[arch-commits] Commit in gssproxy/repos (16 files)
Andreas Radke
andyrtr at archlinux.org
Wed Feb 25 18:24:56 UTC 2015
Date: Wednesday, February 25, 2015 @ 19:24:56
Author: andyrtr
Revision: 231983
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
gssproxy/repos/testing-i686/
gssproxy/repos/testing-i686/0001-Fix-error-in-compiling-without-SELinux.patch
(from rev 231982, gssproxy/trunk/0001-Fix-error-in-compiling-without-SELinux.patch)
gssproxy/repos/testing-i686/PKGBUILD
(from rev 231982, gssproxy/trunk/PKGBUILD)
gssproxy/repos/testing-i686/fix-build-with-automake1.15.patch
(from rev 231982, gssproxy/trunk/fix-build-with-automake1.15.patch)
gssproxy/repos/testing-i686/gssproxy-0.3.1-deadlock_fix.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-deadlock_fix.patch)
gssproxy/repos/testing-i686/gssproxy-0.3.1-flags_handling.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-flags_handling.patch)
gssproxy/repos/testing-i686/gssproxy-0.3.1-gssi_inquire_context.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-gssi_inquire_context.patch)
gssproxy/repos/testing-i686/gssproxy-0.3.1-nfsd_startup.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-nfsd_startup.patch)
gssproxy/repos/testing-x86_64/
gssproxy/repos/testing-x86_64/0001-Fix-error-in-compiling-without-SELinux.patch
(from rev 231982, gssproxy/trunk/0001-Fix-error-in-compiling-without-SELinux.patch)
gssproxy/repos/testing-x86_64/PKGBUILD
(from rev 231982, gssproxy/trunk/PKGBUILD)
gssproxy/repos/testing-x86_64/fix-build-with-automake1.15.patch
(from rev 231982, gssproxy/trunk/fix-build-with-automake1.15.patch)
gssproxy/repos/testing-x86_64/gssproxy-0.3.1-deadlock_fix.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-deadlock_fix.patch)
gssproxy/repos/testing-x86_64/gssproxy-0.3.1-flags_handling.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-flags_handling.patch)
gssproxy/repos/testing-x86_64/gssproxy-0.3.1-gssi_inquire_context.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-gssi_inquire_context.patch)
gssproxy/repos/testing-x86_64/gssproxy-0.3.1-nfsd_startup.patch
(from rev 231982, gssproxy/trunk/gssproxy-0.3.1-nfsd_startup.patch)
------------------------------------------------------------------+
testing-i686/0001-Fix-error-in-compiling-without-SELinux.patch | 53 ++
testing-i686/PKGBUILD | 73 +++
testing-i686/fix-build-with-automake1.15.patch | 47 +
testing-i686/gssproxy-0.3.1-deadlock_fix.patch | 37 +
testing-i686/gssproxy-0.3.1-flags_handling.patch | 32 +
testing-i686/gssproxy-0.3.1-gssi_inquire_context.patch | 40 +
testing-i686/gssproxy-0.3.1-nfsd_startup.patch | 241 ++++++++++
testing-x86_64/0001-Fix-error-in-compiling-without-SELinux.patch | 53 ++
testing-x86_64/PKGBUILD | 73 +++
testing-x86_64/fix-build-with-automake1.15.patch | 47 +
testing-x86_64/gssproxy-0.3.1-deadlock_fix.patch | 37 +
testing-x86_64/gssproxy-0.3.1-flags_handling.patch | 32 +
testing-x86_64/gssproxy-0.3.1-gssi_inquire_context.patch | 40 +
testing-x86_64/gssproxy-0.3.1-nfsd_startup.patch | 241 ++++++++++
14 files changed, 1046 insertions(+)
Copied: gssproxy/repos/testing-i686/0001-Fix-error-in-compiling-without-SELinux.patch (from rev 231982, gssproxy/trunk/0001-Fix-error-in-compiling-without-SELinux.patch)
===================================================================
--- testing-i686/0001-Fix-error-in-compiling-without-SELinux.patch (rev 0)
+++ testing-i686/0001-Fix-error-in-compiling-without-SELinux.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,53 @@
+From c30f02063e548c20d1021ec42cb958a7ef0c25af Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Wed, 7 Jan 2015 15:59:53 -0500
+Subject: [PATCH] Fix error in compiling without SELinux
+
+Fixes: #131
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+---
+ proxy/src/gp_selinux.h | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/proxy/src/gp_selinux.h b/proxy/src/gp_selinux.h
+index 693a12421823e0e6808cf19b8835b68411c106c7..f53da5a7bc1c986278722c9da0a680cbec8b2ef4 100644
+--- a/src/gp_selinux.h
++++ b/src/gp_selinux.h
+@@ -48,9 +48,9 @@
+ #define SELINUX_CTX void *
+ #define SEC_CTX void *
+
+-void *SELINUX_context_new(const char *str) { return NULL; }
+-#define SELINUX_context_free(x) (x) = NULL;
+-const char *SELINUX_context_dummy_get(void *) { return NULL; }
++#define SELINUX_context_new(x) NULL
++#define SELINUX_context_free(x) (x) = NULL
