|
 |
9201c6 |
commit be665e77eb7cd88a3d15676945bec7def3eb73d5
|
|
|
9201c6 |
Author: Frank Ch. Eigler <fche@redhat.com>
|
|
|
9201c6 |
Date: Wed Jun 15 10:58:01 2016 -0400
|
|
|
9201c6 |
|
|
|
9201c6 |
RHBZ1346112: let stap-server create ssl-cert on first run rather than install
|
|
|
9201c6 |
|
|
|
9201c6 |
This way different container-images get different certs.
|
|
|
9201c6 |
|
|
|
9201c6 |
diff --git a/stap-server b/stap-server
|
|
|
9201c6 |
index 939c503..c39ae49 100644
|
|
|
9201c6 |
--- a/stap-server
|
|
|
9201c6 |
+++ b/stap-server
|
|
|
9201c6 |
@@ -500,6 +500,19 @@ prepare_stat_dir () {
|
|
|
9201c6 |
return 0
|
|
|
9201c6 |
}
|
|
|
9201c6 |
|
|
|
9201c6 |
+prepare_certs () {
|
|
|
9201c6 |
+ if [ "$USER" != "`id -un`" ]; then
|
|
|
9201c6 |
+ if ! runuser -s /bin/bash - $USER -c 'test -f $HOME/.systemtap/ssl/server/stap.cert'; then
|
|
|
9201c6 |
+ runuser -s /bin/bash - $USER -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
|
|
|
9201c6 |
+ fi
|
|
|
9201c6 |
+ else
|
|
|
9201c6 |
+ if ! test -f $HOME/.systemtap/ssl/server/stap.cert; then
|
|
|
9201c6 |
+ ${PKGLIBEXECDIR}stap-gen-cert
|
|
|
9201c6 |
+ fi
|
|
|
9201c6 |
+ fi
|
|
|
9201c6 |
+}
|
|
|
9201c6 |
+
|
|
|
9201c6 |
+
|
|
|
9201c6 |
prepare_log_dir () {
|
|
|
9201c6 |
local log_path=`dirname "$1"`
|
|
|
9201c6 |
if [ ! -d "$log_path" ]; then
|
|
|
9201c6 |
@@ -859,6 +872,13 @@ start_server () {
|
|
|
9201c6 |
fi
|
|
|
9201c6 |
fi
|
|
|
9201c6 |
|
|
|
9201c6 |
+ # Create certificates for this server
|
|
|
9201c6 |
+ prepare_certs
|
|
|
9201c6 |
+ if [ $? -ne 0 ]; then
|
|
|
9201c6 |
+ echo $"Failed to make certificates ($USER .systemtap/ssl/server/stap.cert)" >&2
|
|
|
9201c6 |
+ exit 1
|
|
|
9201c6 |
+ fi
|
|
|
9201c6 |
+
|
|
|
9201c6 |
# Create the log directory for this server
|
|
|
9201c6 |
prepare_log_dir "$LOG"
|
|
|
9201c6 |
if [ $? -ne 0 ]; then
|
|
|
9201c6 |
diff --git a/systemtap.spec b/systemtap.spec
|
|
|
9201c6 |
index 1630fba..84bf041 100644
|
|
|
9201c6 |
--- a/systemtap.spec
|
|
|
9201c6 |
+++ b/systemtap.spec
|
|
|
9201c6 |
@@ -658,11 +658,6 @@ test -e %{_localstatedir}/log/stap-server/log || {
|
|
|
9201c6 |
chmod 644 %{_localstatedir}/log/stap-server/log
|
|
|
9201c6 |
chown stap-server:stap-server %{_localstatedir}/log/stap-server/log
|
|
|
9201c6 |
}
|
|
|
9201c6 |
-# If it does not already exist, as stap-server, generate the certificate
|
|
|
9201c6 |
-# used for signing and for ssl.
|
|
|
9201c6 |
-if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then
|
|
|
9201c6 |
- runuser -s /bin/sh - stap-server -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
|
|
|
9201c6 |
-fi
|
|
|
9201c6 |
# Prepare the service
|
|
|
9201c6 |
%if %{with_systemd}
|
|
|
9201c6 |
# Note, Fedora policy doesn't allow network services enabled by default
|