[packages/cronie] Rel 4; make cronie restart itself when PAM problems happen.

Elan Ruusamäe glen at pld-linux.org
Tue Nov 23 22:41:09 CET 2021 

On 23.11.2021 12:29, arekm wrote:
> commit 428b9c73df902f6232312751a0c38060cf3cdbea
> Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
> Date:   Tue Nov 23 11:25:06 2021 +0100
>
>      Rel 4; make cronie restart itself when PAM problems happen.
>      
>      On glibc/pam upgrades cronie can be very unhappy:
>      
>      Feb 9 13:52:01 firma /usr/sbin/crond[6592]: (root) FAILED
>      to authorize user with PAM (Moduł jest nieznany)
>      
>      because crond is inked with old stuff and can't dlopen newer pam modules.
>      
>      Exact cause (like which symbol) is not known because crond
>      is using PAM_SILENT flag which silences most of pam error messages.
>      
>      Add hacky script to make crond self cure (this problem happened way
>      too many times for me).
>
>   cronie.spec | 15 ++++++++++++++-
>   1 file changed, 14 insertions(+), 1 deletion(-)
> ---
> diff --git a/cronie.spec b/cronie.spec
> index 2255574..c7b5da6 100644
> --- a/cronie.spec
> +++ b/cronie.spec
> @@ -18,7 +18,7 @@ Summary:	Cron daemon for executing programs at set times
>   Summary(pl.UTF-8):	Demon cron do uruchamiania programów o zadanym czasie
>   Name:		cronie
>   Version:	1.5.7
> -Release:	2
> +Release:	4
>   License:	MIT and BSD and GPL v2
>   Group:		Daemons
>   Source0:	https://github.com/cronie-crond/cronie/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
> @@ -166,6 +166,18 @@ cat > $RPM_BUILD_ROOT%{_sysconfdir}/cron/cron.deny << 'EOF'
>   #		NOT allowed to use the local cron daemon
>   EOF
>   
> +cat > $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/check-crond << 'EOF'
> +#!/bin/sh
> +
> +# ugly and limited hack. make cronie restart itself
> +if [ -x /bin/awk -a -x /bin/grep -a -f /var/log/cron ]; then
-a is bashism, use [ cond1 ] && [ cond2 ] && cond3
> +	LC_ALL=C /bin/awk -v d="$(LC_ALL=C date "+%b %e")" ' $1 " " $2 ~ d' /var/log/cron \
> +		| /bin/grep -qE "PAM.*(Modu. jest nieznany|Module is unknown)" \

why full paths? cron resets PATH to sane value, and can be overriden if 
wanted

> +		&& echo "crond is failing on PAM, restarting ( https://github.com/cronie-crond/cronie/issues/87 )" >&2 \
> +		&& /sbin/service crond restart
> +fi
> +EOF
> +

why not implement execve(argv) in crond itself?

and so far we've added %trigger to glibc, etc to restart cron daemons

More information about the pld-devel-en mailing list