++#define SELINUX_context_dummy_get(x) "<SELinux not compiled in>"
+ #define SELINUX_context_str SELINUX_context_dummy_get
+ #define SELINUX_context_type_get SELINUX_context_dummy_get
+ #define SELINUX_context_user_get SELINUX_context_dummy_get
+@@ -58,13 +58,12 @@ const char *SELINUX_context_dummy_get(void *) { return NULL; }
+ #define SELINUX_context_range_get SELINUX_context_dummy_get
+
+ #include <errno.h>
+-int SELINUX_getpeercon(int fd, SEC_CTX *con)
+-{
+- *con = NULL;
+- errno = ENOTSUP;
+- return -1;
+-}
+-#define SELINUX_freecon(x) (x) = NULL;
++#define SELINUX_getpeercon(x, y) -1; do { \
++ *(y) = NULL; \
++ errno = ENOTSUP; \
++} while(0)
++
++#define SELINUX_freecon(x) (x) = NULL
+
+ #endif /* done HAVE_SELINUX */
+
+--
+2.1.0
+
+
Copied: gssproxy/repos/testing-i686/PKGBUILD (from rev 231982, gssproxy/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,73 @@
+# $Id$
+# Maintainer: AndyRTR <andyrtr at archlinux.org>
+# Contributor: Mantas Mikulėnas <grawity at gmail.com>
+
+pkgname=gssproxy
+pkgver=0.3.1
+pkgrel=2
+pkgdesc="GSSAPI Proxy"
+arch=(i686 x86_64)
+url="https://fedorahosted.org/gss-proxy/"
+license=('custom: MIT')
+depends=('krb5' 'popt' 'ding-libs')
+makedepends=('popt' 'libxslt' 'systemd' 'docbook-xsl' 'doxygen' )
+options=('emptydirs')
+backup=('etc/gssproxy/gssproxy.conf' 'etc/gss/mech')
+source=(https://fedorahosted.org/released/gss-proxy/$pkgname-$pkgver.tar.gz
+ 0001-Fix-error-in-compiling-without-SELinux.patch
+ gssproxy-0.3.1-deadlock_fix.patch
+ gssproxy-0.3.1-flags_handling.patch
+ gssproxy-0.3.1-gssi_inquire_context.patch
+ gssproxy-0.3.1-nfsd_startup.patch
+ fix-build-with-automake1.15.patch)
+md5sums=('f455f4e483ecda8274d235942fa8e943'
+ '91cadad2cc7ae0d7c2353f2a1e6783d6'
+ '5f24413b213524feffb14d3710da9051'
+ '0e51c445f5fbadf94c914783267338e3'
+ '4462cbf85e39f50bbfef34cfb24fe061'
+ 'ee9a5f57b879f7b59e3b6aac7114369e'
+ 'a16f985cc74e67a4a97f97fafe157388')
+
+prepare() {
+ cd "$srcdir/gssproxy-$pkgver"
+ # build broken without selinux https://fedorahosted.org/gss-proxy/ticket/131
+ patch -Np1 -i $srcdir/0001-Fix-error-in-compiling-without-SELinux.patch
+ # patch from Fedora rpm - their maintainer is the upstream dev
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-deadlock_fix.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-flags_handling.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-gssi_inquire_context.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-nfsd_startup.patch
+ # upstream patches
+ patch -Np2 -i $srcdir/fix-build-with-automake1.15.patch
+
+ autoreconf -vfi
+}
+
+build() {
+ cd "$srcdir/gssproxy-$pkgver"
+ # make it find bundled verto from krb5 without its own pkg-config file
+ export VERTO_CFLAGS="-I/usr/include", export VERTO_LIBS="-L/usr/lib -lverto"
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-pubconf-path=/etc \
+ --sbindir=/usr/bin \
+ --localstatedir=/var \
+ --without-selinux \
+ --with-initscript=systemd
+ make
+ make test_proxymech
+}
+
+package() {
+ cd "$srcdir/gssproxy-$pkgver"
+ make DESTDIR="$pkgdir" install
+
+ rm -rf $pkgdir/usr/include
+ rm -rf $pkgdir/usr/share/doc
+
+ install -m644 examples/gssproxy.conf $pkgdir/etc/gssproxy/gssproxy.conf
+ install -m644 examples/mech $pkgdir/etc/gss/mech
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/$pkgname"
+ install -m644 COPYING "${pkgdir}/usr/share/licenses/$pkgname/"
+}
Copied: gssproxy/repos/testing-i686/fix-build-with-automake1.15.patch (from rev 231982, gssproxy/trunk/fix-build-with-automake1.15.patch)
===================================================================
--- testing-i686/fix-build-with-automake1.15.patch (rev 0)
+++ testing-i686/fix-build-with-automake1.15.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,47 @@
+From 3349c5a75225649114173529de180bd6d46a9c6e Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn at redhat.com>
+Date: Fri, 16 Jan 2015 16:45:21 +0100
+Subject: BUILD: Fix building with automake 1.15
+
+The macro AC_BUILD_AUX_DIR was used too late. As a result of this automake 1.15
+generated configure script which ignored the directory build/ and was not able
+to find missing files.
+
+ configure: error: cannot find install-sh, install.sh,
+ or shtool in "." "./.." "./../..".
+
+After removing macro AC_BUILD_AUX_DIR, autoreconf will install auxiliary files
+into $srcdir.
