From 9800f44a417f9c473ab2bf508e0df22fe51c6dd6 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@gazlene.net>
Date: Fri, 25 Sep 2015 13:34:28 -0700
Subject: [PATCH] Fix git-daemon refresh logic

Without this patch, the git-daemon init script file resource subscribes
to the systemd git-daemon socket file resource, and the exec that adds
or updates the git-daemon selinux port subscribes to changes in the
init script. The logic is broken here because a file resource cannot
subscribe to anything, only services and execs can subscribe to an
event. If the selinux exec needs to run again, for instance because the
git-daemon port has changed, it must wait for a change in the init
script. Since the init script is built from a static file and not a
template, it won't change if the git-daemon port changes, so the
selinux exec will not run.

This patch adds another subscribe relationship to the git-daemon
selinux exec on the git-daemon socket because if that changes, the
git-daemon exec needs to run again. We also replace the subscribe in
the init script resource with a require, which is a no-op change but
makes the relationship more clear.

Change-Id: Ia985dad81a95130ea55bb6479632375ac4ea6d24
---
 manifests/init.pp    | 14 +++++++-------
 manifests/selinux.pp |  5 ++++-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 385fa16..217e7db 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -201,13 +201,13 @@ class cgit(
       content => template('cgit/git-daemon.socket.erb'),
     }
     file { 'git-daemon-init-script':
-      ensure    => present,
-      path      => '/usr/lib/systemd/system/git-daemon@.service',
-      owner     => 'root',
-      group     => 'root',
-      mode      => '0644',
-      source    => 'puppet:///modules/cgit/git-daemon.service',
-      subscribe => File['/usr/lib/systemd/system/git-daemon.socket'],
+      ensure  => present,
+      path    => '/usr/lib/systemd/system/git-daemon@.service',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      source  => 'puppet:///modules/cgit/git-daemon.service',
+      require => File['/usr/lib/systemd/system/git-daemon.socket'],
     }
   } else {
     $git_daemon_service_name = 'git-daemon'
diff --git a/manifests/selinux.pp b/manifests/selinux.pp
index 95e5029..0015598 100644
--- a/manifests/selinux.pp
+++ b/manifests/selinux.pp
@@ -52,7 +52,10 @@ class cgit::selinux {
     command     => "semanage port -m -t git_port_t -p tcp ${::cgit::daemon_port}",
     path        => '/bin:/usr/sbin',
     before      => Service[$::cgit::git_daemon_service_name],
-    subscribe   => File['git-daemon-init-script'],
+    subscribe   => [
+      File['git-daemon-init-script'],
+      File['/usr/lib/systemd/system/git-daemon.socket'],
+    ],
     refreshonly => true,
   }
 }