saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update packages for python modules owned by root

Browse source 
Updates Debian and RPM packages so that /opt/saltstack/salt and the
python packages don't have to be owned by salt user.

It shouldn't be necessary for salt user, used to run salt-master to be
able to write/modify files in that directory hierarchy.

Add postinst scripts to call the python compileall module to create
byte-compiled python modules. This should preserve performance whilst
not requiring write access for salt user.

Also cleans up .pyc files and __pycache__ dirs on removal.
This commit is contained in:
Barney Sowood 2023-04-29 16:57:43 +01:00 committed by Gareth J. Greenaway
parent 919994f2b0
commit af9ee1a9c6
4 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/debian/salt-common.postinst Normal file
View file

@ -0,0 +1,4 @@
#!/bin/sh
set -e
/opt/saltstack/salt/bin/python3 -m compileall -qq /opt/saltstack/salt/lib

5
pkg/debian/salt-common.prerm Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh
set -e
dpkg -L salt-common | perl -ne 's,/([^/]*)\.py$,/__pycache__/\1.*, or next; unlink $_ or die $! foreach glob($_)'
find /opt/saltstack/salt -type d -name __pycache__ -empty -print0 | xargs --null --no-run-if-empty rmdir

2
pkg/debian/salt-master.postinst
View file

@ -1,6 +1,6 @@
case "$1" in
configure)
chown -R salt:salt /etc/salt /var/log/salt /opt/saltstack/salt/ /var/cache/salt/ /var/run/salt
chown -R salt:salt /etc/salt /var/log/salt /var/cache/salt/ /var/run/salt
if command -v systemctl; then systemctl enable salt-master; fi
;;
esac

7
pkg/rpm/salt.spec
View file

@ -428,6 +428,7 @@ chown -R %{_SALT_USER}:%{_SALT_GROUP} %{_SALT_HOME}
chmod u=rwx,g=rwx,o=rx %{_SALT_HOME}
ln -s -f /opt/saltstack/salt/spm %{_bindir}/spm
ln -s -f /opt/saltstack/salt/salt-pip %{_bindir}/salt-pip
/opt/saltstack/salt/bin/python3 -m compileall -qq /opt/saltstack/salt/lib
%post cloud
@ -452,7 +453,7 @@ if [ $1 -lt 2 ]; then
/bin/openssl sha256 -r -hmac orboDeJITITejsirpADONivirpUkvarP /opt/saltstack/salt/lib/libcrypto.so.1.1 | cut -d ' ' -f 1 > /opt/saltstack/salt/lib/.libcrypto.so.1.1.hmac || :
fi
fi
chown -R salt:salt /etc/salt /var/log/salt /opt/saltstack/salt/ /var/cache/salt/ /var/run/salt/
chown -R salt:salt /etc/salt /var/log/salt /var/cache/salt/ /var/run/salt/
%post syndic
%systemd_post salt-syndic.service
@ -480,6 +481,10 @@ ln -s -f /opt/saltstack/salt/salt-ssh %{_bindir}/salt-ssh
%systemd_post salt-api.service
ln -s -f /opt/saltstack/salt/salt-api %{_bindir}/salt-api
%preun
find /opt/saltstack/salt -type f -name \*\.pyc -print0 | xargs --null --no-run-if-empty rm
find /opt/saltstack/salt -type d -name __pycache__ -empty -print0 | xargs --null --no-run-if-empty rmdir
%postun master
%systemd_postun_with_restart salt-master.service
if [ $1 -eq 0 ]; then