839 строки
24 KiB
Plaintext
839 строки
24 KiB
Plaintext
Summary: Default file system
|
|
Name: filesystem
|
|
Version: 1.1
|
|
Release: 20%{?dist}
|
|
License: GPLv3
|
|
Group: System Environment/Base
|
|
Vendor: Microsoft Corporation
|
|
URL: http://www.linuxfromscratch.org
|
|
Distribution: Mariner
|
|
|
|
%description
|
|
The filesystem package is one of the basic packages that is installed
|
|
on a Linux system. Filesystem contains the basic directory
|
|
layout for a Linux operating system, including the correct permissions
|
|
for the directories. This version is for a system configured with systemd.
|
|
|
|
%package asc
|
|
Summary: Provide with config files needed for Azure Security Baseline
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description asc
|
|
Provide with multiple configuration files in /etc/modprobe.d/ to meet Azure Security Baseline
|
|
|
|
%prep
|
|
%build
|
|
%install
|
|
#
|
|
# 6.5. Creating Directories
|
|
#
|
|
install -vdm 755 %{buildroot}/{dev,run/{media/{floppy,cdrom},lock}}
|
|
install -vdm 755 %{buildroot}/{etc/{opt,sysconfig},home,mnt}
|
|
install -vdm 700 %{buildroot}/boot
|
|
install -vdm 755 %{buildroot}/{var}
|
|
install -vdm 755 %{buildroot}/opt
|
|
install -vdm 755 %{buildroot}/media
|
|
install -dv -m 0750 %{buildroot}/root
|
|
install -dv -m 1777 %{buildroot}/tmp %{buildroot}/var/tmp
|
|
install -vdm 755 %{buildroot}/usr/{,local/}{bin,include,lib,sbin,src}
|
|
install -vdm 755 %{buildroot}/usr/{,local/}share/{color,dict,doc,info,locale,man}
|
|
install -vdm 755 %{buildroot}/usr/{,local/}share/{misc,terminfo,zoneinfo}
|
|
install -vdm 755 %{buildroot}/usr/libexec
|
|
install -vdm 755 %{buildroot}/usr/{,local/}share/man/man{1..8}
|
|
install -vdm 755 %{buildroot}/etc/profile.d
|
|
install -vdm 755 %{buildroot}/usr/lib/debug/{lib,bin,sbin,usr,.dwz}
|
|
|
|
ln -svfn usr/lib %{buildroot}/lib
|
|
ln -svfn usr/bin %{buildroot}/bin
|
|
ln -svfn usr/sbin %{buildroot}/sbin
|
|
|
|
ln -svfn ../bin %{buildroot}/usr/lib/debug/usr/bin
|
|
ln -svfn ../sbin %{buildroot}/usr/lib/debug/usr/sbin
|
|
ln -svfn ../lib %{buildroot}/usr/lib/debug/usr/lib
|
|
|
|
ln -svfn usr/lib %{buildroot}/lib64
|
|
ln -svfn lib %{buildroot}/usr/lib64
|
|
ln -svfn lib %{buildroot}/usr/local/lib64
|
|
ln -svfn lib %{buildroot}/usr/lib/debug/lib64
|
|
ln -svfn ../lib %{buildroot}/usr/lib/debug/usr/lib64
|
|
ln -svfn ../.dwz %{buildroot}/usr/lib/debug/usr/.dwz
|
|
|
|
install -vdm 755 %{buildroot}/var/{log,mail,spool,mnt,srv}
|
|
|
|
ln -svfn var/srv %{buildroot}/srv
|
|
ln -svfn ../run %{buildroot}/var/run
|
|
ln -svfn ../run/lock %{buildroot}/var/lock
|
|
install -vdm 755 %{buildroot}/var/{opt,cache,lib/{color,misc,locate},local}
|
|
install -vdm 755 %{buildroot}/mnt/cdrom
|
|
install -vdm 755 %{buildroot}/mnt/hgfs
|
|
|
|
#
|
|
# 6.6. Creating Essential Files and Symlinks
|
|
#
|
|
ln -svfn /proc/self/mounts %{buildroot}/etc/mtab
|
|
#touch -f %{buildroot}/etc/mtab
|
|
|
|
touch %{buildroot}/var/log/{btmp,lastlog,wtmp}
|
|
#
|
|
# Configuration files
|
|
#
|
|
cat > %{buildroot}/etc/passwd <<- "EOF"
