diff --git a/.corosync.metadata b/.corosync.metadata index 9a54be5..8426d9a 100644 --- a/.corosync.metadata +++ b/.corosync.metadata @@ -1 +1,2 @@ 76eea6fe72f933628b3a6ae88cc437c3e8f770d7 SOURCES/corosync-2.4.3.tar.gz +3c1904b844ec7e1b96f47ef92e4da2d99441c5f0 SOURCES/spausedd-20190320.tar.gz diff --git a/.gitignore b/.gitignore index 116e3b9..5f4db70 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ SOURCES/corosync-2.4.3.tar.gz +SOURCES/spausedd-20190320.tar.gz diff --git a/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch b/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch new file mode 100644 index 0000000..65a695d --- /dev/null +++ b/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch @@ -0,0 +1,277 @@ +From c0d8af0c7b247df16a90850b0edab4f978cb8192 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= +Date: Thu, 24 Nov 2016 12:06:37 +0100 +Subject: [PATCH] configure: add --with-initconfigdir option +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Default value is /etc/sysconfig and resulting +INITCONFIGDIR is used to reduce duplication in init system +integration code. + +Signed-off-by: Ferenc Wágner +Reviewed-by: Jan Friesse +(cherry picked from commit d7208e88370d2bce40b45224a3971eeb68c22d3c) +--- + configure.ac | 8 ++++++++ + init/Makefile.am | 1 + + init/corosync-notifyd.conf.in | 12 ++++-------- + init/corosync-notifyd.in | 4 ++-- + init/corosync-notifyd.service.in | 2 +- + init/corosync-qdevice.in | 4 ++-- + init/corosync-qnetd.in | 4 ++-- + init/corosync-qnetd.service.in | 2 +- + init/corosync.conf.in | 15 +++++---------- + init/corosync.in | 4 ++-- + 10 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e60bf1b..01f7aa5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -364,6 +364,13 @@ AC_ARG_ENABLE([upstart], + [ enable_upstart="no" ]) + AM_CONDITIONAL(INSTALL_UPSTART, test x$enable_upstart = xyes) + ++AC_ARG_WITH([initconfigdir], ++ [AS_HELP_STRING([--with-initconfigdir=DIR], ++ [configuration directory @<:@SYSCONFDIR/sysconfig@:>@])], ++ [INITCONFIGDIR="$withval"], ++ [INITCONFIGDIR='${sysconfdir}/sysconfig']) ++AC_SUBST([INITCONFIGDIR]) ++ + AC_ARG_WITH([initddir], + [ --with-initddir=DIR : path to init script directory. ], + [ INITDDIR="$withval" ], +@@ -771,6 +778,7 @@ AC_MSG_RESULT([ System tmpfiles.d = ${TMPFILESDIR}]) + AC_MSG_RESULT([ Log directory = ${LOGDIR}]) + AC_MSG_RESULT([ Log rotate directory = ${LOGROTATEDIR}]) + AC_MSG_RESULT([ corosync config dir = ${COROSYSCONFDIR}]) ++AC_MSG_RESULT([ init config directory = ${INITCONFIGDIR}]) + AC_MSG_RESULT([ Features =${PACKAGE_FEATURES}]) + AC_MSG_RESULT([]) + AC_MSG_RESULT([$PACKAGE build info:]) +diff --git a/init/Makefile.am b/init/Makefile.am +index 379249f..3161979 100644 +--- a/init/Makefile.am ++++ b/init/Makefile.am +@@ -76,6 +76,7 @@ endif + -e 's#@''SBINDIR@#$(sbindir)#g' \ + -e 's#@''BINDIR@#$(bindir)#g' \ + -e 's#@''SYSCONFDIR@#$(sysconfdir)#g' \ ++ -e 's#@''INITCONFIGDIR@#$(INITCONFIGDIR)#g' \ + -e 's#@''INITDDIR@#$(INITDDIR)#g' \ + -e 's#@''INITWRAPPERSDIR@#$(INITWRAPPERSDIR)#g' \ + -e 's#@''LOCALSTATEDIR@#$(localstatedir)#g' \ +diff --git a/init/corosync-notifyd.conf.in b/init/corosync-notifyd.conf.in +index b1ac70c..168a781 100644 +--- a/init/corosync-notifyd.conf.in ++++ b/init/corosync-notifyd.conf.in +@@ -6,14 +6,12 @@ expect fork + respawn + + env prog=corosync-notifyd +-env rpm_sysconf=@SYSCONFDIR@/sysconfig/corosync-notifyd ++env initconf=@INITCONFIGDIR@/corosync-notifyd + env rpm_lockfile=@LOCALSTATEDIR@/lock/subsys/corosync-notifyd +-env deb_sysconf=@SYSCONFDIR@/default/corosync-notifyd + env deb_lockfile=@LOCALSTATEDIR@/lock/corosync-notifyd + + script +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + exec $prog $OPTIONS + end script + +@@ -22,16 +20,14 @@ pre-start script + end script + + post-start script +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile" + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile" + touch $LOCK_FILE + end script + + post-stop script +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile" + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile" + rm -f $LOCK_FILE +diff --git a/init/corosync-notifyd.in b/init/corosync-notifyd.in +index 3711821..cc7fa78 100755 +--- a/init/corosync-notifyd.in ++++ b/init/corosync-notifyd.in +@@ -47,16 +47,16 @@ status() + return $rtrn + } + ++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog ++ + # rpm based distros + if [ -d @SYSCONFDIR@/sysconfig ]; then + [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions +- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog" + fi + + # deb based distros + if [ -d @SYSCONFDIR@/default ]; then +- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog" + fi + +diff --git a/init/corosync-notifyd.service.in b/init/corosync-notifyd.service.in +index 689ab8e..f74ca33 100644 +--- a/init/corosync-notifyd.service.in ++++ b/init/corosync-notifyd.service.in +@@ -5,7 +5,7 @@ Wants=corosync.service + After=corosync.service + + [Service] +-EnvironmentFile=@SYSCONFDIR@/sysconfig/corosync-notifyd ++EnvironmentFile=-@INITCONFIGDIR@/corosync-notifyd + ExecStart=@SBINDIR@/corosync-notifyd -f $OPTIONS + Type=simple + Restart=on-failure +diff --git a/init/corosync-qdevice.in b/init/corosync-qdevice.in +index 913e033..864cdfa 100755 +--- a/init/corosync-qdevice.in ++++ b/init/corosync-qdevice.in +@@ -47,16 +47,16 @@ status() + return $res + } + ++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog ++ + # rpm based distros + if [ -d @SYSCONFDIR@/sysconfig ]; then + [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions +- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog" + fi + + # deb based distros + if [ -d @SYSCONFDIR@/default ]; then +- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog" + fi + +diff --git a/init/corosync-qnetd.in b/init/corosync-qnetd.in +index 15d30ea..beee03a 100755 +--- a/init/corosync-qnetd.in ++++ b/init/corosync-qnetd.in +@@ -47,16 +47,16 @@ status() + return $res + } + ++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog ++ + # rpm based distros + if [ -d @SYSCONFDIR@/sysconfig ]; then + [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions +- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog" + fi + + # deb based distros + if [ -d @SYSCONFDIR@/default ]; then +- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog" + fi + +diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in +index c6cf8c9..cae98fe 100644 +--- a/init/corosync-qnetd.service.in ++++ b/init/corosync-qnetd.service.in +@@ -6,7 +6,7 @@ Requires=network-online.target + After=network-online.target + + [Service] +-EnvironmentFile=@SYSCONFDIR@/sysconfig/corosync-qnetd ++EnvironmentFile=-@INITCONFIGDIR@/corosync-qnetd + ExecStart=@BINDIR@/corosync-qnetd -f $COROSYNC_QNETD_OPTIONS + Type=simple + Restart=on-abnormal +diff --git a/init/corosync.conf.in b/init/corosync.conf.in +index 373565a..0352d2b 100644 +--- a/init/corosync.conf.in ++++ b/init/corosync.conf.in +@@ -5,14 +5,12 @@ + expect fork + + env prog=corosync +-env rpm_sysconf=@SYSCONFDIR@/sysconfig/corosync ++env initconf=@INITCONFIGDIR@/corosync + env rpm_lockfile=@LOCALSTATEDIR@/lock/subsys/corosync +-env deb_sysconf=@SYSCONFDIR@/default/corosync + env deb_lockfile=@LOCALSTATEDIR@/lock/corosync + + script +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + exec $prog $COROSYNC_OPTIONS + end script + +@@ -25,8 +23,7 @@ end script + post-start script + wait_for_ipc() + { +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + try=0 + max_try=$((COROSYNC_INIT_TIMEOUT*2-1)) + [ "$max_try" -le "0" ] && max_try=120 +@@ -43,16 +40,14 @@ wait_for_ipc() + } + wait_for_ipc || { stop; exit 1; } + +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile" + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile" + touch $LOCK_FILE + end script + + post-stop script +- [ -f "$rpm_sysconf" ] && . $rpm_sysconf +- [ -f "$deb_sysconf" ] && . $deb_sysconf ++ [ -f "$initconf" ] && . $initconf + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile" + [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile" + rm -f $LOCK_FILE +diff --git a/init/corosync.in b/init/corosync.in +index c93f971..a258c36 100755 +--- a/init/corosync.in ++++ b/init/corosync.in +@@ -48,16 +48,16 @@ status() + return $res + } + ++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog ++ + # rpm based distros + if [ -d @SYSCONFDIR@/sysconfig ]; then + [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions +- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog" + fi + + # deb based distros + if [ -d @SYSCONFDIR@/default ]; then +- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog + [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog" + fi + +-- +1.8.3.1 + diff --git a/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch b/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch new file mode 100644 index 0000000..4ecd66a --- /dev/null +++ b/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch @@ -0,0 +1,194 @@ +From fde7fa0c6408709ccdd090aa9064e6a78232498a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= +Date: Mon, 28 Nov 2016 14:47:05 +0100 +Subject: [PATCH] Use RuntimeDirectory instead of tmpfiles.d +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This reverts part of commit 32123f6bb2ebc4f9ac7865945cc85a9c9b903dc6. + +A simple directive is a much lighter solution to the same problem, and +automatically follows the specified User. I copied the 0770 modes from +the corresponding init scripts; they could use a little documentation. + +Signed-off-by: Ferenc Wágner +Reviewed-by: Jan Friesse +(cherry picked from commit c733e9417ef1d2f31268e9b6f99a8fc7712fcea7) +--- + conf/Makefile.am | 2 +- + conf/tmpfiles.d/Makefile.am | 40 ------------------------------------- + conf/tmpfiles.d/corosync-qnetd.conf | 1 - + configure.ac | 10 +--------- + corosync.spec.in | 6 +----- + init/corosync-qdevice.service.in | 2 ++ + init/corosync-qnetd.service.in | 2 ++ + 7 files changed, 7 insertions(+), 56 deletions(-) + delete mode 100644 conf/tmpfiles.d/Makefile.am + delete mode 100644 conf/tmpfiles.d/corosync-qnetd.conf + +diff --git a/conf/Makefile.am b/conf/Makefile.am +index 6382386..807b6cc 100644 +--- a/conf/Makefile.am ++++ b/conf/Makefile.am +@@ -70,4 +70,4 @@ dbusdir = $(sysconfdir)/dbus-1/system.d + dbus_DATA = corosync-signals.conf + endif + +-SUBDIRS = logrotate tmpfiles.d ++SUBDIRS = logrotate +diff --git a/conf/tmpfiles.d/Makefile.am b/conf/tmpfiles.d/Makefile.am +deleted file mode 100644 +index 653129a..0000000 +--- a/conf/tmpfiles.d/Makefile.am ++++ /dev/null +@@ -1,40 +0,0 @@ +-# Copyright (c) 2016 Red Hat, Inc. +-# +-# Authors:Jan Friesse (jfriesse@redhat.com) +-# +-# This software licensed under BSD license, the text of which follows: +-# +-# Redistribution and use in source and binary forms, with or without +-# modification, are permitted provided that the following conditions are met: +-# +-# - Redistributions of source code must retain the above copyright notice, +-# this list of conditions and the following disclaimer. +-# - Redistributions in binary form must reproduce the above copyright notice, +-# this list of conditions and the following disclaimer in the documentation +-# and/or other materials provided with the distribution. +-# - Neither the name of the MontaVista Software, Inc. nor the names of its +-# contributors may be used to endorse or promote products derived from this +-# software