.4.20 -Release: 2 +Release: 3 License: GPL v2 Group: Base #Source0: ftp://distfiles.pld-linux.org/src/%{name}-%{version}.tar.gz diff --git a/git.patch b/git.patch index 33e7053..808f82f 100644 --- a/git.patch +++ b/git.patch @@ -37,3 +37,219 @@ index b4f6e7e..c6ecd5a 100755 else lvmsysinit="" fi + +commit 31b68aac1cc37a4135056a16967535519bc7eff0 +Author: Adam Osuchowski <ad...@pld-linux.org> +Date: Fri Jan 28 01:20:30 2022 +0100 + + - wait for duplicated IPv6 address detection while interface configuration + +diff --git a/lib/ifup b/lib/ifup +index 38780bf..71652f7 100755 +--- a/lib/ifup ++++ b/lib/ifup +@@ -219,6 +219,19 @@ else + # IPv6 in use ? + if is_yes "$IPV6_NETWORKING" && [ -n "${IP6ADDR}" ]; then + ip addr add ${IP6ADDR} dev ${DEVICE} ${IP6ADDROPT} ++ timeout=0 ++ while [ $timeout -le 20 ] && \ ++ if_state="`ip -o addr list dev ${DEVICE} to ${IP6ADDR}`" && \ ++ echo "$if_state" | grep -q tentative && \ ++ ! echo "$if_state" | grep -q dadfailed ; do ++ usleep 500000 ++ timeout=$((timeout+1)) ++ done ++ if ip -o addr list dev ${DEVICE} to ${IP6ADDR} | grep -q dadfailed ; then ++ ip addr del ${IP6ADDR} dev ${DEVICE} ++ nls '%s: Duplicated address detected: %s' "$DEVICE" "$IP6ADDR" ++ exit 1 ++ fi + if [ -n "${IP6ADDRLABEL}" ]; then + ip addrlabel add prefix ${IP6ADDR} dev ${DEVICE} label ${IP6ADDRLABEL} + fi + +commit b8adb71fbeabf8890720ab44bb43dfb6bc68e3b7 +Author: Jan Rękorajski <bagg...@pld-linux.org> +Date: Sat Oct 21 10:58:11 2023 +0200 + + Drop grsecurity sysctl knobs + +diff --git a/sysctl.conf b/sysctl.conf +index a34935b..de26cd5 100644 +--- a/sysctl.conf ++++ b/sysctl.conf +@@ -140,58 +140,6 @@ kernel.sysrq = 1 + # 0 - never reboot system (suggested 60) + #kernel.panic = 60 + +-# +-# GRSECURITY http://www.grsecurity.org +-# +-# WARNING! +-# These values are SET ONCE! +-# +-#kernel.grsecurity.linking_restrictions = 1 +-#kernel.grsecurity.fifo_restrictions = 1 +-#kernel.grsecurity.destroy_unused_shm = 0 +-#kernel.grsecurity.chroot_caps = 0 +-#kernel.grsecurity.chroot_deny_chmod = 0 +-#kernel.grsecurity.chroot_deny_chroot = 1 +-#kernel.grsecurity.chroot_deny_fchdir = 0 +-#kernel.grsecurity.chroot_deny_mknod = 1 +-#kernel.grsecurity.chroot_deny_mount = 1 +-#kernel.grsecurity.chroot_deny_pivot = 1 +-#kernel.grsecurity.chroot_deny_shmat = 0 +-#kernel.grsecurity.chroot_deny_sysctl = 1 +-#kernel.grsecurity.chroot_deny_unix = 0 +-#kernel.grsecurity.chroot_enforce_chdir = 0 +-#kernel.grsecurity.chroot_execlog = 0 +-#kernel.grsecurity.chroot_findtask = 1 +-#kernel.grsecurity.chroot_restrict_nice = 0 +- +-#kernel.grsecurity.exec_logging = 0 +-#kernel.grsecurity.signal_logging = 1 +-#kernel.grsecurity.forkfail_logging = 0 +-#kernel.grsecurity.timechange_logging = 1 +-#kernel.grsecurity.audit_chdir = 0 +-#kernel.grsecurity.audit_gid = 65505 +-#kernel.grsecurity.audit_group = 0 +-#kernel.grsecurity.audit_ipc = 0 +-#kernel.grsecurity.audit_mount = 0 +- +-#kernel.grsecurity.execve_limiting = 1 +-#kernel.grsecurity.dmesg = 1 +-#kernel.grsecurity.tpe = 1 +-#kernel.grsecurity.tpe_gid = 65500 +-#kernel.grsecurity.tpe_glibc = 0 +-#kernel.grsecurity.tpe_restrict_all = 0 +- +-#kernel.grsecurity.rand_pids = 1 +-#kernel.grsecurity.socket_all = 1 +-#kernel.grsecurity.socket_all_gid = 65501 +-#kernel.grsecurity.socket_client = 1 +-#kernel.grsecurity.socket_client_gid = 65502 +-#kernel.grsecurity.socket_server = 1 +-#kernel.grsecurity.socket_server_gid = 65503 +- +-#kernel.grsecurity.disable_modules = 0 +-#kernel.grsecurity.grsec_lock = 0 +- + # kernel.randomize_va_space = 2 + # 0 - Turn the process address space randomization off by default. + # 1 - Conservative address space randomization makes the addresses of + +commit af38444cbbd0962c350a178b45a2cc32f94570a0 +Author: Jan Rękorajski <bagg...