Bug 1087951 - rpcbind should not enable itself
Summary: rpcbind should not enable itself
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rpcbind
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 850298 (view as bug list)
Depends On:
Blocks: 850016 autoenabled-systemd-units 1099595
TreeView+ depends on / blocked
 
Reported: 2014-04-15 16:57 UTC by Andy Lutomirski
Modified: 2018-01-01 16:20 UTC (History)
7 users (show)

Fixed In Version: rpcbind-0.2.1-4.0.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-18 12:08:43 UTC
Type: Bug


Attachments (Terms of Use)

Description Andy Lutomirski 2014-04-15 16:57:48 UTC
rpcbind.spec contains:

%post
if [ $1 -eq 1 ] ; then 
    # Initial installation
    /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
fi

This is bad: rpcbind gets pulled in by things like libvirt, but it should not be listening globally just because libvirt is installed.

Comment 1 Lennart Poettering 2014-04-15 21:08:50 UTC
Please move to the RPM macros for this:

https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Macroized_scriptlets_.28Fedora_18.2B.29

Comment 2 Steve Dickson 2014-04-15 23:44:20 UTC
Something like this:

diff --git a/rpcbind.spec b/rpcbind.spec
index 1dd8541..00d0b2c 100644
--- a/rpcbind.spec
+++ b/rpcbind.spec
@@ -93,10 +93,7 @@ if [ -z "$rpcid" -o "$rpcid" != "32" ]; then
        -M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
 fi
 %post
-if [ $1 -eq 1 ] ; then 
-    # Initial installation
-    /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service
 
 %preun
 if [ $1 -eq 0 ]; then
@@ -109,11 +106,7 @@ if [ $1 -eq 0 ]; then
 fi
 
 %postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
-       # Package upgrade, not uninstall
-       /bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service
 
 %triggerun -- rpcbind < 0.2.0-15
 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:

Comment 3 Andy Lutomirski 2014-04-15 23:48:35 UTC
Does this need a %systemd_preun as well?  If not, it looks sensible to me.

Comment 4 Steve Dickson 2014-04-16 14:27:05 UTC
(In reply to Andy Lutomirski from comment #3)
> Does this need a %systemd_preun as well?  If not, it looks sensible to me.
Well here is what the %preun does

%preun
if [ $1 -eq 0 ]; then
    # Package removal, not upgrade
    /bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || :
    /bin/systemctl stop rpcbind.service >/dev/null 2>&1 || :
    /usr/sbin/userdel  rpc 2>/dev/null || :
    /usr/sbin/groupdel rpc 2>/dev/null || :
    rm -rf /var/lib/rpcbind
fi
I guess I could change the two systemctl commands to one 
   %systemd_preun rpcbind.service 

But since I have no idea what %systemd_preun does, I'm a 
bit hesitant...

Comment 5 Andy Lutomirski 2014-04-16 15:04:53 UTC
Disclaimer: I am neither an RPM nor a systemd expert.  But here goes anyway:

In my /lib/rpm/macros.d/macros.systemd, I have:

%systemd_post() \
if [ $1 -eq 1 ] ; then \
        # Initial installation \
        /usr/bin/systemctl preset %{?*} >/dev/null 2>&1 || : \
fi \
%{nil}

%systemd_preun() \
if [ $1 -eq 0 ] ; then \
        # Package removal, not upgrade \
        /usr/bin/systemctl --no-reload disable %{?*} > /dev/null 2>&1 || : \
        /usr/bin/systemctl stop %{?*} > /dev/null 2>&1 || : \
fi \
%{nil}

%systemd_postun() \
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \
%{nil}

%systemd_postun_with_restart() \
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : \
if [ $1 -ge 1 ] ; then \
        # Package upgrade, not uninstall \
        /usr/bin/systemctl try-restart %{?*} >/dev/null 2>&1 || : \
fi \
%{nil}

So %systemd_preun looks very similar to what you have already :)

There's probably an argument to be made for using the macro, since maybe the macro will change some day for a good reason.

Comment 6 Marcos Mello 2014-04-21 13:54:02 UTC
While you are there, add rpcbind.socket to the macros invocations too, see:

https://bugs.freedesktop.org/show_bug.cgi?id=63735

Comment 7 Marcos Mello 2014-05-02 21:55:31 UTC
Packaging guideline says scriptlets should not remove user/groups:

https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies

It will help with %systemd_preun adoption. The "rm -rf /var/lib/rpcbind" is related to https://bugzilla.redhat.com/show_bug.cgi?id=1027235 . I did not investigate, but does rpcbind really leave files there? Perhaps stopping the socket too will help avoid the rm?

Comment 8 Marcos Mello 2014-05-20 16:44:15 UTC
The following patch pass a smoke test (and fix #1027235 too).

--- rpcbind.spec.orig	2013-12-02 13:51:34.000000000 -0200
+++ rpcbind.spec	2014-05-20 13:30:31.049931472 -0300
@@ -92,28 +92,20 @@
 	/usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \
     	-M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
 fi
+
 %post
-if [ $1 -eq 1 ] ; then 
-    # Initial installation
-    /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service rpcbind.socket
 
 %preun
+%systemd_preun rpcbind.service rpcbind.socket
 if [ $1 -eq 0 ]; then
-	# Package removal, not upgrade
-	/bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || :
-	/bin/systemctl stop rpcbind.service >/dev/null 2>&1 || :
 	/usr/sbin/userdel  rpc 2>/dev/null || :
 	/usr/sbin/groupdel rpc 2>/dev/null || :
-	rm -rf /var/lib/rpcbind
+	/usr/bin/rm -f /var/lib/rpcbind/*
 fi
 
 %postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
-	# Package upgrade, not uninstall
-	/bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service rpcbind.socket
 
 %triggerun -- rpcbind < 0.2.0-15
 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:

Comment 9 Andy Lutomirski 2014-05-20 17:22:38 UTC
Looks good to me.

I think that rpcbind should also be removed from the default preset, but that's a separate issue (bug 1099595).

Comment 10 Marcos Mello 2014-05-20 17:46:39 UTC
I forgot to change the Requires to 'systemd' ('systemd-units' if for F17 and earlier). And 'systemd-sysv' does not even exist anymore.

--- rpcbind.spec.orig	2013-12-02 13:51:34.000000000 -0200
+++ rpcbind.spec	2014-05-20 14:38:18.457091710 -0300
@@ -14,12 +14,12 @@
 
 Requires: glibc-common setup
 Conflicts: man-pages < 2.43-12
-BuildRequires: automake, autoconf, libtool, systemd-units
+BuildRequires: automake, autoconf, libtool, systemd
 BuildRequires: libtirpc-devel, quota-devel, tcp_wrappers-devel
 Requires(pre): coreutils shadow-utils
-Requires(post): chkconfig systemd-units systemd-sysv
-Requires(preun): systemd-units
-Requires(postun): systemd-units coreutils
+Requires(post): chkconfig systemd
+Requires(preun): systemd
+Requires(postun): systemd coreutils
 
 Provides: portmap = %{version}-%{release}
 Obsoletes: portmap <= 4.0-65.3
@@ -92,28 +92,20 @@
 	/usr/sbin/useradd -o -l -c "Rpcbind Daemon" -d /var/lib/rpcbind -g 32 \
     	-M -s /sbin/nologin -u 32 rpc > /dev/null 2>&1
 fi
+
 %post
-if [ $1 -eq 1 ] ; then 
-    # Initial installation
-    /bin/systemctl enable rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_post rpcbind.service rpcbind.socket
 
 %preun
+%systemd_preun rpcbind.service rpcbind.socket
 if [ $1 -eq 0 ]; then
-	# Package removal, not upgrade
-	/bin/systemctl --no-reload disable rpcbind.service >/dev/null 2>&1 || :
-	/bin/systemctl stop rpcbind.service >/dev/null 2>&1 || :
 	/usr/sbin/userdel  rpc 2>/dev/null || :
 	/usr/sbin/groupdel rpc 2>/dev/null || :
-	rm -rf /var/lib/rpcbind
+	/usr/bin/rm -f /var/lib/rpcbind/*
 fi
 
 %postun
-/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ]; then
-	# Package upgrade, not uninstall
-	/bin/systemctl try-restart rpcbind.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart rpcbind.service rpcbind.socket
 
