Test a fix for rhbz#1902811
This commit is contained in:
parent
d1d2d3bc50
commit
d10972a2bf
75
freeipa-refactor-dnssec-paths.patch
Normal file
75
freeipa-refactor-dnssec-paths.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
From 44669a5a35970020d492cba644d0584bcc68774f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christian Heimes <cheimes@redhat.com>
|
||||||
|
Date: Mon, 14 Dec 2020 17:44:38 +0100
|
||||||
|
Subject: [PATCH] Change mkdir logic in DNSSEC
|
||||||
|
|
||||||
|
- Create /var/named/dyndb-ldap/ipa/master/ early
|
||||||
|
- Assume that /var/named/dyndb-ldap/ipa/master/ exists in BINDMgr.sync()
|
||||||
|
|
||||||
|
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
||||||
|
---
|
||||||
|
ipaserver/dnssec/bindmgr.py | 7 +++----
|
||||||
|
ipaserver/install/dnskeysyncinstance.py | 19 +++++++++++++------
|
||||||
|
ipaserver/install/server/upgrade.py | 1 +
|
||||||
|
3 files changed, 17 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/ipaserver/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
|
||||||
|
index 4f7cad89344..a15c0e601a2 100644
|
||||||
|
--- a/ipaserver/dnssec/bindmgr.py
|
||||||
|
+++ b/ipaserver/dnssec/bindmgr.py
|
||||||
|
@@ -182,10 +182,9 @@ def sync_zone(self, zone):
|
||||||
|
zone_path = os.path.join(paths.BIND_LDAP_DNS_ZONE_WORKDIR,
|
||||||
|
self.get_zone_dir_name(zone))
|
||||||
|
try:
|
||||||
|
- os.makedirs(zone_path)
|
||||||
|
- except OSError as e:
|
||||||
|
- if e.errno != errno.EEXIST:
|
||||||
|
- raise e
|
||||||
|
+ os.mkdir(zone_path, 0o770)
|
||||||
|
+ except FileExistsError:
|
||||||
|
+ pass
|
||||||
|
|
||||||
|
# fix HSM permissions
|
||||||
|
# TODO: move out
|
||||||
|
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
|
||||||
|
index 26c1d9c7516..16870b73b5c 100644
|
||||||
|
--- a/ipaserver/install/dnskeysyncinstance.py
|
||||||
|
+++ b/ipaserver/install/dnskeysyncinstance.py
|
||||||
|
@@ -66,12 +66,19 @@ def set_dyndb_ldap_workdir_permissions(self):
|
||||||
|
"""
|
||||||
|
Setting up correct permissions to allow write/read access for daemons
|
||||||
|
"""
|
||||||
|
- if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR):
|
||||||
|
- os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
|
||||||
|
- # dnssec daemons require to have access into the directory
|
||||||
|
- os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
|
||||||
|
- os.chown(paths.BIND_LDAP_DNS_IPA_WORKDIR, self.named_uid,
|
||||||
|
- self.named_gid)
|
||||||
|
+ directories = [
|
||||||
|
+ paths.BIND_LDAP_DNS_IPA_WORKDIR,
|
||||||
|
+ paths.BIND_LDAP_DNS_ZONE_WORKDIR,
|
||||||
|
+ ]
|
||||||
|
+ for directory in directories:
|
||||||
|
+ try:
|
||||||
|
+ os.mkdir(directory, 0o770)
|
||||||
|
+ except FileExistsError:
|
||||||
|
+ pass
|
||||||
|
+ else:
|
||||||
|
+ os.chmod(directory, 0o770)
|
||||||
|
+ # dnssec daemons require to have access into the directory
|
||||||
|
+ os.chown(directory, self.named_uid, self.named_gid)
|
||||||
|
|
||||||
|
def remove_replica_public_keys(self, replica_fqdn):
|
||||||
|
ldap = api.Backend.ldap2
|
||||||
|
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
||||||
|
index 18891d53c7d..c453e16b08a 100644
|
||||||
|
--- a/ipaserver/install/server/upgrade.py
|
||||||
|
+++ b/ipaserver/install/server/upgrade.py
|
||||||
|
@@ -1749,6 +1749,7 @@ def upgrade_configuration():
|
||||||
|
else:
|
||||||
|
if dnssec_set_openssl_engine(dnskeysyncd):
|
||||||
|
dnskeysyncd.start_dnskeysyncd()
|
||||||
|
+ dnskeysyncd.set_dyndb_ldap_workdir_permissions()
|
||||||
|
|
||||||
|
cleanup_kdc(fstore)
|
||||||
|
cleanup_adtrust(fstore)
|
@ -176,7 +176,7 @@
|
|||||||
|
|
||||||
Name: %{package_name}
|
Name: %{package_name}
|
||||||
Version: %{IPA_VERSION}
|
Version: %{IPA_VERSION}
|
||||||
Release: 0.5%{?rc_version:.%rc_version}%{?dist}
|
Release: 0.6%{?rc_version:.%rc_version}%{?dist}
|
||||||
Summary: The Identity, Policy and Audit system
|
Summary: The Identity, Policy and Audit system
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -193,6 +193,8 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_vers
|
|||||||
# product-name.png
|
# product-name.png
|
||||||
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
||||||
|
|
||||||
|
Patch0001: freeipa-refactor-dnssec-paths.patch
|
||||||
|
|
||||||
# RHEL spec file only: START
|
# RHEL spec file only: START
|
||||||
%if 0%{?rhel} == 8 && %{NON_DEVELOPER_BUILD}
|
%if 0%{?rhel} == 8 && %{NON_DEVELOPER_BUILD}
|
||||||
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch
|
||||||
@ -201,7 +203,6 @@ Patch1003: 1003-Revert-WebUI-use-python3-rjsmin-to-minify-JavaScript.patch
|
|||||||
%endif
|
%endif
|
||||||
# RHEL spec file only: END
|
# RHEL spec file only: END
|
||||||
|
|
||||||
|
|
||||||
# For the timestamp trick in patch application
|
# For the timestamp trick in patch application
|
||||||
BuildRequires: diffstat
|
BuildRequires: diffstat
|
||||||
|
|
||||||
@ -1675,6 +1676,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 16 07:52:00 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.6.rc3
|
||||||
|
- Refactor DNSSEC paths creation code (upstream PR#5340)
|
||||||
|
|
||||||
* Thu Dec 10 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.5.rc3
|
* Thu Dec 10 20:06:03 EET 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0-0.5.rc3
|
||||||
- FreeIPA 4.9.0 release candidate 3
|
- FreeIPA 4.9.0 release candidate 3
|
||||||
- Enforce C.UTF-8 locale in systemd service units
|
- Enforce C.UTF-8 locale in systemd service units
|
||||||
|
Loading…
Reference in New Issue
Block a user