[krb5] Fix error detection when starting kpropd/kadmind
Nalin Dahyabhai
nalin at fedoraproject.org
Thu Aug 15 04:11:31 UTC 2013
commit ee18500d9bf63fedace5dea8d090156e640e51e3
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Thu Aug 15 00:10:24 2013 -0400
Fix error detection when starting kpropd/kadmind
- drop a patch we're not applying
- wrap kadmind and kpropd in scripts which check for the presence/absence
of files which dictate particular exit codes before exec'ing the actual
binaries, instead of trying to use ConditionPathExists in the unit files
to accomplish that, so that we exit with failure properly when what we
expect isn't actually in effect on the system (#800343)
_kadmind | 10 ++++++++++
_kpropd | 10 ++++++++++
kadmin.service | 3 +--
kprop.service | 3 +--
krb5.spec | 22 +++++++++++++++++++---
5 files changed, 41 insertions(+), 7 deletions(-)
---
diff --git a/_kadmind b/_kadmind
new file mode 100644
index 0000000..5088438
--- /dev/null
+++ b/_kadmind
@@ -0,0 +1,10 @@
+#!/bin/sh
+kadmind=/usr/sbin/kadmind
+if test -f /var/kerberos/krb5kdc/kpropd.acl ; then
+ echo $"Error. This appears to be a slave server, found kpropd.acl"
+ exit 6
+fi
+if ! test -x "$kadmind" ; then
+ exit 5
+fi
+exec "$kadmind" "$@"
diff --git a/_kpropd b/_kpropd
new file mode 100644
index 0000000..219e41c
--- /dev/null
+++ b/_kpropd
@@ -0,0 +1,10 @@
+#!/bin/sh
+kpropd=/usr/sbin/kpropd
+if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then
+ echo $"Error. This does not appear to be a slave server, kpropd.acl not found"
+ exit 6
+fi
+if ! test -x "$kpropd" ; then
+ exit 5
+fi
+exec "$kpropd" "$@"
diff --git a/kadmin.service b/kadmin.service
index 7775ea7..ede159e 100644
--- a/kadmin.service
+++ b/kadmin.service
@@ -1,13 +1,12 @@
[Unit]
Description=Kerberos 5 Password-changing and Administration
After=syslog.target network.target
-ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl
[Service]
Type=forking
PIDFile=/var/run/kadmind.pid
EnvironmentFile=-/etc/sysconfig/kadmin
-ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
+ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
diff --git a/kprop.service b/kprop.service
index 99ba129..959a300 100644
--- a/kprop.service
+++ b/kprop.service
@@ -1,11 +1,10 @@
[Unit]
Description=Kerberos 5 Propagation
After=syslog.target network.target
-ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl
[Service]
Type=forking
-ExecStart=/usr/sbin/kpropd -S
+ExecStart=/usr/sbin/_kpropd -S
[Install]
WantedBy=multi-user.target
diff --git a/krb5.spec b/krb5.spec
index 5409f20..0ea68db 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -32,7 +32,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.11.3
-Release: 7%{?dist}
+Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -45,6 +45,8 @@ Source2: kprop.service
Source4: kadmin.service
Source5: krb5kdc.service
Source6: krb5.conf
+Source7: _kpropd
+Source8: _kadmind
Source10: kdc.conf
Source11: kadm5.acl
Source19: krb5kdc.sysconfig
@@ -76,7 +78,6 @@ Patch59: krb5-1.10-kpasswd_tcp.patch
Patch60: krb5-1.11-pam.patch
Patch63: krb5-1.11-selinux-label.patch
Patch71: krb5-1.11-dirsrv-accountlock.patch
-Patch75: krb5-pkinit-debug.patch
Patch86: krb5-1.9-debuginfo.patch
Patch105: krb5-kvno-230379.patch
Patch113: krb5-1.11-alpha1-init.patch
@@ -306,7 +307,6 @@ ln -s NOTICE LICENSE
%patch56 -p1 -b .doublelog
%patch59 -p1 -b .kpasswd_tcp
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
-#%patch75 -p1 -b .pkinit-debug
%patch86 -p0 -b .debuginfo
%patch105 -p1 -b .kvno
%patch113 -p1 -b .init
@@ -507,6 +507,12 @@ for unit in \
# is an upgrade-time problem I'm in no hurry to deal with.
install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir}
done
+mkdir -p $RPM_BUILD_ROOT%{_sbindir}
+for wrapper in \
+ %{SOURCE7} \
+ %{SOURCE8} ; do
+ install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/
+done
%else
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
for init in \
@@ -771,12 +777,14 @@ exit 0
%{_sbindir}/kadmin.local
%{_mandir}/man8/kadmin.local.8*
%{_sbindir}/kadmind
+%{_sbindir}/_kadmind
%{_mandir}/man8/kadmind.8*
%{_sbindir}/kdb5_util
%{_mandir}/man8/kdb5_util.8*
%{_sbindir}/kprop
%{_mandir}/man8/kprop.8*
%{_sbindir}/kpropd
+%{_sbindir}/_kpropd
%{_mandir}/man8/kpropd.8*
%{_sbindir}/kproplog
%{_mandir}/man8/kproplog.8*
@@ -902,6 +910,14 @@ exit 0
%{_sbindir}/uuserver
%changelog
+* Thu Aug 15 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-8
+- drop a patch we weren't not applying (build tooling)
+- wrap kadmind and kpropd in scripts which check for the presence/absence
+ of files which dictate particular exit codes before exec'ing the actual
+ binaries, instead of trying to use ConditionPathExists in the unit files
+ to accomplish that, so that we exit with failure properly when what we
+ expect isn't actually in effect on the system (#800343)
+
* Mon Jul 29 2013 Nalin Dahyabhai <nalin at redhat.com> 1.11.3-7
- attempt to account for UnversionedDocdirs for the -libs subpackage
More information about the scm-commits
mailing list