[M] Change in meta-telephony[201705]: Remove User= and Group= from systemd service files - gerrit-log

23 Apr 2024

osmith has submitted this change. ( https://gerrit.osmocom.org/c/meta-telephony/+/36618?usp=email )
Change subject: Remove User= and Group= from systemd service files
......................................................................
Remove User= and Group= from systemd service files
Service files of Osmocom programs will have User= and Group= in the
future, so these don't run as root. It was decided that for OE-based
systems, we will still run them as root for now.
Related: OS#5684, OS#4107
Change-Id: I68a8fba034aeb0e2923b2958b8d6842410d8b23c
---
M recipes-osmocom/libosmo-sccp/libosmo-sccp.inc
M recipes-osmocom/osmo-bsc/osmo-bsc.inc
M recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc
M recipes-osmocom/osmo-ggsn/osmo-ggsn.inc
M recipes-osmocom/osmo-hlr/osmo-hlr.inc
M recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc
M recipes-osmocom/osmo-mgw/osmo-mgw.inc
M recipes-osmocom/osmo-msc/osmo-msc.inc
M recipes-osmocom/osmo-pcap/osmo-pcap.inc
M recipes-osmocom/osmo-sgsn/osmo-sgsn.inc
M recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc
11 files changed, 83 insertions(+), 20 deletions(-)
Approvals:
  fixeria: Looks good to me, approved
  osmith: Verified
  pespin: Looks good to me, but someone else must approve

