On 04/21/2014 03:44 AM, Andrew Lutomirski wrote:
Would it make sense to audit all spec files to look for instances of 'systemctl.*enable'?
I'm attaching the hits for that pattern on the actual RPM scripts in Fedora rawhide (x86_64). This combines both regular scripts and trigger scripts. I can add additional columns with more information, but the text file will become a bit unwieldy.
-- Florian Weimer / Red Hat Product Security Team
name |
script
-------------------------+------------------------------------------------------------------------------------------------------------------------
OpenIPMI | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply httpd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save ipmi >/dev/null
2>&1 ||: +
| /bin/systemctl --no-reload enable ipmi.service
>/dev/null 2>&1 ||: +
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del ipmi >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart ipmi.service >/dev/null
2>&1 || :
at | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply atd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save atd
+
|
+
| # The package is allowed to autostart:
+
| /bin/systemctl enable atd.service >/dev/null 2>&1
+
|
+
| /sbin/chkconfig --del atd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart atd.service >/dev/null
2>&1 || : +
| /bin/systemctl daemon-reload >/dev/null 2>&1 || :
avahi | /usr/bin/systemd-sysv-convert --save avahi-daemon
>/dev/null 2>&1 || : +
| /usr/bin/systemctl --no-reload enable
avahi-daemon.service >/dev/null 2>&1 || :
+
| /usr/bin/systemctl try-restart avahi-daemon.service
>/dev/null 2>&1 || :
avahi-dnsconfd | /usr/bin/systemd-sysv-convert --save avahi-dnsconfd
>/dev/null 2>&1 || : +
| /usr/bin/systemctl --no-reload enable
avahi-dnsconfd.service >/dev/null 2>&1 || :
+
| /usr/bin/systemctl try-restart
avahi-dnsconfd.service >/dev/null 2>&1 || :
bcfg2 | /usr/bin/systemd-sysv-convert --save bcfg2
>/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable bcfg2.service
>/dev/null 2>&1 || : +
| /sbin/chkconfig --del bcfg2 >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart bcfg2.service >/dev/null
2>&1 || :
bcfg2-server | /usr/bin/systemd-sysv-convert --save bcfg2-server
>/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable
bcfg2-server.service >/dev/null 2>&1 || :
+
| /sbin/chkconfig --del bcfg2-server >/dev/null 2>&1
|| : +
| /bin/systemctl try-restart bcfg2-server.service
>/dev/null 2>&1 || :
bwbar | /usr/bin/systemd-sysv-convert --save bwbar
>/dev/null 2>&1 ||: +
| /bin/systemctl --no-reload enable bwbar.service
>/dev/null 2>&1 ||: +
| /sbin/chkconfig --del bwbar >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart bwbar.service >/dev/null
2>&1 || :
cronie | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply crond +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save crond
+
|
+
| # The package is allowed to autostart:
+
| /bin/systemctl enable crond.service >/dev/null 2>&1
+
|
+
| /sbin/chkconfig --del crond >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart crond.service >/dev/null
2>&1 || : +
| /bin/systemctl daemon-reload >/dev/null 2>&1 || :
deltacloud-core | /usr/bin/systemd-sysv-convert --save deltacloud-core
>/dev/null 2>&1 ||: +
| /bin/systemctl --no-reload enable
deltacloud-core.service >/dev/null 2>&1 ||:
+
| /sbin/chkconfig --del deltacloud-core >/dev/null
2>&1 || : +
| /bin/systemctl try-restart deltacloud-core.service
>/dev/null 2>&1 || :
device-mapper-multipath | # make sure old systemd symlinks are removed after
changing the [Install] +
| # section in multipathd.service from
multi-user.target to sysinit.target
+
| /bin/systemctl --quiet is-enabled multipathd.service
>/dev/null 2>&1 && /bin/systemctl reenable multipathd.service ||:
device-mapper-multipath | /usr/bin/systemd-sysv-convert --save multipathd
>/dev/null 2>&1 ||: +
| bin/systemctl --no-reload enable multipathd.service
>/dev/null 2>&1 ||: +
| /sbin/chkconfig --del multipathd >/dev/null 2>&1 ||
: +
| /bin/systemctl try-restart multipathd.service
>/dev/null 2>&1 || :
dmapd | /usr/bin/systemd-sysv-convert --save dmapd
>/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable dmapd.service
>/dev/null 2>&1 || : +
| /sbin/chkconfig --del dmapd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart dmapd.service >/dev/null
2>&1 || :