+
+Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
+Reviewed-by: Simo Sorce <simo at redhat.com>
+
+diff --git a/proxy/Makefile.am b/proxy/Makefile.am
+index b5ba2af..86b5933 100644
+--- a/proxy/Makefile.am
++++ b/proxy/Makefile.am
+@@ -79,8 +79,6 @@ AM_CPPFLAGS = \
+ -DSYSCONFDIR=\"$(sysconfdir)\" \
+ -DLOCALEDIR=\"$(localedir)\"
+
+-EXTRA_DIST = build/config.rpath
+-
+ GSS_PROXY_LIBS = $(POPT_LIBS) $(KRB5_LIBS) $(VERTO_LIBS) $(INI_LIBS) $(GSSAPI_LIBS) $(GSSRPC_LIBS)
+
+ if BUILD_SELINUX
+diff --git a/proxy/configure.ac b/proxy/configure.ac
+index a709d20..5e43c3b 100644
+--- a/proxy/configure.ac
++++ b/proxy/configure.ac
+@@ -12,7 +12,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
+ CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
+
+ AC_CONFIG_SRCDIR([BUILD.txt])
+-AC_CONFIG_AUX_DIR([build])
+
+ AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax])
+ AM_PROG_CC_C_O
+--
+cgit v0.10.2
+
+
Copied: gssproxy/repos/testing-i686/gssproxy-0.3.1-deadlock_fix.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-deadlock_fix.patch)
===================================================================
--- testing-i686/gssproxy-0.3.1-deadlock_fix.patch (rev 0)
+++ testing-i686/gssproxy-0.3.1-deadlock_fix.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,37 @@
+From f39b471f34b381784a1bd1906bf8335ac2c7ef5e Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Tue, 11 Mar 2014 18:16:32 -0400
+Subject: [PATCH] Properly cleanup mutex on failure.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the call to create socket fails we leave a dangling lock and the client
+enters into a deadlock on the next call.
+
+Fixes: https://fedorahosted.org/gss-proxy/ticket/121
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/client/gpm_common.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
+index 74296da..4651194 100644
+--- a/proxy/src/client/gpm_common.c
++++ b/proxy/src/client/gpm_common.c
+@@ -153,6 +153,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx)
+ ret = gpm_open_socket(gpmctx);
+ }
+
++ if (ret) {
++ pthread_mutex_unlock(&gpmctx->lock);
++ }
+ return ret;
+ }
+
+--
+1.8.5.3
+
+
Copied: gssproxy/repos/testing-i686/gssproxy-0.3.1-flags_handling.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-flags_handling.patch)
===================================================================
--- testing-i686/gssproxy-0.3.1-flags_handling.patch (rev 0)
+++ testing-i686/gssproxy-0.3.1-flags_handling.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,32 @@
+From 8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 6 Dec 2013 17:51:14 -0500
+Subject: [PATCH] Fix config token parsing.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://fedorahosted.org/gss-proxy/ticket/112
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_config.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
+index 2fc4a6f..ee96975 100644
+--- a/proxy/src/gp_config.c
++++ b/proxy/src/gp_config.c
+@@ -153,7 +153,6 @@ static int parse_flags(const char *value, uint32_t *storage)
+ return ENOMEM;
+ }
+
+- token = strtok_r(str, ", ", &handle);
+ for (token = strtok_r(str, ", ", &handle);
+ token != NULL;
+ token = strtok_r(NULL, ", ", &handle)) {
+--
+1.8.3.1
+
+
Copied: gssproxy/repos/testing-i686/gssproxy-0.3.1-gssi_inquire_context.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-gssi_inquire_context.patch)
===================================================================
--- testing-i686/gssproxy-0.3.1-gssi_inquire_context.patch (rev 0)
+++ testing-i686/gssproxy-0.3.1-gssi_inquire_context.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,40 @@
+From c17f20b949d2e80e596ce21ecd944db80aaa80b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gdeschner at redhat.com>
+Date: Wed, 29 Jan 2014 17:59:03 +0100
+Subject: [PATCH] Fix potential segfault in gssi_inquire_context().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Günther Deschner <gdeschner at redhat.com>
+Reviewed-by: Simo Sorce <simo at redhat.com>
+---
+ proxy/src/mechglue/gpp_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
+index 6010724..bb16a93 100644
+--- a/proxy/src/mechglue/gpp_context.c
++++ b/proxy/src/mechglue/gpp_context.c
+@@ -223,7 +223,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ maj = gss_inquire_context(&min,
+ ctx_handle->local,
+ s_name ? &s_name->local : NULL,
+- s_name ? &t_name->local : NULL,
++ t_name ? &t_name->local : NULL,
+ lifetime_rec,
+ &mech_oid,
+ ctx_flags,
+@@ -233,7 +233,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ maj = gpm_inquire_context(&min,
+ ctx_handle->remote,
+ s_name ? &s_name->remote : NULL,
+- s_name ? &t_name->remote : NULL,
++ t_name ? &t_name->remote : NULL,
+ lifetime_rec,
+ &mech_oid,
+ ctx_flags,
+--
+1.8.5.3
+
+
Copied: gssproxy/repos/testing-i686/gssproxy-0.3.1-nfsd_startup.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-nfsd_startup.patch)
===================================================================
--- testing-i686/gssproxy-0.3.1-nfsd_startup.patch (rev 0)
+++ testing-i686/gssproxy-0.3.1-nfsd_startup.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,241 @@
+From 58a39677c961c72b052eae0b9d94b992254d6e10 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 3 Jan 2014 16:45:35 -0500
+Subject: [PATCH 1/2] Add utility functions to read()/write() safely
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Automatically handle short reads due to singals interrupting the process.
