Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Disable unused background services: wpa_supplicant and cups. #2775

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

gmarciani
Copy link
Contributor

@gmarciani gmarciani commented Jul 11, 2024

Description of changes

Disable unused background services: wpa_supplicant and cups.

Tests

  • Build image succeeded for all OSes
  • Spec test disable_services_spec.rb
  • ONGOING Kitchen test

References

  • Link to impacted open issues.
  • Link to related PRs in other packages (i.e. cookbook, node).
  • Link to documentation useful to understand the changes.

Checklist

  • Make sure you are pointing to the right branch.
  • If you're creating a patch for a branch other than develop add the branch name as prefix in the PR title (e.g. [release-3.6]).
  • Check all commits' messages are clear, describing what and why vs how.
  • Make sure to have added unit tests or integration tests to cover the new/modified code.
  • Check if documentation is impacted by this change.

Please review the guidelines for contributing and Pull Request Instructions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

action %i(disable stop mask)
end unless on_docker?

# Necessary on Ubuntu 22
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wont this run on all of the OSSes? Would this give us any failures for cups or wpa_supplicant not found for other Osses?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I expect not to cause failures because the disablement should be resilient if service is not found, but waiting for tests to finish to verify

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In any case I agree that the best practice is to split the recipe in OS-specific recipes.

@gmarciani gmarciani requested a review from himani2411 July 22, 2024 10:39
@gmarciani gmarciani force-pushed the wip/mgiacomo/3110/disable-unused-services-0711-1 branch from 2466565 to d34e198 Compare July 26, 2024 14:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants