Test a fix for rhbz#1902811

This commit is contained in:
Alexander Bokovoy 2020-12-16 08:11:09 +02:00
parent d1d2d3bc50
commit d10972a2bf
2 changed files with 81 additions and 2 deletions

View File

@ -0,0 +1,75 @@
From 44669a5a35970020d492cba644d0584bcc68774f Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Mon, 14 Dec 2020 17:44:38 +0100
Subject: [PATCH] Change mkdir logic in DNSSEC
- Create /var/named/dyndb-ldap/ipa/master/ early
- Assume that /var/named/dyndb-ldap/ipa/master/ exists in BINDMgr.sync()
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaserver/dnssec/bindmgr.py | 7 +++----
ipaserver/install/dnskeysyncinstance.py | 19 +++++++++++++------
ipaserver/install/server/upgrade.py | 1 +
3 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/ipaserver/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
index 4f7cad89344..a15c0e601a2 100644
--- a/ipaserver/dnssec/bindmgr.py
+++ b/ipaserver/dnssec/bindmgr.py
@@ -182,10 +182,9 @@ def sync_zone(self, zone):
zone_path = os.path.join(paths.BIND_LDAP_DNS_ZONE_WORKDIR,
self.get_zone_dir_name(zone))
try:
- os.makedirs(zone_path)
- except OSError as e:
- if e.errno != errno.EEXIST:
- raise e
+ os.mkdir(zone_path, 0o770)
+ except FileExistsError:
+ pass
# fix HSM permissions
# TODO: move out
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 26c1d9c7516..16870b73b5c 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -66,12 +66,19 @@ def set_dyndb_ldap_workdir_permissions(self):
"""
Setting up correct permissions to allow write/read access for daemons
"""
- if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR):
- os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
- # dnssec daemons require to have access into the directory
- os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
- os.chown(paths.BIND_LDAP_DNS_IPA_WORKDIR, self.named_uid,
- self.named_gid)
+ directories = [
+ paths.BIND_LDAP_DNS_IPA_WORKDIR,
+ paths.BIND_LDAP_DNS_ZONE_WORKDIR,
+ ]
+ for directory in directories:
+ try:
+ os.mkdir(directory, 0o770)
+ except FileExistsError:
+ pass
+ else:
+ os.chmod(directory, 0o770)
+ # dnssec daemons require to have access into the directory
+ os.chown(directory, self.named_uid, self.named_gid)
def remove_replica_public_keys(self, replica_fqdn):
ldap = api.Backend.ldap2
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 18891d53c7d..c453e16b08a 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1749,6 +1749,7 @@ def upgrade_configuration():
else:
if dnssec_set_openssl_engine(dnskeysyncd):
dnskeysyncd.start_dnskeysyncd()
+ dnskeysyncd.set_dyndb_ldap_workdir_permissions()
cleanup_kdc(fstore)
cleanup_adtrust(fstore)

View File

@ -176,7 +176,7 @@
Name: %{package_name} Name: %{package_name}
Version: %{IPA_VERSION} Version: %{IPA_VERSION}
Release: 0.5%{?rc_version:.%rc_version}%{?dist} Release: 0.6%{?rc_version:.%rc_version}%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
License: GPLv3+ License: GPLv3+
@ -193,6 +193,8 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_vers
# product-name.png # product-name.png
# RHEL spec file only: END: Change branding to IPA and Identity Management # RHEL spec file only: END: Change branding to IPA and Identity Management
Patch0001: freeipa-refactor-dnssec-paths.patch
# RHEL spec file only: START # RHEL spec file only: START
%if 0%{?rhel} == 8 && %{NON_DEVELOPER_BUILD} %if 0%{?rhel} == 8 && %{NON_DEVELOPER_BUILD}
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
@ -201,7 +203,6 @@ Patch1003: 1003-Revert-WebUI-use-python3-rjsmin-to-minify-JavaScript.patch
%endif %endif
# RHEL spec file only: END # RHEL spec file only: END
# For the timestamp trick in patch application # For the timestamp trick in patch application
BuildRequires: diffstat BuildRequires: diffstat
@ -1675,6 +1676,9 @@ fi
%endif %endif
%changelog %changelog
* Wed Dec 16 07:52:00 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.6.rc3
- Refactor DNSSEC paths creation code (upstream PR#5340)
* Thu Dec 10 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.5.rc3 * Thu Dec 10 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.5.rc3
- FreeIPA 4.9.0 release candidate 3 - FreeIPA 4.9.0 release candidate 3
- Enforce C.UTF-8 locale in systemd service units - Enforce C.UTF-8 locale in systemd service units