Replace _kadmin/_kprop with systemd macros

Remove traces of upstart from fedora package per policy

Resolves: #1290185

8 files changed, 15 insertions, 346 deletions

diff --git a/_kadmind b/_kadmind
deleted file mode 100644
index b073cfb..0000000
--- a/_kadmind
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-#  Check for error conditions which the init system expects us to check and
-#  for other common errors, and exit with the expected status codes.
-#
-kadmind=/usr/sbin/kadmind
-if test -f /var/kerberos/krb5kdc/kpropd.acl ; then
-	echo $"Error. This appears to be a slave server, found kpropd.acl"
-	exit 6
-fi
-if ! test -x "$kadmind" ; then
-	exit 5
-fi
-exec "$kadmind" "$@"
diff --git a/_kpropd b/_kpropd
deleted file mode 100644
index 1808368..0000000
--- a/_kpropd
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-#  Check for error conditions which the init system expects us to check and
-#  for other common errors, and exit with the expected status codes.
-#
-kpropd=/usr/sbin/kpropd
-if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then
-	echo $"Error. This does not appear to be a slave server, kpropd.acl not found"
-	exit 6
-fi
-if ! test -x "$kpropd" ; then
-	exit 5
-fi
-exec "$kpropd" "$@"
diff --git a/kadmin.service b/kadmin.service
index ede159e..49657f6 100644
--- a/kadmin.service
+++ b/kadmin.service
@@ -1,12 +1,13 @@
 [Unit]
 Description=Kerberos 5 Password-changing and Administration
 After=syslog.target network.target
+AssertPathExists=!/var/kerberos/krb5kdc/kpropd.acl
 
 [Service]
 Type=forking
 PIDFile=/var/run/kadmind.pid
 EnvironmentFile=-/etc/sysconfig/kadmin
-ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
+ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/kadmind.init b/kadmind.init
deleted file mode 100755
index 8915e2b..0000000
--- a/kadmind.init
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/bash
-#
-# kadmind      Start and stop the Kerberos 5 administrative server.
-#
-# chkconfig:   - 35 65
-# description: Kerberos 5 is a trusted third-party authentication system.  \
-#	       This script starts and stops the Kerberos 5 administrative \
-#              server, which should only be run on the master server for a \
-#              realm.
-# processname: kadmind
-# config: /etc/sysconfig/kadmin
-# pidfile: /var/run/kadmind.pid
-#
-
-### BEGIN INIT INFO
-# Provides: kadmin
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: portreserve
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: start and stop the Kerberos 5 admin server
-# Description: The kadmind service allows administrators to remotely manage \
-#              the Kerberos 5 realm database.  It should only be run on a \
-#              master KDC.
-### END INIT INFO
-
-# Get config.
-. /etc/sysconfig/network
-
-# Get config.
-[ -r /etc/sysconfig/kadmin ] && . /etc/sysconfig/kadmin
-
-# Source function library.
-. /etc/init.d/functions
-prog="Kerberos 5 Admin Server"
-kadmind=/usr/sbin/kadmind
-pidfile=/var/run/kadmind.pid
-
-RETVAL=0
-
-# Shell functions to cut down on useless shell instances.
-start() {
-  	if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
-	    echo $"Error. This appears to be a slave server, found kpropd.acl"
-	    exit 6
-	else
-	    [ -x $kadmind ] || exit 5
-	fi
-	echo -n $"Starting $prog: "
-	# tell portreserve to release the kerberos-adm port
-	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || :
-	daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} -P $pidfile $KADMIND_ARGS
-	RETVAL=$?
-	echo
-	if test $RETVAL -ne 0 ; then
-	    if status -l kadmin ${kadmind} > /dev/null ; then
-		RETVAL=0
-	    fi
-	fi
-	[ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin
-}
-stop() {
-	echo -n $"Stopping $prog: "
-	killproc ${kadmind}
-	RETVAL=$?
-	echo
-	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/kadmin
-}
-reload() {
-	echo -n $"Reopening $prog log file: "
-	killproc ${kadmind} -HUP
-	RETVAL=$?
-	echo
-}
-
-# See how we were called.
-case "$1" in
-  start)
-	start
-	;;
-  stop)
-	stop
-	;;
-  restart)
-	stop
-	start
-	;;
-  status)
-	status -l kadmin ${kadmind}
-	RETVAL=$?
-	;;
-  reload)
-	reload
-	;;
-  condrestart)
-	if [ -f /var/lock/subsys/kadmin ] ; then
-		stop
-		start
-	fi
-	;;
-  *)
-	echo $"Usage: $0 {start|stop|status|condrestart|reload|restart}"
-	RETVAL=2
-	;;
-esac
-
-exit $RETVAL
diff --git a/kprop.service b/kprop.service
index 4ed2247..64d5de1 100644
--- a/kprop.service
+++ b/kprop.service
@@ -1,10 +1,11 @@
 [Unit]
 Description=Kerberos 5 Propagation
 After=syslog.target network.target
+AssertPathExists=!/var/kerberos/krb5kdc/kpropd.acl
 
