[Pkg-freeipa-devel] [Git][freeipa-team/freeipa][master-next] Create-kadm5.acl-if-it-doesn-t-exist.diff: Fix kadmind startup issue if…

Wed May 23 16:48:29 BST 2018

Timo Aaltonen pushed to branch master-next at FreeIPA packaging / freeipa


Commits:
b650aaa8 by Timo Aaltonen at 2018-05-22T22:05:06+03:00
Create-kadm5.acl-if-it-doesn-t-exist.diff: Fix kadmind startup issue if kadm5.acl doesn't exist. (LP: #1772447)

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/Create-kadm5.acl-if-it-doesn-t-exist.diff
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================

--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ freeipa (4.7.0~pre2-1) UNRELEASED; urgency=medium
   * tests: If the server install fails, just dump the log and exit
     successfully.
   * server.postinst: Fix upgrade from earlier version.
+  * Create-kadm5.acl-if-it-doesn-t-exist.diff: Fix kadmind startup issue
+    if kadm5.acl doesn't exist. (LP: #1772447)
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 18 Apr 2018 17:50:11 +0300
 


=====================================
debian/patches/Create-kadm5.acl-if-it-doesn-t-exist.diff
=====================================
--- /dev/null
+++ b/debian/patches/Create-kadm5.acl-if-it-doesn-t-exist.diff
@@ -0,0 +1,31 @@
+From dcab9c95b0cdb21b3560bfe598bb73394172c90a Mon Sep 17 00:00:00 2001
+From: Timo Aaltonen <tjaalton at debian.org>
+Date: Mon, 21 May 2018 13:24:03 +0300
+Subject: [PATCH] Create kadm5.acl if it doesn't exist
+
+kadmind doesn't start without it, and Debian doesn't ship it by default.
+
+Fixes: https://pagure.io/freeipa/issue/7553
+---
+ ipaserver/install/krbinstance.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
+index c32f8c087..df6344998 100644
+--- a/ipaserver/install/krbinstance.py
++++ b/ipaserver/install/krbinstance.py
+@@ -299,6 +299,11 @@ class KrbInstance(service.Service):
+             logger.debug("Persistent keyring CCACHE is not enabled")
+             self.sub_dict['OTHER_LIBDEFAULTS'] = ''
+ 
++        # Create kadm5.acl if it doesn't exist
++        if not os.path.exists(paths.KRB5KDC_KADM5_ACL):
++            open(paths.KRB5KDC_KADM5_ACL, 'a').close()
++            os.chmod(paths.KRB5KDC_KADM5_ACL, 0o600)
++
+     def __add_krb_container(self):
+         self._ldap_mod("kerberos.ldif", self.sub_dict)
+ 
+-- 
+2.17.0
+


=====================================
debian/patches/series
=====================================
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,6 @@
 # upstreamed
 fix-apache-ssl-setup.diff
+Create-kadm5.acl-if-it-doesn-t-exist.diff
 
 # not upstreamable
 



View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/commit/b650aaa87c5429f960de5817c9f3dafc15e5f1d0

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa/commit/b650aaa87c5429f960de5817c9f3dafc15e5f1d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20180523/c2fdd8cd/attachment-0001.html>
