diff -u sssd-1.13.4/debian/changelog sssd-1.13.4/debian/changelog --- sssd-1.13.4/debian/changelog +++ sssd-1.13.4/debian/changelog @@ -1,3 +1,10 @@ +sssd (1.13.4-1ubuntu1.3) xenial; urgency=medium + + * d/p/pidfile-creation.diff: Delay the pidfile creation until the + responders are up (LP: #1566508) + + -- Victor Tapia Tue, 07 Mar 2017 11:20:32 +0100 + sssd (1.13.4-1ubuntu1.2) xenial; urgency=medium * d/p/restart_providers_on_timeshift.patch: Implement watchdog and diff -u sssd-1.13.4/debian/patches/series sssd-1.13.4/debian/patches/series --- sssd-1.13.4/debian/patches/series +++ sssd-1.13.4/debian/patches/series @@ -3,0 +4 @@ +pidfile-creation.diff diff -u sssd-1.13.4/debian/sssd-common.sssd.upstart.in sssd-1.13.4/debian/sssd-common.sssd.upstart.in --- sssd-1.13.4/debian/sssd-common.sssd.upstart.in +++ sssd-1.13.4/debian/sssd-common.sssd.upstart.in @@ -7,7 +7,7 @@ description "System Security Services Daemon" -start on (filesystem and net-device-up) +start on (filesystem and net-device-up and starting autofs) stop on runlevel [06] expect fork @@ -29,0 +30,15 @@ + +post-start script + # Wait until the responders are active to transition to started. + TIMEOUT=30 + sec=0 + while [ $sec -lt $TIMEOUT -a ! -f /var/run/sssd.pid ] + do + sleep 1 + sec=$(($sec+1)) + done + + if [ "$sec" -eq "$TIMEOUT" ]; then + stop + fi +end script only in patch2: unchanged: --- sssd-1.13.4.orig/debian/patches/pidfile-creation.diff +++ sssd-1.13.4/debian/patches/pidfile-creation.diff @@ -0,0 +1,275 @@ +Description: Mark SSSD as started after all responders are up. + This patch fixes the sssd boot process for upstart and sssd + creating the pidfile after the responders are up and using it + to determine when the service is ready/started. + +Origin: upstream, commit: d4063e9a21a4e203bee7e0a0144fa8cabb14cc46 +Author: Victor Tapia +Bug: https://fedorahosted.org/sssd/ticket/3080 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1566508 +Reviewed-By: Rafael Tinoco +Last-Update: 2017-03-07 + +--- a/configure.ac ++++ b/configure.ac +@@ -343,10 +343,6 @@ + AM_CHECK_SEMANAGE + fi + +-if test x$HAVE_SYSTEMD_UNIT != x; then +- AM_CHECK_SYSTEMD +-fi +- + dnl If journald was selected for logging, configure journald + if test x$syslog = xjournald; then + AM_CHECK_JOURNALD +--- a/Makefile.am ++++ b/Makefile.am +@@ -1102,6 +1102,7 @@ + $(INOTIFY_LIBS) \ + $(LIBNL_LIBS) \ + $(KEYUTILS_LIBS) \ ++ $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) + + sssd_nss_SOURCES = \ +--- a/src/external/systemd.m4 ++++ b/src/external/systemd.m4 +@@ -1,28 +1,44 @@ +-dnl There are no module libsystemd-journal and libsystem-login +-dnl up systemd version 209 ++dnl A macro to check presence of systemd on the system ++PKG_CHECK_EXISTS([systemd], ++ [HAVE_SYSTEMD=yes], ++ [HAVE_SYSTEMD=no]) ++ ++dnl Libraries libsystemd-journal and libsystem-login are deprecarted ++dnl since systemd 209 and are removed in systemd 230. The library libsystemd ++dnl is replacement of libsystemd-{login,journal,daemon,id128} libraries + PKG_CHECK_EXISTS([libsystemd], + [HAVE_LIBSYSTEMD=yes], + [HAVE_LIBSYSTEMD=no]) + +-dnl