 [Service]
 Type=forking
-ExecStart=/usr/sbin/_kpropd
+ExecStart=/usr/sbin/kpropd
 
 [Install]
 WantedBy=multi-user.target
diff --git a/kpropd.init b/kpropd.init
deleted file mode 100755
index b872ee3..0000000
--- a/kpropd.init
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/bash
-#
-# kpropd.init  Start and stop the Kerberos 5 propagation client.
-#
-# chkconfig:   - 35 65
-# description: Kerberos 5 is a trusted third-party authentication system.  \
-#	       This script starts and stops the service that allows this \
-#              KDC to receive updates from your master KDC.
-# processname: kpropd
-#
-
-### BEGIN INIT INFO
-# Provides: kprop
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: portreserve
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: start and stop the Kerberos 5 propagation client
-# Description: The kpropd service accepts database updates pushed to it from \
-#              the master KDC.  It will never be needed on a master KDC.
-### END INIT INFO
-
-# Get config.
-. /etc/sysconfig/network
-
-# Source function library.
-. /etc/init.d/functions
-
-RETVAL=0
-prog="Kerberos 5 Propagation Server"
-kpropd=/usr/sbin/kpropd
-
-# Shell functions to cut down on useless shell instances.
-start() {
-  	[ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6
-	[ -x $kpropd ] || exit 5
-	echo -n $"Starting $prog: "
-	# tell portreserve to release the krb5_prop port
-	[ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || :
-	daemon ${kpropd} -S
-	RETVAL=$?
-	echo
-	if test $RETVAL -ne 0 ; then
-	    if status -l kprop ${kpropd} > /dev/null ; then
-		RETVAL=0
-	    fi
-	fi
-	[ $RETVAL = 0 ] && touch /var/lock/subsys/kprop
-}
-stop() {
-	echo -n $"Stopping $prog: "
-	killproc ${kpropd}
-	RETVAL=$?
-	echo
-	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/kprop
-}
-
-# See how we were called.
-case "$1" in
-  start)
-	start
-	;;
-  stop)
-	stop
-	;;
-  # We don't really "do" reload, so treat it as a restart.
-  restart|force-reload)
-	stop
-	start
-	;;
-  reload)
-	echo "can't reload configuration, you have to restart it"
-	RETVAL=3
-	;;
-  status)
-	status -l kprop ${kpropd}
-	RETVAL=$?
-	;;
-  condrestart)
-	if [ -f /var/lock/subsys/kprop ] ; then
-		stop
-		start
-	fi
-	;;
-  *)
-	echo $"Usage: $0 {start|stop|restart|condrestart|reload|status|force-reload}"
-	RETVAL=2
-	;;
-esac
-
-exit $RETVAL
diff --git a/krb5.spec b/krb5.spec
index 32c1bdf..31c8b28 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -13,7 +13,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.14
-Release: 18%{?dist}
+Release: 19%{?dist}
 # - Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar
 # - The sources below are stored in a lookaside cache. Upload with
@@ -26,8 +26,8 @@ Source2: kprop.service
 Source4: kadmin.service
 Source5: krb5kdc.service
 Source6: krb5.conf
-Source7: _kpropd
-Source8: _kadmind
+#Source7: _kpropd
+#Source8: _kadmind
 Source10: kdc.conf
 Source11: kadm5.acl
 Source19: krb5kdc.sysconfig
@@ -37,9 +37,9 @@ Source31: kerberos-adm.portreserve
 Source32: krb5_prop.portreserve
 Source33: krb5kdc.logrotate
 Source34: kadmind.logrotate
-Source36: kpropd.init
-Source37: kadmind.init
-Source38: krb5kdc.init
+#Source36: kpropd.init
+#Source37: kadmind.init
+#Source38: krb5kdc.init
 Source39: krb5-krb5kdc.conf
 
