[krb5/f20] Move the default OTP socket directory to /run

[Nalin Dahyabhai]

commit 290998be8d8c2ce9732a0d14774a5cf59ff8f61a
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Mon Feb 10 11:18:38 2014 -0500

    Move the default OTP socket directory to /run
    
    - pull in patch from master to move the default directory which the KDC
      uses when computing the socket path for a local OTP daemon from the
      database directory (/var/kerberos/krb5kdc) to the newly-added run
      directory (/run/krb5kdc), in line with what we're expecting in 1.13
      (RT#7859)
    - add a tmpfiles.d configuration file to have /run/krb5kdc created at
      boot-time
    - own /var/run/krb5kdc

 krb5.spec |   29 ++++++++++++++++++++++++++++-
 1 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/krb5.spec b/krb5.spec
index 69229a4..effee9e 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -68,6 +68,7 @@ Source34: kadmind.logrotate
 Source36: kpropd.init
 Source37: kadmind.init
 Source38: krb5kdc.init
+Source39: krb5-krb5kdc.conf
 
 BuildRequires: cmake
 # Carry this locally until it's available in a packaged form.
@@ -123,6 +124,7 @@ Patch158: krb5-master-keyring-kdcsync.patch
 Patch201: krb5-1.11.2-keycheck.patch
 Patch202: krb5-1.11.2-otp.patch
 Patch203: krb5-1.11.3-otp2.patch
+Patch204: krb5-1.11.5-move-otp-sockets.patch
 
 # Patches for kernel-persistent-keyring support (backport)
 Patch301: persistent_keyring.patch
@@ -400,6 +402,7 @@ ln -s NOTICE LICENSE
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
 %patch203 -p1 -b .otp2
+%patch204 -p1 -b .move-otp-sockets
 
 # Take the execute bit off of documentation.
 chmod -x doc/krb5-protocol/*.txt
@@ -457,6 +460,9 @@ pushd src
 %if 0%{?compile_default_ccache_name}
 DEFCCNAME=%{compiled_default_ccache_name}; export DEFCCNAME
 %endif
+# Set this so that configure will have a value even if the current version of
+# autoconf doesn't set one.
+runstatedir=%{_localstatedir}/run; export runstatedir
 # Work out the CFLAGS and CPPFLAGS which we intend to use.
 INCLUDES=-I%{_includedir}/et
 CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`"
@@ -507,6 +513,13 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 make
 popd
 
+# Sanity check the KDC_RUN_DIR.
+configured_kdcrundir=`grep KDC_RUN_DIR src/include/osconf.h | awk '{print $NF}'`
+configured_kdcrundir=`eval echo $configured_kdcrundir`
+if test "$configured_kdcrundir" != %{_localstatedir}/run/krb5kdc ; then
+       exit 1
+fi
+
 # Build the docs.
 make -C src/doc paths.py version.py
 cp src/doc/paths.py doc/
@@ -603,6 +616,9 @@ for wrapper in \
 	%{SOURCE8} ; do
 	install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/
 done
+mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir}
+install -pm 644 %{SOURCE39} $RPM_BUILD_ROOT/%{_tmpfilesdir}/
+mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc
 %else
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 for init in \
@@ -876,6 +892,8 @@ exit 0
 %{_unitdir}/krb5kdc.service
 %{_unitdir}/kadmin.service
 %{_unitdir}/kprop.service
+%{_tmpfilesdir}/krb5-krb5kdc.conf
+%dir %{_localstatedir}/run/krb5kdc
 %else
 /etc/rc.d/init.d/krb5kdc
 /etc/rc.d/init.d/kadmin
@@ -1048,6 +1066,15 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Feb 10 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-3
+- pull in patch from master to move the default directory which the KDC uses
+  when computing the socket path for a local OTP daemon from the database
+  directory (/var/kerberos/krb5kdc) to the newly-added run directory
+  (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859)
+- add a tmpfiles.d configuration file to have /run/krb5kdc created at
+  boot-time
+- own /var/run/krb5kdc
+
 * Fri Jan 31 2014 Nalin Dahyabhai <nalin at redhat.com> - 1.11.5-2
 - rebuild because I tagged the previous package wrong