A macro to check presence of systemd on the system +-AC_DEFUN([AM_CHECK_SYSTEMD], +-[ +- PKG_CHECK_EXISTS(systemd, +- [ HAVE_SYSTEMD=1, AC_SUBST(HAVE_SYSTEMD) ], +- [AC_MSG_ERROR([Could not detect systemd presence])]) +-]) +- + AS_IF([test x$HAVE_LIBSYSTEMD = xyes], + [login_lib_name=libsystemd], + [login_lib_name=libsystemd-login]) + +-AM_COND_IF([HAVE_SYSTEMD], +- [PKG_CHECK_MODULES([SYSTEMD_LOGIN], +- [$login_lib_name], +- [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_LOGIN], 1, +- [Build with libsystemdlogin support]) +- ], +- [AC_MSG_NOTICE([Build without libsystemd-login support])])]) ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD], 1, [Build with systemd support])], ++ [AC_MSG_NOTICE([Build without systemd support])]) ++ ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [PKG_CHECK_MODULES( ++ [SYSTEMD_LOGIN], ++ [$login_lib_name], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_LOGIN], 1, ++ [Build with $login_lib_name support])], ++ [AC_MSG_NOTICE([Build without $login_lib_name support])])], ++ [AC_MSG_NOTICE([Build without $login_lib_name support])]) ++ ++AS_IF([test x$HAVE_LIBSYSTEMD = xyes], ++ [daemon_lib_name=libsystemd], ++ [daemon_lib_name=libsystemd-daemon]) ++ ++AS_IF([test x$HAVE_SYSTEMD = xyes], ++ [PKG_CHECK_MODULES( ++ [SYSTEMD_DAEMON], ++ [$daemon_lib_name], ++ [AC_DEFINE_UNQUOTED([HAVE_SYSTEMD_DAEMON], 1, ++ [Build with $daemon_lib_name support])], ++ [AC_MSG_NOTICE([Build without $daemon_lib_name support])])], ++ [AC_MSG_NOTICE([Build without $daemon_lib_name support])]) + + dnl A macro to check presence of journald on the system + AC_DEFUN([AM_CHECK_JOURNALD], +--- a/src/monitor/monitor.c ++++ b/src/monitor/monitor.c +@@ -55,6 +55,10 @@ + #include + #endif + ++#ifdef HAVE_SYSTEMD ++#include ++#endif ++ + /* ping time cannot be less then once every few seconds or the + * monitor will get crazy hammering children with messages */ + #define MONITOR_DEF_PING_TIME 10 +@@ -77,7 +81,6 @@ + + /* name of the monitor server instance */ + #define MONITOR_NAME "sssd" +-#define SSSD_PIDFILE_PATH PID_PATH"/"MONITOR_NAME".pid" + + /* Special value to leave the Kerberos Replay Cache set to use + * the libkrb5 defaults +@@ -170,6 +173,7 @@ + struct netlink_ctx *nlctx; + const char *conf_path; + struct sss_sigchild_ctx *sigchld_ctx; ++ bool pid_file_created; + bool is_daemon; + pid_t parent_pid; + +@@ -431,7 +435,30 @@ + ctx->started_services++; + } + +- if (ctx->started_services == ctx->num_services) { ++ /* create the pid file if all services are alive */ ++ if (!ctx->pid_file_created && ctx->started_services == ctx->num_services) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "All services have successfully started, creating pid file\n"); ++ ret = pidfile(PID_PATH, MONITOR_NAME); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "Error creating pidfile: %s/%s.pid! (%d [%s])\n", ++ PID_PATH, MONITOR_NAME, ret, strerror(ret)); ++ kill(getpid(), SIGTERM); ++ } ++ ++ ctx->pid_file_created = true; ++ ++#ifdef HAVE_SYSTEMD ++ DEBUG(SSSDBG_TRACE_FUNC, "Sending