|
|
root:x:0:0:root:/root:/bin/bash
|
|
bin:x:1:1:bin:/dev/null:/bin/false
|
|
daemon:x:6:6:Daemon User:/dev/null:/bin/false
|
|
messagebus:x:18:18:D-Bus Message Daemon User:/var/run/dbus:/bin/false
|
|
systemd-bus-proxy:x:72:72:systemd Bus Proxy:/:/bin/false
|
|
systemd-journal-gateway:x:73:73:systemd Journal Gateway:/:/bin/false
|
|
systemd-journal-remote:x:74:74:systemd Journal Remote:/:/bin/false
|
|
systemd-journal-upload:x:75:75:systemd Journal Upload:/:/bin/false
|
|
systemd-network:x:76:76:systemd Network Management:/:/bin/false
|
|
systemd-resolve:x:77:77:systemd Resolver:/:/bin/false
|
|
systemd-timesync:x:78:78:systemd Time Synchronization:/:/bin/false
|
|
systemd-coredump:x:79:79:systemd Core Dumper:/:/usr/bin/false
|
|
systemd-oom:x:80:80:systemd Userspace OOM Killer:/:/usr/bin/false
|
|
nobody:x:65534:65533:Unprivileged User:/dev/null:/bin/false
|
|
EOF
|
|
cat > %{buildroot}/etc/group <<- "EOF"
|
|
root:x:0:
|
|
bin:x:1:daemon
|
|
sys:x:2:
|
|
kmem:x:3:
|
|
tape:x:4:
|
|
tty:x:5:
|
|
daemon:x:6:
|
|
floppy:x:7:
|
|
disk:x:8:
|
|
lp:x:9:
|
|
dialout:x:10:
|
|
audio:x:11:
|
|
video:x:12:
|
|
utmp:x:13:
|
|
usb:x:14:
|
|
cdrom:x:15:
|
|
adm:x:16:
|
|
messagebus:x:18:
|
|
systemd-journal:x:23:
|
|
input:x:24:
|
|
mail:x:34:
|
|
lock:x:54:
|
|
dip:x:30:
|
|
render:x:31:
|
|
kvm:x:32:
|
|
systemd-bus-proxy:x:72:
|
|
systemd-journal-gateway:x:73:
|
|
systemd-journal-remote:x:74:
|
|
systemd-journal-upload:x:75:
|
|
systemd-network:x:76:
|
|
systemd-resolve:x:77:
|
|
systemd-timesync:x:78:
|
|
systemd-coredump:x:79:
|
|
systemd-oom:x:80:
|
|
nogroup:x:65533:
|
|
users:x:100:
|
|
sudo:x:27:
|
|
wheel:x:28:
|
|
EOF
|
|
#
|
|
# Creating Proxy Configuration"
|
|
#
|
|
cat > %{buildroot}/etc/sysconfig/proxy <<- "EOF"
|
|
# Enable a generation of the proxy settings to the profile.
|
|
# This setting allows to turn the proxy on and off while
|
|
# preserving the particular proxy setup.
|
|
#
|
|
PROXY_ENABLED="no"
|
|
|
|
# Some programs (e.g. wget) support proxies, if set in
|
|
# the environment.
|
|
# Example: HTTP_PROXY="http://proxy.provider.de:3128/"
|
|
HTTP_PROXY=""
|
|
|
|
# Example: HTTPS_PROXY="https://proxy.provider.de:3128/"
|
|
HTTPS_PROXY=""
|
|
|
|
# Example: FTP_PROXY="http://proxy.provider.de:3128/"
|
|
FTP_PROXY=""
|
|
|
|
# Example: GOPHER_PROXY="http://proxy.provider.de:3128/"
|
|
GOPHER_PROXY=""
|
|
|
|
# Example: SOCKS_PROXY="socks://proxy.example.com:8080"
|
|
SOCKS_PROXY=""
|
|
|
|
# Example: SOCKS5_SERVER="office-proxy.example.com:8881"
|
|
SOCKS5_SERVER=""
|
|
|
|
# Example: NO_PROXY="www.me.de, do.main, localhost"
|
|
NO_PROXY="localhost, 127.0.0.1"
|
|
EOF
|
|
#
|
|
# 7.3. Customizing the /etc/hosts File"
|
|
#
|
|
cat > %{buildroot}/etc/hosts <<- "EOF"
|
|
# Begin /etc/hosts (network card version)
|
|
|
|
::1 ipv6-localhost ipv6-loopback
|
|
127.0.0.1 localhost.localdomain
|
|
127.0.0.1 localhost
|
|
|
|
# End /etc/hosts (network card version)
|
|
EOF
|
|
#
|
|
# 7.9. Configuring the setclock Script"
|
|
#
|
|
cat > %{buildroot}/etc/sysconfig/clock <<- "EOF"
