[oe] [PATCH][meta-oe] krb5: add systemd support
wenzong fan
wenzong.fan at windriver.com
Mon Jun 20 01:55:55 UTC 2016
On 06/14/2016 06:22 AM, Pau Espin Pedrol wrote:
> Hi, could you please use "${D}${systemd_system_unitdir}/XYZ.service"
> instead of "${D}${systemd_unitdir}/system/XYZ.service" in here?
>
Ok, thanks for your review, I'll send V2 then.
Thanks
Wenzong
> Pau Espin Pedrol
> mail/jabber: pespin.shar at gmail.com
> http://blog.espeweb.net
>
> 2016-06-13 22:32 GMT+02:00 Martin Jansa <martin.jansa at gmail.com>:
>
>> On Tue, Jun 07, 2016 at 11:06:37PM -0400, wenzong.fan at windriver.com wrote:
>>> From: Wenzong Fan <wenzong.fan at windriver.com>
>>>
>>> Signed-off-by: Wenzong Fan <wenzong.fan at windriver.com>
>>> ---
>>> .../krb5/krb5/krb5-admin-server.service | 14 +++++++++++
>>> .../krb5/krb5/krb5-kdc.service | 13 ++++++++++
>>> meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb | 29
>> +++++++++++++++-------
>>> 3 files changed, 47 insertions(+), 9 deletions(-)
>>> create mode 100644
>> meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service
>>> create mode 100644
>> meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service
>>>
>>> diff --git
>> a/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service
>> b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service
>>> new file mode 100644
>>> index 0000000..1b42716
>>> --- /dev/null
>>> +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-admin-server.service
>>> @@ -0,0 +1,14 @@
>>> +[Unit]
>>> +Description=MIT Kerberos KDC administrative daemon
>>> +After=syslog.target network.target
>>> +ConditionPathExists=/etc/krb5.conf
>>> +
>>> +[Service]
>>> +Type=forking
>>> +ExecStartPre=/bin/sh -c "test ! -f /var/log/kadmind.log || test ! -x
>> /sbin/restorecon || /sbin/restorecon -F /var/log/kadmind.log"
>>> +ExecStart=/usr/sbin/kadmind
>>> +SuccessExitStatus=1 2 SIGKILL
>>> +TimeoutStopSec=30
>>> +
>>> +[Install]
>>> +WantedBy=multi-user.target
>>> diff --git a/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service
>> b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service
>>> new file mode 100644
>>> index 0000000..d5e5a95
>>> --- /dev/null
>>> +++ b/meta-oe/recipes-connectivity/krb5/krb5/krb5-kdc.service
>>> @@ -0,0 +1,13 @@
>>> +[Unit]
>>> +Description=MIT Kerberos KDC
>>> +After=syslog.target network.target
>>> +ConditionPathExists=/etc/krb5.conf
>>> +
>>> +[Service]
>>> +Type=forking
>>> +ExecStart=/usr/sbin/krb5kdc
>>> +SuccessExitStatus=1 2 SIGKILL
>>> +TimeoutStopSec=30
>>> +
>>> +[Install]
>>> +WantedBy=multi-user.target
>>> diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
>> b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
>>> index 0c566cb..d60e332 100644
>>> --- a/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
>>> +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.13.2.bb
>>> @@ -17,7 +17,7 @@ LICENSE = "MIT"
>>> LIC_FILES_CHKSUM =
>> "file://${S}/../NOTICE;md5=f64248328d2d9928e1f04158b5243e7f"
>>> DEPENDS = "ncurses util-linux e2fsprogs e2fsprogs-native"
>>>
>>> -inherit autotools-brokensep binconfig perlnative
>>> +inherit autotools-brokensep binconfig perlnative systemd
>>>
>>> SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
>>> SRC_URI = "
>> http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar \
>>> @@ -32,6 +32,8 @@ SRC_URI = "
>> http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}-signed.tar
>>> file://etc/init.d/krb5-admin-server \
>>> file://etc/default/krb5-kdc \
>>> file://etc/default/krb5-admin-server \
>>> + file://krb5-kdc.service \
>>> + file://krb5-admin-server.service \
>>> file://krb5-CVE-2016-3119.patch;striplevel=2 \
>>>
>> file://0001-Work-around-uninitialized-warning-in-cc_kcm.c.patch;striplevel=2
>> \
>>> "
>>> @@ -40,6 +42,9 @@ SRC_URI[sha256sum] =
>> "e528c30b0209c741f6f320cb83122ded92f291802b6a1a1dc1a01dcdb3
>>>
>>> S = "${WORKDIR}/${BP}/src"
>>>
>>> +SYSTEMD_SERVICE_${PN} = "krb5-admin-server.service krb5-kdc.service"
>>> +SYSTEMD_AUTO_ENABLE = "disable"
>>> +
>>> PACKAGECONFIG ??= "openssl"
>>> PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
>>> PACKAGECONFIG[openssl] = "--with-pkinit-crypto-impl=openssl,,openssl"
>>> @@ -79,20 +84,26 @@ do_configure() {
>>> }
>>>
>>> do_install_append() {
>>> - mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default
>>> - install -m 0755 ${WORKDIR}/etc/init.d/* ${D}/${sysconfdir}/init.d
>>> - install -m 0644 ${WORKDIR}/etc/default/* ${D}/${sysconfdir}/default
>>> -
>>> rm -rf ${D}/${localstatedir}/run
>>> - mkdir -p ${D}/${sysconfdir}/default/volatiles
>>> - echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \
>>> - > ${D}${sysconfdir}/default/volatiles/87_krb5
>>> +
>>> + if ${@base_contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false',
>> d)}; then
>>
>> Don't use base_contains
>>
>> Did you test this change in master? You would see this note:
>>
>> NOTE:
>> /OE/build/oe-core/meta-openembedded/meta-oe/recipes-connectivity/krb5/
>> krb5_1.13.2.bb: base_contains is deprecated, please use bb.utils.contains
>> instead.
>>
>>> + mkdir -p ${D}/${sysconfdir}/init.d ${D}/${sysconfdir}/default
>>> + install -m 0755 ${WORKDIR}/etc/init.d/*
>> ${D}/${sysconfdir}/init.d
>>> + install -m 0644 ${WORKDIR}/etc/default/*
>> ${D}/${sysconfdir}/default
>>> +
>>> + mkdir -p ${D}/${sysconfdir}/default/volatiles
>>> + echo "d root root 0755 ${localstatedir}/run/krb5kdc none" \
>>> + > ${D}${sysconfdir}/default/volatiles/87_krb5
>>> + fi
>>> if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true',
>> 'false', d)}; then
>>> install -d ${D}${sysconfdir}/tmpfiles.d
>>> echo "d /run/krb5kdc - - - -" \
>>> > ${D}${sysconfdir}/tmpfiles.d/krb5.conf
>>> - fi
>>>
>>> + install -d ${D}${systemd_unitdir}/system
>>> + install -m 0644 ${WORKDIR}/krb5-admin-server.service
>> ${D}${systemd_unitdir}/system
>>> + install -m 0644 ${WORKDIR}/krb5-kdc.service
>> ${D}${systemd_unitdir}/system
>>> + fi
>>> }
>>>
>>> pkg_postinst_${PN} () {
>>> --
>>> 2.8.1
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-devel mailing list
>>> Openembedded-devel at lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>>
>> --
>> Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
>>
>> --
>> _______________________________________________
>> Openembedded-devel mailing list
>> Openembedded-devel at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>>
>>
More information about the Openembedded-devel
mailing list