startup notification to systemd\n"); ++ ret = sd_notify(0, "READY=1"); ++ if (ret < 0) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Error sending notification to systemd %d: %s\n", ++ -ret, strerror(-ret)); ++ } ++#endif ++ + /* Initialization is complete, terminate parent process if in daemon + * mode. Make sure we send the signal to the right process */ + if (ctx->is_daemon) { +@@ -1476,7 +1503,7 @@ + int ret; + + errno = 0; +- ret = unlink(SSSD_PIDFILE_PATH); ++ ret = unlink(SSSD_PIDFILE); + if (ret == -1) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, +@@ -1698,6 +1725,7 @@ + return ENOMEM; + } + ++ ctx->pid_file_created = false; + talloc_set_destructor((TALLOC_CTX *)ctx, monitor_ctx_destructor); + + cdb_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, CONFDB_FILE); +@@ -2949,8 +2977,6 @@ + return 6; + } + +- /* we want a pid file check */ +- flags |= FLAGS_PID_FILE; + /* the monitor should not run a watchdog on itself */ + flags |= FLAGS_NO_WATCHDOG; + +@@ -3018,6 +3044,15 @@ + } + } + ++ /* Check if the SSSD is already running */ ++ ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false); ++ if (ret == EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, ++ "pidfile exists at %s\n", SSSD_PIDFILE); ++ ERROR("SSSD is already running\n"); ++ return 2; ++ } ++ + /* Parse config file, fail if cannot be done */ + ret = load_configuration(tmp_ctx, config_file, &monitor); + if (ret != EOK) { +--- a/src/sysv/sssd.in ++++ b/src/sysv/sssd.in +@@ -40,6 +40,8 @@ + LOCK_FILE=@localstatedir@/lock/subsys/sssd + PID_FILE=@localstatedir@/run/sssd.pid + ++TIMEOUT=15 ++ + start() { + [ -x $SSSD ] || exit 5 + echo -n $"Starting $prog: " +@@ -47,6 +49,19 @@ + RETVAL=$? + echo + [ "$RETVAL" = 0 ] && touch $LOCK_FILE ++ ++ # Wait for pidfile creation or timeout ++ sec=0 ++ [ "$RETVAL" = 0 ] && while [ $sec -lt $TIMEOUT -a ! -f $PID_FILE ] ++ do ++ sleep 1 ++ sec=$(($sec+1)) ++ done ++ ++ if [ "$sec" = "$TIMEOUT" ]; then ++ RETVAL=-1 ++ fi ++ + return $RETVAL + } + +--- a/src/sysv/systemd/sssd.service.in ++++ b/src/sysv/systemd/sssd.service.in +@@ -6,11 +6,9 @@ + + [Service] + EnvironmentFile=-@environment_file@ +-ExecStart=@sbindir@/sssd -D -f +-# These two should be used with traditional UNIX forking daemons +-# consult systemd.service(5) for more details +-Type=forking +-PIDFile=@localstatedir@/run/sssd.pid ++ExecStart=@sbindir@/sssd -i -f ++Type=notify ++NotifyAccess=main + + [Install] + WantedBy=multi-user.target +--- a/src/tools/tools_util.h ++++ b/src/tools/tools_util.h +@@ -27,9 +27,6 @@ + + #include "util/util.h" + +-#define SSSD_PIDFILE ""PID_PATH"/sssd.pid" +-#define MAX_PID_LENGTH 10 +- + #define BAD_POPT_PARAMS(pc, msg, val, label) do { \ + usage(pc, msg); \ + val = EXIT_FAILURE; \ +--- a/src/util/util.h ++++ b/src/util/util.h +@@ -53,6 +53,10 @@ + #include "util/sss_format.h" + #include "util/debug.h" + ++/* name of the monitor server instance */ ++#define SSSD_PIDFILE PID_PATH"/sssd.pid" ++#define MAX_PID_LENGTH 10 ++ + #define _(STRING) gettext (STRING) + + #define ENUM_INDICATOR "*"