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_common.h | 2 ++
+ proxy/src/gp_util.c | 39 +++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 41 insertions(+)
+
+diff --git a/proxy/src/gp_common.h b/proxy/src/gp_common.h
+index f2b8c3e..3a1b7be 100644
+--- a/proxy/src/gp_common.h
++++ b/proxy/src/gp_common.h
+@@ -69,6 +69,8 @@ bool gp_same(const char *a, const char *b);
+ bool gp_boolean_is_true(const char *s);
+ char *gp_getenv(const char *name);
+
++ssize_t gp_safe_read(int fd, void *buf, size_t count);
++ssize_t gp_safe_write(int fd, const void *buf, size_t count);
+ /* NOTE: read the note in gp_util.c before using gp_strerror() */
+ char *gp_strerror(int errnum);
+
+diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
+index 4fbac4e..34f3024 100644
+--- a/proxy/src/gp_util.c
++++ b/proxy/src/gp_util.c
+@@ -29,6 +29,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <errno.h>
++#include <unistd.h>
+
+ bool gp_same(const char *a, const char *b)
+ {
+@@ -125,3 +126,41 @@ char *gp_strerror(int errnum)
+ errno = saved_errno;
+ return buf;
+ }
++
++ssize_t gp_safe_read(int fd, void *buf, size_t count)
++{
++ char *b = (char *)buf;
++ ssize_t len = 0;
++ ssize_t ret;
++
++ do {
++ ret = read(fd, &b[len], count - len);
++ if (ret == -1) {
++ if (errno == EINTR) continue;
++ return ret;
++ }
++ if (ret == 0) break; /* EOF */
++ len += ret;
++ } while (count > len);
++
++ return len;
++}
++
++ssize_t gp_safe_write(int fd, const void *buf, size_t count)
++{
++ const char *b = (const char *)buf;
++ ssize_t len = 0;
++ ssize_t ret;
++
++ do {
++ ret = write(fd, &b[len], count - len);
++ if (ret == -1) {
++ if (errno == EINTR) continue;
++ return ret;
++ }
++ if (ret == 0) break; /* EOF */
++ len += ret;
++ } while (count > len);
++
++ return len;
++}
+--
+1.8.4.2
+
+
+From bd8ffcf67be8fdbe14bc49a65a8eafe904119d88 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 3 Jan 2014 12:10:36 -0500
+Subject: [PATCH 2/2] Block parent process until child is initialized.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This way the init system will not proceed starting dependencies until gssproxy
+is actually ready to serve requests.
+In particular this is used to make sure the nfsd proc file has been touched
+before the nfsd server is started.
+
+Resolves: https://fedorahosted.org/gss-proxy/ticket/114
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_init.c | 42 +++++++++++++++++++++++++++++++++++++++---
+ proxy/src/gp_proxy.h | 3 ++-
+ proxy/src/gssproxy.c | 11 +++++++++--
+ 3 files changed, 50 insertions(+), 6 deletions(-)
+
+diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
+index 830ae16..6207a78 100644
+--- a/proxy/src/gp_init.c
++++ b/proxy/src/gp_init.c
+@@ -37,12 +37,22 @@
+ #include <stdio.h>
+ #include "gp_proxy.h"
+
+-void init_server(bool daemonize)
++void init_server(bool daemonize, int *wait_fd)
+ {
+ pid_t pid, sid;
+ int ret;
+
++ *wait_fd = -1;
++
+ if (daemonize) {
++ int pipefd[2];
++ char buf[1];
++
++ /* create parent-child pipe */
++ ret = pipe(pipefd);
++ if (ret == -1) {
++ exit(EXIT_FAILURE);
++ }
+
+ pid = fork();
+ if (pid == -1) {
+@@ -50,10 +60,22 @@ void init_server(bool daemonize)
+ exit(EXIT_FAILURE);
+ }
+ if (pid != 0) {
+- /* ok kill the parent */
+- exit(EXIT_SUCCESS);
++ /* wait for child to signal it is ready */
++ close(pipefd[1]);
++ ret = gp_safe_read(pipefd[0], buf, 1);
++ if (ret == 1) {
++ /* child signaled all ok */
++ exit(EXIT_SUCCESS);
++ } else {
++ /* lost child, something went wrong */
++ exit(EXIT_FAILURE);
++ }
+ }
+
++ /* child */
++ close(pipefd[0]);
++ *wait_fd = pipefd[1];
++
+ sid = setsid();
+ if (sid == -1) {
+ /* setsid error ? abort */
+@@ -78,6 +100,20 @@ void init_server(bool daemonize)
+ gp_logging_init();
+ }
+
++void init_done(int wait_fd)
++{
++ char buf = 0;
++ int ret;
++
++ if (wait_fd != -1) {
++ ret = gp_safe_write(wait_fd, &buf, 1);
++ if (ret != 1) {
++ exit(EXIT_FAILURE);
++ }
++ close(wait_fd);
++ }
++}
++
+ void fini_server(void)
+ {
+ closelog();
+diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
+index 733fec5..79bebb8 100644
+--- a/proxy/src/gp_proxy.h
++++ b/proxy/src/gp_proxy.h
+@@ -106,7 +106,8 @@ struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc);
+ void free_config(struct gp_config **config);
+
+ /* from gp_init.c */