|
|
# Begin /etc/sysconfig/clock
|
|
|
|
UTC=1
|
|
|
|
# Set this to any options you might need to give to hwclock,
|
|
# such as machine hardware clock type for Alphas.
|
|
CLOCKPARAMS=
|
|
|
|
# End /etc/sysconfig/clock
|
|
EOF
|
|
#
|
|
# 7.10. Configuring the Linux Console"
|
|
#
|
|
cat > %{buildroot}/etc/sysconfig/console <<- "EOF"
|
|
# Begin /etc/sysconfig/console
|
|
# Begin /etc/sysconfig/console
|
|
# KEYMAP="us"
|
|
# FONT="lat1-16 -m utf8"
|
|
# FONT="lat1-16 -m 8859-1"
|
|
# KEYMAP_CORRECTIONS="euro2"
|
|
# UNICODE="1"
|
|
# LEGACY_CHARSET="iso-8859-1"
|
|
# End /etc/sysconfig/console
|
|
EOF
|
|
#
|
|
# 7.13. The Bash Shell Startup Files
|
|
#
|
|
cat > %{buildroot}/etc/profile <<- "EOF"
|
|
# Begin /etc/profile
|
|
# Written for Beyond Linux From Scratch
|
|
# by James Robertson <jameswrobertson@earthlink.net>
|
|
# modifications by Dagmar d'Surreal <rivyqntzne@pbzpnfg.arg>
|
|
|
|
# System wide environment variables and startup programs.
|
|
|
|
# System wide aliases and functions should go in /etc/bashrc. Personal
|
|
# environment variables and startup programs should go into
|
|
# ~/.bash_profile. Personal aliases and functions should go into
|
|
# ~/.bashrc.
|
|
|
|
# Functions to help us manage paths. Second argument is the name of the
|
|
# path variable to be modified (default: PATH)
|
|
pathremove () {
|
|
local IFS=':'
|
|
local NEWPATH
|
|
local DIR
|
|
local PATHVARIABLE=${2:-PATH}
|
|
for DIR in ${!PATHVARIABLE} ; do
|
|
if [ "$DIR" != "$1" ] ; then
|
|
NEWPATH=${NEWPATH:+$NEWPATH:}$DIR
|
|
fi
|
|
done
|
|
export $PATHVARIABLE="$NEWPATH"
|
|
}
|
|
|
|
pathprepend () {
|
|
pathremove $1 $2
|
|
local PATHVARIABLE=${2:-PATH}
|
|
export $PATHVARIABLE="$1${!PATHVARIABLE:+:${!PATHVARIABLE}}"
|
|
}
|
|
|
|
pathappend () {
|
|
pathremove $1 $2
|
|
local PATHVARIABLE=${2:-PATH}
|
|
export $PATHVARIABLE="${!PATHVARIABLE:+${!PATHVARIABLE}:}$1"
|
|
}
|
|
|
|
export -f pathremove pathprepend pathappend
|
|
|
|
# Set the initial path
|
|
# Block unnessary as this is set elsewhere.
|
|
# export PATH=$PATH:/bin:/usr/bin
|
|
|
|
# if [ $EUID -eq 0 ] ; then
|
|
# pathappend /sbin:/usr/sbin
|
|
# unset HISTFILE
|
|
# fi
|
|
|
|
# Setup some environment variables.
|
|
export HISTSIZE=1000
|
|
export HISTIGNORE="&:[bf]g:exit"