exim | /usr/bin/systemd-sysv-convert --save clamd.exim
>/dev/null 2>&1 ||: +
| /bin/systemctl enable clamd.exim.service >/dev/null
2>&1 +
| /sbin/chkconfig --del clamd.exim >/dev/null 2>&1 ||
: +
| /bin/systemctl try-restart clamd.exim.service
>/dev/null 2>&1 || :
exim | /usr/bin/systemd-sysv-convert --save exim >/dev/null
2>&1 ||: +
| /bin/systemctl enable exim.service >/dev/null 2>&1
+
| /sbin/chkconfig --del exim >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart exim.service >/dev/null
2>&1 || :
fsniper | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply fsniper +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save fsniper
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable fsniper.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del fsniper >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart fsniper.service
>/dev/null 2>&1 || :
gpm | /usr/bin/systemd-sysv-convert --save gpm >/dev/null
2>&1 ||: +
| /bin/systemctl enable gpm.service >/dev/null 2>&1
+
| /bin/systemctl try-restart gpm.service >/dev/null
2>&1 || :
groonga | /usr/bin/systemd-sysv-convert --save groonga
>/dev/null 2>&1 ||: +
| /bin/systemctl --no-reload enable
groonga-server-http.service >/dev/null 2>&1 ||:
+
| /sbin/chkconfig --del groonga >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart
groonga-servre-http.service >/dev/null 2>&1 || :
hsqldb | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply httpd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save hsqldb
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable hsqldb.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del hsqldb >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart hsqldb.service >/dev/null
2>&1 || :
iscsi-initiator-utils | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply iscsid +
| # and systemd-sysv-convert --apply iscsi
+
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save iscsi
>/dev/null 2>&1 ||: +
| /usr/bin/systemd-sysv-convert --save iscsid
>/dev/null 2>&1 ||: +
|
+
| # enable socket activation
+
| /bin/systemctl enable iscsid.socket >/dev/null 2>&1
|| : +
| /bin/systemctl enable iscsiuio.socket >/dev/null
2>&1 || : +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del iscsid >/dev/null 2>&1 || :
+
| /sbin/chkconfig --del iscsi >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart iscsid.service >/dev/null
2>&1 || : +
| /bin/systemctl try-restart iscsi.service >/dev/null
1>&1 || :
jabberd | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply jabberd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save jabberd
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable jabberd.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del jabberd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart jabberd.service
>/dev/null 2>&1 || :
libvirt | /usr/bin/systemd-sysv-convert --save libvirtd
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable libvirtd.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del libvirtd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart libvirtd.service
>/dev/null 2>&1 || :
libvirt-client | /usr/bin/systemd-sysv-convert --save libvirt-guests
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable
libvirt-guests.service >/dev/null 2>&1 ||:
+
|
+
| # Run this because the SysV package being removed
won't do them +
| /sbin/chkconfig --del libvirt-guests >/dev/null 2>&1
|| :
lvm2 | /usr/bin/systemd-sysv-convert --save lvm2-monitor
>/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable
lvm2-monitor.service > /dev/null 2>&1 || :
+
| /sbin/chkconfig --del lvm2-monitor > /dev/null 2>&1
|| : +
| /bin/systemctl try-restart lvm2-monitor.service >
/dev/null 2>&1 || :
mailman | /usr/bin/systemd-sysv-convert --save mailman
>/dev/null 2>&1 ||: +
| /bin/systemctl enable mailman.service >/dev/null
2>&1 +
| /sbin/chkconfig --del mailman >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart mailman.service
>/dev/null 2>&1 || :
mdadm | /usr/bin/systemd-sysv-convert --save mdmonitor
>/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable mdmonitor.service
>/dev/null 2>&1 || : +
| /sbin/chkconfig --del mdmonitor >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart mdmonitor.service
>/dev/null 2>&1 || :
monit | /usr/bin/systemd-sysv-convert --save monit >
/dev/null 2>&1 || : +
| /bin/systemctl --no-reload enable monit.service >
