URL: https://github.com/freeipa/freeipa/pull/915 Author: martbab Title: #915: [master only] Move tmpfiles.d configuration handling back to spec file Action: opened
PR body: """ Since ipaapi user is now created during RPM install and not in runtime, we may switch back to shipping tmpfiles.d configuration directly in RPMs and not create it in runtime, which is a preferred way to handle drop-in configuration anyway. This also means that the drop-in config will be shipped in /usr/lib instead of /etc according to Fedora packaging guidelines. This partially reverts commit 38c66896de1769077cd5b057133606ec5eeaf62b. https://pagure.io/freeipa/issue/7053 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/915/head:pr915 git checkout pr915
From cd76bf8b30e13b56548c0a1b2153f4f775d0ea5d Mon Sep 17 00:00:00 2001 From: Martin Babinsky <mbabi...@redhat.com> Date: Tue, 11 Jul 2017 14:10:28 +0200 Subject: [PATCH] Move tmpfiles.d configuration handling back to spec file Since ipaapi user is now created during RPM install and not in runtime, we may switch back to shipping tmpfiles.d configuration directly in RPMs and not create it in runtime, which is a preferred way to handle drop-in configuration anyway. This also means that the drop-in config will be shipped in /usr/lib instead of /etc according to Fedora packaging guidelines. This partially reverts commit 38c66896de1769077cd5b057133606ec5eeaf62b. https://pagure.io/freeipa/issue/7053 --- configure.ac | 1 + freeipa.spec.in | 3 ++- init/Makefile.am | 2 +- init/tmpfilesd/Makefile.am | 20 ++++++++++++++++++++ init/tmpfilesd/ipa.conf.in | 3 +++ install/share/Makefile.am | 1 - install/share/ipa.conf.tmpfiles | 2 -- ipaplatform/base/paths.py | 1 - ipaplatform/base/tasks.py | 8 -------- ipaplatform/redhat/tasks.py | 21 --------------------- ipaserver/install/server/install.py | 10 ---------- ipaserver/install/server/replicainstall.py | 3 --- ipaserver/install/server/upgrade.py | 4 ---- 13 files changed, 27 insertions(+), 52 deletions(-) create mode 100644 init/tmpfilesd/Makefile.am create mode 100644 init/tmpfilesd/ipa.conf.in delete mode 100644 install/share/ipa.conf.tmpfiles diff --git a/configure.ac b/configure.ac index c43759c5bb..f098eb1dac 100644 --- a/configure.ac +++ b/configure.ac @@ -558,6 +558,7 @@ AC_CONFIG_FILES([ daemons/ipa-slapi-plugins/ipa-range-check/Makefile daemons/ipa-slapi-plugins/topology/Makefile init/systemd/Makefile + init/tmpfilesd/Makefile init/Makefile install/Makefile install/certmonger/Makefile diff --git a/freeipa.spec.in b/freeipa.spec.in index 72ce4ccc2c..1073987e98 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1321,6 +1321,8 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd %config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf +# NOTE: systemd specific section +%{_tmpfilesdir}/ipa.conf %attr(644,root,root) %{_unitdir}/ipa-custodia.service %ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf # END @@ -1330,7 +1332,6 @@ fi %{_usr}/share/ipa/*.ldif %{_usr}/share/ipa/*.uldif %{_usr}/share/ipa/*.template -%{_usr}/share/ipa/ipa.conf.tmpfiles %dir %{_usr}/share/ipa/advise %dir %{_usr}/share/ipa/advise/legacy %{_usr}/share/ipa/advise/legacy/*.template diff --git a/init/Makefile.am b/init/Makefile.am index bee4243912..8f4d1d0a8f 100644 --- a/init/Makefile.am +++ b/init/Makefile.am @@ -2,7 +2,7 @@ # AUTOMAKE_OPTIONS = 1.7 -SUBDIRS = systemd +SUBDIRS = systemd tmpfilesd dist_sysconfenv_DATA = \ ipa-dnskeysyncd \ diff --git a/init/tmpfilesd/Makefile.am b/init/tmpfilesd/Makefile.am new file mode 100644 index 0000000000..7db2e9e0cd --- /dev/null +++ b/init/tmpfilesd/Makefile.am @@ -0,0 +1,20 @@ +dist_noinst_DATA = \ + ipa.conf.in + +systemdtmpfiles_DATA = \ + ipa.conf + +CLEANFILES = $(systemdtmpfiles_DATA) + +%: %.in Makefile + sed -e 's|@localstatedir[@]|$(localstatedir)|g' '$(srcdir)/$@.in' >$@ + +# create empty directories as needed +# DESTDIR might not be set, in that case default to system root +DESTDIR ?= / +install-data-hook: + for conf in $(systemdtmpfiles_DATA); do \ + systemd-tmpfiles --remove --create --boot \ + --root $(DESTDIR) \ + $(DESTDIR)$(systemdtmpfilesdir)/$${conf} || :; \ + done diff --git a/init/tmpfilesd/ipa.conf.in b/init/tmpfilesd/ipa.conf.in new file mode 100644 index 0000000000..750e808edb --- /dev/null +++ b/init/tmpfilesd/ipa.conf.in @@ -0,0 +1,3 @@ +d @localstatedir@/run/ipa 0711 root root +d @localstatedir@/run/ipa/ccaches 0770 ipaapi ipaapi + diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 7a36551f74..41fdae4ac4 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -87,7 +87,6 @@ dist_app_DATA = \ kdcproxy-disable.uldif \ ipa-httpd.conf.template \ gssapi.login \ - ipa.conf.tmpfiles \ gssproxy.conf.template \ kdcproxy.wsgi \ ipakrb5.aug \ diff --git a/install/share/ipa.conf.tmpfiles b/install/share/ipa.conf.tmpfiles deleted file mode 100644 index 573139bf25..0000000000 --- a/install/share/ipa.conf.