[SCM] Debian packaging for the 2.0 Apache Shibboleth SP branch, master, updated. debian/2.2.1+dfsg-2-25-g47b681b

Russ Allbery rra at debian.org
Wed Nov 11 00:56:48 UTC 2009


The following commit has been merged in the master branch:
commit 47b681ba75eb074fe8b24fa83fe9e859c1a4ef85
Merge: 302d05f4a504391554e6dfe61b9b1a2ecbf02e66 1524052d5e6b67f6a740008a2beef890fde9db1d
Author: Russ Allbery <rra at debian.org>
Date:   Tue Nov 10 16:49:04 2009 -0800

    Merge branch 'debian'

diff --combined configs/shibd-debian.in
index 870afaa,cbe55e6..1f35c72
--- a/configs/shibd-debian.in
+++ b/configs/shibd-debian.in
@@@ -56,15 -56,23 +56,23 @@@ prepare_environment () 
      # Ensure @-PKGRUNDIR-@ exists.  /var/run may be on a tmpfs file system.
      [ -d '@-PKGRUNDIR-@' ] || mkdir -p '@-PKGRUNDIR-@'
  
+     # If $DAEMON_USER is set, try to run _shibd as that user.  However,
+     # versions of the Debian package prior to 2.3+dfsg-1 ran shibd as root,
+     # and the local administrator may not have made the server's private key
+     # readable by _shibd.  We therefore test first by running shibd -t and
+     # looking for the error code indicating that the private key could not be
+     # read.  If we get that error, we fall back on running shibd as root.
      if [ -n "$DAEMON_USER" ]; then
-         if DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null); then
+         DIAG=$(su -s $DAEMON $DAEMON_USER -- -t $DAEMON_OPTS 2>/dev/null)
+         if [ $? != 0 ] ; then
              # openssl errstr 200100D (hex for 33558541) says:
              # error:0200100D:system library:fopen:Permission denied
-             if  echo "$DIAG" | fgrep -q 'ERROR OpenSSL : error code: 33558541 '; then
+             ERROR='ERROR OpenSSL : error code: 33558541 '
+             if echo "$DIAG" | fgrep -q "$ERROR" ; then
                  unset DAEMON_USER
                  echo "$NAME warning: file permissions require running as root"
              else
-                 chown -R "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
+                 chown -Rh "$DAEMON_USER" '@-PKGRUNDIR-@' '@-PKGLOGDIR-@'
              fi
          else
              unset DAEMON_USER
@@@ -91,7 -99,7 +99,7 @@@ start
  stop)
      echo -n "Stopping $DESC: "
      start-stop-daemon --stop --quiet --pidfile $PIDFILE \
 -        --exec $DAEMON
 +        --retry TERM/30/KILL/5 --exec $DAEMON
      echo "$NAME."
      ;;
  restart|force-reload)
@@@ -99,9 -107,10 +107,9 @@@
  
      echo -n "Restarting $DESC: "
      start-stop-daemon --stop --quiet --pidfile $PIDFILE \
 -        --exec $DAEMON
 -    sleep 1
 +        --retry TERM/30/KILL/5 --exec $DAEMON
      start-stop-daemon --start --quiet ${DAEMON_USER:+--chuid $DAEMON_USER} \
 -        --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
 +        -- pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
      echo "$NAME."
      ;;
  *)

-- 
Debian packaging for the 2.0 Apache Shibboleth SP



More information about the Pkg-shibboleth-devel mailing list