Attachment 11075 Details for Bug 56187 – 05_dont_install_systemd_service_files.patch

[patch] 05_dont_install_systemd_service_files.patch

05_dont_install_systemd_service_files.patch (text/plain), 7.18 KB, created by Arvid Requate on 2023-06-21 18:04:28 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2023-06-21 18:04:28 CEST

Size: 7.18 KB

patch

obsolete

>There are still some issues with the *.system files, so we don't install them.
>
>* https://bugzilla.samba.org/show_bug.cgi?id=13184
>* https://wiki.samba.org/index.php/Managing_the_Samba_AD_DC_Service_Using_Systemd
>  i.e. on Samba/AD DCs we would have to do this:
>    systemctl mask smbd winbind
>    systemctl disable smbd winbind
>    systemctl --system daemon-reload
>* Sometimes the samba-ad-dc.service and nmbd.service files take about a minute
>  to stop the service
>* Currently we run nmbd as separate process.
>  We should probably switch to the builtin service "nbt" as some point.
>
>Bug #45326
>
>diff --git a/debian/ctdb.install b/debian/ctdb.install
>index 484fc67..2ba914c 100755
>--- a/debian/ctdb.install
>+++ b/debian/ctdb.install
>@@ -4,7 +4,6 @@ ctdb/config/ctdb.tunables etc/ctdb
> ctdb/config/script.options etc/ctdb
> etc/ctdb
> etc/sudoers.d
>-[linux-any] lib/systemd/system/ctdb.service
> usr/bin/ctdb
> usr/bin/ctdb_diagnostics
> usr/bin/ltdbtool
>diff --git a/debian/rules b/debian/rules
>index 05122e3..eaf59a7 100755
>--- a/debian/rules
>+++ b/debian/rules
>@@ -73,7 +73,7 @@ config-args = \
> 	--with-socketpath=/run/ctdb/ctdbd.socket \
> 	--with-logdir=/var/log/ctdb \
> 
>-ifeq (${DEB_HOST_ARCH_OS}, linux) # extra linux-specific features
>+ifeq (${DEB_HOST_ARCH_OS}, ucs-future) # extra linux-specific features
> with-glusterfs = yes
> with-ceph = yes
> with-snapper = yes
>@@ -236,7 +236,7 @@ override_dh_auto_install-arch:
> 	install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/
> 	install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba
> 	install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/
>-ifeq ($(DEB_HOST_ARCH_OS), linux)
>+ifeq ($(DEB_HOST_ARCH_OS), ucs-future)
> # Services fixups. Historically, debian used smbd, nmbd and samba-ad-dc service names.
> # Upstream samba used names smb, nmb and samba.
> # We can not easily rename them now (need to rename possible overrides and drop-ins),
>diff --git a/debian/samba.install b/debian/samba.install
>index 65a8600..8402d74 100755
>--- a/debian/samba.install
>+++ b/debian/samba.install
>@@ -1,8 +1,5 @@
> #!/usr/bin/dh-exec --with-scripts=filter-arch,filter-build-profiles
> etc/ufw/applications.d/samba
>-[linux-any] lib/systemd/system/nmb*.service
>-[linux-any] lib/systemd/system/samba*.service
>-[linux-any] lib/systemd/system/smb*.service
> usr/bin/dumpmscat
> usr/bin/mvxattr
> usr/bin/oLschema2ldif
>diff --git a/debian/winbind.install b/debian/winbind.install
>index 490d2b8..a2a406c 100755
>--- a/debian/winbind.install
>+++ b/debian/winbind.install
>@@ -1,5 +1,4 @@
> #!/usr/bin/dh-exec --with-scripts=filter-arch,filter-build-profiles
>-[linux-any] lib/systemd/system/winbind.service
> <pkg.samba.mitkrb5> usr/lib/*/samba/krb5/winbind_krb5_localauth.so
> <pkg.samba.mitkrb5> usr/share/man/man8/winbind_krb5_localauth.8
> usr/bin/ntlm_auth
>diff --git a/debian/samba.postinst b/debian/samba.postinst
>index ceb0b641100..c1c2b7e3fef 100644
>--- a/debian/samba.postinst
>+++ b/debian/samba.postinst
>@@ -6,12 +6,12 @@ nmbd_error_handler() {
>     if [ -d /sys/class/net/lo ] && ls /sys/class/net | grep -qv ^lo$; then
>         # https://bugs.debian.org/893762
>         echo 'WARNING: nmbd failed to start as there is no non-loopback interfaces available.'
>-        echo 'Either add an interface or set "disable netbios = yes" in smb.conf'
>+        echo 'Either add an interface or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
>         return 0
