diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-15 00:10:24 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-08-15 00:10:24 -0400 |
| commit | ee18500d9bf63fedace5dea8d090156e640e51e3 (patch) | |
| tree | 17c239766f0816c5dad528dfd1dd4ee4e0d70415 | |
| parent | 272aaeef1761d45e75a9524ea5e3003d1575f975 (diff) | |
| download | krb5-ee18500d9bf63fedace5dea8d090156e640e51e3.tar.gz krb5-ee18500d9bf63fedace5dea8d090156e640e51e3.tar.xz krb5-ee18500d9bf63fedace5dea8d090156e640e51e3.zip | |
Fix error detection when starting kpropd/kadmindkrb5-1.11.3-8.fc20krb5-1.11.3-8.fc19
- drop a patch we're not applying
- wrap kadmind and kpropd in scripts which check for the presence/absence
of files which dictate particular exit codes before exec'ing the actual
binaries, instead of trying to use ConditionPathExists in the unit files
to accomplish that, so that we exit with failure properly when what we
expect isn't actually in effect on the system (#800343)
| -rw-r--r-- | _kadmind | 10 | ||||
| -rw-r--r-- | _kpropd | 10 | ||||
| -rw-r--r-- | kadmin.service | 3 | ||||
| -rw-r--r-- | kprop.service | 3 | ||||
| -rw-r--r-- | krb5.spec | 22 |
5 files changed, 41 insertions, 7 deletions
diff --git a/_kadmind b/_kadmind new file mode 100644 index 0000000..5088438 --- /dev/null +++ b/_kadmind @@ -0,0 +1,10 @@ +#!/bin/sh +kadmind=/usr/sbin/kadmind +if test -f /var/kerberos/krb5kdc/kpropd.acl ; then + echo $"Error. This appears to be a slave server, found kpropd.acl" + exit 6 +fi +if ! test -x "$kadmind" ; then + exit 5 +fi +exec "$kadmind" "$@" @@ -0,0 +1,10 @@ +#!/bin/sh +kpropd=/usr/sbin/kpropd +if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then + echo $"Error. This does not appear to be a slave server, kpropd.acl not found" + exit 6 +fi +if ! test -x "$kpropd" ; then + exit 5 +fi +exec "$kpropd" "$@" diff --git a/kadmin.service b/kadmin.service index 7775ea7..ede159e 100644 --- a/kadmin.service +++ b/kadmin.service @@ -1,13 +1,12 @@ [Unit] Description=Kerberos 5 Password-changing and Administration After=syslog.target network.target -ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking PIDFile=/var/run/kadmind.pid EnvironmentFile=-/etc/sysconfig/kadmin -ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS +ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS ExecReload=/bin/kill -HUP $MAINPID [Install] diff --git a/kprop.service b/kprop.service index 99ba129..959a300 100644 --- a/kprop.service +++ b/kprop.service @@ -1,11 +1,10 @@ [Unit] Description=Kerberos 5 Propagation After=syslog.target network.target -ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl [Service] Type=forking -ExecStart=/usr/sbin/kpropd -S +ExecStart=/usr/sbin/_kpropd -S [Install] WantedBy=multi-user.target @@ -32,7 +32,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.11.3 -Release: 7%{?dist} +Release: 8%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar Source0: krb5-%{version}.tar.gz @@ -45,6 +45,8 @@ Source2: kprop.service Source4: kadmin.service Source5: krb5kdc.service Source6: krb5.conf +Source7: _kpropd +Source8: _kadmind Source10: kdc.conf Source11: kadm5.acl Source19: krb5kdc.sysconfig @@ -76,7 +78,6 @@ Patch59: krb5-1.10-kpasswd_tcp.patch Patch60: krb5-1.11-pam.patch Patch63: krb5-1.11-selinux-label.patch Patch71: krb5-1.11-dirsrv-accountlock.patch -Patch75: krb5-pkinit-debug.patch Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch113: krb5-1.11-alpha1-init.patch @@ -306,7 +307,6 @@ ln -s NOTICE LICENSE %patch56 -p1 -b .doublelog %patch59 -p1 -b .kpasswd_tcp %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} -#%patch75 -p1 -b .pkinit-debug %patch86 -p0 -b .debuginfo %patch105 -p1 -b .kvno %patch113 -p1 -b .init @@ -507,6 +507,12 @@ for unit in \ # is an upgrade-time problem I'm in no hurry to deal with. install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir} done +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +for wrapper in \ + %{SOURCE7} \ + %{SOURCE8} ; do + install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/ +done %else mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d for init in \ @@ -771,12 +777,14 @@ exit 0 %{_sbindir}/kadmin.local %{_mandir}/man8/kadmin.local.8* %{_sbindir}/kadmind +%{_sbindir}/_kadmind %{_mandir}/man8/kadmind.8* %{_sbindir}/kdb5_util %{_mandir}/man8/kdb5_util.8* %{_sbindir}/kprop %{_mandir}/man8/kprop.8* %{_sbindir}/kpropd +%{_sbindir}/_kpropd %{_mandir}/man8/kpropd.8* %{_sbindir}/kproplog %{_mandir}/man8/kproplog.8* @@ -902,6 +910,14 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu Aug 15 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.3-8 +- drop a patch we weren't not applying (build tooling) +- wrap kadmind and kpropd in scripts which check for the presence/absence + of files which dictate particular exit codes before exec'ing the actual + binaries, instead of trying to use ConditionPathExists in the unit files + to accomplish that, so that we exit with failure properly when what we + expect isn't actually in effect on the system (#800343) + * Mon Jul 29 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.3-7 - attempt to account for UnversionedDocdirs for the -libs subpackage |