rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0111-BUILD-Ship-systemd-service-file-for-sssd-secrets.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b2d4308a8adc2267c8080d4de4152b068f20ec5f
  2.   SOURCES
  3.   0111-BUILD-Ship-systemd-service-file-for-sssd-secrets.patch
Blob History Raw
b2d430 
From d0b2cd8d161e7fc6e6c96f51342c88e6572eb1da Mon Sep 17 00:00:00 2001
b2d430 
From: Jakub Hrozek <jhrozek@redhat.com>
b2d430 
Date: Mon, 15 Aug 2016 14:10:23 +0200
b2d430 
Subject: [PATCH 111/111] BUILD: Ship systemd service file for sssd-secrets
b2d430 
MIME-Version: 1.0
b2d430 
Content-Type: text/plain; charset=UTF-8
b2d430 
Content-Transfer-Encoding: 8bit
b2d430
b2d430 
Adds two new files: sssd-secrets.socket and sssd-secrets.service. These
b2d430 
can be used to socket-acticate the secrets responder even without
b2d430 
explicitly starting it in the sssd config file.
b2d430
b2d430 
The specfile activates the socket after installation which means that
b2d430 
the admin would just be able to use the secrets socket and the
b2d430 
sssd_secrets responder would be started automatically by systemd.
b2d430
b2d430 
The sssd-secrets responder is started as root, mostly because I didn't
b2d430 
think of an easy way to pass the uid/gid to the responders without
b2d430 
asking about the sssd user identity in the first place. But nonetheless,
b2d430 
the sssd-secrets responder wasn't tested as non-root and at least the
b2d430 
initialization should be performed as root for the time being.
b2d430
b2d430 
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
b2d430 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
b2d430 
---
b2d430 
 Makefile.am                              | 21 +++++++++++++++++++--
b2d430 
 contrib/sssd.spec.in                     |  6 ++++++
b2d430 
 src/sysv/systemd/sssd-secrets.service.in |  8 ++++++++
b2d430 
 src/sysv/systemd/sssd-secrets.socket.in  |  8 ++++++++
b2d430 
 4 files changed, 41 insertions(+), 2 deletions(-)
b2d430 
 create mode 100644 src/sysv/systemd/sssd-secrets.service.in
b2d430 
 create mode 100644 src/sysv/systemd/sssd-secrets.socket.in
b2d430
b2d430 
diff --git a/Makefile.am b/Makefile.am
b2d430 
index a32a1e37c85e2370fa006ee73b730145f03c3fc1..6ab4399d5b68644668198bc9b0e3056562a4e51a 100644
b2d430 
--- a/Makefile.am
b2d430 
+++ b/Makefile.am
b2d430 
@@ -3888,7 +3888,10 @@ systemdunit_DATA =
b2d430 
 systemdconf_DATA =
b2d430 
 if HAVE_SYSTEMD_UNIT
b2d430 
     systemdunit_DATA += \
b2d430 
-        src/sysv/systemd/sssd.service
b2d430 
+        src/sysv/systemd/sssd.service \
b2d430 
+        src/sysv/systemd/sssd-secrets.socket \
b2d430 
+        src/sysv/systemd/sssd-secrets.service \
b2d430 
+        $(NULL)
b2d430 
 if WITH_JOURNALD
b2d430 
     systemdconf_DATA += \
b2d430 
         src/sysv/systemd/journal.conf
b2d430 
@@ -3926,6 +3929,7 @@ edit_cmd = $(SED) \
b2d430 
         -e 's|@sbindir[@]|$(sbindir)|g' \
b2d430 
         -e 's|@environment_file[@]|$(environment_file)|g' \
b2d430 
         -e 's|@localstatedir[@]|$(localstatedir)|g' \
b2d430 
+        -e 's|@libexecdir[@]|$(libexecdir)|g' \
b2d430 
         -e 's|@prefix[@]|$(prefix)|g'
b2d430
b2d430 
 replace_script = \
b2d430 
@@ -3937,7 +3941,10 @@ replace_script = \
b2d430
b2d430 
 EXTRA_DIST += \
b2d430 
     src/sysv/systemd/sssd.service.in \
b2d430 
-    src/sysv/systemd/journal.conf.in
b2d430 
+    src/sysv/systemd/journal.conf.in \
b2d430 
+    src/sysv/systemd/sssd-secrets.socket.in \
