Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-35966

tang: weaken systemd dependency

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • rhel-10.0
    • rhel-10.0.beta
    • tang
    • None
    • tang-14-10.el10
    • No
    • Low
    • 1
    • rhel-security-special-projects
    • ssg_security
    • 10
    • None
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 9
    • Unspecified Release Note Type - Unknown
    • None

      tang does not necessarily require systemd, as it can run standalone. systemd, however, is almost always available, unless in some specific situations, like containers.

      Let's weaken the systemd dependency in tang, so that it will not pull systemd in scenarios like containers, reducing its footprint (and attack surface).

      The change is to use %{?systemd_ordering} instead of %{?systemd_requires} in tang spec file, which means that we want to use systemd tools if they are available,
      but do not want to declare a dependency [1].

      [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_dependencies_on_the_systemd_package

      AC: Make sure tang spec file has %{?systemd_ordering} instead of %{?systemd_requires}

              scorreia@redhat.com Sergio Correia
              scorreia@redhat.com Sergio Correia
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: