Hi,
I did an centos update from 7.4 to 7.5 and the krb5 package altered the existing and used config file! That should be a no go from my pov, as in my setup it broke some services which had a problem with the includedir line which was added.
Shouldn*t there be a rpmnew config file be created instead with the new/optional/added settings?
Regards . Götz
On Wed, Jun 13, 2018 at 3:54 PM Götz Reinicke goetz.reinicke@filmakademie.de wrote:
Hi,
I did an centos update from 7.4 to 7.5 and the krb5 package altered the existing and used config file! That should be a no go from my pov, as in my setup it broke some services which had a problem with the includedir line which was added.
Which config file?
Am 13.06.2018 um 17:55 schrieb Richard Grainger grainger@gmail.com:
On Wed, Jun 13, 2018 at 3:54 PM Götz Reinicke goetz.reinicke@filmakademie.de wrote:
Hi,
I did an centos update from 7.4 to 7.5 and the krb5 package altered the existing and used config file! That should be a no go from my pov, as in my setup it broke some services which had a problem with the includedir line which was added.
Which config file?
/etc/krb5.conf
Regards . Götz
On Wed, Jun 13, 2018 at 6:56 PM Götz Reinicke goetz.reinicke@filmakademie.de wrote:
/etc/krb5.conf
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
On Thu, 14 Jun 2018, Richard Grainger wrote:
On Wed, Jun 13, 2018 at 6:56 PM G?tz Reinicke goetz.reinicke@filmakademie.de wrote:
/etc/krb5.conf
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
I too can confirm this behavior. I do not know why it gets modified but adding the include line breaks self compiled samba DC installations because of the difference in kerberos types used with samba and Red Hat.
I suspect that this should be filed as a bug in upstream bugzilla since it does not look like Centos modified the krb5-libs spec file.
Presently, to work around the problem, I have ansible fix the file after updates.
Regards,
On 06/14/2018 09:30 AM, me@tdiehl.org wrote:
On Thu, 14 Jun 2018, Richard Grainger wrote:
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
I too can confirm this behavior.
# rpm -qa krb* --triggers triggerun scriptlet (using /bin/sh) -- krb5-libs < 1.15.1-13 if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then sed -i '1i # Other applications require this directory to perform krb5 configuration.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf fi
Looks like that's the culprit.
Am 15.06.2018 um 01:04 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 06/14/2018 09:30 AM, me@tdiehl.org wrote:
On Thu, 14 Jun 2018, Richard Grainger wrote:
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
I too can confirm this behavior.
# rpm -qa krb* --triggers triggerun scriptlet (using /bin/sh) -- krb5-libs < 1.15.1-13 if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then sed -i '1i # Other applications require this directory to perform krb5 configuration.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf fi
Looks like that's the culprit.
Good to know, but writing a rpmnew or rpmsave file would be nice to check against the life used file.
The samba people are aware of that problem regarding the include line and are working on a patch … the support at SerNet told me.
Regards . Götz
On Mon, 18 Jun 2018, G?tz Reinicke wrote:
Am 15.06.2018 um 01:04 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 06/14/2018 09:30 AM, me@tdiehl.org wrote:
On Thu, 14 Jun 2018, Richard Grainger wrote:
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
I too can confirm this behavior.
# rpm -qa krb* --triggers triggerun scriptlet (using /bin/sh) -- krb5-libs < 1.15.1-13 if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then sed -i '1i # Other applications require this directory to perform krb5 configuration.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf fi
Looks like that's the culprit.
Good to know, but writing a rpmnew or rpmsave file would be nice to check against the life used file.
Agreed! IMO this is a packaging bug. Triggers do not drop rpmsave files. I suspect the chances of getting Red Hat to fix it are slim to none. Fixing it would most likely break other things for them.
The samba people are aware of that problem regarding the include line and are working on a patch ? the support at SerNet told me.
I agree they are aware of it but I suspect it is a low priority thing given they have known about this since 2016-12-29.
I do think it would be relatively easy for SerNet to patch around in their paid for rpms. alas I do not have the budget for them. :-(
The bug is available at https://bugzilla.samba.org/show_bug.cgi?id=12488
Regards,
Am 18.06.2018 um 16:33 schrieb me@tdiehl.org:
On Mon, 18 Jun 2018, G?tz Reinicke wrote:
Am 15.06.2018 um 01:04 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 06/14/2018 09:30 AM, me@tdiehl.org wrote:
On Thu, 14 Jun 2018, Richard Grainger wrote:
I looked at the spec file in the source RPM for the krb5-libs package and it it has the correct %config(noreplace) directive next to that file in the %files section, so this is mysterious.
I too can confirm this behavior.
# rpm -qa krb* --triggers triggerun scriptlet (using /bin/sh) -- krb5-libs < 1.15.1-13 if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then sed -i '1i # Other applications require this directory to perform krb5 configuration.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf fi
Looks like that's the culprit.
Good to know, but writing a rpmnew or rpmsave file would be nice to check against the life used file.
Agreed! IMO this is a packaging bug. Triggers do not drop rpmsave files. I suspect the chances of getting Red Hat to fix it are slim to none. Fixing it would most likely break other things for them.
The samba people are aware of that problem regarding the include line and are working on a patch ? the support at SerNet told me.
I agree they are aware of it but I suspect it is a low priority thing given they have known about this since 2016-12-29.
I do think it would be relatively easy for SerNet to patch around in their paid for rpms. alas I do not have the budget for them. :-(
The bug is available at https://bugzilla.samba.org/show_bug.cgi?id=12488 https://bugzilla.samba.org/show_bug.cgi?id=12488
Patched https://bugzilla.samba.org/show_bug.cgi?id=11573 https://bugzilla.samba.org/show_bug.cgi?id=11573
/Götz
-
Gordon Messmer -
Götz Reinicke -
me@tdiehl.org -
Richard Grainger