From d4bd8777a483ea834e687c1ee35dee32efe6e49f Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>

Date: Wed, 7 Jul 2021 14:02:36 +0200

Subject: [PATCH 1/5] rpm: don't specify the full path for systemctl and other

 commands

We can make things a bit simpler and more readable by not specifying the path.

Since we didn't specify the full path for all commands (including those invoked

recursively by anythign we invoke), this didn't really privide any security or

robustness benefits. I guess that full paths were used because this style of

rpm packagnig was popular in the past, with macros used for everything

possible, with special macros for common commands like %{__ln} and %{__mkdir}.

(cherry picked from commit 7d9ee15d0fc2af87481ee371b278dbe7e68165ef)

---

 src/rpm/macros.systemd.in      | 24 ++++++++++++------------

 src/rpm/triggers.systemd.in    | 18 +++++++++---------

 src/rpm/triggers.systemd.sh.in | 18 +++++++++---------

 3 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in

index 3a0169a85f..3129ab2d61 100644

--- a/src/rpm/macros.systemd.in

+++ b/src/rpm/macros.systemd.in

@@ -46,9 +46,9 @@ OrderWithRequires(postun): systemd \

 %systemd_post() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_post}} \

-if [ $1 -eq 1 ] && [ -x %{_bindir}/systemctl ]; then \

+if [ $1 -eq 1 ] && command -v systemctl >/dev/null; then \

     # Initial installation \

-    %{_bindir}/systemctl --no-reload preset %{?*} || : \

+    systemctl --no-reload preset %{?*} || : \

 fi \

 %{nil}

@@ -56,21 +56,21 @@ fi \

 %systemd_preun() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_preun}} \

-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \

+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \

     # Package removal, not upgrade \

     if [ -d /run/systemd/system ]; then \

-          %{_bindir}/systemctl --no-reload disable --now %{?*} || : \

+          systemctl --no-reload disable --now %{?*} || : \

     else \

-          %{_bindir}/systemctl --no-reload disable %{?*} || : \

+          systemctl --no-reload disable %{?*} || : \

     fi \

 fi \

 %{nil}

 %systemd_user_preun() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_user_preun}} \

-if [ $1 -eq 0 ] && [ -x %{_bindir}/systemctl ]; then \

+if [ $1 -eq 0 ] && command -v systemctl >/dev/null; then \

     # Package removal, not upgrade \

-    %{_bindir}/systemctl --global disable %{?*} || : \

+    systemctl --global disable %{?*} || : \

 fi \

 %{nil}

@@ -84,10 +84,10 @@ fi \

 %systemd_postun_with_restart() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \

-if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \

+if [ $1 -ge 1 ] && command -v systemctl >/dev/null; then \

     # Package upgrade, not uninstall \

     for unit in %{?*}; do \

-         %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \

+        systemctl set-property $unit Markers=+needs-restart || : \

     done \

 fi \

 %{nil}

@@ -105,17 +105,17 @@ fi \

 # Deprecated. Use %tmpfiles_create_package instead

 %tmpfiles_create() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# tmpfiles_create}} \

-[ -x %{_bindir}/systemd-tmpfiles ] && %{_bindir}/systemd-tmpfiles --create %{?*} || : \

+command -v systemd-tmpfiles >/dev/null && systemd-tmpfiles --create %{?*} || : \

 %{nil}

 # Deprecated. Use %sysusers_create_package instead

 %sysusers_create() \

 %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysusers_create}} \

-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers %{?*} || : \

+command -v systemd-sysusers >/dev/null && systemd-sysusers %{?*} || : \

 %{nil}

 %sysusers_create_inline() \

-[ -x %{_bindir}/systemd-sysusers ] && %{_bindir}/systemd-sysusers - <

+command -v systemd-sysusers >/dev/null && systemd-sysusers - <

 %{?*} \

 SYSTEMD_INLINE_EOF\

 %{nil}

diff --git a/src/rpm/triggers.systemd.in b/src/rpm/triggers.systemd.in

index b33d2212e8..247358008a 100644

--- a/src/rpm/triggers.systemd.in

+++ b/src/rpm/triggers.systemd.in

@@ -16,14 +16,14 @@

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))