+-void init_server(bool daemonize);
++void init_server(bool daemonize, int *wait_fd);
++void init_done(int wait_fd);
+ void fini_server(void);
+ verto_ctx *init_event_loop(void);
+ void init_proc_nfsd(struct gp_config *cfg);
+diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
+index 1bf0a0b..80430d6 100644
+--- a/proxy/src/gssproxy.c
++++ b/proxy/src/gssproxy.c
+@@ -42,6 +42,7 @@ int main(int argc, const char *argv[])
+ int vflags;
+ struct gssproxy_ctx *gpctx;
+ struct gp_sock_ctx *sock_ctx;
++ int wait_fd;
+ int ret;
+ int i;
+
+@@ -97,7 +98,7 @@ int main(int argc, const char *argv[])
+ exit(EXIT_FAILURE);
+ }
+
+- init_server(gpctx->config->daemonize);
++ init_server(gpctx->config->daemonize, &wait_fd);
+
+ write_pid();
+
+@@ -139,9 +140,15 @@ int main(int argc, const char *argv[])
+ }
+ }
+
+- /* special call to tell the Linux kernel gss-proxy is available */
++ /* We need to tell nfsd that GSS-Proxy is available before it starts,
++ * as nfsd needs to know GSS-Proxy is in use before the first time it
++ * needs to call accept_sec_context. */
+ init_proc_nfsd(gpctx->config);
+
++ /* Now it is safe to tell the init system that we're done starting up,
++ * so it can continue with dependencies and start nfsd */
++ init_done(wait_fd);
++
+ ret = gp_workers_init(gpctx);
+ if (ret) {
+ exit(EXIT_FAILURE);
+--
+1.8.4.2
+
+
Copied: gssproxy/repos/testing-x86_64/0001-Fix-error-in-compiling-without-SELinux.patch (from rev 231982, gssproxy/trunk/0001-Fix-error-in-compiling-without-SELinux.patch)
===================================================================
--- testing-x86_64/0001-Fix-error-in-compiling-without-SELinux.patch (rev 0)
+++ testing-x86_64/0001-Fix-error-in-compiling-without-SELinux.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,53 @@
+From c30f02063e548c20d1021ec42cb958a7ef0c25af Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Wed, 7 Jan 2015 15:59:53 -0500
+Subject: [PATCH] Fix error in compiling without SELinux
+
+Fixes: #131
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+---
+ proxy/src/gp_selinux.h | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/proxy/src/gp_selinux.h b/proxy/src/gp_selinux.h
+index 693a12421823e0e6808cf19b8835b68411c106c7..f53da5a7bc1c986278722c9da0a680cbec8b2ef4 100644
+--- a/src/gp_selinux.h
++++ b/src/gp_selinux.h
+@@ -48,9 +48,9 @@
+ #define SELINUX_CTX void *
+ #define SEC_CTX void *
+
+-void *SELINUX_context_new(const char *str) { return NULL; }
+-#define SELINUX_context_free(x) (x) = NULL;
+-const char *SELINUX_context_dummy_get(void *) { return NULL; }
++#define SELINUX_context_new(x) NULL
++#define SELINUX_context_free(x) (x) = NULL
++#define SELINUX_context_dummy_get(x) "<SELinux not compiled in>"
+ #define SELINUX_context_str SELINUX_context_dummy_get
+ #define SELINUX_context_type_get SELINUX_context_dummy_get
+ #define SELINUX_context_user_get SELINUX_context_dummy_get
+@@ -58,13 +58,12 @@ const char *SELINUX_context_dummy_get(void *) { return NULL; }
+ #define SELINUX_context_range_get SELINUX_context_dummy_get
+
+ #include <errno.h>
+-int SELINUX_getpeercon(int fd, SEC_CTX *con)
+-{
+- *con = NULL;
+- errno = ENOTSUP;
+- return -1;
+-}
+-#define SELINUX_freecon(x) (x) = NULL;
++#define SELINUX_getpeercon(x, y) -1; do { \
++ *(y) = NULL; \
++ errno = ENOTSUP; \
++} while(0)
++
++#define SELINUX_freecon(x) (x) = NULL
+
+ #endif /* done HAVE_SELINUX */
+
+--
+2.1.0
+
+
Copied: gssproxy/repos/testing-x86_64/PKGBUILD (from rev 231982, gssproxy/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,73 @@
+# $Id$
+# Maintainer: AndyRTR <andyrtr at archlinux.org>
+# Contributor: Mantas Mikulėnas <grawity at gmail.com>
+
+pkgname=gssproxy
+pkgver=0.3.1
+pkgrel=2
+pkgdesc="GSSAPI Proxy"
+arch=(i686 x86_64)
+url="https://fedorahosted.org/gss-proxy/"
+license=('custom: MIT')
+depends=('krb5' 'popt' 'ding-libs')
+makedepends=('popt' 'libxslt' 'systemd' 'docbook-xsl' 'doxygen' )
+options=('emptydirs')
+backup=('etc/gssproxy/gssproxy.conf' 'etc/gss/mech')
+source=(https://fedorahosted.org/released/gss-proxy/$pkgname-$pkgver.tar.gz
+ 0001-Fix-error-in-compiling-without-SELinux.patch
+ gssproxy-0.3.1-deadlock_fix.patch
+ gssproxy-0.3.1-flags_handling.patch
+ gssproxy-0.3.1-gssi_inquire_context.patch
+ gssproxy-0.3.1-nfsd_startup.patch
+ fix-build-with-automake1.15.patch)
+md5sums=('f455f4e483ecda8274d235942fa8e943'
+ '91cadad2cc7ae0d7c2353f2a1e6783d6'
+ '5f24413b213524feffb14d3710da9051'
+ '0e51c445f5fbadf94c914783267338e3'
+ '4462cbf85e39f50bbfef34cfb24fe061'
+ 'ee9a5f57b879f7b59e3b6aac7114369e'
+ 'a16f985cc74e67a4a97f97fafe157388')
+
+prepare() {
+ cd "$srcdir/gssproxy-$pkgver"
+ # build broken without selinux https://fedorahosted.org/gss-proxy/ticket/131
+ patch -Np1 -i $srcdir/0001-Fix-error-in-compiling-without-SELinux.patch
+ # patch from Fedora rpm - their maintainer is the upstream dev
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-deadlock_fix.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-flags_handling.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-gssi_inquire_context.patch
+ patch -Np2 -i $srcdir/gssproxy-0.3.1-nfsd_startup.patch
+ # upstream patches
+ patch -Np2 -i $srcdir/fix-build-with-automake1.15.patch
+
+ autoreconf -vfi
+}
+
+build() {
+ cd "$srcdir/gssproxy-$pkgver"
+ # make it find bundled verto from krb5 without its own pkg-config file
+ export VERTO_CFLAGS="-I/usr/include", export VERTO_LIBS="-L/usr/lib -lverto"
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-pubconf-path=/etc \
+ --sbindir=/usr/bin \
+ --localstatedir=/var \
+ --without-selinux \
+ --with-initscript=systemd
+ make
+ make test_proxymech
+}
+
+package() {
+ cd "$srcdir/gssproxy-$pkgver"
+ make DESTDIR="$pkgdir" install
+
+ rm -rf $pkgdir/usr/include
+ rm -rf $pkgdir/usr/share/doc
+
+ install -m644 examples/gssproxy.conf $pkgdir/etc/gssproxy/gssproxy.conf
+ install -m644 examples/mech $pkgdir/etc/gss/mech
+
+ install -m755 -d "${pkgdir}/usr/share/licenses/$pkgname"
+ install -m644 COPYING "${pkgdir}/usr/share/licenses/$pkgname/"
+}
Copied: gssproxy/repos/testing-x86_64/fix-build-with-automake1.15.patch (from rev 231982, gssproxy/trunk/fix-build-with-automake1.15.patch)
===================================================================
--- testing-x86_64/fix-build-with-automake1.15.patch (rev 0)
+++ testing-x86_64/fix-build-with-automake1.15.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,47 @@
+From 3349c5a75225649114173529de180bd6d46a9c6e Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn at redhat.com>
+Date: Fri, 16 Jan 2015 16:45:21 +0100
+Subject: BUILD: Fix building with automake 1.15
+
+The macro AC_BUILD_AUX_DIR was used too late. As a result of this automake 1.15
+generated configure script which ignored the directory build/ and was not able
+to find missing files.
+
+ configure: error: cannot find install-sh, install.sh,
+ or shtool in "." "./.." "./../..".
+
+After removing macro AC_BUILD_AUX_DIR, autoreconf will install auxiliary files
+into $srcdir.
+
+Signed-off-by: Lukas Slebodnik <lslebodn at redhat.com>
+Reviewed-by: Simo Sorce <simo at redhat.com>
+
+diff --git a/proxy/Makefile.am b/proxy/Makefile.am
+index b5ba2af..86b5933 100644
+--- a/proxy/Makefile.am
++++ b/proxy/Makefile.am
+@@ -79,8 +79,6 @@ AM_CPPFLAGS = \
+ -DSYSCONFDIR=\"$(sysconfdir)\" \
+ -DLOCALEDIR=\"$(localedir)\"
+
+-EXTRA_DIST = build/config.rpath
+-
+ GSS_PROXY_LIBS = $(POPT_LIBS) $(KRB5_LIBS) $(VERTO_LIBS) $(INI_LIBS) $(GSSAPI_LIBS) $(GSSRPC_LIBS)
+
+ if BUILD_SELINUX
+diff --git a/proxy/configure.ac b/proxy/configure.ac
+index a709d20..5e43c3b 100644
+--- a/proxy/configure.ac
++++ b/proxy/configure.ac
+@@ -12,7 +12,6 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
+ CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
+
+ AC_CONFIG_SRCDIR([BUILD.txt])
+-AC_CONFIG_AUX_DIR([build])
+
+ AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax])
+ AM_PROG_CC_C_O
+--
+cgit v0.10.2
+
+
Copied: gssproxy/repos/testing-x86_64/gssproxy-0.3.1-deadlock_fix.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-deadlock_fix.patch)
===================================================================
--- testing-x86_64/gssproxy-0.3.1-deadlock_fix.patch (rev 0)
+++ testing-x86_64/gssproxy-0.3.1-deadlock_fix.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,37 @@
+From f39b471f34b381784a1bd1906bf8335ac2c7ef5e Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Tue, 11 Mar 2014 18:16:32 -0400
+Subject: [PATCH] Properly cleanup mutex on failure.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the call to create socket fails we leave a dangling lock and the client
+enters into a deadlock on the next call.
