[vdsm/f17] update to vdsm-4.10.0-13

Federico Simoncelli fsimonce at fedoraproject.org
Thu Jan 3 14:13:01 UTC 2013 

commit 2b4a2bbcced4d5912483e6f52a8d36a84a9c8413
Author: Federico Simoncelli <fsimonce at redhat.com>
Date:   Thu Jan 3 15:04:28 2013 +0100

    update to vdsm-4.10.0-13
    
    - setup: move the certificate generation

 0046-setup-move-the-certificate-generation.patch |   76 ++++++++++++++++++++++
 vdsm.spec                                        |   10 ++-
 2 files changed, 82 insertions(+), 4 deletions(-)
---
diff --git a/0046-setup-move-the-certificate-generation.patch b/0046-setup-move-the-certificate-generation.patch
new file mode 100644
index 0000000..12c38f1
--- /dev/null
+++ b/0046-setup-move-the-certificate-generation.patch
@@ -0,0 +1,76 @@
+From b59c8430b2a511bcea3bc1a954eee4ca1c0f4861 Mon Sep 17 00:00:00 2001
+From: Federico Simoncelli <fsimonce at redhat.com>
+Date: Mon, 15 Oct 2012 12:09:17 -0400
+Subject: [PATCH] setup: move the certificate generation
+
+Generating the certificate at the service startup (instead of during the
+rpm installation) has a better chance to succeed (and a better recovery
+process). Moreover this allows appliances (like ovirt-node) to postpone
+the certificate generation when the service is actually used for the
+first time.
+
+In this patch:
+* Move the certificate generation from the spec file to the init file
+
+Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=860067
+Signed-off-by: Federico Simoncelli <fsimonce at redhat.com>
+Change-Id: I40fa3d9a6a54e312e399af3f87ac67e843078360
+Reviewed-on: http://gerrit.ovirt.org/8368
+Reviewed-by: Dan Kenigsberg <danken at redhat.com>
+Reviewed-by: Michael Burns <mburns at redhat.com>
+Tested-by: Michael Burns <mburns at redhat.com>
+Reviewed-on: http://gerrit.ovirt.org/10615
+---
+ vdsm.spec.in             | 3 ---
+ vdsm/vdsm-gencerts.sh.in | 4 ++++
+ vdsm/vdsmd.init.in       | 5 +++++
+ 3 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/vdsm.spec.in b/vdsm.spec.in
+index 5f5f989..572b338 100644
+--- a/vdsm.spec.in
++++ b/vdsm.spec.in
+@@ -404,9 +404,6 @@ if [ -f /etc/pki/vdsm/keys/libvirt_password ]; then
+         /etc/pki/vdsm/keys/libvirt_password
+ fi
+ 
+-# generate the vdsm certificates (if missing)
+-%{_libexecdir}/%{vdsm_name}/vdsm-gencerts.sh
+-
+ %if 0%{?rhel}
+ if [ "$1" -eq 1 ] ; then
+     /sbin/chkconfig --add vdsmd
+diff --git a/vdsm/vdsm-gencerts.sh.in b/vdsm/vdsm-gencerts.sh.in
+index 1e11b69..3ee38c3 100755
+--- a/vdsm/vdsm-gencerts.sh.in
++++ b/vdsm/vdsm-gencerts.sh.in
+@@ -33,6 +33,10 @@ VDSM_PERMS="@VDSMUSER@:@VDSMGROUP@"
+ 
+ umask 077
+ 
++if [ "$1" = "--check" ]; then
++    [ -s "$VDSM_KEY" -a -s "$VDSM_CA" -a -s "$VDSM_CRT" ] && exit 0 || exit 1
++fi
++
+ if [ ! -f "$VDSM_KEY" ]; then
+     /usr/bin/certtool --generate-privkey --outfile "$VDSM_KEY" 2> /dev/null
+     /bin/chown "$VDSM_PERMS" "$VDSM_KEY"
+diff --git a/vdsm/vdsmd.init.in b/vdsm/vdsmd.init.in
+index dd6f3c6..a288c16 100755
+--- a/vdsm/vdsmd.init.in
++++ b/vdsm/vdsmd.init.in
+@@ -498,6 +498,11 @@ start() {
+ 
+     shutdown_conflicting_srv && stop_libvirtd_sysv
+ 
++    if ! @LIBEXECDIR@/vdsm-gencerts.sh --check; then
++        echo -n $"Configuring a self-signed VDSM host certificate: "
++        @LIBEXECDIR@/vdsm-gencerts.sh && success || failure ; echo
++    fi
++
+     reconfigure noforce
+     ret_val=$?
+     if [ $ret_val -ne 0 ]
+-- 
+1.7.11.7
+
diff --git a/vdsm.spec b/vdsm.spec
index 4a38fa4..ad2130f 100644
--- a/vdsm.spec
+++ b/vdsm.spec
@@ -28,7 +28,7 @@
 
 Name:           %{vdsm_name}
 Version:        4.10.0
-Release:        12%{?vdsm_relvtag}%{?dist}%{?extra_release}
+Release:        13%{?vdsm_relvtag}%{?dist}%{?extra_release}
 Summary:        Virtual Desktop Server Manager
 
 Group:          Applications/System
@@ -88,6 +88,7 @@ Patch41: 0042-Ship-the-version-file-with-the-tarballs.patch
 Patch42: 0043-Use-the-recommended-alignment-instead-of-using-pages.patch
 Patch43: 0044-Use-buffer-size-in-multiplies-of-the-recommended-tra.patch
 Patch44: 0045-setup-configure-selinux-for-sanlock-on-nfs.patch
+Patch45: 0046-setup-move-the-certificate-generation.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -436,6 +437,7 @@ Gluster plugin enables VDSM to serve Gluster functionalities.
 %patch42 -p1 -b .patch42
 %patch43 -p1 -b .patch43
 %patch44 -p1 -b .patch44
+%patch45 -p1 -b .patch45
 
 %build
 %if 0%{?enable_autotools}
@@ -532,9 +534,6 @@ if [ -f /etc/pki/vdsm/keys/libvirt_password ]; then
         /etc/pki/vdsm/keys/libvirt_password
 fi
 
-# generate the vdsm certificates (if missing)
-%{_libexecdir}/%{vdsm_name}/vdsm-gencerts.sh
-
 %if 0%{?rhel}
 if [ "$1" -eq 1 ] ; then
     /sbin/chkconfig --add vdsmd
@@ -1006,6 +1005,9 @@ exit 0
 %{_datadir}/%{vdsm_name}/gluster/hostname.py*
 
 %changelog
+* Wed Oct 24 2012 Federico Simoncelli <fsimonce at redhat.com> 4.10.0-13
+- setup: move the certificate generation (#875367, #875368)
+
 * Wed Oct 24 2012 Federico Simoncelli <fsimonce at redhat.com> 4.10.0-12
 - configure selinux for sanlock on nfs

More information about the scm-commits mailing list