+        assert(posix.execp("systemctl", "daemon-reload"))

     elseif pid > 0 then

         posix.wait(pid)

     end

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked"))

+        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -38,7 +38,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemctl", "daemon-reload"))

+        assert(posix.execp("systemctl", "daemon-reload"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -49,7 +49,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemctl", "reload-or-restart", "--marked"))

+        assert(posix.execp("systemctl", "reload-or-restart", "--marked"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -62,7 +62,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemd-sysusers"))

+        assert(posix.execp("systemd-sysusers"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -74,7 +74,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemd-hwdb", "update"))

+        assert(posix.execp("systemd-hwdb", "update"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -86,7 +86,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/journalctl", "--update-catalog"))

+        assert(posix.execp("journalctl", "--update-catalog"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -111,7 +111,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/systemd-tmpfiles", "--create"))

+        assert(posix.execp("systemd-tmpfiles", "--create"))

     elseif pid > 0 then

         posix.wait(pid)

     end

@@ -123,7 +123,7 @@ end

 if posix.access("/run/systemd/system") then

     pid = posix.fork()

     if pid == 0 then

-        assert(posix.exec("%{_bindir}/udevadm", "control", "--reload"))

+        assert(posix.execp("udevadm", "control", "--reload"))

     elseif pid > 0 then

         posix.wait(pid)

     end

diff --git a/src/rpm/triggers.systemd.sh.in b/src/rpm/triggers.systemd.sh.in

index 22abad9812..1631be18c9 100644

--- a/src/rpm/triggers.systemd.sh.in

+++ b/src/rpm/triggers.systemd.sh.in

@@ -15,8 +15,8 @@

 # installed, because other cases are covered by the *un scriptlets,

 # so sometimes we will reload needlessly.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemctl daemon-reload || :

-  %{_bindir}/systemctl reload-or-restart --marked || :

+  systemctl daemon-reload || :

+  systemctl reload-or-restart --marked || :

 fi

 %transfiletriggerpostun -P 1000100 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system

@@ -26,13 +26,13 @@ fi

 # have been installed, but before %postun scripts in packages get

 # executed.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemctl daemon-reload || :

+  systemctl daemon-reload || :

 fi

 %transfiletriggerpostun -P 10000 -- {{SYSTEM_DATA_UNIT_DIR}} /etc/systemd/system

 # We restart remaining services that should be restarted here.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemctl reload-or-restart --marked || :

+  systemctl reload-or-restart --marked || :

 fi

 %transfiletriggerin -P 1000700 -- {{SYSUSERS_DIR}}

@@ -40,21 +40,21 @@ fi

 # specified users automatically. The priority is set such that it

 # will run before the tmpfiles file trigger.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemd-sysusers || :

+  systemd-sysusers || :

 fi

 %transfiletriggerin -P 1000700 udev -- {{UDEV_HWDB_DIR}}

 # This script will automatically invoke hwdb update if files have been

 # installed or updated in {{UDEV_HWDB_DIR}}.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemd-hwdb update || :

+  systemd-hwdb update || :

 fi

 %transfiletriggerin -P 1000700 -- {{SYSTEMD_CATALOG_DIR}}

 # This script will automatically invoke journal catalog update if files

 # have been installed or updated in {{SYSTEMD_CATALOG_DIR}}.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/journalctl --update-catalog || :

+  journalctl --update-catalog || :

 fi

 %transfiletriggerin -P 1000700 -- {{BINFMT_DIR}}

@@ -71,14 +71,14 @@ fi

 # tmpfiles automatically. The priority is set such that it will run

 # after the sysusers file trigger, but before any other triggers.

 if test -d "/run/systemd/system"; then

-  %{_bindir}/systemd-tmpfiles --create || :

+  systemd-tmpfiles --create || :

 fi

 %transfiletriggerin -P 1000600 udev -- {{UDEV_RULES_DIR}}

 # This script will automatically update udev with new rules if files

 # have been installed or updated in {{UDEV_RULES_DIR}}.

 if test -e /run/udev/control; then

-  %{_bindir}/udevadm control --reload || :

+  udevadm control --reload || :

 fi

 %transfiletriggerin -P 1000500 -- {{SYSCTL_DIR}}

-- 

2.31.1