[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, debian, updated. upstream/2.2.1+dfsg-140-g1524052

Russ Allbery rra at debian.org
Wed Nov 11 00:48:57 UTC 2009 

The following commit has been merged in the debian branch:
commit ca07de6cdc40b932f6d5079e264a91c4eddd1cd2
Author: Russ Allbery <rra at debian.org>
Date:   Tue Nov 10 16:43:57 2009 -0800

    Additional documentation and formatting for DAEMON_USER support
    
    Add a comment to the init script explaining what's going on with the
    DAEMON_USER support and reformat to keep lines below 80 columns.

diff --git a/configs/shibd-debian.in b/configs/shibd-debian.in
index 6404233..cbe55e6 100644
--- a/configs/shibd-debian.in
+++ b/configs/shibd-debian.in
@@ -56,15 +56,23 @@ prepare_environment () {
     # Ensure @-PKGRUNDIR-@ exists.  /var/run may be on a tmpfs file system.
     [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@'
 
+    # If $DAEMON_USER is set, try to run _shibd as that user.  However,
+    # versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root,
+    # and the local administrator may not have made the server's private key
+    # readable by _shibd.  We therefore test first by running shibd -t and
+    # looking for the error code indicating that the private key could not be
+    # read.  If we get that error, we fall back on running shibd as root.
     if [ -n "$DAEMON_USER" ]; then
-        if DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null); then
+        DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null)
+        if [ $? != 0 ] ; then
             # openssl errstr 200100D (hex for 33558541) says:
             # error:0200100D:system library:fopen:Permission denied
-            if  echo "$DIAG" | fgrep -q 'ERROR OpenSSL : error code: 33558541 '; then
+            ERROR='ERROR OpenSSL : error code: 33558541 '
+            if echo "$DIAG" | fgrep -q "$ERROR" ; then
                 unset DAEMON_USER
                 echo "$NAME warning: file permissions require running as root"
             else
-                chown -R "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
+                chown -Rh "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
             fi
         else
             unset DAEMON_USER

-- 
Debian packaging for the 2.0 Apache Shibboleth SP

More information about the Pkg-shibboleth-devel mailing list