Bug 1094918

Summary: nss-pam-ldapd: script and/or trigger should not directly enable systemd units
Product: [Fedora] Fedora Reporter: Andy Lutomirski <luto>
Component: nss-pam-ldapdAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jhrozek, lslebodn, nalin
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://fedorahosted.org/fesco/ticket/1303
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-08 17:51:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1090684    

Description Andy Lutomirski 2014-05-06 17:20:14 UTC 
My query script thinks that nss-pam-ldapd has a script or trigger that directly enables a systemd unit using 'systemctl enable'.  It probably should not.  Please update this packages to use the macroized scriptlet (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd).

If your package has an exception from FESCo permitting it to enable
itself, please make sure that the service in question is listed in the
appropriate preset file.

There is a general exception described here:

https://fedoraproject.org/wiki/Starting_services_by_default

If your package falls under the general exception, then it is possible
that no change is required.  Nevertheless, if you are relying on the
exception, please make sure that your rpm scripts are sensible.  The
exception is:

In addition, any service which does not remain persistent on the system (aka, it "runs once then goes away"), does not listen to incoming connections during initialization, and does not require configuration to be functional may be enabled by default (but is not required to do so). An example of "runs once then goes away" service is iptables.

Given that this issue can affect Fedora 20 users who install your
package as a dependency, this bug should be fixed in Fedora 20 and
Rawhide.
Comment 1 Nalin Dahyabhai 2014-05-06 17:44:35 UTC 
I think you're seeing the cases where the package is being installed for the first time, when it might be obsoleting an older nss_ldap or pam_ldap package which did not use an accompanying daemon to do their heavy lifting.  In that specific case, I think it's an appropriate thing to try to do.

A proposal for excepting this in https://fedorahosted.org/fesco/ticket/1303, and whether or not that logic gets dropped is probably going to depend on that.
Comment 2 Nalin Dahyabhai 2014-05-08 17:51:58 UTC 
The exception was granted.  I suppose won't-fix is the appropriate resolution here, since we're not going to need to remove the logic.