URL: https://github.com/freeipa/freeipa/pull/5336 Author: abbra Title: #5336: [Backport][ipa-4-9] systemd: enforce en_US.UTF-8 locale in systemd units Action: opened
PR body: """ This PR was opened automatically because PR #5334 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5336/head:pr5336 git checkout pr5336
From a5dde59d59c647e7ee891c02bfe34120674b3ec0 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Thu, 10 Dec 2020 11:38:39 +0200 Subject: [PATCH] systemd: enforce en_US.UTF-8 locale in systemd units Python code does detection of the system encoding based on the locale settings. On RHEL 8.4 development images we somehow get LANG=en_US which defaults to iso8859-1 _inside_ the systemd-started service, even though the whole environment defaults to LANG=en_US.UTF-8. When instrumented with ExecStartPre=/usr/bin/locale, the following output can be seen: locale[45481]: LANG=en_US locale[45481]: LC_CTYPE="en_US" locale[45481]: LC_NUMERIC="en_US" locale[45481]: LC_TIME="en_US" locale[45481]: LC_COLLATE="en_US" locale[45481]: LC_MONETARY="en_US" locale[45481]: LC_MESSAGES="en_US" locale[45481]: LC_PAPER="en_US" locale[45481]: LC_NAME="en_US" locale[45481]: LC_ADDRESS="en_US" locale[45481]: LC_TELEPHONE="en_US" locale[45481]: LC_MEASUREMENT="en_US" locale[45481]: LC_IDENTIFICATION="en_US" locale[45481]: LC_ALL= ipactl[45483]: Unexpected error ipactl[45483]: SystemEncodingError: System encoding must be UTF-8, 'iso8859-1' is not supported. Set LC_ALL="C.UTF-8", or LC_ALL="" and LC_CTYPE="C.UTF-8". systemd[1]: ipa.service: Main process exited, code=exited, status=1/FAILURE Set the environment to explicit LC_ALL=C.UTF-8 to please the Python code. FreeIPA server side only cares about actual encoding, not the language itself. We already use LC_ALL=C.UTF-8 in httpd service snippet. Fixes: https://pagure.io/freeipa/issue/8617 Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- client/systemd/ipa-epn.service.in | 1 + daemons/dnssec/ipa-dnskeysyncd.service.in | 1 + daemons/dnssec/ipa-ods-exporter.service.in | 1 + daemons/ipa-otpd/ipa-o...@.service.in | 1 + init/systemd/ipa-ccache-sweep.service.in | 1 + init/systemd/ipa-custodia.service.in | 1 + init/systemd/ipa.service.in | 1 + install/share/ds-ipa-env.conf.template | 1 + ipaserver/install/cainstance.py | 1 + 9 files changed, 9 insertions(+) diff --git a/client/systemd/ipa-epn.service.in b/client/systemd/ipa-epn.service.in index 260ce5c87cb..220974f09c6 100644 --- a/client/systemd/ipa-epn.service.in +++ b/client/systemd/ipa-epn.service.in @@ -3,6 +3,7 @@ Description=Execute IPA Expiring Password Notification (EPN) [Service] Type=simple +Environment=LC_ALL=C.UTF-8 ExecStart=@sbindir@/ipa-epn [Install] diff --git a/daemons/dnssec/ipa-dnskeysyncd.service.in b/daemons/dnssec/ipa-dnskeysyncd.service.in index 38c6f92962d..cd07275ad32 100644 --- a/daemons/dnssec/ipa-dnskeysyncd.service.in +++ b/daemons/dnssec/ipa-dnskeysyncd.service.in @@ -2,6 +2,7 @@ Description=IPA key daemon [Service] +Environment=LC_ALL=C.UTF-8 