@pld-linux.org> +Date: Sat Oct 21 11:01:58 2023 +0200 + + Add (commented out) vm.oom_kill_allocating_task sysctl knob + +diff --git a/sysctl.conf b/sysctl.conf +index de26cd5..0b39fd9 100644 +--- a/sysctl.conf ++++ b/sysctl.conf +@@ -127,6 +127,12 @@ net.ipv4.conf.default.rp_filter = 1 + # fs.file-max = 8192 + # fs.inode-max = 16384 + ++# Sometimes (read: always) the Linux OOM killer doesn’t kill the offending ++# process. Usually, this is because as the system is out of memory, it isn’t ++# able to do the memory intensive task of scanning through all the processes. ++# Ironic. ++#vm.oom_kill_allocating_task = 1 ++ + # Controls whether core dumps will append the PID to the core filename. + # Useful for debugging multi-threaded applications. + #kernel.core_uses_pid = 1 +@@ -140,7 +146,6 @@ kernel.sysrq = 1 + # 0 - never reboot system (suggested 60) + #kernel.panic = 60 + +-# kernel.randomize_va_space = 2 + # 0 - Turn the process address space randomization off by default. + # 1 - Conservative address space randomization makes the addresses of + # mmap base and VDSO page randomized. This, among other things, +@@ -154,6 +159,7 @@ kernel.sysrq = 1 + # start of the brk area is randomized. There are however no known + # non-legacy applications that would be broken this way, so for most + # systems it is safe to choose Full randomization. ++# kernel.randomize_va_space = 2 + + # for mplayer + #dev.rtc.max-user-freq = 1024 + +commit 8f507628ee9d6eff95f4e001e56f40600c2fcb60 +Author: Arkadiusz Miśkiewicz <ar...@maven.pl> +Date: Sun Apr 14 15:41:40 2024 +0200 + + Skip cgroup/cgroup2 fs, too. + +diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown +index c6ecd5a..a3807dd 100755 +--- a/rc.d/rc.shutdown ++++ b/rc.d/rc.shutdown +@@ -77,7 +77,7 @@ if ! is_yes "$VSERVER"; then + UMOUNT_IGNORE="/ $UMOUNT_IGNORE" + fi + remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ +- $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \ ++ $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ + && $1 !~ /^(none|\/dev\/root)$/ \ + && $2 !~ ig {print $2}' /proc/mounts) + while [ -n "$remaining" -a "$retry" -gt 0 ]; do +@@ -101,7 +101,7 @@ if ! is_yes "$VSERVER"; then + + sleep 2 + remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \ +- $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \ ++ $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|squashfs)$/ \ + && $1 !~ /^(none|\/dev\/root)$/ \ + && $2 !~ ig {print $2}' /proc/mounts) + [ -z "$remaining" ] && break + +commit 5a02578c97b0a2c01cc453344397645efc437f18 +Author: Arkadiusz Miśkiewicz <ar...@maven.pl> +Date: Sun Apr 14 16:00:06 2024 +0200 + + Umount remaining filesystems one by one (using -R) option which helps in cases when we have chroot mounted somewhere with proc, sys etc inside. Also when doing final -a umount skip tmpfs (used by /run) and dev* (used in /dev). + +diff --git a/rc.d/rc.shutdown b/rc.d/rc.shutdown +index a3807dd..be5c785 100755 +--- a/rc.d/rc.shutdown ++++ b/rc.d/rc.shutdown +@@ -81,8 +81,20 @@ if ! is_yes "$VSERVER"; then + && $1 !~ /^(none|\/dev\/root)$/ \ + && $2 !~ ig {print $2}' /proc/mounts) + while [ -n "$remaining" -a "$retry" -gt 0 ]; do +- show "Unmounting file systems"; busy +- ERRORS=$(umount -a $force -t noproc,nosysfs 2>&1); rc=$? ++ for mnt in $remaining; do ++ run_cmd "$(nls 'Umounting file system: %s' $mnt)" umount $force -R $mnt ++ ++ # we might had unmounted /usr, recheck $TPUT availability ++ # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached) ++ # TODO: look ahead the messages? ++ if is_yes "$TPUT"; then ++ TPUT= ++ rc_gettext_init ++ fi ++ done ++ ++ show "Unmounting remainging file systems"; busy ++ ERRORS=$(umount -a $force -t noproc,nosysfs,notmpfs,nodevpts,nodevtmpfs 2>&1); rc=$? + + # we might had unmounted /usr, recheck $TPUT availability + # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached) +@@ -96,7 +108,10 @@ if ! is_yes "$VSERVER"; then + ok + else + fail +- [ -n "$ERRORS" ] && echo "$ERRORS" ++ if [ -n "$ERRORS" ]; then ++ nls "Umount errors:" ++ echo "$ERRORS" ++ fi + fi + + sleep 2 ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/rc-scripts.git/commitdiff/23a1d10797ca19cb82be60ba1e338997575b12c1 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit