RHBZ1346112: let stap-server create ssl-cert on first run rather than install

This way different container-images get different certs.

diff --git a/stap-server b/stap-server
index 939c503e9cad04e21edea7a76ca477443b94afd4..c39ae49d09192d229c1133c2dacf33d5a48e6a42 100644 (file)
--- a/stap-server
+++ b/stap-server
@@ -500,6 +500,19 @@ prepare_stat_dir () {
   return 0
 }
 
+prepare_certs () {
+    if [ "$USER" != "`id -un`" ]; then
+        if ! runuser -s /bin/bash - $USER -c 'test -f $HOME/.systemtap/ssl/server/stap.cert'; then
+            runuser -s /bin/bash - $USER -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
+        fi
+    else
+        if ! test -f $HOME/.systemtap/ssl/server/stap.cert; then
+            ${PKGLIBEXECDIR}stap-gen-cert
+        fi
+    fi
+}
+
+
 prepare_log_dir () {
   local log_path=`dirname "$1"`
   if [ ! -d "$log_path" ]; then
@@ -859,6 +872,13 @@ start_server () {
        fi
     fi
 
+    # Create certificates for this server
+    prepare_certs
+    if [ $? -ne 0 ]; then
+       echo $"Failed to make certificates ($USER .systemtap/ssl/server/stap.cert)" >&2
+       exit 1
+    fi
+
     # Create the log directory for this server
     prepare_log_dir "$LOG"
     if [ $? -ne 0 ]; then

diff --git a/systemtap.spec b/systemtap.spec
index 1630fba29db2d30b75ad56dfe2320c5b00228e0a..84bf0417a3c072d629c592233f808b733598240a 100644 (file)
--- a/systemtap.spec
+++ b/systemtap.spec
@@ -658,11 +658,6 @@ test -e %{_localstatedir}/log/stap-server/log || {
      chmod 644 %{_localstatedir}/log/stap-server/log
      chown stap-server:stap-server %{_localstatedir}/log/stap-server/log
 }
-# If it does not already exist, as stap-server, generate the certificate
-# used for signing and for ssl.
-if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then
-   runuser -s /bin/sh - stap-server -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
-fi
 # Prepare the service
 %if %{with_systemd}
      # Note, Fedora policy doesn't allow network services enabled by default