/dev/null 2>&1 || : +
| /sbin/chkconfig --del monit > /dev/null 2>&1 || :
+
| /bin/systemctl try-restart monit.server > /dev/null
2>&1 || :
openct | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply openct +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save openct
>/dev/null 2>&1 ||: +
|
+
| /bin/systemctl --no-reload enable openct.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del openct >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart openct.service >/dev/null
2>&1 || :
opendkim | /usr/bin/systemd-sysv-convert --save opendkim
>/dev/null 2>&1 || : +
| /bin/systemctl enable opendkim.service >/dev/null
2>&1 +
| /sbin/chkconfig --del opendkim >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart opendkim.service
>/dev/null 2>&1 || :
openssh-server | /usr/bin/systemd-sysv-convert --save sshd >/dev/null
2>&1 || : +
| /bin/systemctl enable sshd.service >/dev/null 2>&1
+
| /sbin/chkconfig --del sshd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart sshd.service >/dev/null
2>&1 || :
partimage | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply partimaged +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save partimaged
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable partimaged.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del partimaged >/dev/null 2>&1 ||
: +
| /bin/systemctl try-restart partimaged.service
>/dev/null 2>&1 || :
rhnsd | if [ -f /etc/init.d/rhnsd ]; then
+
| /sbin/chkconfig --add rhnsd
+
| fi
+
| if [ -f /usr/lib/systemd/system/rhnsd.service ];
then +
|
+
| if [ $1 -eq 1 ] ; then
+
| # Initial installation
+
| /usr/bin/systemctl preset rhnsd.service
>/dev/null 2>&1 || : +
| fi
+
| if [ "$1" = "2" ]; then
+
| # upgrade from old init.d
+
| if [ -L /etc/rc2.d/S97rhnsd ]; then
+
| /usr/bin/systemctl enable rhnsd.service
>/dev/null 2>&1 +
| fi
+
| rm -f /etc/rc?.d/[SK]??rhnsd
+
| fi
+
| fi
rinetd | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply rinetd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save rinetd
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable rinetd.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del rinetd >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart rinetd.service >/dev/null
2>&1 || :
rpcbind | /usr/bin/systemd-sysv-convert --save rpcbind
>/dev/null 2>&1 ||: +
| /bin/systemctl --no-reload enable rpcbind.service
>/dev/null 2>&1 +
| /sbin/chkconfig --del rpcbind >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart rpcbind.service
>/dev/null 2>&1 || :
sendmail | /usr/bin/systemd-sysv-convert --save sendmail
>/dev/null 2>&1 ||: +
| /bin/systemctl enable sendmail.service >/dev/null
2>&1 +
| /bin/systemctl enable sm-client.service >/dev/null
2>&1 +
| /sbin/chkconfig --del sendmail >/dev/null 2>&1 || :
+
| /bin/systemctl try-restart sendmail.service
>/dev/null 2>&1 || : +
| /bin/systemctl try-restart sm-client.service
>/dev/null 2>&1 || : +
| # workaround for systemd rhbz#738022
+
| /bin/systemctl is-active sendmail.service >/dev/null
2>&1 && \ +
| ! /bin/systemctl is-active sm-client.service
>/dev/null 2>&1 && \ +
| /bin/systemctl start sm-client.service
>/dev/null 2>&1 || :
varnish | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply varnish +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save varnish
>/dev/null 2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| #/bin/systemctl --no-reload enable varnish.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del varnish >/dev/null 2>&1 || :
+
| #/bin/systemctl try-restart varnish.service
>/dev/null 2>&1 || :
vdsm | /usr/bin/vdsm-tool configure --module sanlock
--force +
| /usr/bin/vdsm-tool sebool-config || :
+
| # set the vdsm "secret" password for libvirt
+
| /usr/bin/vdsm-tool set-saslpasswd
+
|
+
| # After vdsm install we should create the logs
files. +
| # In the install session we create it but since we
use +
| # the ghost macro (in files session) the files are
not included +
| touch
/var/log/vdsm/{metadata.log,mom.log,supervdsm.log,vdsm.log}
+
| chmod 0644
/var/log/vdsm/{metadata.log,mom.log,supervdsm.log,vdsm.log}
+
| chown vdsm:kvm
/var/log/vdsm/{metadata.log,mom.log,vdsm.log}
+
| chown root:root /var/log/vdsm/supervdsm.log
+
|
+
| # Have moved vdsm section in /etc/sysctl.conf to
/etc/sysctl.d/vdsm.conf. +
| # So Remove them if it is played with
/etc/sysctl.conf.
