#19 Remove at from workstation compose and ostree
Closed: Fixed 5 years ago Opened 5 years ago by otaylor.

it has been proposed to remove 'at' as a specialized tool and potential vector for persistent malware


(has already been done for Atomic Host)

Metadata Update from @otaylor:
- Issue tagged with: meeting

5 years ago

I seem to recall that Chrome does something with 'at' in its post-install script. Does this adjust for systemd timers? If not, what will the experience for users be without it?

Good memory:

# Some package managers have locks that prevent everything from being
# configured at install time, so wait a bit then kick the cron job to do
# whatever is left. Probably the db will be unlocked by then, but if not, the
# cron job will keep retrying.
# Do this with 'at' instead of a backgrounded shell because zypper waits on all
# sub-shells to finish before it finishes, which is exactly the opposite of
# what we want here. Also preemptively start atd because for some reason it's
# not always running, which kind of defeats the purpose of having 'at' as a
# required LSB command.
service atd start
echo "sh /etc/cron.daily/google-chrome" | at now + 2 minute > /dev/null 2>&1

Well unless it Requires: at, it's already broken.

Resolved in meeting, kalev will remove this.

Metadata Update from @pfrields:
- Issue assigned to kalev

5 years ago

Metadata Update from @pfrields:
- Issue untagged with: meeting

5 years ago

Metadata Update from @pfrields:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.