|
|
|
|
# Set some defaults for graphical systems
|
|
export XDG_DATA_DIRS=/usr/share/
|
|
export XDG_CONFIG_DIRS=/etc/xdg/
|
|
|
|
# Setup a red prompt for root and a green one for users.
|
|
NORMAL="\[\e[0m\]"
|
|
RED="\[\e[1;31m\]"
|
|
GREEN="\[\e[1;32m\]"
|
|
if [[ $EUID == 0 ]] ; then
|
|
PS1="$RED\u@\h [ $NORMAL\w$RED ]# $NORMAL"
|
|
else
|
|
PS1="$GREEN\u@\h [ $NORMAL\w$GREEN ]\$ $NORMAL"
|
|
fi
|
|
|
|
for script in /etc/profile.d/*.sh ; do
|
|
if [ -r $script ] ; then
|
|
. $script
|
|
fi
|
|
done
|
|
|
|
unset script RED GREEN NORMAL
|
|
umask 027
|
|
# End /etc/profile
|
|
EOF
|
|
#
|
|
# The Proxy Bash Shell Startup File
|
|
#
|
|
cat > %{buildroot}/etc/profile.d/proxy.sh <<- "EOF"
|
|
#
|
|
# proxy.sh: Set proxy environment
|
|
#
|
|
|
|
sys=/etc/sysconfig/proxy
|
|
test -s $sys || exit 0
|
|
while read line ; do
|
|
case "$line" in
|
|
\#*|"") continue ;;
|
|
esac
|
|
eval val=${line#*=}
|
|
case "$line" in
|
|
PROXY_ENABLED=*)
|
|
PROXY_ENABLED="${val}"
|
|
;;
|
|
HTTP_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
http_proxy="${val}"
|
|
export http_proxy
|
|
;;
|
|
HTTPS_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
https_proxy="${val}"
|
|
export https_proxy
|
|
;;
|
|
FTP_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
ftp_proxy="${val}"
|
|
export ftp_proxy
|
|
;;
|
|
GOPHER_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
gopher_proxy="${val}"
|
|
export gopher_proxy
|
|
;;
|
|
SOCKS_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
socks_proxy="${val}"
|
|
export socks_proxy
|
|
SOCKS_PROXY="${val}"
|
|
export SOCKS_PROXY
|
|
;;
|
|
SOCKS5_SERVER=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
SOCKS5_SERVER="${val}"
|
|
export SOCKS5_SERVER
|
|
;;
|
|
NO_PROXY=*)
|
|
test "$PROXY_ENABLED" = "yes" || continue
|
|
no_proxy="${val}"
|
|
export no_proxy
|
|
NO_PROXY="${val}"
|
|
export NO_PROXY
|
|
esac
|
|
done < $sys
|
|
unset sys line val
|
|
|
|
if test "$PROXY_ENABLED" != "yes" ; then
|
|
unset http_proxy https_proxy ftp_proxy gopher_proxy no_proxy NO_PROXY socks_proxy SOCKS_PROXY SOCKS5_SERVER
|
|
fi
|
|
unset PROXY_ENABLED
|
|
#
|
|
# end of proxy.sh
|
|
EOF
|
|
#
|
|
# 7.14. Creating the /etc/inputrc File
|
|
#
|
|
cat > %{buildroot}/etc/inputrc <<- "EOF"
|
|
# Begin /etc/inputrc
|
|
# Modified by Chris Lynn <roryo@roryo.dynup.net>
|
|
|
|
# Allow the command prompt to wrap to the next line
|
|
set horizontal-scroll-mode Off
|
|
|
|
# Enable 8bit input
|
|
set meta-flag On
|
|
set input-meta On
|
|
|
|
# Turns off 8th bit stripping
|
|
set convert-meta Off
|
|
|
|
# Keep the 8th bit for display
|
|
set output-meta On
|
|
|
|
# none, visible or audible
|
|
set bell-style none
|
|
|
|
# All of the following map the escape sequence of the value
|
|
# contained in the 1st argument to the readline specific functions
|
|
"\eOd": backward-word
|
|
"\eOc": forward-word
|
|
|
|
# for linux console
|
|
"\e[1~": beginning-of-line
|
|
"\e[4~": end-of-line
|
|
# page up - history search backward
|
|
"\e[5~": history-search-backward
|
|
# page down - history search forward
|
|
"\e[6~": history-search-forward
|
|
"\e[3~": delete-char
|
|
"\e[2~": quoted-insert
|
|
|
|
# for xterm
|
|
"\eOH": beginning-of-line
|
|
"\eOF": end-of-line
|
|
|
|
# for Konsole
|
|
"\e[H": beginning-of-line
|
|
"\e[F": end-of-line
|
|
|
|
# ctrl + left/right arrow to jump words
|
|
"\e[1;5C": forward-word
|
|
"\e[1;5D": backward-word
|
|
|
|
# End /etc/inputrc
|
|
EOF
|
|
#
|
|
# 8.2. Creating the /etc/fstab File
|
|
#
|
|
touch %{buildroot}/etc/fstab
|
|
|
|
#
|
|
# 8.3.2. Configuring Linux Module Load Order
|
|
#
|
|
install -vdm 755 %{buildroot}/etc/modprobe.d
|
|
cat > %{buildroot}/etc/modprobe.d/usb.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/usb.conf
|
|
|
|
install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i ohci_hcd ; true
|
|
install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe -i uhci_hcd ; true
|
|
|
|
# End /etc/modprobe.d/usb.conf
|
|
EOF
|
|
|
|
# Security patch for CCE-14118-4, msid: 6.6
|
|
# Disable the installation and use of file systems that are not required (squashfs)
|
|
cat > %{buildroot}/etc/modprobe.d/squashfs.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/squashfs.conf
|
|
|
|
install squashfs /bin/true
|
|
|
|
# End /etc/modprobe.d/squashfs.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 1.1.21.1
|
|