 %triggerun -- rpcbind < 0.2.0-15
 %{_bindir}/systemd-sysv-convert --save rpcbind >/dev/null 2>&1 ||:

Comment 11 Marcos Mello 2014-05-20 18:06:48 UTC
Also, the %triggerun section with systemd-sysv-convert can be dropped I think.

https://fedorahosted.org/fpc/ticket/308
http://pkgs.fedoraproject.org/cgit/systemd.git/commit/?id=5ccbe72a72f1a161f3c5ac1ff0fb64c7a0d2098b

Comment 12 Andy Lutomirski 2014-08-12 17:48:03 UTC
This will need to be fixed for https://fedorahosted.org/fesco/ticket/1310 to be effective.

Comment 13 Steve Dickson 2014-10-23 18:06:34 UTC
*** Bug 850298 has been marked as a duplicate of this bug. ***

Comment 14 Fedora Update System 2014-10-23 18:40:31 UTC
rpcbind-0.2.1-2.1.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/rpcbind-0.2.1-2.1.fc21

Comment 15 Fedora Update System 2014-10-27 08:17:49 UTC
Package rpcbind-0.2.1-2.1.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-2.1.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-2.1.fc21
then log in and leave karma (feedback).

Comment 16 Fedora Update System 2014-10-28 10:08:09 UTC
Package rpcbind-0.2.1-3.0.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-3.0.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-13642/rpcbind-0.2.1-3.0.fc21
then log in and leave karma (feedback).

Comment 17 Fedora Update System 2014-11-10 17:57:43 UTC
rpcbind-0.2.1-4.0.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/rpcbind-0.2.1-4.0.fc21

Comment 18 Fedora Update System 2014-11-18 12:08:43 UTC
rpcbind-0.2.1-4.0.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Patrick O'Callaghan 2018-01-01 14:38:57 UTC
rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc services, yet rpcbind is running:

$ rpcinfo
   program version netid     address                service    owner
    100000    4    tcp6      ::.0.111               portmapper superuser
    100000    3    tcp6      ::.0.111               portmapper superuser
    100000    4    udp6      ::.0.111               portmapper superuser
    100000    3    udp6      ::.0.111               portmapper superuser
    100000    4    tcp       0.0.0.0.0.111          portmapper superuser
    100000    3    tcp       0.0.0.0.0.111          portmapper superuser
    100000    2    tcp       0.0.0.0.0.111          portmapper superuser
    100000    4    udp       0.0.0.0.0.111          portmapper superuser
    100000    3    udp       0.0.0.0.0.111          portmapper superuser
    100000    2    udp       0.0.0.0.0.111          portmapper superuser
    100000    4    local     /run/rpcbind.sock      portmapper superuser
    100000    3    local     /run/rpcbind.sock      portmapper superuser

Comment 20 Patrick O'Callaghan 2018-01-01 16:20:28 UTC
(In reply to Patrick O'Callaghan from comment #19)
> rpcbind-0.2.4-8.rc3.fc27.x86_64 is showing this problem. I am using no rpc
> services, yet rpcbind is running:
> 
> $ rpcinfo
>    program version netid     address                service    owner
>     100000    4    tcp6      ::.0.111               portmapper superuser
>     100000    3    tcp6      ::.0.111               portmapper superuser
>     100000    4    udp6      ::.0.111               portmapper superuser
>     100000    3    udp6      ::.0.111               portmapper superuser
>     100000    4    tcp       0.0.0.0.0.111          portmapper superuser
>     100000    3    tcp       0.0.0.0.0.111          portmapper superuser
>     100000    2    tcp       0.0.0.0.0.111          portmapper superuser
>     100000    4    udp       0.0.0.0.0.111          portmapper superuser
>     100000    3    udp       0.0.0.0.0.111          portmapper superuser
>     100000    2    udp       0.0.0.0.0.111          portmapper superuser
>     100000    4    local     /run/rpcbind.sock      portmapper superuser
>     100000    3    local     /run/rpcbind.sock      portmapper superuser

I should note that this is not a fresh install of F27. It's possible that rpcbind was enabled in an earlier version and simply stayed that way.


Note You need to log in before you can comment on or make changes to this bug.