Bug 1087951
| Summary: | rpcbind should not enable itself | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andy Lutomirski <luto> |
| Component: | rpcbind | Assignee: | Steve Dickson <steved> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | john, lnykryn, luto, marcosfrm, marcus.moeller, poc, steved |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | rpcbind-0.2.1-4.0.fc21 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-11-18 12:08:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 850016, 1090684, 1099595 | ||
Please move to the RPM macros for this: https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Macroized_scriptlets_.28Fedora_18.2B.29 Something like this:
diff --git a/rpcbind.spec b/rpcbind.spec
index 1dd8541..00d0b2c 100644
--- a/rpcbind.spec
+++ b/rpcbind.spec
@@ -93,10 +93,7 @@ if [ -z "$rpcid" -o "$rpcid" != "32" ]; then
-M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
fi
%post
-if [ $1 -eq 1 ] ; then
- # Initial installation
- /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service
%preun
if [ $1 -eq 0 ]; then
@@ -109,11 +106,7 @@ if [ $1 -eq 0 ]; then
fi
%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service
%triggerun -- rpcbind < 0.2.0-15
%{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Does this need a %systemd_preun as well? If not, it looks sensible to me. (In reply to Andy Lutomirski from comment #3) > Does this need a %systemd_preun as well? If not, it looks sensible to me. Well here is what the %preun does %preun if [ $1 -eq 0 ]; then # Package removal, not upgrade /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || : /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || : /usr/sbin/userdel rpc 2>/dev/null || : /usr/sbin/groupdel rpc 2>/dev/null || : rm -rf /var/lib/rpcbind fi I guess I could change the two systemctl commands to one %systemd_preun rpcbind.service But since I have no idea what %systemd_preun does, I'm a bit hesitant... Disclaimer: I am neither an RPM nor a systemd expert. But here goes anyway:
In my /lib/rpm/macros.d/macros.systemd, I have:
%systemd_post() \
if [ $1 -eq 1 ] ; then \
# Initial installation \
/usr/bin/systemctl preset %{?*} >/dev/null 2>&1 || : \
fi \
%{nil}
%systemd_preun() \
if [ $1 -eq 0 ] ; then \
# Package removal, not upgrade \
/usr/bin/systemctl --no-reload disable %{?*} > /dev/null 2>&1 || : \
/usr/bin/systemctl stop %{?*} > /dev/null 2>&1 || : \
fi \
%{nil}
%systemd_postun() \
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \
%{nil}
%systemd_postun_with_restart() \
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \
if [ $1 -ge 1 ] ; then \
# Package upgrade, not uninstall \
/usr/bin/systemctl try-restart %{?*} >/dev/null 2>&1 || : \
fi \
%{nil}
So %systemd_preun looks very similar to what you have already :)
There's probably an argument to be made for using the macro, since maybe the macro will change some day for a good reason.
While you are there, add rpcbind.socket to the macros invocations too, see: https://bugs.freedesktop.org/show_bug.cgi?id=63735 Packaging guideline says scriptlets should not remove user/groups: https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies It will help with %systemd_preun adoption. The "rm -rf /var/lib/rpcbind" is related to https://bugzilla.redhat.com/show_bug.cgi?id=1027235 . I did not investigate, but does rpcbind really leave files there? Perhaps stopping the socket too will help avoid the rm? The following patch pass a smoke test (and fix #1027235 too).
--- rpcbind.spec.orig 2013-12-02 13:51:34.000000000 -0200
+++ rpcbind.spec 2014-05-20 13:30:31.049931472 -0300
@@ -92,28 +92,20 @@
/usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \
-M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
fi
+
%post
-if [ $1 -eq 1 ] ; then
- # Initial installation
- /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service rpcbind.socket
%preun
+%systemd_preun rpcbind.service rpcbind.socket
if [ $1 -eq 0 ]; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || :
- /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || :
/usr/sbin/userdel rpc 2>/dev/null || :
/usr/sbin/groupdel rpc 2>/dev/null || :
- rm -rf /var/lib/rpcbind
+ /usr/bin/rm -f /var/lib/rpcbind/*
fi
%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service rpcbind.socket
%triggerun -- rpcbind < 0.2.0-15
%{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Looks good to me. I think that rpcbind should also be removed from the default preset, but that's a separate issue (bug 1099595). I forgot to change the Requires to 'systemd' ('systemd-units' if for F17 and earlier). And 'systemd-sysv' does not even exist anymore.