# Ensure mounting of USB storage devices is disabled
|
|
cat > %{buildroot}/etc/modprobe.d/usb-storage.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/usb-storage.conf
|
|
|
|
install usb-storage /bin/true
|
|
|
|
# End /etc/modprobe.d/usb-storage.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 6.1
|
|
# Disable the installation and use of file systems that are not required (cramfs)
|
|
cat > %{buildroot}/etc/modprobe.d/cramfs.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/cramfs.conf
|
|
|
|
install cramfs /bin/true
|
|
|
|
# End /etc/modprobe.d/cramfs.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 6.2
|
|
# Disable the installation and use of file systems that are not required (freevxfs)
|
|
cat > %{buildroot}/etc/modprobe.d/freevxfs.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/freevxfs.conf
|
|
|
|
install freevxfs /bin/true
|
|
|
|
# End /etc/modprobe.d/freevxfs.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 6.3
|
|
# Disable the installation and use of file systems that are not required (hfs)
|
|
cat > %{buildroot}/etc/modprobe.d/hfs.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/hfs.conf
|
|
|
|
install hfs /bin/true
|
|
|
|
# End /etc/modprobe.d/hfs.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 6.4
|
|
# Disable the installation and use of file systems that are not required (hfsplus)
|
|
cat > %{buildroot}/etc/modprobe.d/hfsplus.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/hfsplus.conf
|
|
|
|
install hfsplus /bin/true
|
|
|
|
# End /etc/modprobe.d/hfsplus.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 6.5
|
|
# Disable the installation and use of file systems that are not required (jffs2)
|
|
cat > %{buildroot}/etc/modprobe.d/jffs2.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/jffs2.conf
|
|
|
|
install jffs2 /bin/true
|
|
|
|
# End /etc/modprobe.d/jffs2.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 54
|
|
# Ensure DCCP is disabled
|
|
cat > %{buildroot}/etc/modprobe.d/dccp.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/dccp.conf
|
|
|
|
install dccp /bin/true
|
|
|
|
# End /etc/modprobe.d/dccp.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 55
|
|
# Ensure SCTP is disabled
|
|
cat > %{buildroot}/etc/modprobe.d/sctp.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/sctp.conf
|
|
|
|
install sctp /bin/true
|
|
|
|
# End /etc/modprobe.d/sctp.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 56
|
|
# Disable support for RDS
|
|
cat > %{buildroot}/etc/modprobe.d/rds.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/rds.conf
|
|
|
|
install rds /bin/true
|
|
|
|
# End /etc/modprobe.d/rds.conf
|
|
EOF
|
|
|
|
# Security patch for msid: 57
|
|
# Ensure TIPC is disabled
|
|
cat > %{buildroot}/etc/modprobe.d/tipc.conf <<- "EOF"
|
|
# Begin /etc/modprobe.d/tipc.conf
|
|
|
|
install tipc /bin/true
|
|
|
|
# End /etc/modprobe.d/tipc.conf
|
|
EOF
|
|
#
|
|
# chapter 9.1. The End
|
|
#
|
|
|
|
# Since these following symlinks are ghosted entries, create them manually upon
|
|
# package installation.
|
|
|
|
# Use Lua to achieve this since when filesystem installs, there may not be any
|
|
# other packages installed if this is a new environment.
|
|
%post -p <lua>
|
|
posix.symlink("lib", "/usr/lib/debug/lib64")
|
|
posix.symlink("../bin", "/usr/lib/debug/usr/bin")
|
|
posix.symlink("../sbin", "/usr/lib/debug/usr/sbin")
|
|
posix.symlink("../lib", "/usr/lib/debug/usr/lib")
|
|
posix.symlink("../lib", "/usr/lib/debug/usr/lib64")
|
|
posix.symlink("../.dwz", "/usr/lib/debug/usr/.dwz")
|
|
return 0
|
|
|
|
%pretrans -p <lua>
|
|
posix.mkdir("/proc")
|
|
posix.mkdir("/sys")
|
|
posix.chmod("/proc", 0555)
|
|
posix.chmod("/sys", 0555)
|
|
|
|
-- Prior to filesystem-1.1-16, /media used to be a symlink to /run/media but this was
|
|
-- replaced with a directory. The RPM upgrade operation generally worked when the /media
|
|
-- symlink is a dangling link, which is commonly the case, however not always the case.
|
|
--
|
|
-- And when the /media symlink is indeed properly pointing to a real /run/media, RPM has a
|
|
-- known limitation where it is not possible to replace an active symlink with a directory,
|
|
-- and thus the RPM transaction fails.
|
|
--
|
|
-- To workaround this, a %pretrans scriptlet must run to test and remove the symlink
|
|
-- before RPM attempts to install the new directory.