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -d /var/run/ipa 0711 root root -d /var/run/ipa/ccaches 0770 ipaapi ipaapi diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index de3cdce44b..d48ffca082 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -130,7 +130,6 @@ class BasePathNamespace(object): SYSTEMD_SSSD_SERVICE = "/etc/systemd/system/multi-user.target.wants/sssd.service" SYSTEMD_PKI_TOMCAT_SERVICE = "/etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service" ETC_TMPFILESD_DIRSRV = "/etc/tmpfiles.d/dirsrv-%s.conf" - ETC_TMPFILESD_IPA = "/etc/tmpfiles.d/ipa.conf" DNSSEC_TRUSTED_KEY = "/etc/trusted-key.key" HOME_DIR = "/home" PROC_FIPS_ENABLED = "/proc/sys/crypto/fips_enabled" diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 3358b7d257..edaab91412 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -199,14 +199,6 @@ def set_hostname(self, hostname): """ raise NotImplementedError() - def configure_tmpfiles(self): - """Configure tmpfiles to be created at boot""" - raise NotImplementedError() - - def create_tmpfiles_dirs(self): - """Create run dirs for the install phase""" - raise NotImplementedError() - def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 07efebab97..1ecd1c4e85 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -26,8 +26,6 @@ from __future__ import print_function import os -import pwd -import shutil import socket import base64 import traceback @@ -517,24 +515,5 @@ def is_fips_enabled(self): pass return False - def _create_tmpfiles_dir(self, name, mode, uid, gid): - if not os.path.exists(name): - os.mkdir(name) - os.chmod(name, mode) - os.chown(name, uid, gid) - - def create_tmpfiles_dirs(self): - parent = os.path.dirname(paths.IPA_CCACHES) - pent = pwd.getpwnam(IPAAPI_USER) - self._create_tmpfiles_dir(parent, 0o711, 0, 0) - self._create_tmpfiles_dir(paths.IPA_CCACHES, 0o770, - pent.pw_uid, pent.pw_gid) - - def configure_tmpfiles(self): - shutil.copy( - os.path.join(paths.USR_SHARE_IPA_DIR, 'ipa.conf.tmpfiles'), - paths.ETC_TMPFILESD_IPA - ) - tasks = RedHatTaskNamespace() diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index dced253e7f..45c39ebd9d 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -720,9 +720,6 @@ def install(installer): if installer._update_hosts_file: update_hosts_file(ip_addresses, host_name, fstore) - # Make sure tmpfiles dir exist before installing components - tasks.create_tmpfiles_dirs() - # Create a directory server instance if not options.external_cert_files: # Configure ntpd @@ -895,9 +892,6 @@ def install(installer): except Exception: raise ScriptError("Configuration of client side components failed!") - # Make sure the files we crated in /var/run are recreated at startup - tasks.configure_tmpfiles() - # Everything installed properly, activate ipa service. services.knownservices.ipa.enable() @@ -1048,10 +1042,6 @@ def uninstall(installer): rv = 0 - # further steps assumes that temporary directories exists so rather - # ensure they are created - tasks.create_tmpfiles_dirs() - print("Shutting down all IPA services") try: services.knownservices.ipa.stop() diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 4f28de25bd..bda2f54c50 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1353,9 +1353,6 @@ def install(installer): conn = remote_api.Backend.ldap2 ccache = os.environ['KRB5CCNAME'] - # Make sure tmpfiles dir exist before installing components - tasks.create_tmpfiles_dirs() - if promote: if installer._add_to_ipaservers: try: diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 6b34d0cfe0..54b595baed 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1917,10 +1917,6 @@ def upgrade_check(options): def upgrade(): - # Do this early so that any code depending on these dirs will not fail - tasks.create_tmpfiles_dirs() - tasks.configure_tmpfiles() - realm = api.env.realm schema_files = [os.path.join(paths.USR_SHARE_IPA_DIR, f) for f in dsinstance.ALL_SCHEMA_FILES]
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