--- rpcbind.spec.orig 2013-12-02 13:51:34.000000000 -0200
+++ rpcbind.spec 2014-05-20 14:38:18.457091710 -0300
@@ -14,12 +14,12 @@
Requires: glibc-common setup
Conflicts: man-pages < 2.43-12
-BuildRequires: automake, autoconf, libtool, systemd-units
+BuildRequires: automake, autoconf, libtool, systemd
BuildRequires: libtirpc-devel, quota-devel, tcp_wrappers-devel
Requires(pre): coreutils shadow-utils
-Requires(post): chkconfig systemd-units systemd-sysv
-Requires(preun): systemd-units
-Requires(postun): systemd-units coreutils
+Requires(post): chkconfig systemd
+Requires(preun): systemd
+Requires(postun): systemd coreutils
Provides: portmap = %{version}-%{release}
Obsoletes: portmap <= 4.0-65.3
@@ -92,28 +92,20 @@
/usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \
-M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
fi
+
%post
-if [ $1 -eq 1 ] ; then
- # Initial installation
- /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service rpcbind.socket
%preun
+%systemd_preun rpcbind.service rpcbind.socket
if [ $1 -eq 0 ]; then
- # Package removal, not upgrade
- /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || :
- /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || :
/usr/sbin/userdel rpc 2>/dev/null || :
/usr/sbin/groupdel rpc 2>/dev/null || :
- rm -rf /var/lib/rpcbind
+ /usr/bin/rm -f /var/lib/rpcbind/*
fi
%postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
- # Package upgrade, not uninstall
- /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service rpcbind.socket
%triggerun -- rpcbind < 0.2.0-15
%{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:
Also, the %triggerun section with systemd-sysv-convert can be dropped I think. https://fedorahosted.org/fpc/ticket/308 http://pkgs.fedoraproject.org/cgit/systemd.git/commit/?id=5ccbe72a72f1a161f3c5ac1ff0fb64c7a0d2098b This will need to be fixed for https://fedorahosted.org/fesco/ticket/1310 to be effective. *** Bug 850298 has been marked as a duplicate of this bug. *** rpcbind-0.2.1-2.1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rpcbind-0.2.1-2.1.fc21 Package rpcbind-0.2.1-2.1.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-2.1.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-2.1.fc21 then log in and leave karma (feedback). Package rpcbind-0.2.1-3.0.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-3.0.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-3.0.fc21 then log in and leave karma (feedback). rpcbind-0.2.1-4.0.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rpcbind-0.2.1-4.0.fc21 rpcbind-0.2.1-4.0.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc services, yet rpcbind is running:
$ rpcinfo
program version netid address service owner
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /run/rpcbind.sock portmapper superuser
100000 3 local /run/rpcbind.sock portmapper superuser
(In reply to Patrick O'Callaghan from comment #19) > rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc > services, yet rpcbind is running: > > $ rpcinfo > program version netid address service owner > 100000 4 tcp6 ::.0.111 portmapper superuser > 100000 3 tcp6 ::.0.111 portmapper superuser > 100000 4 udp6 ::.0.111 portmapper superuser > 100000 3 udp6 ::.0.111 portmapper superuser > 100000 4 tcp 0.0.0.0.0.111 portmapper superuser > 100000 3 tcp 0.0.0.0.0.111 portmapper superuser > 100000 2 tcp 0.0.0.0.0.111 portmapper superuser > 100000 4 udp 0.0.0.0.0.111 portmapper superuser > 100000 3 udp 0.0.0.0.0.111 portmapper superuser > 100000 2 udp 0.0.0.0.0.111 portmapper superuser > 100000 4 local /run/rpcbind.sock portmapper superuser > 100000 3 local /run/rpcbind.sock portmapper superuser I should note that this is not a fresh install of F27. It's possible that rpcbind was enabled in an earlier version and simply stayed that way. |
rpcbind.spec contains: %post if [ $1 -eq 1 ] ; then # Initial installation /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || : fi This is bad: rpcbind gets pulled in by things like libvirt, but it should not be listening globally just because libvirt is installed.