|
|
--
|
|
-- https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement
|
|
path = "/media"
|
|
st = posix.stat(path)
|
|
if st and st.type == "link" then
|
|
os.remove(path)
|
|
end
|
|
return 0
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
# Root filesystem
|
|
/bin
|
|
%dir /boot
|
|
%dir /dev
|
|
%dir /etc
|
|
%dir /home
|
|
/lib
|
|
%dir /opt
|
|
|
|
/media
|
|
%dir /mnt
|
|
%ghost %attr(555,root,root) /proc
|
|
%dir /root
|
|
%dir /run
|
|
/sbin
|
|
/srv
|
|
%ghost %attr(555,root,root) /sys
|
|
%dir /tmp
|
|
%dir /usr
|
|
%dir /var
|
|
# etc fileystem
|
|
%dir /etc/opt
|
|
%config(noreplace) /etc/fstab
|
|
%config(noreplace) /etc/group
|
|
%config(noreplace) /etc/hosts
|
|
%config(noreplace) /etc/inputrc
|
|
%config(noreplace) /etc/mtab
|
|
%config(noreplace) /etc/passwd
|
|
%config(noreplace) /etc/profile
|
|
%dir /etc/modprobe.d
|
|
%config(noreplace) /etc/modprobe.d/usb.conf
|
|
%dir /etc/sysconfig
|
|
%config(noreplace) /etc/sysconfig/clock
|
|
%config(noreplace) /etc/sysconfig/console
|
|
%config(noreplace) /etc/sysconfig/proxy
|
|
%dir /etc/profile.d
|
|
%config(noreplace) /etc/profile.d/proxy.sh
|
|
# media filesystem
|
|
%dir /run/media/cdrom
|
|
%dir /run/media/floppy
|
|
# run filesystem
|
|
%dir /run/lock
|
|
# usr filesystem
|
|
%dir /mnt/cdrom
|
|
%dir /mnt/hgfs
|
|
%dir /usr/bin
|
|
%dir /usr/include
|
|
%dir /usr/lib
|
|
%dir /usr/lib/debug
|
|
%dir /usr/lib/debug/bin
|
|
%dir /usr/lib/debug/lib
|
|
%dir /usr/lib/debug/sbin
|
|
%dir /usr/lib/debug/usr
|
|
%dir /usr/lib/debug/.dwz
|
|
%dir /usr/libexec
|
|
%dir /usr/local
|
|
%dir /usr/local/bin
|
|
%dir /usr/local/include
|
|
%dir /usr/local/lib
|
|
%dir /usr/local/sbin
|
|
%dir /usr/local/share
|
|
%dir /usr/local/share/color
|
|
%dir /usr/local/share/dict
|
|
%dir /usr/local/share/doc
|
|
%dir /usr/local/share/info
|
|
%dir /usr/local/share/locale
|
|
%dir /usr/local/share/man
|
|
%dir /usr/local/share/man/man1
|
|
%dir /usr/local/share/man/man2
|
|
%dir /usr/local/share/man/man3
|
|
%dir /usr/local/share/man/man4
|
|
%dir /usr/local/share/man/man5
|
|
%dir /usr/local/share/man/man6
|
|
%dir /usr/local/share/man/man7
|
|
%dir /usr/local/share/man/man8
|
|
%dir /usr/local/share/misc
|
|
%dir /usr/local/share/terminfo
|
|
%dir /usr/local/share/zoneinfo
|
|
%dir /usr/local/src
|
|
%dir /usr/sbin
|
|
%dir /usr/share
|
|
%dir /usr/share/color
|
|
%dir /usr/share/dict
|
|
%dir /usr/share/doc
|
|
%dir /usr/share/info
|
|
%dir /usr/share/locale
|
|
%dir /usr/share/man
|
|
%dir /usr/share/man/man1
|
|
%dir /usr/share/man/man2
|
|
%dir /usr/share/man/man3
|
|
%dir /usr/share/man/man4
|
|
%dir /usr/share/man/man5
|
|
%dir /usr/share/man/man6
|
|
%dir /usr/share/man/man7
|
|
%dir /usr/share/man/man8
|
|
%dir /usr/share/misc
|
|
%dir /usr/share/terminfo
|
|
%dir /usr/share/zoneinfo
|
|
%dir /usr/src
|
|
|
|
# ghosted /usr/lib/debug symlinks.
|
|
#
|
|
# Ghost them to allow others packages to create/provide files
|
|
# inside the symlinks without conflicting with this package.
|
|
%ghost /usr/lib/debug/lib64
|
|
%ghost /usr/lib/debug/usr/bin
|
|
%ghost /usr/lib/debug/usr/lib
|
|
%ghost /usr/lib/debug/usr/lib64
|
|
%ghost /usr/lib/debug/usr/sbin
|