+
| if grep -q "# VDSM section begin" /etc/sysctl.conf;
then +
| /bin/sed -i '/# VDSM section begin/,/# VDSM
section end/d' \ +
| /etc/sysctl.conf
+
| fi
+
|
+
| # hack until we replace core dump with abrt
+
| if /usr/sbin/selinuxenabled; then
+
| /usr/sbin/semanage fcontext -a -t virt_cache_t
'/var/log/core(/.*)?' +
| fi
+
| /sbin/restorecon -R /var/log/core >/dev/null 2>&1
+
| # hack until we replace core dump with abrt
+
|
+
| /bin/systemctl restart systemd-modules-load.service
>/dev/null 2>&1 || : +
| if [ "$1" -eq 1 ] ; then
+
| /bin/systemctl enable vdsmd.service >/dev/null
2>&1 || : +
| /bin/systemctl enable supervdsmd.service
>/dev/null 2>&1 || : +
| fi
+
| /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
| exit 0
xrdp | /usr/bin/systemd-sysv-convert --save xrdp >/dev/null
2>&1 ||: +
|
+
| # If the package is allowed to autostart:
+
| /bin/systemctl --no-reload enable xrdp.service
>/dev/null 2>&1 ||: +
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del xrdp >/dev/null 2>&1 || :
+
| if [ "`/bin/systemctl is-active xrdp.service`" =
'active' ]; then +
| /bin/systemctl stop xrdp.service >/dev/null 2>&1
|| : +
| /bin/systemctl start xrdp.service >/dev/null
2>&1 || : +
| fi
yum-cron |
+
| #systemd_post yum-cron.service
+
| # Do this manually because it's a fake service for
a cronjob, and cronjobs +
| # are default on atm. This may change in the future.
+
| if [ $1 = 1 ]; then
+
| systemctl enable yum-cron >/dev/null 2>&1
+
| else
+
| # Note that systemctl preset is being run here ...
but _only_ on initial +
| # install. So try this...
+
|
+
| if [ -f /var/lock/subsys/yum-cron -a -f
/etc/rc.d/init.d/yum-cron ]; then +
| systemctl enable yum-cron >/dev/null 2>&1
+
| fi
+
| fi
+
|
+
| # Also note:
+
| # systemctl list-unit-files | fgrep yum-cron
yum-updatesd | # Save the current service runlevel info
+
| # User must manually run systemd-sysv-convert
--apply yum-updatesd +
| # to migrate them to systemd targets
+
| /usr/bin/systemd-sysv-convert --save yum-updatesd
>/dev/null 2>&1 || : +
|
+
| # This package is allowed to autostart:
+
| /bin/systemctl --no-reload enable
yum-updatesd.service >/dev/null 2>&1 || :
+
|
+
| # Run these because the SysV package being removed
won't do them +
| /sbin/chkconfig --del yum-updatesd >/dev/null 2>&1
|| : +
| /bin/systemctl try-restart yum-updatesd.service
>/dev/null 2>&1 || :
(39 rows)
-- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
