From 08ea146102377743cc6604876f6a66048bc7492a Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@sbcglobal.net>
Date: Tue, 29 Nov 2016 21:33:01 -0500
Subject: ./tools/notsd-move

---
 src/grp-initprogs/systemd-update-done/Makefile     |  34 ++++++
 .../systemd-update-done.service.in                 |  21 ++++
 .../systemd-update-done.service.xml                |  97 +++++++++++++++++
 .../systemd-update-done/update-done.c              | 115 +++++++++++++++++++++
 4 files changed, 267 insertions(+)
 create mode 100644 src/grp-initprogs/systemd-update-done/Makefile
 create mode 100644 src/grp-initprogs/systemd-update-done/systemd-update-done.service.in
 create mode 100644 src/grp-initprogs/systemd-update-done/systemd-update-done.service.xml
 create mode 100644 src/grp-initprogs/systemd-update-done/update-done.c

(limited to 'src/grp-initprogs/systemd-update-done')

diff --git a/src/grp-initprogs/systemd-update-done/Makefile b/src/grp-initprogs/systemd-update-done/Makefile
new file mode 100644
index 0000000000..258828924a
--- /dev/null
+++ b/src/grp-initprogs/systemd-update-done/Makefile
@@ -0,0 +1,34 @@
+#  -*- Mode: makefile; indent-tabs-mode: t -*-
+#
+#  This file is part of systemd.
+#
+#  Copyright 2010-2012 Lennart Poettering
+#  Copyright 2010-2012 Kay Sievers
+#  Copyright 2013 Zbigniew Jędrzejewski-Szmek
+#  Copyright 2013 David Strauss
+#  Copyright 2016 Luke Shumaker
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+#  systemd is distributed in the hope that it will be useful, but
+#  WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public License
+#  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+include $(dir $(lastword $(MAKEFILE_LIST)))/../../../config.mk
+include $(topsrcdir)/build-aux/Makefile.head.mk
+
+rootlibexec_PROGRAMS += systemd-update-done
+
+systemd_update_done_SOURCES = \
+	src/update-done/update-done.c
+
+systemd_update_done_LDADD = \
+	libsystemd-shared.la
+
+include $(topsrcdir)/build-aux/Makefile.tail.mk
diff --git a/src/grp-initprogs/systemd-update-done/systemd-update-done.service.in b/src/grp-initprogs/systemd-update-done/systemd-update-done.service.in
new file mode 100644
index 0000000000..ec7d906392
--- /dev/null
+++ b/src/grp-initprogs/systemd-update-done/systemd-update-done.service.in
@@ -0,0 +1,21 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Update is Completed
+Documentation=man:systemd-update-done.service(8)
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=local-fs.target
+Before=sysinit.target shutdown.target
+ConditionNeedsUpdate=|/etc
+ConditionNeedsUpdate=|/var
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@rootlibexecdir@/systemd-update-done
diff --git a/src/grp-initprogs/systemd-update-done/systemd-update-done.service.xml b/src/grp-initprogs/systemd-update-done/systemd-update-done.service.xml
new file mode 100644
index 0000000000..a2dad39f01
--- /dev/null
+++ b/src/grp-initprogs/systemd-update-done/systemd-update-done.service.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+<refentry id="systemd-update-done.service">
+
+  <refentryinfo>
+    <title>systemd-update-done.service</title>
+    <productname>systemd</productname>
+
+    <authorgroup>
+      <author>
+        <contrib>Developer</contrib>
+        <firstname>Lennart</firstname>
+        <surname>Poettering</surname>
+        <email>lennart@poettering.net</email>
+      </author>
+    </authorgroup>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-update-done.service</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-update-done.service</refname>
+    <refname>systemd-update-done</refname>
+    <refpurpose>Mark <filename>/etc</filename> and <filename>/var</filename> fully updated</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <para><filename>systemd-update-done.service</filename></para>
+    <para><filename>/usr/lib/systemd/systemd-update-done</filename></para>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><filename>systemd-update-done.service</filename> is a
+    service that is invoked as part of the first boot after the vendor
+    operating system resources in <filename>/usr</filename> have been
+    updated. This is useful to implement offline updates of
+    <filename>/usr</filename> which might require updates to
+    <filename>/etc</filename> or <filename>/var</filename> on the
+    following boot.</para>
+
+    <para><filename>systemd-update-done.service</filename> updates the
+    file modification time (mtime) of the stamp files
+    <filename>/etc/.updated</filename> and
+    <filename>/var/.updated</filename> to the modification time of the
+    <filename>/usr</filename> directory, unless the stamp files are
+    already newer.</para>
+
+    <para>Services that shall run after offline upgrades of
+    <filename>/usr</filename> should order themselves before