|
%ghost /usr/lib/debug/usr/.dwz
|
|
|
|
# var filesystem
|
|
%dir /var/cache
|
|
%dir /var/lib
|
|
%dir /var/lib/color
|
|
%dir /var/lib/locate
|
|
%dir /var/lib/misc
|
|
%dir /var/local
|
|
%dir /var/log
|
|
%dir /var/mail
|
|
%dir /var/mnt
|
|
%dir /var/srv
|
|
%dir /var/opt
|
|
%dir /var/spool
|
|
%dir /var/tmp
|
|
%attr(-,root,root) /var/log/wtmp
|
|
%attr(664,root,utmp) /var/log/lastlog
|
|
%attr(600,root,root) /var/log/btmp
|
|
/var/lock
|
|
/var/run
|
|
|
|
/lib64
|
|
/usr/lib64
|
|
/usr/local/lib64
|
|
|
|
%files asc
|
|
%config(noreplace) /etc/modprobe.d/squashfs.conf
|
|
%config(noreplace) /etc/modprobe.d/usb-storage.conf
|
|
%config(noreplace) /etc/modprobe.d/cramfs.conf
|
|
%config(noreplace) /etc/modprobe.d/freevxfs.conf
|
|
%config(noreplace) /etc/modprobe.d/hfs.conf
|
|
%config(noreplace) /etc/modprobe.d/hfsplus.conf
|
|
%config(noreplace) /etc/modprobe.d/jffs2.conf
|
|
%config(noreplace) /etc/modprobe.d/dccp.conf
|
|
%config(noreplace) /etc/modprobe.d/sctp.conf
|
|
%config(noreplace) /etc/modprobe.d/rds.conf
|
|
%config(noreplace) /etc/modprobe.d/tipc.conf
|
|
|
|
%changelog
|
|
* Mon Jan 22 2024 Henry Beberman <henry.beberman@microsoft.com> - 1.1-20
|
|
- Remove /etc/host.conf due to unintended impact on the base container
|
|
|
|
* Fri Dec 08 2023 Chris Co <chrco@microsoft.com> - 1.1-19
|
|
- Add scriptlet to handle /media symlink failed upgrade issue
|
|
|
|
* Thu Dec 07 2023 Dan Streetman <ddstreet@ieee.org> - 1.1-18
|
|
- Add /etc/host.conf with multi enabled
|
|
|
|
* Thu Oct 12 2023 Chris PeBenito <chpebeni@microsoft.com> - 1.1-17
|
|
- Restore the /opt directory.
|
|
|
|
* Mon Oct 09 2023 Chris Co <chrco@microsoft.com> - 1.1-16
|
|
- Make /media a proper directory
|
|
|
|
* Thu Jun 29 2023 Tobias Brick <tobiasb@microsoft.com> - 1.1-15
|
|
- Revert: Remove setting umask from /etc/profile and add it to a separate file in /etc/profile.d
|
|
|
|
* Tue Jun 13 2023 Andy Zaugg <azaugg@linkedin.com> - 1.1-14
|
|
- Adding /usr/local/sbin as per FHS
|
|
|
|
* Thu May 18 2023 Tobias Brick <tobiasb@microsoft.com> - 1.1-13
|
|
- Remove setting umask from /etc/profile and add it to a separate file in /etc/profile.d
|
|
|
|
* Thu Sep 14 2022 Thara Gopinath <tgopinath@microsoft.com> - 1.1-12
|
|
- Add the 'systemd-coredump' and 'systemd-oom' user and group accounts.
|
|
|
|
* Mon Jul 18 2022 Minghe Ren <mingheren@microsoft.com> - 1.1-11
|
|
- Update etc/modprobe.d/ folder to include new multiple config files and improve security
|
|
- Add subpackage asc to include all the new config files
|
|
|
|
* Thu Jun 16 2022 Olivia Crain <oliviacrain@microsoft.com> - 1.1-10
|
|
- Mark /proc and /sys as %%ghost
|
|
- Create /proc and /sys as a pretransaction step
|
|
|
|
* Wed May 18 2022 Brendan Kerrigan <bkerrigan@microsoft.com> 1.1-9
|
|
- Update /etc/inputrc to enable Ctrl+LeftArrow and Ctrl+RightArrow word jumping binds.
|
|
- License Verified.
|
|
* Mon Sep 28 2020 Ruying Chen <v-ruyche@microsoft.com> 1.1-8
|
|
- Add folders and symlinks for .dwz files.
|
|
* Mon Jun 15 2020 Joe Schmitt <joschmit@microsoft.com> 1.1-7
|
|
- Use ghost directive for /usr/lib/debug/* symlinks to avoid conflicting with debuginfo packages.
