Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package plocate for openSUSE:Factory checked in at 2024-06-24 20:51:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/plocate (Old) and /work/SRC/openSUSE:Factory/.plocate.new.18349 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "plocate" Mon Jun 24 20:51:29 2024 rev:3 rq:1180248 version:1.1.22 Changes: -------- --- /work/SRC/openSUSE:Factory/plocate/plocate.changes 2024-01-16 21:38:23.285356253 +0100 +++ /work/SRC/openSUSE:Factory/.plocate.new.18349/plocate.changes 2024-06-24 20:52:25.758414052 +0200 @@ -1,0 +2,8 @@ +Wed Jun 12 15:04:47 UTC 2024 - Manfred Schwarb <manfred99@gmx.ch> + +- changes taken from mlocate updates: + * change umask inside su invocation (boo#1209409) + * add comment why umask in service file is not effective (bsc#1218896) + * add bcond for building without AppArmor support (for ALP code base) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ plocate.spec ++++++ --- /var/tmp/diff_new_pack.TfaQTT/_old 2024-06-24 20:52:26.238431598 +0200 +++ /var/tmp/diff_new_pack.TfaQTT/_new 2024-06-24 20:52:26.238431598 +0200 @@ -16,6 +16,8 @@ # +%bcond_without apparmor + Name: plocate Version: 1.1.22 Release: 0 @@ -27,16 +29,19 @@ Source1: updatedb.conf Source2: %{name}-updatedb.service Source3: sysconfig.locate -# apparmor profile +%if %{with apparmor} Source5: usr.bin.plocate Source6: usr.sbin.updatedb +%endif Patch0: disable-visibility.patch BuildRequires: gcc-c++ BuildRequires: meson BuildRequires: pkgconfig BuildRequires: pkgconfig(liburing) BuildRequires: pkgconfig(libzstd) +%if %{with apparmor} Requires: apparmor-abstractions +%endif Requires: group(nobody) Requires: user(nobody) Requires(post): %fillup_prereq @@ -74,9 +79,12 @@ ln -sr %{buildroot}%{_mandir}/man1/%{name}.1%{?ext_man} %{buildroot}%{_mandir}/man1/locate.1%{?ext_man} ln -s %{_sbindir}/updatedb %{buildroot}%{_bindir}/updatedb ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-updatedb -# apparmor: +%if %{with apparmor} install -Dm644 %{SOURCE5} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.plocate install -Dm644 %{SOURCE6} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.updatedb +%endif + +%check %pre %service_add_pre %{name}-updatedb.service %{name}-updatedb.timer @@ -112,7 +120,9 @@ %{_sharedstatedir}/%{name}/CACHEDIR.TAG %ghost %{_sharedstatedir}/%{name}/%{name}.db %config(noreplace) %{_sysconfdir}/updatedb.conf +%if %{with apparmor} %dir %{_sysconfdir}/apparmor.d/ %config %{_sysconfdir}/apparmor.d/usr.bin.plocate %config %{_sysconfdir}/apparmor.d/usr.sbin.updatedb +%endif ++++++ plocate-updatedb.service ++++++ --- /var/tmp/diff_new_pack.TfaQTT/_old 2024-06-24 20:52:26.278433060 +0200 +++ /var/tmp/diff_new_pack.TfaQTT/_new 2024-06-24 20:52:26.282433206 +0200 @@ -19,9 +19,11 @@ Type=oneshot ExecStart=/bin/sh -c \ "chown -R ${RUN_UPDATEDB_AS}:root /var/lib/plocate && \ - su --shell=/bin/sh ${RUN_UPDATEDB_AS} -c /usr/sbin/updatedb" + su --shell=/bin/sh ${RUN_UPDATEDB_AS} -c 'umask 0022; /usr/sbin/updatedb'" -# Ensure we have proper umask +# Unfortunately, the umask we set here is lost because we invoke updatedb +# through 'su' to change to the user ${RUN_UPDATEDB_AS}. See bnc#941296 and +# bnc#1209409 for further details. UMask=0022 LimitNOFILE=131072