[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, master, updated. debian/2.2.1+dfsg-2-11-g0336242

Russ Allbery rra at debian.org
Tue Nov 10 23:57:06 UTC 2009


The following commit has been merged in the master branch:
commit 03362422ca718405bc6ea12df57c74ae63010b50
Merge: 317bfa4284332407ec6ae78211854441c6699c40 86b8a8edb8cded41e67f4e544133dfea11942d9f
Author: Russ Allbery <rra at debian.org>
Date:   Tue Nov 10 15:45:09 2009 -0800

    Merge branch 'debian'
    
    Conflicts:
    	configs/shibd-debian.in

diff --combined configs/shibd-debian.in
index d8d05f5,6404233..870afaa
--- a/configs/shibd-debian.in
+++ b/configs/shibd-debian.in
@@@ -29,6 -29,7 +29,7 @@@ DAEMON=@-PREFIX-@/sbin/$NAM
  SCRIPTNAME=/etc/init.d/$NAME
  PIDFILE=@-PKGRUNDIR-@/$NAME.pid
  DAEMON_OPTS=""
+ DAEMON_USER=_shibd
  
  # Force removal of socket
  DAEMON_OPTS="$DAEMON_OPTS -f"
@@@ -51,36 -52,57 +52,56 @@@ DAEMON_OPTS="$DAEMON_OPTS -w 30
  # Get the setting of VERBOSE and other rcS variables.
  [ -f /etc/default/rcS ] && . /etc/default/rcS
  
- case "$1" in
- start)
+ prepare_environment () {
      # Ensure @-PKGRUNDIR-@ exists.  /var/run may be on a tmpfs file system.
      [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@'
  
+     if [ -n "$DAEMON_USER" ]; then
+         if DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null); then
+             # openssl errstr 200100D (hex for 33558541) says:
+             # error:0200100D:system library:fopen:Permission denied
+             if  echo "$DIAG" | fgrep -q 'ERROR OpenSSL : error code: 33558541 '; then
+                 unset DAEMON_USER
+                 echo "$NAME warning: file permissions require running as root"
+             else
+                 chown -R "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
+             fi
+         else
+             unset DAEMON_USER
+             echo "$NAME error: unable to run config check as user $DAEMON_USER"
+         fi
+         unset DIAG
+     fi
+ }
+ 
+ case "$1" in
+ start)
+     prepare_environment
+ 
      # Don't start shibd if NO_START is set.
      if [ "$NO_START" = 1 ] ; then
          echo "Not starting $DESC (see /etc/default/$NAME)"
          exit 0
      fi
      echo -n "Starting $DESC: "
-     start-stop-daemon --start --quiet \
+     start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
          --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
      echo "$NAME."
      ;;
  stop)
      echo -n "Stopping $DESC: "
      start-stop-daemon --stop --quiet --pidfile $PIDFILE \
 -        --exec $DAEMON
 +        --retry TERM/30/KILL/5 --exec $DAEMON
      echo "$NAME."
      ;;
  restart|force-reload)
-     # Ensure @-PKGRUNDIR-@ exists.  /var/run may be on a tmpfs file system.
-     [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@'
+     prepare_environment
  
      echo -n "Restarting $DESC: "
      start-stop-daemon --stop --quiet --pidfile $PIDFILE \
 -        --exec $DAEMON
 -    sleep 1
 +        --retry TERM/30/KILL/5 --exec $DAEMON
-     start-stop-daemon --start --quiet --pidfile $PIDFILE \
-         --exec $DAEMON -- $DAEMON_OPTS
+     start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
 -        --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
++        -- pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
      echo "$NAME."
      ;;
  *)

-- 
Debian packaging for the 2.0 Apache Shibboleth SP



More information about the Pkg-shibboleth-devel mailing list