+
+Fixes: https://fedorahosted.org/gss-proxy/ticket/121
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/client/gpm_common.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c
+index 74296da..4651194 100644
+--- a/proxy/src/client/gpm_common.c
++++ b/proxy/src/client/gpm_common.c
+@@ -153,6 +153,9 @@ static int gpm_grab_sock(struct gpm_ctx *gpmctx)
+ ret = gpm_open_socket(gpmctx);
+ }
+
++ if (ret) {
++ pthread_mutex_unlock(&gpmctx->lock);
++ }
+ return ret;
+ }
+
+--
+1.8.5.3
+
+
Copied: gssproxy/repos/testing-x86_64/gssproxy-0.3.1-flags_handling.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-flags_handling.patch)
===================================================================
--- testing-x86_64/gssproxy-0.3.1-flags_handling.patch (rev 0)
+++ testing-x86_64/gssproxy-0.3.1-flags_handling.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,32 @@
+From 8b147c9196d9068d0fc5e5a8919b84e8cbb97ef4 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 6 Dec 2013 17:51:14 -0500
+Subject: [PATCH] Fix config token parsing.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://fedorahosted.org/gss-proxy/ticket/112
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_config.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
+index 2fc4a6f..ee96975 100644
+--- a/proxy/src/gp_config.c
++++ b/proxy/src/gp_config.c
+@@ -153,7 +153,6 @@ static int parse_flags(const char *value, uint32_t *storage)
+ return ENOMEM;
+ }
+
+- token = strtok_r(str, ", ", &handle);
+ for (token = strtok_r(str, ", ", &handle);
+ token != NULL;
+ token = strtok_r(NULL, ", ", &handle)) {
+--
+1.8.3.1
+
+
Copied: gssproxy/repos/testing-x86_64/gssproxy-0.3.1-gssi_inquire_context.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-gssi_inquire_context.patch)
===================================================================
--- testing-x86_64/gssproxy-0.3.1-gssi_inquire_context.patch (rev 0)
+++ testing-x86_64/gssproxy-0.3.1-gssi_inquire_context.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,40 @@
+From c17f20b949d2e80e596ce21ecd944db80aaa80b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gdeschner at redhat.com>
+Date: Wed, 29 Jan 2014 17:59:03 +0100
+Subject: [PATCH] Fix potential segfault in gssi_inquire_context().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Günther Deschner <gdeschner at redhat.com>
+Reviewed-by: Simo Sorce <simo at redhat.com>
+---
+ proxy/src/mechglue/gpp_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/proxy/src/mechglue/gpp_context.c b/proxy/src/mechglue/gpp_context.c
+index 6010724..bb16a93 100644
+--- a/proxy/src/mechglue/gpp_context.c
++++ b/proxy/src/mechglue/gpp_context.c
+@@ -223,7 +223,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ maj = gss_inquire_context(&min,
+ ctx_handle->local,
+ s_name ? &s_name->local : NULL,
+- s_name ? &t_name->local : NULL,
++ t_name ? &t_name->local : NULL,
+ lifetime_rec,
+ &mech_oid,
+ ctx_flags,
+@@ -233,7 +233,7 @@ OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ maj = gpm_inquire_context(&min,
+ ctx_handle->remote,
+ s_name ? &s_name->remote : NULL,
+- s_name ? &t_name->remote : NULL,
++ t_name ? &t_name->remote : NULL,
+ lifetime_rec,
+ &mech_oid,
+ ctx_flags,
+--
+1.8.5.3
+
+
Copied: gssproxy/repos/testing-x86_64/gssproxy-0.3.1-nfsd_startup.patch (from rev 231982, gssproxy/trunk/gssproxy-0.3.1-nfsd_startup.patch)
===================================================================
--- testing-x86_64/gssproxy-0.3.1-nfsd_startup.patch (rev 0)
+++ testing-x86_64/gssproxy-0.3.1-nfsd_startup.patch 2015-02-25 18:24:56 UTC (rev 231983)
@@ -0,0 +1,241 @@
+From 58a39677c961c72b052eae0b9d94b992254d6e10 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 3 Jan 2014 16:45:35 -0500
+Subject: [PATCH 1/2] Add utility functions to read()/write() safely
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Automatically handle short reads due to singals interrupting the process.
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_common.h | 2 ++
+ proxy/src/gp_util.c | 39 +++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 41 insertions(+)
+
+diff --git a/proxy/src/gp_common.h b/proxy/src/gp_common.h
+index f2b8c3e..3a1b7be 100644
+--- a/proxy/src/gp_common.h
++++ b/proxy/src/gp_common.h
+@@ -69,6 +69,8 @@ bool gp_same(const char *a, const char *b);
+ bool gp_boolean_is_true(const char *s);
+ char *gp_getenv(const char *name);
+
++ssize_t gp_safe_read(int fd, void *buf, size_t count);
++ssize_t gp_safe_write(int fd, const void *buf, size_t count);
+ /* NOTE: read the note in gp_util.c before using gp_strerror() */
+ char *gp_strerror(int errnum);
+
+diff --git a/proxy/src/gp_util.c b/proxy/src/gp_util.c
+index 4fbac4e..34f3024 100644
+--- a/proxy/src/gp_util.c
++++ b/proxy/src/gp_util.c
+@@ -29,6 +29,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <errno.h>
++#include <unistd.h>
+
+ bool gp_same(const char *a, const char *b)
+ {
+@@ -125,3 +126,41 @@ char *gp_strerror(int errnum)
+ errno = saved_errno;
+ return buf;
+ }
++
++ssize_t gp_safe_read(int fd, void *buf, size_t count)
++{
++ char *b = (char *)buf;
++ ssize_t len = 0;
++ ssize_t ret;
++
++ do {
++ ret = read(fd, &b[len], count - len);
++ if (ret == -1) {
++ if (errno == EINTR) continue;
++ return ret;
++ }
++ if (ret == 0) break; /* EOF */
++ len += ret;
++ } while (count > len);
++
++ return len;
++}
++
++ssize_t gp_safe_write(int fd, const void *buf, size_t count)
++{
++ const char *b = (const char *)buf;
++ ssize_t len = 0;
++ ssize_t ret;
++
++ do {
++ ret = write(fd, &b[len], count - len);
++ if (ret == -1) {
++ if (errno == EINTR) continue;
++ return ret;
++ }
++ if (ret == 0) break; /* EOF */
++ len += ret;
++ } while (count > len);
++
++ return len;
++}
+--
+1.8.4.2
+
+
+From bd8ffcf67be8fdbe14bc49a65a8eafe904119d88 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo at redhat.com>
+Date: Fri, 3 Jan 2014 12:10:36 -0500
+Subject: [PATCH 2/2] Block parent process until child is initialized.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This way the init system will not proceed starting dependencies until gssproxy
+is actually ready to serve requests.