+    <filename>systemd-update-done.service</filename>, and use the
+    <varname>ConditionNeedsUpdate=</varname> (see
+    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
+    condition to make sure to run when <filename>/etc</filename> or
+    <filename>/var</filename> are older than <filename>/usr</filename>
+    according to the modification times of the files described above.
+    This requires that updates to <filename>/usr</filename> are always
+    followed by an update of the modification time of
+    <filename>/usr</filename>, for example by invoking
+    <citerefentry project='man-pages'><refentrytitle>touch</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    on it.</para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>touch</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    </para>
+  </refsect1>
+
+</refentry>
diff --git a/src/grp-initprogs/systemd-update-done/update-done.c b/src/grp-initprogs/systemd-update-done/update-done.c
new file mode 100644
index 0000000000..79f755b909
--- /dev/null
+++ b/src/grp-initprogs/systemd-update-done/update-done.c
@@ -0,0 +1,115 @@
+/***
+  This file is part of systemd.
+
+  Copyright 2014 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include "systemd-basic/fd-util.h"
+#include "systemd-basic/io-util.h"
+#include "systemd-basic/selinux-util.h"
+#include "systemd-basic/util.h"
+
+#define MESSAGE                                                         \
+        "This file was created by systemd-update-done. Its only \n"     \
+        "purpose is to hold a timestamp of the time this directory\n"   \
+        "was updated. See systemd-update-done.service(8).\n"
+
+static int apply_timestamp(const char *path, struct timespec *ts) {
+        struct timespec twice[2] = {
+                *ts,
+                *ts
+        };
+        struct stat st;
+
+        assert(path);
+        assert(ts);
+
+        if (stat(path, &st) >= 0) {
+                /* Is the timestamp file already newer than the OS? If
+                 * so, there's nothing to do. We ignore the nanosecond
+                 * component of the timestamp, since some file systems
+                 * do not support any better accuracy than 1s and we
+                 * have no way to identify the accuracy
+                 * available. Most notably ext4 on small disks (where
+                 * 128 byte inodes are used) does not support better
+                 * accuracy than 1s. */
+                if (st.st_mtim.tv_sec > ts->tv_sec)
+                        return 0;
+
+                /* It is older? Then let's update it */
+                if (utimensat(AT_FDCWD, path, twice, AT_SYMLINK_NOFOLLOW) < 0) {
+
+                        if (errno == EROFS)
+                                return log_debug("Can't update timestamp file %s, file system is read-only.", path);
+
+                        return log_error_errno(errno, "Failed to update timestamp on %s: %m", path);
+                }
+
+        } else if (errno == ENOENT) {
+                _cleanup_close_ int fd = -1;
+                int r;
+
+                /* The timestamp file doesn't exist yet? Then let's create it. */
+
+                r = mac_selinux_create_file_prepare(path, S_IFREG);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SELinux context for %s: %m", path);
+
+                fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+                mac_selinux_create_file_clear();
+
+                if (fd < 0) {
+                        if (errno == EROFS)
+                                return log_debug("Can't create timestamp file %s, file system is read-only.", path);
+
+                        return log_error_errno(errno, "Failed to create timestamp file %s: %m", path);
+                }
+
+                (void) loop_write(fd, MESSAGE, strlen(MESSAGE), false);
+
+                if (futimens(fd, twice) < 0)
+                        return log_error_errno(errno, "Failed to update timestamp on %s: %m", path);
+        } else
+                log_error_errno(errno, "Failed to stat() timestamp file %s: %m", path);
+
+        return 0;
+}
+
+int main(int argc, char *argv[]) {
+        struct stat st;
+        int r, q = 0;
+
+        log_set_target(LOG_TARGET_AUTO);
+        log_parse_environment();
+        log_open();
+
+        if (stat("/usr", &st) < 0) {
+                log_error_errno(errno, "Failed to stat /usr: %m");
+                return EXIT_FAILURE;
+        }
+
+        r = mac_selinux_init();
+        if (r < 0) {
+                log_error_errno(r, "SELinux setup failed: %m");
+                goto finish;
+        }
+
+        r = apply_timestamp("/etc/.updated", &st.st_mtim);
+        q = apply_timestamp("/var/.updated", &st.st_mtim);
+
+finish:
+        return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+}
-- 
cgit v1.2.3-54-g00ecf