|
|
* Wed May 20 2020 Emre Girgin <mrgirgin@microsoft.com> 1.1-6
|
|
- Change /boot directory permissions to 600.
|
|
* Wed May 20 2020 Joe Schmitt <joschmit@microsoft.com> 1.1-5
|
|
- Add render and kvm group by default.
|
|
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.1-4
|
|
- Initial CBL-Mariner import from Photon (license: Apache2).
|
|
* Wed May 8 2019 Alexey Makhalov <amakhalov@vmware.com> 1.1-3
|
|
- Set 'x' as a root password placeholder
|
|
* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> 1.1-2
|
|
- Aarch64 support
|
|
* Fri Sep 15 2017 Anish Swaminathan <anishs@vmware.com> 1.1-1
|
|
- Move network file from filesystem package
|
|
* Fri Apr 21 2017 Alexey Makhalov <amakhalov@vmware.com> 1.0-13
|
|
- make /var/run symlink to /run and keep it in rpm
|
|
* Thu Apr 20 2017 Bo Gan <ganb@vmware.com> 1.0-12
|
|
- Fix /usr/local/lib64 symlink
|
|
* Wed Mar 08 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.0-11
|
|
- Create default DHCP net config in 99-dhcp-en.network instead of 10-dhcp-en.network
|
|
* Wed Aug 24 2016 Alexey Makhalov <amakhalov@vmware.com> 1.0-10
|
|
- /etc/inputrc PgUp/PgDown for history search
|
|
* Tue Jul 12 2016 Divya Thaluru <dthaluru@vmware.com> 1.0-9
|
|
- Added filesystem for debug libraries and binaries
|
|
* Fri Jul 8 2016 Divya Thaluru <dthaluru@vmware.com> 1.0-8
|
|
- Removing multiple entries of localhost in /etc/hosts file
|
|
* Fri May 27 2016 Divya Thaluru <dthaluru@vmware.com> 1.0-7
|
|
- Fixed nobody user uid and group gid
|
|
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.0-6
|
|
- GA - Bump release of all rpms
|
|
* Wed May 4 2016 Divya Thaluru <dthaluru@vmware.com> 1.0-5
|
|
- Removing non-existent users from /etc/group file
|
|
* Fri Apr 29 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 1.0-4
|
|
- Updating the /etc/hosts file
|
|
* Fri Apr 22 2016 Divya Thaluru <dthaluru@vmware.com> 1.0-3
|
|
- Setting default umask value to 027
|
|
* Thu Apr 21 2016 Anish Swaminathan <anishs@vmware.com> 1.0-2
|
|
- Version update for network file change
|
|
* Mon Jan 18 2016 Anish Swaminathan <anishs@vmware.com> 1.0-1
|
|
- Reset version to match with Photon version
|
|
* Wed Jan 13 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 7.5-13
|
|
- Support to set proxy configuration file - SLES proxy configuration implementation.
|
|
* Thu Jan 7 2016 Mahmoud Bassiouny <mbassiouny@vmware.com> 7.5-12
|
|
- Removing /etc/sysconfig/network file.
|
|
* Mon Nov 16 2015 Mahmoud Bassiouny <mbassiouny@vmware.com> 7.5-11
|
|
- Removing /etc/fstab mount entries.
|
|
* Mon Nov 16 2015 Sharath George <sharathg@vmware.com> 7.5-10
|
|
- Removint /opt from filesystem.
|
|
* Fri Oct 02 2015 Vinay Kulkarni <kulkarniv@vmware.com> 7.5-9
|
|
- Dump build-number and release version from macros.
|
|
* Fri Aug 14 2015 Sharath George <sharathg@vmware.com> 7.5-8
|
|
- upgrading release to TP2
|
|
* Tue Jun 30 2015 Alexey Makhalov <amakhalov@vmware.com> 7.5-7
|
|
- /etc/profile.d permission fix
|
|
* Tue Jun 23 2015 Divya Thaluru <dthaluru@vmware.com> 7.5-6
|
|
- Adding group dip
|
|
* Mon Jun 22 2015 Divya Thaluru <dthaluru@vmware.com> 7.5-5
|
|
- Fixing lsb-release file
|
|
* Tue Jun 16 2015 Alexey Makhalov <amakhalov@vmware.com> 7.5-4
|
|
- Change users group id to 100.
|
|
- Add audio group to users group.
|
|
* Mon Jun 15 2015 Sharath George <sharathg@vmware.com> 7.5-3
|
|
- Change the network match for dhcp.
|
|
* Mon May 18 2015 Touseef Liaqat <tliaqat@vmware.com> 7.5-2
|
|
- Update according to UsrMove.
|
|
* Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 7.5-1
|
|
- Initial build. First version
|