From bb759551b1177fb6795405b26067c9a369fb6b52 Mon Sep 17 00:00:00 2001 From: Dinesh Prasanth M K Date: Fri, 25 Jan 2019 12:23:10 -0500 Subject: [PATCH] Bug fix for Nuxwdog (#150) - systemd doesn't keep the keys pinned between ExecStartPre and ExecStart. As a result, PKI server sees an empty keyring when it starts. (Bug #1668954) - This PR includes a fix to keep a fd open until the PKI server starts. This will keep a process running for `User=` and so the keyring won't be dropped. Backport of #149 Signed-off-by: Dinesh Prasanth M K --- base/server/scripts/pki-server-nuxwdog | 4 ++++ pki.spec | 2 ++ 2 files changed, 6 insertions(+) diff --git a/base/server/scripts/pki-server-nuxwdog b/base/server/scripts/pki-server-nuxwdog index ab504ae3e..4f11f6de2 100755 --- a/base/server/scripts/pki-server-nuxwdog +++ b/base/server/scripts/pki-server-nuxwdog @@ -122,3 +122,7 @@ for tag in sorted(iter(tags)): key_name = instance_name + '/' + tag keyring.put_password(key_name=key_name, password=entered_pass) + +# 4. Put this script to sleep in background to keep the keyring fd open until main program starts +# due to systemd bug #1668954 +subprocess.Popen(['/usr/bin/sleep', '10']) diff --git a/pki.spec b/pki.spec index 80cd74a94..358a8a758 100644 --- a/pki.spec +++ b/pki.spec @@ -609,6 +609,8 @@ Requires: pki-symkey >= %{version}-%{release} Requires: pki-base-java >= %{version}-%{release} Requires: pki-tools >= %{version}-%{release} +Requires: keyutils + %if 0%{?rhel} && 0%{?rhel} <= 7 # no policycoreutils-python-utils %else -- 2.20.1