EnvironmentFile=@sysconfenvdir@/ipa-dnskeysyncd ExecStart=@libexecdir@/ipa/ipa-dnskeysyncd User=@ODS_USER@ diff --git a/daemons/dnssec/ipa-ods-exporter.service.in b/daemons/dnssec/ipa-ods-exporter.service.in index 9d0693fa56f..600076bd2bf 100644 --- a/daemons/dnssec/ipa-ods-exporter.service.in +++ b/daemons/dnssec/ipa-ods-exporter.service.in @@ -4,6 +4,7 @@ Wants=ipa-ods-exporter.socket After=ipa-ods-exporter.socket [Service] +Environment=LC_ALL=C.UTF-8 EnvironmentFile=@sysconfenvdir@/ipa-ods-exporter ExecStart=@libexecdir@/ipa/ipa-ods-exporter User=@ODS_USER@ diff --git a/daemons/ipa-otpd/ipa-o...@.service.in b/daemons/ipa-otpd/ipa-o...@.service.in index 92afb404caf..65bf754f643 100644 --- a/daemons/ipa-otpd/ipa-o...@.service.in +++ b/daemons/ipa-otpd/ipa-o...@.service.in @@ -2,6 +2,7 @@ Description=ipa-otpd service [Service] +Environment=LC_ALL=C.UTF-8 EnvironmentFile=@sysconfdir@/ipa/default.conf ExecStart=@libexecdir@/ipa/ipa-otpd $ldap_uri StandardInput=socket diff --git a/init/systemd/ipa-ccache-sweep.service.in b/init/systemd/ipa-ccache-sweep.service.in index 0ba2661f99c..2438259fab6 100644 --- a/init/systemd/ipa-ccache-sweep.service.in +++ b/init/systemd/ipa-ccache-sweep.service.in @@ -4,6 +4,7 @@ Wants=gssproxy.service [Service] Type=simple +Environment=LC_ALL=C.UTF-8 ExecStart=@libexecdir@/ipa/ipa-ccache-sweeper PrivateTmp=yes User=ipaapi diff --git a/init/systemd/ipa-custodia.service.in b/init/systemd/ipa-custodia.service.in index 0247bd88265..c0e3645e816 100644 --- a/init/systemd/ipa-custodia.service.in +++ b/init/systemd/ipa-custodia.service.in @@ -3,6 +3,7 @@ Description=IPA Custodia Service [Service] Type=notify +Environment=LC_ALL=C.UTF-8 ExecStart=@libexecdir@/ipa/ipa-custodia @IPA_SYSCONF_DIR@/custodia/custodia.conf PrivateTmp=yes Restart=on-failure diff --git a/init/systemd/ipa.service.in b/init/systemd/ipa.service.in index a872ad11e29..3c832e28f80 100644 --- a/init/systemd/ipa.service.in +++ b/init/systemd/ipa.service.in @@ -6,6 +6,7 @@ After=network.target [Service] Type=oneshot +Environment=LC_ALL=C.UTF-8 ExecStart=@sbindir@/ipactl start ExecStop=@sbindir@/ipactl stop RemainAfterExit=yes diff --git a/install/share/ds-ipa-env.conf.template b/install/share/ds-ipa-env.conf.template index 8ab667df664..f5ce11a9a74 100644 --- a/install/share/ds-ipa-env.conf.template +++ b/install/share/ds-ipa-env.conf.template @@ -1,5 +1,6 @@ # Installed and maintained by ipa update tools, please do not modify [Service] +Environment=LC_ALL=C.UTF-8 Environment=KRB5_KTNAME=$KRB5_KTNAME Environment=KRB5CCNAME=$KRB5CCNAME diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 1a99b1164fb..94662d9d06c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -629,6 +629,7 @@ def add_ipa_wait(self): with open(conf, 'w') as f: os.fchmod(f.fileno(), 0o644) f.write('[Service]\n') + f.write('Environment=LC_ALL=C.UTF-8\n') f.write('ExecStartPost={}\n'.format(paths.IPA_PKI_WAIT_RUNNING)) tasks.systemd_daemon_reload()
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