b2d430 
+    src/sysv/systemd/sssd-secrets.service.in \
b2d430 
+    $(NULL)
b2d430
b2d430 
 src/sysv/systemd/sssd.service: src/sysv/systemd/sssd.service.in Makefile
b2d430 
 	@$(MKDIR_P) src/sysv/systemd/
b2d430 
@@ -3947,6 +3954,14 @@ src/sysv/systemd/journal.conf: src/sysv/systemd/journal.conf.in Makefile
b2d430 
 	@$(MKDIR_P) src/sysv/systemd/
b2d430 
 	$(replace_script)
b2d430
b2d430 
+src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile
b2d430 
+	@$(MKDIR_P) src/sysv/systemd/
b2d430 
+	$(replace_script)
b2d430 
+
b2d430 
+src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in Makefile
b2d430 
+	@$(MKDIR_P) src/sysv/systemd/
b2d430 
+	$(replace_script)
b2d430 
+
b2d430 
 SSSD_USER_DIRS = \
b2d430 
     $(DESTDIR)$(dbpath) \
b2d430 
     $(DESTDIR)$(keytabdir) \
b2d430 
@@ -4162,6 +4177,8 @@ endif
b2d430 
 	done;
b2d430 
 	rm -Rf ldb_mod_test_dir
b2d430 
 	rm -f $(builddir)/src/sysv/systemd/sssd.service
b2d430 
+	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket
b2d430 
+	rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service
b2d430 
 	rm -f $(builddir)/src/sysv/systemd/journal.conf
b2d430
b2d430 
 CLEANFILES += *.X */*.X */*/*.X
b2d430 
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
b2d430 
index 14f0cb27ac8f1acc3aa0786da576be33b727e024..f1ff16176cb8ca974b98948958cfa1e9290b0bca 100644
b2d430 
--- a/contrib/sssd.spec.in
b2d430 
+++ b/contrib/sssd.spec.in
b2d430 
@@ -737,6 +737,8 @@ done
b2d430 
 %{_sbindir}/sssd
b2d430 
 %if (0%{?use_systemd} == 1)
b2d430 
 %{_unitdir}/sssd.service
b2d430 
+%{_unitdir}/sssd-secrets.socket
b2d430 
+%{_unitdir}/sssd-secrets.service
b2d430 
 %else
b2d430 
 %{_initrddir}/%{name}
b2d430 
 %endif
b2d430 
@@ -1069,12 +1071,16 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
b2d430 
 # systemd
b2d430 
 %post common
b2d430 
 %systemd_post sssd.service
b2d430 
+%systemd_post sssd-secrets.socket
b2d430
b2d430 
 %preun common
b2d430 
 %systemd_preun sssd.service
b2d430 
+%systemd_preun sssd-secrets.socket
b2d430
b2d430 
 %postun common
b2d430 
 %systemd_postun_with_restart sssd.service
b2d430 
+%systemd_postun_with_restart sssd-secrets.socket
b2d430 
+%systemd_postun_with_restart sssd-secrets.service
b2d430
b2d430 
 %else
b2d430 
 # sysv
b2d430 
diff --git a/src/sysv/systemd/sssd-secrets.service.in b/src/sysv/systemd/sssd-secrets.service.in
b2d430 
new file mode 100644
b2d430 
index 0000000000000000000000000000000000000000..119c9bb4b37b672159db707aa11a6d11215f29bf
b2d430 
--- /dev/null
b2d430 
+++ b/src/sysv/systemd/sssd-secrets.service.in
b2d430 
@@ -0,0 +1,8 @@
b2d430 
+[Unit]
b2d430 
+Description=SSSD Secrets Service responder
b2d430 
+
b2d430 
+[Install]
b2d430 
+Also=sssd-secrets.socket
b2d430 
+
b2d430 
+[Service]
b2d430 
+ExecStart=@libexecdir@/sssd/sssd_secrets --uid 0 --gid 0 --debug-to-files
b2d430 
diff --git a/src/sysv/systemd/sssd-secrets.socket.in b/src/sysv/systemd/sssd-secrets.socket.in
b2d430 
new file mode 100644
b2d430 
index 0000000000000000000000000000000000000000..682e8f6e0fa58092a90259523f9f2f59e0131435
b2d430 
--- /dev/null
b2d430 
+++ b/src/sysv/systemd/sssd-secrets.socket.in
b2d430 
@@ -0,0 +1,8 @@
b2d430 
+[Unit]
b2d430 
+Description=SSSD Secrets Service responder socket
b2d430 
+
b2d430 
+[Socket]
b2d430 
+ListenStream=@localstatedir@/run/secrets.socket
b2d430 
+
b2d430 
+[Install]
b2d430 
+WantedBy=sockets.target
b2d430 
--
b2d430 
2.4.11
b2d430

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation