From bb759551b1177fb6795405b26067c9a369fb6b52 Mon Sep 17 00:00:00 2001
From: Dinesh Prasanth M K <SilleBille@users.noreply.github.com>
Date: Fri, 25 Jan 2019 12:23:10 -0500
Subject: [PATCH] Bug fix for Nuxwdog (#150)

- systemd doesn't keep the keys pinned between ExecStartPre and ExecStart.
  As a result, PKI server sees an empty keyring when it starts. (Bug #1668954)

- This PR includes a fix to keep a fd open until the PKI server starts. This will
  keep a process running for `User=<pkiuser>` and so the keyring won't be dropped.

Backport of #149

Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
---
 base/server/scripts/pki-server-nuxwdog | 4 ++++
 pki.spec                               | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/base/server/scripts/pki-server-nuxwdog b/base/server/scripts/pki-server-nuxwdog
index ab504ae3e..4f11f6de2 100755
--- a/base/server/scripts/pki-server-nuxwdog
+++ b/base/server/scripts/pki-server-nuxwdog
@@ -122,3 +122,7 @@ for tag in sorted(iter(tags)):
     key_name = instance_name + '/' + tag
 
     keyring.put_password(key_name=key_name, password=entered_pass)
+
+# 4. Put this script to sleep in background to keep the keyring fd open until main program starts
+# due to systemd bug #1668954
+subprocess.Popen(['/usr/bin/sleep', '10'])
diff --git a/pki.spec b/pki.spec
index 80cd74a94..358a8a758 100644
--- a/pki.spec
+++ b/pki.spec
@@ -609,6 +609,8 @@ Requires:         pki-symkey >= %{version}-%{release}
 Requires:         pki-base-java >= %{version}-%{release}
 Requires:         pki-tools >= %{version}-%{release}
 
+Requires:         keyutils
+
 %if 0%{?rhel} && 0%{?rhel} <= 7
 # no policycoreutils-python-utils
 %else
-- 
2.20.1