diff --git a/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc b/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc
index 0f1f28d..34454b1 100644
--- a/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc
+++ b/recipes-osmocom/libosmo-sccp/libosmo-sccp.inc
@@ -3,7 +3,7 @@
 HOMEPAGE = "https://osmocom.org/projects/libosmo-sccp"
 LICENSE = "AGPLv3"
-INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
@@ -18,10 +18,14 @@
 # access symbols not starting with osmo_*
 EXTRA_OECONF_remove = "--disable-static"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-stp.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-stp.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-stp.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-stp.service"
 }
PACKAGES =+ "osmo-stp"
diff --git a/recipes-osmocom/osmo-bsc/osmo-bsc.inc b/recipes-osmocom/osmo-bsc/osmo-bsc.inc
index 50e8f9b..1c56123 100644
--- a/recipes-osmocom/osmo-bsc/osmo-bsc.inc
+++ b/recipes-osmocom/osmo-bsc/osmo-bsc.inc
@@ -5,7 +5,7 @@
DEPENDS = "sqlite3 libpcap libosmocore libosmo-abis libosmo-sccp libosmo-netif osmo-mgw"
-INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,10 +14,14 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
PACKAGES =+ "meas-utils ipaccess-utils bs11-utils abisip-find"
diff --git a/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc b/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc
index aff20fa..6c87dda 100644
--- a/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc
+++ b/recipes-osmocom/osmo-gbproxy/osmo-gbproxy.inc
@@ -5,7 +5,7 @@
DEPENDS = "libosmocore"
-INC_PR="r1.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,10 +14,14 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
SYSTEMD_SERVICE_osmo-gbproxy = "osmo-gbproxy.service"
diff --git a/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc b/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc
index 58b93f0..276ac47 100644
--- a/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc
+++ b/recipes-osmocom/osmo-ggsn/osmo-ggsn.inc
@@ -5,7 +5,7 @@
DEPENDS = "libosmocore"
-INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r4.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,10 +14,14 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
PACKAGES =+ " libgtp libgtp-dev libgtp-staticdev osmo-sgsnemu"
diff --git a/recipes-osmocom/osmo-hlr/osmo-hlr.inc b/recipes-osmocom/osmo-hlr/osmo-hlr.inc
index 4229e7b..77b1c94 100644
--- a/recipes-osmocom/osmo-hlr/osmo-hlr.inc
+++ b/recipes-osmocom/osmo-hlr/osmo-hlr.inc
@@ -5,7 +5,7 @@
DEPENDS = "libtalloc libosmocore libosmo-abis sqlite3 sqlite3-native"
-INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r4.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -21,6 +21,10 @@
    # StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
PACKAGECONFIG ??= "\
diff --git a/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc b/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc
index 6bf01d3..c83ce12 100644
--- a/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc
+++ b/recipes-osmocom/osmo-hnbgw/osmo-hnbgw.inc
@@ -5,7 +5,7 @@
DEPENDS = "libosmocore libosmo-netif libosmo-sccp osmo-iuh libasn1c lksctp-tools osmo-mgw"
-INC_PR="r1.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
# Workaround to oe-core meta/site/* CONFIG_SITE files passed to autoconf forcing unavailability of netinet/sctp.h.
 # Patch fixing issue upstream: https://patchwork.openembedded.org/patch/168892/
@@ -19,8 +19,13 @@
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
SYSTEMD_SERVICE_${PN} = "${PN}.service"
diff --git a/recipes-osmocom/osmo-mgw/osmo-mgw.inc b/recipes-osmocom/osmo-mgw/osmo-mgw.inc
index a9a60b4..5e740db 100644
--- a/recipes-osmocom/osmo-mgw/osmo-mgw.inc
+++ b/recipes-osmocom/osmo-mgw/osmo-mgw.inc
@@ -5,7 +5,7 @@
DEPENDS = "libosmocore libosmo-netif"
-INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r4.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,10 +14,14 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
PACKAGES =+ "libosmo-mgcp libosmo-mgcp-dev libosmo-mgcp-client libosmo-mgcp-client-dev"
diff --git a/recipes-osmocom/osmo-msc/osmo-msc.inc b/recipes-osmocom/osmo-msc/osmo-msc.inc
index c60fd07..23a762a 100644
--- a/recipes-osmocom/osmo-msc/osmo-msc.inc
+++ b/recipes-osmocom/osmo-msc/osmo-msc.inc
@@ -5,7 +5,7 @@
DEPENDS = "libdbi libosmocore libosmo-abis libosmo-sccp libosmo-netif osmo-mgw osmo-hlr"
-INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r4.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -18,10 +18,14 @@
 PACKAGECONFIG[iu] = "--enable-iu,--disable-iu,libasn1c osmo-iuh,"
 PACKAGECONFIG[smpp] = "--enable-smpp,--disable-smpp,libsmpp34,"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
RDEPENDS_${PN} = "libdbd-sqlite3"
diff --git a/recipes-osmocom/osmo-pcap/osmo-pcap.inc b/recipes-osmocom/osmo-pcap/osmo-pcap.inc
index 3f39103..e64ca88 100644
--- a/recipes-osmocom/osmo-pcap/osmo-pcap.inc
+++ b/recipes-osmocom/osmo-pcap/osmo-pcap.inc
@@ -5,7 +5,7 @@
DEPENDS = "libosmocore zeromq libpcap gnutls"
-INC_PR="r1.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,12 +14,18 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service"
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-pcap-server.service"
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-pcap-client.service"
 }
PACKAGES =+ "osmo-pcap-server osmo-pcap-client"
diff --git a/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc b/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc
index 9463047..2effb5d 100644
--- a/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc
+++ b/recipes-osmocom/osmo-sgsn/osmo-sgsn.inc
@@ -5,7 +5,7 @@
DEPENDS = "c-ares libosmocore libosmo-netif osmo-ggsn osmo-hlr"
-INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -16,12 +16,18 @@
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
 PACKAGECONFIG[iu] = "--enable-iu,--disable-iu,libasn1c libosmo-sccp osmo-iuh,"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service"
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-sgsn.service"
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/osmo-gtphub.service"
 }
PACKAGES =+ "osmo-gtphub-doc osmo-gtphub"
diff --git a/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc b/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc
index 7aabf20..7056cc4 100644
--- a/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc
+++ b/recipes-osmocom/osmo-sip-connector/osmo-sip-connector.inc
@@ -5,7 +5,7 @@
DEPENDS = "sofia-sip libosmocore"
-INC_PR="r2.${META_TELEPHONY_OSMO_INC}"
+INC_PR="r3.${META_TELEPHONY_OSMO_INC}"
inherit autotools pkgconfig systemd
@@ -14,10 +14,14 @@
     "
 PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir},--without-systemdsystemunitdir"
-# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
 do_install_append() {
+	# StateDirectory requires systemd >= v235, but poky pyro ships with v232 (SYS#6340):
    sed -i '/^StateDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
    sed -i '/^WorkingDirectory=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+
+	# Run as root (OS#5684):
+	sed -i '/^User=/d' "${D}${systemd_system_unitdir}/${PN}.service"
+	sed -i '/^Group=/d' "${D}${systemd_system_unitdir}/${PN}.service"
 }
SYSTEMD_SERVICE_${PN} = "${PN}.service"
-- 
To view, visit https://gerrit.osmocom.org/c/meta-telephony/+/36618?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: meta-telephony
Gerrit-Branch: 201705
Gerrit-Change-Id: I68a8fba034aeb0e2923b2958b8d6842410d8b23c
Gerrit-Change-Number: 36618
Gerrit-PatchSet: 2
Gerrit-Owner: osmith osmith@sysmocom.de
Gerrit-Reviewer: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Reviewer: pespin pespin@sysmocom.de
Gerrit-MessageType: merged



    