|
|
469e9d |
From bb759551b1177fb6795405b26067c9a369fb6b52 Mon Sep 17 00:00:00 2001
|
|
|
469e9d |
From: Dinesh Prasanth M K <SilleBille@users.noreply.github.com>
|
|
|
469e9d |
Date: Fri, 25 Jan 2019 12:23:10 -0500
|
|
|
469e9d |
Subject: [PATCH] Bug fix for Nuxwdog (#150)
|
|
|
469e9d |
|
|
|
469e9d |
- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
|
|
|
469e9d |
As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)
|
|
|
469e9d |
|
|
|
469e9d |
- This PR includes a fix to keep a fd open until the PKI server starts. This will
|
|
|
469e9d |
keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.
|
|
|
469e9d |
|
|
|
469e9d |
Backport of #149
|
|
|
469e9d |
|
|
|
469e9d |
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
|
|
|
469e9d |
---
|
|
|
469e9d |
base/server/scripts/pki-server-nuxwdog | 4 ++++
|
|
|
469e9d |
pki.spec | 2 ++
|
|
|
469e9d |
2 files changed, 6 insertions(+)
|
|
|
469e9d |
|
|
|
469e9d |
diff --git a/base/server/scripts/pki-server-nuxwdog b/base/server/scripts/pki-server-nuxwdog
|
|
|
469e9d |
index ab504ae3e..4f11f6de2 100755
|
|
|
469e9d |
--- a/base/server/scripts/pki-server-nuxwdog
|
|
|
469e9d |
+++ b/base/server/scripts/pki-server-nuxwdog
|
|
|
469e9d |
@@ -122,3 +122,7 @@ for tag in sorted(iter(tags)):
|
|
|
469e9d |
key_name = instance_name + '/' + tag
|
|
|
469e9d |
|
|
|
469e9d |
keyring.put_password(key_name=key_name, password=entered_pass)
|
|
|
469e9d |
+
|
|
|
469e9d |
+# 4. Put this script to sleep in background to keep the keyring fd open until main program starts
|
|
|
469e9d |
+# due to systemd bug #1668954
|
|
|
469e9d |
+subprocess.Popen(['/usr/bin/sleep', '10'])
|
|
|
469e9d |
diff --git a/pki.spec b/pki.spec
|
|
|
469e9d |
index 80cd74a94..358a8a758 100644
|
|
|
469e9d |
--- a/pki.spec
|
|
|
469e9d |
+++ b/pki.spec
|
|
|
469e9d |
@@ -609,6 +609,8 @@ Requires: pki-symkey >= %{version}-%{release}
|
|
|
469e9d |
Requires: pki-base-java >= %{version}-%{release}
|
|
|
469e9d |
Requires: pki-tools >= %{version}-%{release}
|
|
|
469e9d |
|
|
|
469e9d |
+Requires: keyutils
|
|
|
469e9d |
+
|
|
|
469e9d |
%if 0%{?rhel} && 0%{?rhel} <= 7
|
|
|
469e9d |
# no policycoreutils-python-utils
|
|
|
469e9d |
%else
|
|
|
469e9d |
--
|
|
|
469e9d |
2.20.1
|
|
|
469e9d |
|