Add SMF support for various Heimdal services #206
Conversation
Version 6.3 - June 9 2014 [CHANGES] New facilities: o htags-server: A private HTTP/CGI web server for a hyper-text generated by htags(1). o gtags.conf: New project based configuration mechanism. You can make a configuration file for each project. This is Leo Liu's idea. o gtags, htags: New environment variables which have default options for each command: GTAGS_OPTIONS, HTAGS_OPTIONS o global: Added support of GREP_COLORS environment variable. o global: Added new options: -F (--first-match), -M (--match-case), -E (--extended-regexp) [DEPRECATED FEATURES] The following features of htags(1) are now deprecated. They will be removed in the future. o The -c (--compact) option. o The --system-cgi option. o The --overwrite-key option. o The -x (--xhtml[=version]) option. All files will be 1.0. o The following configuration variables: colorize-warned-line (substitute: --colorize-warned-line) gzipped_suffix htags_options (substitute: HTAGS_OPTIONS) ncol (substitute: -n, --line-number [n]) normal_suffix (will be always '.html') no_order_list (substitute: --no-order-list) script_alias tabs (substitute: --tabs n) xhtml_version (will be always 1.0) [FIXED BUGS] o global: The highlight of symbols in library paths does not work. Now it works. o htags: Htags with the --suggest option didn't find GTAGS in the obj directories. Now it works.
Reverted libpng to version 1.6.10 due to a misplaced statement in png.c Fixed "-zmem" option (only "-zm" would work since version 1.7.62).
See http://www.scala-lang.org/news/2014/04/21/release-notes-2.11.0.html and http://www.scala-lang.org/news/2.11.1 for changes from 2.10.3.
20140524: * Support for vertical writing in the Windows environment.
OpenAFS 1.6.9
All server platforms
* Fix for OPENAFS-SA-2014-002
OpenAFS 1.6.8
All platforms
* Documentation improvements (10751 10875 10931 10897 10883 10954 10955)
* Improved diagnostics and error messages (10756 10814 10949)
* Fixed a bug in RX that could make errors during packet reception go
unnoticed. (10733)
* Fixed a bug that made "vos size -dump" display the wrong size for
large volumes. (10933) (RT #131819)
All server platforms
* Change the default fileserver sync behavior from "delayed" to "onclose".
This means that explicit syncing only happens when a volume is detached.
(10809)
* Added the -offline-timeout and -offline-shutdown-timeout options to the
fileserver, to implement interrupting clients accessing volumes we are
trying to take offline. (6266 10799)
Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request. This enables HTTPS name-based virtual hosting to separate backend servers without installing the private key on the proxy machine.
(pkgsrc)
- Add following line to find -lperl
LDFLAGS+= -L${PREFIX}/${PERL5_SUB_INSTALLARCHLIB}/CORE
- Drop NetBSD-5, net/agr/if_agrioctl.h is missing
- Add options.mk and support json, snmp, xml selection,
those were missing in configured list
- Now includes readline.buildlink3.mk
(upstream)
lldpd (0.7.9)
* Changes:
+ Default location for chroot, socket and PID are now configurable
in `./configure`. The default location is based on the value of
`runstatedir` which in turn may be based on the value of
`localstatedir` which defaults to `/usr/local/var`. Therefore,
to get the previous locations, lldpd should be configured with
`./configure --localstatedir=/var`.
* Fixes:
+ Fix `configure system bond-slave-src-mac-type local`. Also use
it as default.
* Features:
+ Add support for shutdown LLDPU.
+ Ability to configure IP management pattern from lldpcli.
+ Ability to choose what port ID should be (MAC or interface name).
lldpd (0.7.8)
* Fixes:
+ Don't hard-code default values for system name, system
description and port description. When the field is not present,
just don't display it.
+ Fix lldpcli behaviour when suid.
+ On OSX, don't use p2p0 interfaces: it would break WLAN.
+ Fix SNMP support on RHEL.
* Features:
+ Android support
+ Add the possibility to disable privilege separation (lower
memory consumption, lower security, don't do it).
