[SSSD] [sssd PR#630][comment] KCM/SECRETS: Use a library to access the secrets storage instead of the secrets responder, deprecate secrets responder

[fidencio]

  URL: https://github.com/SSSD/sssd/pull/630
Title: #630: KCM/SECRETS: Use a library to access the secrets storage instead 
of the secrets responder, deprecate secrets responder

fidencio commented:
"""
@jhrozek, I found out a few more issues related to the last patch of the latest 
series, please, take a look at the following patch that could be squashed into 
yours:
```
diff --git a/Makefile.am b/Makefile.am
index 23e094a37..0f36148e8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4663,8 +4663,6 @@ if HAVE_SYSTEMD_UNIT
         src/sysv/systemd/sssd-pam.socket \
         src/sysv/systemd/sssd-pam-priv.socket \
         src/sysv/systemd/sssd-pam.service \
-        src/sysv/systemd/sssd-secrets.socket \
-        src/sysv/systemd/sssd-secrets.service \
         $(NULL)
 if BUILD_AUTOFS
     systemdunit_DATA += \
@@ -4683,6 +4681,12 @@ if BUILD_PAC_RESPONDER
         src/sysv/systemd/sssd-pac.service \
         $(NULL)
 endif
+if BUILD_SECRETS
+    systemdunit_DATA += \
+        src/sysv/systemd/sssd-secrets.socket \
+        src/sysv/systemd/sssd-secrets.service \
+        $(NULL)
+endif
 if BUILD_SSH
     systemdunit_DATA += \
         src/sysv/systemd/sssd-ssh.socket \
@@ -4820,6 +4824,7 @@ src/sysv/systemd/sssd-pam.service: 
src/sysv/systemd/sssd-pam.service.in Makefile
        @$(MKDIR_P) src/sysv/systemd/
        $(replace_script)
 
+if BUILD_SECRETS
 src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in 
Makefile
        @$(MKDIR_P) src/sysv/systemd/
        $(replace_script)
@@ -4827,6 +4832,7 @@ src/sysv/systemd/sssd-secrets.socket: 
src/sysv/systemd/sssd-secrets.socket.in Ma
 src/sysv/systemd/sssd-secrets.service: 
src/sysv/systemd/sssd-secrets.service.in Makefile
        @$(MKDIR_P) src/sysv/systemd/
        $(replace_script)
+endif
 
 if BUILD_AUTOFS
 src/sysv/systemd/sssd-autofs.socket: src/sysv/systemd/sssd-autofs.socket.in 
Makefile
@@ -4875,9 +4881,25 @@ src/sysv/systemd/sssd-sudo.service: 
src/sysv/systemd/sssd-sudo.service.in Makefi
 endif
 
 if BUILD_KCM
+if BUILD_SECRETS
+kcm_socket_requires = Requires=sssd-secrets.socket
+else
+kcm_socket_requires =
+endif
+
+kcm_edit_cmd = $(edit_cmd) \
+        -e 's|@kcm_socket_requires[@]|$(kcm_socket_requires)|g'
+
+kcm_replace_script = \
+    @rm -f $@ $@.tmp; \
+    srcdir=''; \
+        test -f ./$@.in || srcdir=$(srcdir)/; \
+        $(kcm_edit_cmd) $${srcdir}$@.in >$@.tmp; \
+    mv $@.tmp $@
+
 src/sysv/systemd/sssd-kcm.socket: src/sysv/systemd/sssd-kcm.socket.in Makefile
        @$(MKDIR_P) src/sysv/systemd/
-       $(replace_script)
+       $(kcm_replace_script)
 
 src/sysv/systemd/sssd-kcm.service: src/sysv/systemd/sssd-kcm.service.in 
Makefile
        @$(MKDIR_P) src/sysv/systemd/
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index a9874a10e..706254deb 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -1351,10 +1351,10 @@ done
 %{_datadir}/sssd-kcm/kcm_default_ccache
 %{_unitdir}/sssd-kcm.socket
 %{_unitdir}/sssd-kcm.service
-%{_unitdir}/sssd-secrets.socket
-%{_unitdir}/sssd-secrets.service
 %{_mandir}/man8/sssd-kcm.8*
 %if (0%{?with_secrets} == 1)
+%{_unitdir}/sssd-secrets.socket
+%{_unitdir}/sssd-secrets.service
 %{_mandir}/man5/sssd-secrets.5*
 %endif
 %endif
@@ -1372,7 +1372,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / 
-s /sbin/nologin -c "Us
 %systemd_post sssd-pac.socket
 %systemd_post sssd-pam.socket
 %systemd_post sssd-pam-priv.socket
-%systemd_post sssd-secrets.socket
 %systemd_post sssd-ssh.socket
 %systemd_post sssd-sudo.socket
 
@@ -1383,7 +1382,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / 
-s /sbin/nologin -c "Us
 %systemd_preun sssd-pac.socket
 %systemd_preun sssd-pam.socket
 %systemd_preun sssd-pam-priv.socket
-%systemd_preun sssd-secrets.socket
 %systemd_preun sssd-ssh.socket
 %systemd_preun sssd-sudo.socket
 
@@ -1398,8 +1396,6 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / 
-s /sbin/nologin -c "Us
 %systemd_postun_with_restart sssd-pam.socket
 %systemd_postun_with_restart sssd-pam-priv.socket
 %systemd_postun_with_restart sssd-pam.service
-%systemd_postun_with_restart sssd-secrets.socket
-%systemd_postun_with_restart sssd-secrets.service
 %systemd_postun_with_restart sssd-ssh.socket
 %systemd_postun_with_restart sssd-ssh.service
 %systemd_postun_with_restart sssd-sudo.socket
@@ -1426,6 +1422,18 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / 
-s /sbin/nologin -c "Us
 %systemd_postun_with_restart sssd-kcm.service
 %endif
 
+%if (0%{?with_secrets} == 1)
+%post secrets
+%systemd_postun_with_restart sssd-secrets.socket
+
+%preun secrets
+%systemd_preun_with_restart sssd-secrets.socket
+
+%postun secrets
+%systemd_postun_with_restart sssd-secrets.socket
+%systemd_postun_with_restart sssd-secrets.service
+%endif
+
 %else
 # sysv
 %post common
diff --git a/src/sysv/systemd/sssd-kcm.socket.in 
b/src/sysv/systemd/sssd-kcm.socket.in
index 8b742847d..e8a5f0aca 100644
--- a/src/sysv/systemd/sssd-kcm.socket.in
+++ b/src/sysv/systemd/sssd-kcm.socket.in
@@ -1,7 +1,7 @@
 [Unit]
 Description=SSSD Kerberos Cache Manager responder socket
 Documentation=man:sssd-kcm(8)
-Requires=sssd-secrets.socket
+@kcm_socket_requires@
 
 [Socket]
 ListenStream=@runstatedir@/.heim_org.h5l.kcm-socket
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/630#issuecomment-412116116

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/sssd-devel@lists.fedorahosted.org/message/LHTSJAJWD6Y3SODYSUSHXNSBH4Y7PMXP/