[amanda/f21] add kamanda unit files (#1077642)
Petr Hracek
phracek at fedoraproject.org
Mon Nov 24 08:32:24 UTC 2014
commit 72d4bcd2e4c6f68e6c375a00e6a9e03978defb1c
Author: Petr Hracek <phracek at redhat.com>
Date: Fri Nov 21 16:39:44 2014 +0100
add kamanda unit files (#1077642)
amanda-krb5.patch | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++
amanda.spec | 16 ++++++++++++++-
kamanda.socket | 9 ++++++++
kamanda at .service | 9 ++++++++
4 files changed, 89 insertions(+), 1 deletions(-)
---
diff --git a/amanda-krb5.patch b/amanda-krb5.patch
new file mode 100644
index 0000000..f3e237a
--- /dev/null
+++ b/amanda-krb5.patch
@@ -0,0 +1,56 @@
+diff --git a/amandad-src/amandad.c b/amandad-src/amandad.c
+index d864c3f..4a899fb 100644
+--- a/amandad-src/amandad.c
++++ b/amandad-src/amandad.c
+@@ -456,7 +456,7 @@ main(
+ }
+
+ #ifndef SINGLE_USERID
+- if (geteuid() == 0) {
++ if (getuid() == 0) {
+ if (strcasecmp(auth, "krb5") != 0) {
+ struct passwd *pwd;
+ /* lookup our local user name */
+diff --git a/common-src/krb5-security.c b/common-src/krb5-security.c
+index c3075fa..8d3b18a 100644
+--- a/common-src/krb5-security.c
++++ b/common-src/krb5-security.c
+@@ -334,6 +334,7 @@ krb5_accept(
+ char hostname[NI_MAXHOST];
+ int result;
+ char *errmsg = NULL;
++ struct passwd *pw;
+
+ krb5_init();
+
+@@ -372,6 +373,12 @@ krb5_accept(
+ error("gss_server failed: %s\n", rc->errmsg);
+ rc->accept_fn = fn;
+ sec_tcp_conn_read(rc);
++
++ /* totally drop privileges at this point
++ *(making the userid equal to the dumpuser)
++ */
++ pw = getpwnam(CLIENT_LOGIN);
++ setreuid(pw->pw_uid, pw->pw_uid);
+ }
+
+ /*
+@@ -712,7 +719,7 @@ krb5_init(void)
+ beenhere = 1;
+
+ #ifndef BROKEN_MEMORY_CCACHE
+- putenv(stralloc("KRB5_ENV_CCNAME=MEMORY:amanda_ccache"));
++ putenv(stralloc(KRB5_ENV_CCNAME"=MEMORY:amanda_ccache"));
+ #else
+ /*
+ * MEMORY ccaches seem buggy and cause a lot of internal heap
+@@ -727,7 +734,7 @@ krb5_init(void)
+ char *ccache;
+ ccache = malloc(128);
+ g_snprintf(ccache, SIZEOF(ccache),
+- "KRB5_ENV_CCNAME=FILE:/tmp/amanda_ccache.%ld.%ld",
++ KRB5_ENV_CCNAME"=FILE:/tmp/amanda_ccache.%ld.%ld",
+ (long)geteuid(), (long)getpid());
+ putenv(ccache);
+ }
diff --git a/amanda.spec b/amanda.spec
index 20c95fd..2152dc0 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -10,7 +10,7 @@
Summary: A network-capable tape backup solution
Name: amanda
Version: 3.3.6
-Release: 4%{?dist}
+Release: 5%{?dist}
Source: http://downloads.sourceforge.net/amanda/amanda-%{version}.tar.gz
Source1: amanda.crontab
Source4: disklist
@@ -21,10 +21,13 @@ Source11: activate-devpay.1.gz
Source12: killpgrp.8
Source13: amanda-udp.socket
Source14: amanda-udp.service
+Source15: kamanda.socket
+Source16: kamanda at .service
Patch2: amanda-3.1.1-xattrs.patch
Patch3: amanda-3.1.1-tcpport.patch
Patch6: amanda-3.2.0-config-dir.patch
Patch11: amanda-3.3.2-autogen.patch
+Patch12: amanda-krb5.patch
License: BSD and GPLv3+ and GPLv2+ and GPLv2
Group: Applications/System
@@ -106,6 +109,7 @@ server also needs to have the amanda-client package installed.
%patch3 -p1 -b .tcpport
%patch6 -p1 -b .config
%patch11 -p1 -b .autogen
+%patch12 -p1 -b .krb5
./autogen
%build
@@ -152,6 +156,8 @@ install -p -m 644 -D %{SOURCE9} %{buildroot}%{_unitdir}/amanda.socket
install -p -m 644 -D %{SOURCE10} %{buildroot}%{_unitdir}/amanda at .service
install -p -m 644 -D %{SOURCE13} %{buildroot}%{_unitdir}/amanda-udp.socket
install -p -m 644 -D %{SOURCE14} %{buildroot}%{_unitdir}/amanda-udp.service
+install -p -m 644 -D %{SOURCE15} %{buildroot}%{_unitdir}/kamanda.socket
+install -p -m 644 -D %{SOURCE16} %{buildroot}%{_unitdir}/kamanda at .service
install -D %{SOURCE11} %{buildroot}/%{_mandir}/man1/activate-devpay.1.gz
install -D %{SOURCE12} %{buildroot}/%{_mandir}/man8/killpgrp.8
@@ -188,15 +194,18 @@ rm -rf ${RPM_BUILD_ROOT}
/sbin/ldconfig
%systemd_post amanda.socket
%systemd_post amanda-udp.socket
+%systemd_post kamanda.socket
%preun
%systemd_preun amanda.socket
%systemd_preun amanda-udp.socket
+%systemd_preun kamanda.socket
%postun
/sbin/ldconfig
%systemd_postun_with_restart amanda.socket
%systemd_postun_with_restart amanda-udp.socket
+%systemd_postun_with_restart kamanda.socket
%post client -p /sbin/ldconfig
@@ -212,6 +221,8 @@ rm -rf ${RPM_BUILD_ROOT}
%{_unitdir}/amanda.socket
%{_unitdir}/amanda-udp.service
%{_unitdir}/amanda-udp.socket
+%{_unitdir}/kamanda at .service
+%{_unitdir}/kamanda.socket
%dir %{_libexecdir}/amanda
%{_libexecdir}/amanda/amandad
@@ -470,6 +481,9 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
+* Mon Nov 24 2014 Petr Hracek <phracek at redhat.com> - 3.3.6-5
+- add kamanda systemd unit files (#1077642)
+
* Tue Nov 11 2014 Petr Hracek <phracek at redhat.com> - 3.3.6-4
- Resolves #1033896 - add amindexd as argument to amandad
diff --git a/kamanda.socket b/kamanda.socket
new file mode 100644
index 0000000..13b786b
--- /dev/null
+++ b/kamanda.socket
@@ -0,0 +1,9 @@
+[Unit]
+Description=Amanda Kerberos Activation Socket
+
+[Socket]
+ListenStream=10082
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff --git a/kamanda at .service b/kamanda at .service
new file mode 100644
index 0000000..50007de
--- /dev/null
+++ b/kamanda at .service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Amanda Backup System
+After=local-fs.target
+
+[Service]
+User=root
+Group=disk
+ExecStart=/usr/sbin/amandad -auth=krb5 amdump amindexd amidxtaped
+StandardInput=socket
More information about the scm-commits
mailing list