Fix error detection when starting kpropd/kadmind
- drop a patch we're not applying - wrap kadmind and kpropd in scripts which check for the presence/absence of files which dictate particular exit codes before exec'ing the actual binaries, instead of trying to use ConditionPathExists in the unit files to accomplish that, so that we exit with failure properly when what we expect isn't actually in effect on the system (#800343)
This commit is contained in:
parent
272aaeef17
commit
ee18500d9b
10
_kadmind
Normal file
10
_kadmind
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
kadmind=/usr/sbin/kadmind
|
||||||
|
if test -f /var/kerberos/krb5kdc/kpropd.acl ; then
|
||||||
|
echo $"Error. This appears to be a slave server, found kpropd.acl"
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
if ! test -x "$kadmind" ; then
|
||||||
|
exit 5
|
||||||
|
fi
|
||||||
|
exec "$kadmind" "$@"
|
10
_kpropd
Normal file
10
_kpropd
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
kpropd=/usr/sbin/kpropd
|
||||||
|
if ! test -f /var/kerberos/krb5kdc/kpropd.acl ; then
|
||||||
|
echo $"Error. This does not appear to be a slave server, kpropd.acl not found"
|
||||||
|
exit 6
|
||||||
|
fi
|
||||||
|
if ! test -x "$kpropd" ; then
|
||||||
|
exit 5
|
||||||
|
fi
|
||||||
|
exec "$kpropd" "$@"
|
@ -1,13 +1,12 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Kerberos 5 Password-changing and Administration
|
Description=Kerberos 5 Password-changing and Administration
|
||||||
After=syslog.target network.target
|
After=syslog.target network.target
|
||||||
ConditionPathExists=!/var/kerberos/krb5kdc/kpropd.acl
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=forking
|
||||||
PIDFile=/var/run/kadmind.pid
|
PIDFile=/var/run/kadmind.pid
|
||||||
EnvironmentFile=-/etc/sysconfig/kadmin
|
EnvironmentFile=-/etc/sysconfig/kadmin
|
||||||
ExecStart=/usr/sbin/kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
|
ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Kerberos 5 Propagation
|
Description=Kerberos 5 Propagation
|
||||||
After=syslog.target network.target
|
After=syslog.target network.target
|
||||||
ConditionPathExists=/var/kerberos/krb5kdc/kpropd.acl
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=forking
|
||||||
ExecStart=/usr/sbin/kpropd -S
|
ExecStart=/usr/sbin/_kpropd -S
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
22
krb5.spec
22
krb5.spec
@ -32,7 +32,7 @@
|
|||||||
Summary: The Kerberos network authentication system
|
Summary: The Kerberos network authentication system
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.11.3
|
Version: 1.11.3
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -45,6 +45,8 @@ Source2: kprop.service
