diff options
| -rw-r--r-- | .SRCINFO | 20 | ||||
| -rw-r--r-- | PKGBUILD | 23 | ||||
| -rw-r--r-- | krenew.service | 15 | ||||
| -rw-r--r-- | kstart.service | 32 | ||||
| -rwxr-xr-x | nm-dispatcher.sh | 5 |
5 files changed, 76 insertions, 19 deletions
@@ -1,19 +1,25 @@ pkgbase = kstart pkgdesc = Kerberos kinit supporting AFS and ticket refreshing - pkgver = 4.2 - pkgrel = 2 + pkgver = 4.3 + pkgrel = 9 url = https://www.eyrie.org/~eagle/software/kstart/ arch = i686 arch = x86_64 license = custom + depends = keyutils depends = krb5 - source = https://archives.eyrie.org/software/kerberos/kstart-4.2.tar.gz - source = https://archives.eyrie.org/software/kerberos/kstart-4.2.tar.gz.asc + provides = k5start=4.3 + provides = krenew=4.3 + source = https://archives.eyrie.org/software/kerberos/kstart-4.3.tar.gz + source = https://archives.eyrie.org/software/kerberos/kstart-4.3.tar.gz.asc source = krenew.service + source = kstart.service + source = nm-dispatcher.sh validpgpkeys = E784364E8DDE7BB370FBD9EAD15D313882004173 - sha256sums = 2698bc1ab2fb36d49cc946b0cb864c56dd3a2f9ef596bfff59592e13d35315cd + sha256sums = 9527702a48789084e314e5c08d4115129467ca7ef25983d7214c9439d31ef2a6 sha256sums = SKIP - sha256sums = 481c2a34ab3774d15ed9f86de85b242f448067b02ba178f86a8db2ee8a26dd10 + sha256sums = 8cfb9591164038d05f37e52d95236969992b8ca7c74c4cfe59617119f96b3efd + sha256sums = df137ddc008f547aef9593e467d423f138030be545f74df034a74bbd97fbfc69 + sha256sums = 514010cea54d80d1d41fe1885dbdd49225e52192be466e88979f91bac37c8022 pkgname = kstart - @@ -1,18 +1,23 @@ # Maintainer: Mantas Mikulėnas <grawity@gmail.com> pkgname=kstart -pkgver=4.2 -pkgrel=2 +pkgver=4.3 +pkgrel=9 pkgdesc="Kerberos kinit supporting AFS and ticket refreshing" arch=(i686 x86_64) url="https://www.eyrie.org/~eagle/software/kstart/" license=(custom) -depends=(krb5) +depends=(keyutils krb5) +provides=(k5start=$pkgver krenew=$pkgver) source=("https://archives.eyrie.org/software/kerberos/$pkgname-$pkgver.tar.gz" "https://archives.eyrie.org/software/kerberos/$pkgname-$pkgver.tar.gz.asc" - "krenew.service") -sha256sums=('2698bc1ab2fb36d49cc946b0cb864c56dd3a2f9ef596bfff59592e13d35315cd' + "krenew.service" + "kstart.service" + "nm-dispatcher.sh") +sha256sums=('9527702a48789084e314e5c08d4115129467ca7ef25983d7214c9439d31ef2a6' 'SKIP' - '481c2a34ab3774d15ed9f86de85b242f448067b02ba178f86a8db2ee8a26dd10') + '8cfb9591164038d05f37e52d95236969992b8ca7c74c4cfe59617119f96b3efd' + 'df137ddc008f547aef9593e467d423f138030be545f74df034a74bbd97fbfc69' + '514010cea54d80d1d41fe1885dbdd49225e52192be466e88979f91bac37c8022') validpgpkeys=('E784364E8DDE7BB370FBD9EAD15D313882004173') build() { @@ -24,10 +29,12 @@ build() { package() { cd "$srcdir/$pkgname-$pkgver" make DESTDIR="$pkgdir" install - install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE cd "$srcdir" - install -Dm644 krenew.service "$pkgdir/usr/lib/systemd/user/krenew.service" + install -Dm644 krenew.service "$pkgdir"/usr/lib/systemd/user/krenew.service + install -Dm644 kstart.service "$pkgdir"/usr/lib/systemd/user/kstart.service + install -Dm755 nm-dispatcher.sh "$pkgdir"/usr/lib/NetworkManager/dispatcher.d/80-k5start } # vim: ts=2:sw=2:et:ft=sh diff --git a/krenew.service b/krenew.service index 91c13339d6d2..342088a3eed1 100644 --- a/krenew.service +++ b/krenew.service @@ -1,19 +1,26 @@ -# vim: ft=systemd [Unit] Description=Kerberos Ticket Renewal Daemon [Service] Type=forking -ExecStart=/usr/bin/krenew -K30 -a -H30 -i -b -L -v +ExecStart=/usr/bin/krenew -K30 -a -H30 -i -t -b -L # -K30 Run forever, wake up every 30 min -# -a Renew on every wakeup -# -H30 Only renew if less than 30 min +# -a With -K, renew on every wakeup regardless of lifetime +# -H30 With -K, renew if less than 30 min left (default 2 min) # -i Don't exit if renewal fails +# -t Run $AKLOG after every renewal (for OpenAFS) # -b Detach on startup # -L Log to syslog # -v Be verbose ExecReload=/bin/kill -s ALRM $MAINPID StandardOutput=null +RestartForceExitStatus=SIGALRM + +# Program that will be run after every successful renewal. +# (Defaults to /usr/bin/aklog, which is the OpenAFS token acquisition tool.) +Environment=AKLOG=/usr/bin/true [Install] WantedBy=default.target + +# vim: ft=systemd diff --git a/kstart.service b/kstart.service new file mode 100644 index 000000000000..a7e4e725bd58 --- /dev/null +++ b/kstart.service @@ -0,0 +1,32 @@ +[Unit] +Description=Kerberos Ticket Acquisition Daemon + +[Service] +Type=forking +ExecStart=/usr/bin/k5start -K30 -a -H30 -f $KEYTAB -U -t -b -L +# -K30 Run forever, wake up every 30 min +# -a With -K, renew on every wakeup regardless of lifetime +# -H30 With -K, renew if less than 30 min left (default 2 min) +# -f Use keytab to acquire initial tickets +# -U Read client principal name from keytab +# -t Run $AKLOG after every renewal (for OpenAFS) +# -b Detach on startup (only if -f keytab is specified) +# -L Log to syslog +# -v Be verbose +ExecReload=/bin/kill -s ALRM $MAINPID +StandardOutput=null +Restart=on-failure +RestartForceExitStatus=SIGALRM + +# Keytab to use for acquiring credentials when none are available. +# (Mandatory; use krenew.service if you don't want this functionality.) +Environment=KEYTAB=%h/.config/default.keytab + +# Program that will be run after every successful renewal. +# (Defaults to /usr/bin/aklog, which is the OpenAFS token acquisition tool.) +Environment=AKLOG=/usr/bin/true + +[Install] +WantedBy=default.target + +# vim: ft=systemd diff --git a/nm-dispatcher.sh b/nm-dispatcher.sh new file mode 100755 index 000000000000..fbaf00a1bf17 --- /dev/null +++ b/nm-dispatcher.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if [ "$2" = up ]; then + # Trigger an immediate ticket renewal. + pkill -x -ALRM 'k5start|krenew' +fi |