PR#1: Move default socket to the rundir - rpms/gssproxy

rpms / gssproxy

#1 Move default socket to the rundir

Merged 2 years ago by simo. Opened 2 years ago by simo.

rpms/ simo/gssproxy rawhide into rawhide

Simo Sorce • 2 years ago

018e011

gssproxy.sock.compat.conf

file added

		`@@ -0,0 +1,1 @@`
		`+ L /var/lib/gssproxy/default.sock - - - /run/gssproxy.default.sock`

gssproxy.spec

file modified

+19 -2

		`@@ -1,17 +1,19 @@`
		`Name: gssproxy`

		`Version: 0.8.4`
		`- Release: 4%{?dist}`
		`+ Release: 5%{?dist}`
		`Summary: GSSAPI Proxy`

		`License: MIT`
		`URL: https://github.com/gssapi/gssproxy`
		`Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz`
		`Source1: rwtab`
		`+ Source2: gssproxy.sock.compat.conf`

		`%global servicename gssproxy`
		`%global pubconfpath %{_sysconfdir}/gssproxy`
		`%global gpstatedir %{_localstatedir}/lib/gssproxy`
		`+ %global gpsockpath %{_rundir}/gssproxy.default.sock`

		`### Patches ###`

		`@@ -61,6 +63,7 @@`
		`autoreconf -f -i`
		`%configure \`
		`--with-pubconf-path=%{pubconfpath} \`
		`+ --with-socket-name=%{gpsockpath} \`
		`--with-initscript=systemd \`
		`--disable-static \`
		`--disable-rpath \`
		`@@ -80,7 +83,10 @@`
		`install -m644 examples/mech %{buildroot}%{_sysconfdir}/gss/mech.d/gssproxy.conf`
		`mkdir -p %{buildroot}%{gpstatedir}/rcache`
		`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d`
		`+ mkdir -p $RPM_BUILD_ROOT/%{_tmpfilesdir}`
		`install -m644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d/gssproxy`
		`+ install -m644 %{SOURCE2} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf`
		`+ ln -s %{gpsockpath} %{buildroot}%{gpstatedir}/default.sock`

		`%files`
		`%license COPYING`
		`@@ -99,6 +105,13 @@`
		`%{_mandir}/man8/gssproxy.8*`
		`%{_mandir}/man8/gssproxy-mech.8*`
		`%config(noreplace) %{_sysconfdir}/rwtab.d/gssproxy`
		`+ %{gpstatedir}/default.sock`
		`+ %{_tmpfilesdir}/%{name}.conf`
		`+`
		`+ %pre`
		`+ if [ -S %{gpstatedir}/default.sock ]; then`
		`+ rm -f %{gpstatedir}/default.sock`
		`+ fi`

		`%post`
		`%systemd_post gssproxy.service`
		`@@ -110,6 +123,10 @@`
		`%systemd_postun_with_restart gssproxy.service`

		`%changelog`
		`+ * Mon Sep 20 2021 Simo Sorce <simo@redhat.com> - 0.8.4-5`
		`+ - Move default socket to the rundir`
		`+ - Resolves: #1853293`
		`+`
		`* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-4`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild`

		`@@ -120,7 +137,7 @@`
		`* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.4-2`
		`- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild`

		`- * Wed Jan 13 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.4-1`
		`+ * Wed Jan 13 2021 Robbie Harwood <rharwood@redhat.com> - 0.8.4-1`
		`- New upstream release (0.8.4)`

		`* Thu Oct 29 2020 Robbie Harwood <rharwood@redhat.com> - 0.8.3-6`

simo commented 2 years ago

Resolves: #1853293

simo commented 2 years ago

@zbyszek can you check if this solves the bug you opened ?

rebased onto 7338c4a

2 years ago

zbyszek commented 2 years ago

This looks like it would work.

But I see one potential weakness. How important is the presence of the compat symlink in /var? According to file-hierarchy(7), applications should be prepared to start with /var/ empty. Would anything important break if this symlink is gone?

zbyszek commented 2 years ago

(But don't get me wrong: this solution generally solves the issue. Wiping /var/ is something that is nice to support, but nothing more. So I'd very much prefer to have this patch than to block on this one caveat.)

zbyszek commented 2 years ago

Build fails:

warning: absolute symlink: /var/lib/gssproxy/default.sock -> /builddir/build/BUILDROOT/gssproxy-0.8.4-5.fc36.x86_64/run/gssproxy.default.sock
error: Symlink points to BuildRoot: /var/lib/gssproxy/default.sock -> /builddir/build/BUILDROOT/gssproxy-0.8.4-5.fc36.x86_64/run/gssproxy.default.sock

simo commented 2 years ago

This looks like it would work.

But I see one potential weakness. How important is the presence of the compat symlink in /var? According to file-hierarchy(7), applications should be prepared to start with /var/ empty. Would anything important break if this symlink is gone?

Thanks for catching this I meant to add some code to add the var link if missing (either as tmpfiles.d, or in the systemd unit file as preexec).

I think an issue with this change may actually be selinux access for some programs, so I'll pull in someone from that side before I make the change

simo commented 2 years ago

Build fails:
warning: absolute symlink: /var/lib/gssproxy/default.sock -> /builddir/build/BUILDROOT/gssproxy-0.8.4-5.fc36.x86_64/run/gssproxy.default.sock error: Symlink points to BuildRoot: /var/lib/gssproxy/default.sock -> /builddir/build/BUILDROOT/gssproxy-0.8.4-5.fc36.x86_64/run/gssproxy.default.sock
:(

I'll fix this before proceeding.

rebased onto f7ea654

2 years ago

simo commented 2 years ago

@zbyszek what you think about the changes ?
I added a tmpfiles file to recreate the socket, and should ave fixed the symlink

rebased onto c4d0048

2 years ago

rebased onto 018e011

2 years ago

Pull-Request has been merged by simo

2 years ago