|
|||||||
Source4: kadmin.service
|
Source4: kadmin.service
|
||||||
Source5: krb5kdc.service
|
Source5: krb5kdc.service
|
||||||
Source6: krb5.conf
|
Source6: krb5.conf
|
||||||
|
Source7: _kpropd
|
||||||
|
Source8: _kadmind
|
||||||
Source10: kdc.conf
|
Source10: kdc.conf
|
||||||
Source11: kadm5.acl
|
Source11: kadm5.acl
|
||||||
Source19: krb5kdc.sysconfig
|
Source19: krb5kdc.sysconfig
|
||||||
@ -76,7 +78,6 @@ Patch59: krb5-1.10-kpasswd_tcp.patch
|
|||||||
Patch60: krb5-1.11-pam.patch
|
Patch60: krb5-1.11-pam.patch
|
||||||
Patch63: krb5-1.11-selinux-label.patch
|
Patch63: krb5-1.11-selinux-label.patch
|
||||||
Patch71: krb5-1.11-dirsrv-accountlock.patch
|
Patch71: krb5-1.11-dirsrv-accountlock.patch
|
||||||
Patch75: krb5-pkinit-debug.patch
|
|
||||||
Patch86: krb5-1.9-debuginfo.patch
|
Patch86: krb5-1.9-debuginfo.patch
|
||||||
Patch105: krb5-kvno-230379.patch
|
Patch105: krb5-kvno-230379.patch
|
||||||
Patch113: krb5-1.11-alpha1-init.patch
|
Patch113: krb5-1.11-alpha1-init.patch
|
||||||
@ -306,7 +307,6 @@ ln -s NOTICE LICENSE
|
|||||||
%patch56 -p1 -b .doublelog
|
%patch56 -p1 -b .doublelog
|
||||||
%patch59 -p1 -b .kpasswd_tcp
|
%patch59 -p1 -b .kpasswd_tcp
|
||||||
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
|
||||||
#%patch75 -p1 -b .pkinit-debug
|
|
||||||
%patch86 -p0 -b .debuginfo
|
%patch86 -p0 -b .debuginfo
|
||||||
%patch105 -p1 -b .kvno
|
%patch105 -p1 -b .kvno
|
||||||
%patch113 -p1 -b .init
|
%patch113 -p1 -b .init
|
||||||
@ -507,6 +507,12 @@ for unit in \
|
|||||||
# is an upgrade-time problem I'm in no hurry to deal with.
|
# is an upgrade-time problem I'm in no hurry to deal with.
|
||||||
install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir}
|
install -pm 644 ${unit} $RPM_BUILD_ROOT%{_unitdir}
|
||||||
done
|
done
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||||
|
for wrapper in \
|
||||||
|
%{SOURCE7} \
|
||||||
|
%{SOURCE8} ; do
|
||||||
|
install -pm 755 ${wrapper} $RPM_BUILD_ROOT%{_sbindir}/
|
||||||
|
done
|
||||||
%else
|
%else
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
for init in \
|
for init in \
|
||||||
@ -771,12 +777,14 @@ exit 0
|
|||||||
%{_sbindir}/kadmin.local
|
%{_sbindir}/kadmin.local
|
||||||
%{_mandir}/man8/kadmin.local.8*
|
%{_mandir}/man8/kadmin.local.8*
|
||||||
%{_sbindir}/kadmind
|
%{_sbindir}/kadmind
|
||||||
|
%{_sbindir}/_kadmind
|
||||||
%{_mandir}/man8/kadmind.8*
|
%{_mandir}/man8/kadmind.8*
|
||||||
%{_sbindir}/kdb5_util
|
%{_sbindir}/kdb5_util
|
||||||
%{_mandir}/man8/kdb5_util.8*
|
%{_mandir}/man8/kdb5_util.8*
|
||||||
%{_sbindir}/kprop
|
%{_sbindir}/kprop
|
||||||
%{_mandir}/man8/kprop.8*
|
%{_mandir}/man8/kprop.8*
|
||||||
%{_sbindir}/kpropd
|
%{_sbindir}/kpropd
|
||||||
|
%{_sbindir}/_kpropd
|
||||||
%{_mandir}/man8/kpropd.8*
|
%{_mandir}/man8/kpropd.8*
|
||||||
%{_sbindir}/kproplog
|
%{_sbindir}/kproplog
|
||||||
%{_mandir}/man8/kproplog.8*
|
%{_mandir}/man8/kproplog.8*
|
||||||
@ -902,6 +910,14 @@ exit 0
|
|||||||
%{_sbindir}/uuserver
|
%{_sbindir}/uuserver
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 15 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.3-8
|
||||||
|
- drop a patch we weren't not applying (build tooling)
|
||||||
|
- wrap kadmind and kpropd in scripts which check for the presence/absence
|
||||||
|
of files which dictate particular exit codes before exec'ing the actual
|
||||||
|
binaries, instead of trying to use ConditionPathExists in the unit files
|
||||||
|
to accomplish that, so that we exit with failure properly when what we
|
||||||
|
expect isn't actually in effect on the system (#800343)
|
||||||
|
|
||||||
* Mon Jul 29 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.3-7
|
* Mon Jul 29 2013 Nalin Dahyabhai <nalin@redhat.com> 1.11.3-7
|
||||||
- attempt to account for UnversionedDocdirs for the -libs subpackage
|
- attempt to account for UnversionedDocdirs for the -libs subpackage
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user