URL:
https://github.com/SSSD/sssd/pull/630
Title: #630: KCM/SECRETS: Use a library to access the secrets storage instead of the
secrets responder, deprecate secrets responder
fidencio commented:
"""
@jhrozek, I found out a few more issues related to the last patch of the latest series,
please, take a look at the following patch that could be squashed into yours:
```
diff --git a/Makefile.am b/Makefile.am
index 23e094a37..0f36148e8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4663,8 +4663,6 @@ if HAVE_SYSTEMD_UNIT
src/sysv/systemd/sssd-pam.socket \
src/sysv/systemd/sssd-pam-priv.socket \
src/sysv/systemd/sssd-pam.service \
- src/sysv/systemd/sssd-secrets.socket \
- src/sysv/systemd/sssd-secrets.service \
$(NULL)
if BUILD_AUTOFS
systemdunit_DATA += \
@@ -4683,6 +4681,12 @@ if BUILD_PAC_RESPONDER
src/sysv/systemd/sssd-pac.service \
$(NULL)
endif
+if BUILD_SECRETS
+ systemdunit_DATA += \
+ src/sysv/systemd/sssd-secrets.socket \
+ src/sysv/systemd/sssd-secrets.service \
+ $(NULL)
+endif
if BUILD_SSH
systemdunit_DATA += \
src/sysv/systemd/sssd-ssh.socket \
@@ -4820,6 +4824,7 @@ src/sysv/systemd/sssd-pam.service:
src/sysv/systemd/sssd-pam.service.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
+if BUILD_SECRETS
src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
@@ -4827,6 +4832,7 @@ src/sysv/systemd/sssd-secrets.socket:
src/sysv/systemd/sssd-secrets.socket.in Ma
src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in
Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
+endif
if BUILD_AUTOFS
src/sysv/systemd/sssd-autofs.socket: src/sysv/systemd/sssd-autofs.socket.in Makefile
@@ -4875,9 +4881,25 @@ src/sysv/systemd/sssd-sudo.service:
src/sysv/systemd/sssd-sudo.service.in Makefi
endif
if BUILD_KCM
+if BUILD_SECRETS
+kcm_socket_requires = Requires=sssd-secrets.socket
+else
+kcm_socket_requires =
+endif
+
+kcm_edit_cmd = $(edit_cmd) \
+ -e 's|@kcm_socket_requires[@]|$(kcm_socket_requires)|g'
+
+kcm_replace_script = \
+ @rm -f $@ $@.tmp; \
+ srcdir=''; \
+ test -f ./$@.in || srcdir=$(srcdir)/; \
+ $(kcm_edit_cmd) $${srcdir}$@.in >$@.tmp; \
+ mv $@.tmp $@
+
src/sysv/systemd/sssd-kcm.socket: src/sysv/systemd/sssd-kcm.socket.in Makefile
@$(MKDIR_P) src/sysv/systemd/
- $(replace_script)
+ $(kcm_replace_script)
src/sysv/systemd/sssd-kcm.service: src/sysv/systemd/sssd-kcm.service.in Makefile
@$(MKDIR_P) src/sysv/systemd/
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index a9874a10e..706254deb 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1351,10 +1351,10 @@ done
%{_datadir}/sssd-kcm/kcm_default_ccache
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
-%{_unitdir}/sssd-secrets.socket
-%{_unitdir}/sssd-secrets.service
%{_mandir}/man8/sssd-kcm.8*
%if (0%{?with_secrets} == 1)
+%{_unitdir}/sssd-secrets.socket
+%{_unitdir}/sssd-secrets.service
%{_mandir}/man5/sssd-secrets.5*
%endif
%endif
@@ -1372,7 +1372,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s
/sbin/nologin -c "Us
%systemd_post sssd-pac.socket
%systemd_post sssd-pam.socket
%systemd_post sssd-pam-priv.socket
-%systemd_post sssd-secrets.socket
%systemd_post sssd-ssh.socket
%systemd_post sssd-sudo.socket
@@ -1383,7 +1382,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s
/sbin/nologin -c "Us
%systemd_preun sssd-pac.socket
%systemd_preun sssd-pam.socket
%systemd_preun sssd-pam-priv.socket
-%systemd_preun sssd-secrets.socket
%systemd_preun sssd-ssh.socket
%systemd_preun sssd-sudo.socket
@@ -1398,8 +1396,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s
/sbin/nologin -c "Us
%systemd_postun_with_restart sssd-pam.socket
%systemd_postun_with_restart sssd-pam-priv.socket
%systemd_postun_with_restart sssd-pam.service
-%systemd_postun_with_restart sssd-secrets.socket
-%systemd_postun_with_restart sssd-secrets.service
%systemd_postun_with_restart sssd-ssh.socket
%systemd_postun_with_restart sssd-ssh.service
%systemd_postun_with_restart sssd-sudo.socket
@@ -1426,6 +1422,18 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s
/sbin/nologin -c "Us
%systemd_postun_with_restart sssd-kcm.service
%endif
+%if (0%{?with_secrets} == 1)
+%post secrets
+%systemd_postun_with_restart sssd-secrets.socket
+
+%preun secrets
+%systemd_preun_with_restart sssd-secrets.socket
+
+%postun secrets
+%systemd_postun_with_restart sssd-secrets.socket
+%systemd_postun_with_restart sssd-secrets.service
+%endif
+
%else
# sysv
%post common
diff --git a/src/sysv/systemd/sssd-kcm.socket.in b/src/sysv/systemd/sssd-kcm.socket.in
index 8b742847d..e8a5f0aca 100644
--- a/src/sysv/systemd/sssd-kcm.socket.in
+++ b/src/sysv/systemd/sssd-kcm.socket.in
@@ -1,7 +1,7 @@
[Unit]
Description=SSSD Kerberos Cache Manager responder socket
Documentation=man:sssd-kcm(8)
-Requires=sssd-secrets.socket
+@kcm_socket_requires@
[Socket]
ListenStream=@runstatedir(a)/.heim_org.h5l.kcm-socket
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/630#issuecomment-412116116