 # Carry this locally until it's available in a packaged form.
@@ -432,12 +432,6 @@ for unit in \
 	# is an upgrade-time problem I'm in no hurry to deal with.
 	install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir}
 done
-mkdir -p $RPM_BUILD_ROOT%{_sbindir}
-for wrapper in \
-	%{SOURCE7} \
-	%{SOURCE8} ; do
-	install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/
-done
 mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir}
 install -pm 644 %{SOURCE39} $RPM_BUILD_ROOT/%{_tmpfilesdir}/
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc
@@ -658,14 +652,12 @@ exit 0
 %{_sbindir}/kadmin.local
 %{_mandir}/man8/kadmin.local.8*
 %{_sbindir}/kadmind
-%{_sbindir}/_kadmind
 %{_mandir}/man8/kadmind.8*
 %{_sbindir}/kdb5_util
 %{_mandir}/man8/kdb5_util.8*
 %{_sbindir}/kprop
 %{_mandir}/man8/kprop.8*
 %{_sbindir}/kpropd
-%{_sbindir}/_kpropd
 %{_mandir}/man8/kpropd.8*
 %{_sbindir}/kproplog
 %{_mandir}/man8/kproplog.8*
@@ -775,6 +767,11 @@ exit 0
 
 
 %changelog
+* Thu Jan 28 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-19
+- Replace _kadmin/_kprop with systemd macros
+- Remove traces of upstart from fedora package per policy
+- Resolves: #1290185
+
 * Wed Jan 27 2016 Robbie Harwood <rharwood@redhat.com> - 1.14-18
 - Fix CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
 
diff --git a/krb5kdc.init b/krb5kdc.init
deleted file mode 100755
index 3462ca6..0000000
--- a/krb5kdc.init
+++ /dev/null
@@ -1,102 +0,0 @@
-#!/bin/bash
-#
-# krb5kdc      Start and stop the Kerberos 5 servers.
-#
-# chkconfig:   - 35 65
-# description: Kerberos 5 is a trusted third-party authentication system.  \
-#	       This script starts and stops the server that Kerberos 5 \
-#	       clients need to connect to in order to obtain credentials.
-# processname: krb5kdc
-# config: /etc/sysconfig/krb5kdc
-# pidfile: /var/run/krb5kdc.pid
-#
-
-### BEGIN INIT INFO
-# Provides: krb5kdc
-# Required-Start: $local_fs $network
-# Required-Stop: $local_fs $network
-# Should-Start: portreserve
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: start and stop the Kerberos 5 KDC
-# Description: The krb5kdc is the Kerberos 5 key distribution center, which \
-#              issues credentials to Kerberos 5 clients.
-### END INIT INFO
-
-# Get config.
-. /etc/sysconfig/network
-
-# Get config.
-[ -r /etc/sysconfig/krb5kdc ] && . /etc/sysconfig/krb5kdc
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-RETVAL=0
-prog="Kerberos 5 KDC"
-krb5kdc=/usr/sbin/krb5kdc
-pidfile=/var/run/krb5kdc.pid
-PATH=/usr/lib64/krb5:/usr/lib/krb5:"$PATH"
-
-# Shell functions to cut down on useless shell instances.
-start() {
-	[ -x $krb5kdc ] || exit 5
-	echo -n $"Starting $prog: "
-	# tell portreserve to release the kerberos-iv port
-	[ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || :
-	daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} -P $pidfile $KRB5KDC_ARGS
-	RETVAL=$?
-	echo
-	if test $RETVAL -ne 0 ; then
-	    if status ${krb5kdc} > /dev/null ; then
-		RETVAL=0
-	    fi
-	fi
-	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
-}
-stop() {
-	echo -n $"Stopping $prog: "
-	killproc ${krb5kdc}
-	RETVAL=$?
-	echo
-	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/krb5kdc
-}
-reload() {
-	echo -n $"Reopening $prog log file: "
-	killproc ${krb5kdc} -HUP
-        RETVAL=$?
-	echo
-}
-
-# See how we were called.
-case "$1" in
-  start)
-	start
-	;;
-  stop)
-	stop
-	;;
-  restart)
-	stop
-	start
-	;;
-  reload)
-        reload
-        ;;
-  status)
-	status ${krb5kdc}
-        RETVAL=$?
-	;;
-  condrestart)
-	if [ -f /var/lock/subsys/krb5kdc ] ; then
-		stop
-		start
-	fi
-	;;
-  *)
-	echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
-	RETVAL=2
-	;;
-esac
-
-exit $RETVAL