+ Interfaces can now be whitelisted. For example, *,!eth*,!!eth1
is a valid pattern for all interfaces except eth ones, except
eth1. Moreover, on exact match, an matching interface
circumvents most sanity checks (like VLAN handling).
+ Ability to override the hostname.
lldpd (0.7.7)
* Features:
+ Use a locally administered MAC address or an arbitrary one
instead of null MAC address for bond devices on Linux. This is
configurable through `lldpcli`.
+ Add support for "team" driver (alternative to bond devices).
+ Preliminary support for DTrace/systemtap.
+ Preliminary support for seccomp (for monitor process).
+ Setup chroot inside lldpd instead of relying on init script.
* Fixes:
+ Various bugs related to fixed point number handling (for
coordinates in LLDP-MED)
+ Fix a regression in how MAC address of an enslaved device is
retrieved.
… the PDF, there's no point in building it, so disable TeX auto-detection.
Alan Coopersmith (1):
Mark DEPTH_MASK as Unsigned int
Arnaud Fontaine (3):
Add autogen.sh to EXTRA_DIST.
Follow changes in m4 submodule.
Release 0.3.9
Gaetan Nadon (9):
config: add bug URL to AC_INIT
config: replace deprecated use of AC_OUTPUT with AC_CONFIG_FILES
config: use AC_CONFIG_HEADERS to create a config.h file
config: remove old dead code for documentation
config: add missing COPYING file
make: use AM_CPPFLAGS rather than per-target libxcb_render_util_la_CPPFLAGS
make: using EXTRA_DIST for xcb-renderutil.pc.in is redundant
make: there should be no attempt to remove any Makefile.in file
make: compile the library with standard xorg warning flags
Jochen Keil (1):
Fix compilation and linking issues with C++
Niclas Zeising (1):
Check submodules before running autoconf.
clamav-0.98.4, dar-2.4.14, delegate-9.9.9, go-1.3, lftp-4.5.2, libusb-1.0.19, skype-4.3, xterm-307.
restrictions, make the code generator issue explicit alignment requests.
|
@jperkin @AlainODea, please review this one. |
|
Looks sound to me from an SMF perspective. The dependencies look sensible and they are valid manifests otherwise. I'm not familliar with the individual services, Are there dependencies between them that should be made explicit? |
|
On Jun 23, 2014, at 9:05 PM, AlainODea [email protected] wrote:
The only possible dependency is that I cannot imagine running either of the propagation services without the KDC running. That said, I could see a use case where someone might have a slave KDC where the KDC itself were, perhaps, not accepting connections, but still wanted to stay up-to-date with database updates as a hot spare of sorts. It would make sense that the master iprop service shouldn’t be running unless the KDC is, though, as that service should only run on the master KDC. However, there’s no requirement that the KDC be up before the propagation master starts. Is there a way to codify, “nobody with any sense would run service B without service A running, but service B shouldn’t refuse to start if A isn’t already running.” -c |
|
Interesting challenge :) The dependency of B on A should be declared with grouping set to optional_all to reflect "that if the dependency is enabled, it should be started prior to this service, but this service should be brought online regardless of the result of starting the dependency" (OpenSolaris Bible section 13.2.1.2). |
|
On further review, I don't think it's useful to add dependencies like that in there (even if they were grouped as optional_all). it's entirely possible, especially in heimdal -- potentially less so with MIT -- that a box could be fulfilling different roles for different realms, so all my preconceived notions about how a single-realm setup works go out the window. I think we should leave the dependencies as is. |
|
Sounds good. |
|
Do you guys upstream consider this one worthy of merge? I saw @jperkin comments on the openldap pull request need work, and I'll get to that soon. |
|
This is ancient, closing. I no longer use Heimdal on SmartOS, so I wouldn't be using/testing this further. |
My read of the pkgsrc support means that we have a single manifest.xml, regardless of the number of services, so I have all of the following services in a single service bundle:
kdc -- kerberos key distribution center
kadmin -- kerberos admin service
kpasswdd -- kerberos password change daemon
ipropd -- two instances (master and slave) for the Heimdal Incremental Propagation Daemon