+In particular this is used to make sure the nfsd proc file has been touched
+before the nfsd server is started.
+
+Resolves: https://fedorahosted.org/gss-proxy/ticket/114
+
+Signed-off-by: Simo Sorce <simo at redhat.com>
+Reviewed-by: Günther Deschner <gdeschner at redhat.com>
+---
+ proxy/src/gp_init.c | 42 +++++++++++++++++++++++++++++++++++++++---
+ proxy/src/gp_proxy.h | 3 ++-
+ proxy/src/gssproxy.c | 11 +++++++++--
+ 3 files changed, 50 insertions(+), 6 deletions(-)
+
+diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
+index 830ae16..6207a78 100644
+--- a/proxy/src/gp_init.c
++++ b/proxy/src/gp_init.c
+@@ -37,12 +37,22 @@
+ #include <stdio.h>
+ #include "gp_proxy.h"
+
+-void init_server(bool daemonize)
++void init_server(bool daemonize, int *wait_fd)
+ {
+ pid_t pid, sid;
+ int ret;
+
++ *wait_fd = -1;
++
+ if (daemonize) {
++ int pipefd[2];
++ char buf[1];
++
++ /* create parent-child pipe */
++ ret = pipe(pipefd);
++ if (ret == -1) {
++ exit(EXIT_FAILURE);
++ }
+
+ pid = fork();
+ if (pid == -1) {
+@@ -50,10 +60,22 @@ void init_server(bool daemonize)
+ exit(EXIT_FAILURE);
+ }
+ if (pid != 0) {
+- /* ok kill the parent */
+- exit(EXIT_SUCCESS);
++ /* wait for child to signal it is ready */
++ close(pipefd[1]);
++ ret = gp_safe_read(pipefd[0], buf, 1);
++ if (ret == 1) {
++ /* child signaled all ok */
++ exit(EXIT_SUCCESS);
++ } else {
++ /* lost child, something went wrong */
++ exit(EXIT_FAILURE);
++ }
+ }
+
++ /* child */
++ close(pipefd[0]);
++ *wait_fd = pipefd[1];
++
+ sid = setsid();
+ if (sid == -1) {
+ /* setsid error ? abort */
+@@ -78,6 +100,20 @@ void init_server(bool daemonize)
+ gp_logging_init();
+ }
+
++void init_done(int wait_fd)
++{
++ char buf = 0;
++ int ret;
++
++ if (wait_fd != -1) {
++ ret = gp_safe_write(wait_fd, &buf, 1);
++ if (ret != 1) {
++ exit(EXIT_FAILURE);
++ }
++ close(wait_fd);
++ }
++}
++
+ void fini_server(void)
+ {
+ closelog();
+diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
+index 733fec5..79bebb8 100644
+--- a/proxy/src/gp_proxy.h
++++ b/proxy/src/gp_proxy.h
+@@ -106,7 +106,8 @@ struct gp_creds_handle *gp_service_get_creds_handle(struct gp_service *svc);
+ void free_config(struct gp_config **config);
+
+ /* from gp_init.c */
+-void init_server(bool daemonize);
++void init_server(bool daemonize, int *wait_fd);
++void init_done(int wait_fd);
+ void fini_server(void);
+ verto_ctx *init_event_loop(void);
+ void init_proc_nfsd(struct gp_config *cfg);
+diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
+index 1bf0a0b..80430d6 100644
+--- a/proxy/src/gssproxy.c
++++ b/proxy/src/gssproxy.c
+@@ -42,6 +42,7 @@ int main(int argc, const char *argv[])
+ int vflags;
+ struct gssproxy_ctx *gpctx;
+ struct gp_sock_ctx *sock_ctx;
++ int wait_fd;
+ int ret;
+ int i;
+
+@@ -97,7 +98,7 @@ int main(int argc, const char *argv[])
+ exit(EXIT_FAILURE);
+ }
+
+- init_server(gpctx->config->daemonize);
++ init_server(gpctx->config->daemonize, &wait_fd);
+
+ write_pid();
+
+@@ -139,9 +140,15 @@ int main(int argc, const char *argv[])
+ }
+ }
+
+- /* special call to tell the Linux kernel gss-proxy is available */
++ /* We need to tell nfsd that GSS-Proxy is available before it starts,
++ * as nfsd needs to know GSS-Proxy is in use before the first time it
++ * needs to call accept_sec_context. */
+ init_proc_nfsd(gpctx->config);
+
++ /* Now it is safe to tell the init system that we're done starting up,
++ * so it can continue with dependencies and start nfsd */
++ init_done(wait_fd);
++
+ ret = gp_workers_init(gpctx);
+ if (ret) {
+ exit(EXIT_FAILURE);
+--
+1.8.4.2
+
+
More information about the arch-commits
mailing list