>     elif command -v ip > /dev/null && ip a show | grep '^[[:space:]]*inet ' | grep -vq ' lo$'; then
>         # https://bugs.debian.org/859526
>         echo 'WARNING: nmbd failed to start as there is no local IPv4 non-loopback interfaces available.'
>-        echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf'
>+        echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
>         return 0
>     else
>         echo 'ERROR: nmbd failed to start.'
>@@ -19,6 +19,38 @@ nmbd_error_handler() {
>     fi
> }
> 
>+mask_services() {
>+    local reason="$1"
>+    shift
>+    local masked_count=0
>+    mkdir -p /etc/systemd/system
>+    echo "${reason}: Masking $*"
>+    echo "Please ignore the following error about deb-systemd-helper not finding those services."
>+    while true; do
>+        local service_name="$1"
>+        if [ -z "$service_name" ]; then
>+            break
>+        fi
>+        shift
>+        if [ ! -e "/etc/systemd/system/${service_name}" ]; then
>+            ln -s /dev/null "/etc/systemd/system/${service_name}"
>+            echo "(${service_name} masked)"
>+            masked_count=$((masked_count+1))
>+        elif [ -h "/etc/systemd/system/${service_name}" ] \
>+            && [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
>+        ; then
>+            echo "(${service_name} already masked)"
>+        else
>+            echo "WARNING ${service_name} should be masked. The install may fail."
>+        fi
>+    done
>+    # In case this system is running systemd, we make systemd reload the unit files
>+    # to pick up changes.
>+    if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
>+        systemctl --system daemon-reload >/dev/null || true
>+    fi
>+}
>+
> # We generate several files during the postinst, and we don't want
> #	them to be readable only by root.
> umask 022
>@@ -31,15 +63,29 @@ then
>     [ -d $dir ] || install -d -m 1770 -g sambashare $dir
> fi
> 
>-# in 4.17.4+dfsg-3 we stopped masking services, unmask them here
>-if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
>-then
>-    for s in nmbd smbd samba-ad-dc; do
>-	if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ]
>-	then
>-	    rm -f /etc/systemd/system/$s.service
>-	fi
>-    done
>+mkdir -p /run/samba # shut up [samba-tool] testparm warning
>+
>+# mimic source4/smbd/server.c and mask service before it fails
>+# NB: server role = active directory domain controller is what we need to properly support
>+# NB: server services = smb is not compiled in
>+# NB: dcerpc endpoint servers = remote is for developpement
>+# NB: dcerpc endpoint servers = mapiproxy is for OpenChange which is dead
>+SERVER_ROLE=`samba-tool testparm --parameter-name="server role"  2>/dev/null | tail -1`
>+SERVER_SERVICES=`samba-tool testparm --parameter-name="server services"  2>/dev/null | tail -1`
>+DCERPC_ENDPOINT_SERVERS=`samba-tool testparm --parameter-name="dcerpc endpoint servers"  2>/dev/null | tail -1`
>+DISABLE_NETBIOS=`samba-tool testparm --parameter-name="disable netbios"  2>/dev/null | tail -1`
>+
>+if [ "$SERVER_ROLE" != "active directory domain controller" ] \
>+        && ( echo "$SERVER_SERVICES" | grep -qv '$^\|, $smb$,\|$$' ) \
>+        && ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '$^\|, $remote$,\|$$' ) \
>+        && ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '$^\|, $mapiproxy$,\|$$' ) \
>+; then
>+    mask_services "Samba is not being run as an AD Domain Controller" samba-ad-dc.service
>+fi
>+if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
>+    mask_services "Samba is being run as an AD Domain Controller" smbd.service # Not in UCS: nmbd.service
>+elif [ "$DISABLE_NETBIOS" = Yes ]; then
>+    mask_services "NetBIOS is disabled" nmbd.service
> fi
> 
> # remove old spool directory (point it to /var/tmp if in use)

Actions: View | Diff

Attachments on bug 56187: 11075