without specific prior written permission. +-# +-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +-# THE POSSIBILITY OF SUCH DAMAGE. +- +-MAINTAINERCLEANFILES = Makefile.in +- +-EXTRA_DIST = corosync-qnetd.conf +- +-if BUILD_QNETD +-if INSTALL_SYSTEMD +-tmpfilesdirdir = ${TMPFILESDIR} +-tmpfilesdir_DATA = corosync-qnetd.conf +-endif +-endif +diff --git a/conf/tmpfiles.d/corosync-qnetd.conf b/conf/tmpfiles.d/corosync-qnetd.conf +deleted file mode 100644 +index f4cbd03..0000000 +--- a/conf/tmpfiles.d/corosync-qnetd.conf ++++ /dev/null +@@ -1 +0,0 @@ +-d /var/run/corosync-qnetd 0770 root root - +diff --git a/configure.ac b/configure.ac +index 01f7aa5..342da77 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -204,8 +204,7 @@ AC_CONFIG_FILES([Makefile + conf/Makefile + qdevices/Makefile + Doxyfile +- conf/logrotate/Makefile +- conf/tmpfiles.d/Makefile]) ++ conf/logrotate/Makefile]) + + ### Local business + +@@ -401,11 +400,6 @@ AC_ARG_WITH([logrotatedir], + [ LOGROTATEDIR="$withval" ], + [ LOGROTATEDIR="$sysconfdir/logrotate.d" ]) + +-AC_ARG_WITH([tmpfilesdir], +- [ --with-tmpfilesdir=DIR : path to tmpfiles.d configuration files directory. ], +- [ TMPFILESDIR="$withval" ], +- [ TMPFILESDIR="/lib/tmpfiles.d" ]) +- + AC_ARG_ENABLE([snmp], + [ --enable-snmp : SNMP protocol support ], + [ default="no" ]) +@@ -731,7 +725,6 @@ INITWRAPPERSDIR=$(eval echo ${INITWRAPPERSDIR}) + AC_SUBST([INITWRAPPERSDIR]) + AC_SUBST([LOGDIR]) + AC_SUBST([LOGROTATEDIR]) +-AC_SUBST([TMPFILESDIR]) + + AC_SUBST([SOMAJOR]) + AC_SUBST([SOMINOR]) +@@ -774,7 +767,6 @@ AC_MSG_RESULT([ System init.d directory = ${INITDDIR}]) + AC_MSG_RESULT([ System systemd directory = ${SYSTEMDDIR}]) + AC_MSG_RESULT([ System upstart directory = ${UPSTARTDIR}]) + AC_MSG_RESULT([ System init wraps dir = ${INITWRAPPERSDIR}]) +-AC_MSG_RESULT([ System tmpfiles.d = ${TMPFILESDIR}]) + AC_MSG_RESULT([ Log directory = ${LOGDIR}]) + AC_MSG_RESULT([ Log rotate directory = ${LOGROTATEDIR}]) + AC_MSG_RESULT([ corosync config dir = ${COROSYSCONFDIR}]) +diff --git a/corosync.spec.in b/corosync.spec.in +index d101189..6e57c97 100644 +--- a/corosync.spec.in ++++ b/corosync.spec.in +@@ -134,8 +134,7 @@ export rdmacm_LIBS=-lrdmacm \ + %endif + --with-initddir=%{_initrddir} \ + --with-systemddir=%{_unitdir} \ +- --with-upstartdir=%{_sysconfdir}/init \ +- --with-tmpfilesdir=%{_tmpfilesdir} ++ --with-upstartdir=%{_sysconfdir}/init + + make %{_smp_mflags} + +@@ -176,8 +175,6 @@ install -m 644 init/corosync-qnetd.sysconfig.example \ + %if %{with systemd} + sed -i -e 's/^#User=/User=/' \ + %{buildroot}%{_unitdir}/corosync-qnetd.service +-sed -i -e 's/root/coroqnetd/g' \ +- %{buildroot}%{_tmpfilesdir}/corosync-qnetd.conf + %else + sed -i -e 's/^COROSYNC_QNETD_RUNAS=""$/COROSYNC_QNETD_RUNAS="coroqnetd"/' \ + %{buildroot}%{_sysconfdir}/sysconfig/corosync-qnetd +@@ -503,7 +500,6 @@ fi + %{_unitdir}/corosync-qnetd.service + %dir %{_datadir}/corosync + %{_datadir}/corosync/corosync-qnetd +-%{_tmpfilesdir}/corosync-qnetd.conf + %else + %{_initrddir}/corosync-qnetd + %endif +diff --git a/init/corosync-qdevice.service.in b/init/corosync-qdevice.service.in +index 8de4e5b..33746a0 100644 +--- a/init/corosync-qdevice.service.in ++++ b/init/corosync-qdevice.service.in +@@ -9,6 +9,8 @@ After=corosync.service + ExecStart=@INITWRAPPERSDIR@/corosync-qdevice start + ExecStop=@INITWRAPPERSDIR@/corosync-qdevice stop + Type=forking ++RuntimeDirectory=corosync-qdevice ++RuntimeDirectoryMode=0770 + + [Install] + WantedBy=multi-user.target +diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in +index cae98fe..54b9849 100644 +--- a/init/corosync-qnetd.service.in ++++ b/init/corosync-qnetd.service.in +@@ -12,6 +12,8 @@ Type=simple + Restart=on-abnormal + # Uncomment and set user who should be used for executing qnetd + #User=coroqnetd ++RuntimeDirectory=corosync-qnetd ++RuntimeDirectoryMode=0770 + + [Install] + WantedBy=multi-user.target +-- +1.8.3.1 + diff --git a/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch b/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch new file mode 100644 index 0000000..1268592 --- /dev/null +++ b/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch @@ -0,0 +1,141 @@ +From eac28dffdf7f060f41f2b2e95bb0f4c6c033425d Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Tue, 19 Mar 2019 14:40:12 +0100 +Subject: [PATCH] qnetd: Check existence of NSS DB dir before fork + +Previously, when user tried start corosync-qnetd without +initialized NSS database then generic (not very helpful +and misleading) NSS error was logged +"NSS error (-8015): The certificate/key database is in an old, +unsupported format.". + +Solution is to check if it's possible to open NSS DB directory and +display (usually much more informative) result of strerror function. + +Such check is called before fork, so init system can return error code +during start. + +To make error reporting work with systemd it's also needed to change +unit type from simple to forking. + +Signed-off-by: Jan Friesse +Reviewed-by: Christine Caulfield +--- + init/corosync-qnetd.service.in | 4 ++-- + qdevices/corosync-qnetd.c | 12 +++++++++++- + qdevices/nss-sock.c | 23 ++++++++++++++++++++++- + qdevices/nss-sock.h | 4 +++- + 4 files changed, 38 insertions(+), 5 deletions(-) + +diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in +index 54b9849..8cff766 100644 +--- a/init/corosync-qnetd.service.in ++++ b/init/corosync-qnetd.service.in +@@ -7,8 +7,8 @@ After=network-online.target + + [Service] + EnvironmentFile=-@INITCONFIGDIR@/corosync-qnetd +-ExecStart=@BINDIR@/corosync-qnetd -f $COROSYNC_QNETD_OPTIONS +-Type=simple ++ExecStart=@BINDIR@/corosync-qnetd $COROSYNC_QNETD_OPTIONS ++Type=forking + Restart=on-abnormal + # Uncomment and set user who should be used for executing qnetd + #User=coroqnetd +diff --git a/qdevices/corosync-qnetd.c b/qdevices/corosync-qnetd.c +index 9af94b7..938e4ce 100644 +--- a/qdevices/corosync-qnetd.c ++++ b/qdevices/corosync-qnetd.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2015-2016 Red Hat, Inc. ++ * Copyright (c) 2015-2019 Red Hat, Inc. + * + * All rights reserved. + * +@@ -543,6 +543,16 @@ main(int argc, char * const argv[]) + qnetd_log_set_priority_bump(bump_log_priority); + + /* ++ * Check that it's possible to open NSS dir if needed ++ */ ++ if (nss_sock_check_db_dir((tls_supported != TLV_TLS_UNSUPPORTED ? ++ advanced_settings.nss_db_dir : NULL)) != 0) { ++ qnetd_log_err(LOG_ERR, "Can't open NSS DB directory"); ++ ++ exit (1); ++ } ++ ++ /* + * Daemonize + */ + if (!foreground) { +diff --git a/qdevices/nss-sock.c b/qdevices/nss-sock.c +index 3c63927..483d417 100644 +--- a/qdevices/nss-sock.c ++++ b/qdevices/nss-sock.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2015-2016 Red Hat, Inc. ++ * Copyright (c) 2015-2019 Red Hat, Inc. + * + * All rights reserved. + * +@@ -32,6 +32,9 @@ + * THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#include ++ ++#include + #include + + #include "nss-sock.h" +@@ -56,6 +59,24 @@ nss_sock_init_nss(char *config_dir) + return (0); + } + ++int ++nss_sock_check_db_dir(const char *config_dir) ++{ ++ DIR *dirp; ++ ++ if (config_dir == NULL) { ++ return (0); ++ } ++ ++ if ((dirp = opendir(config_dir)) == NULL) { ++ return (-1); ++ } ++ ++ (void)closedir(dirp); ++ ++ return (0); ++} ++ + /* + * Set NSS socket non-blocking + */ +diff --git a/qdevices/nss-sock.h b/qdevices/nss-sock.h +index cc16d96..4f82e0a 100644 +--- a/qdevices/nss-sock.h ++++ b/qdevices/nss-sock.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2015-2016 Red Hat, Inc. ++ * Copyright (c) 2015-2019 Red Hat, Inc. + * + * All rights reserved. + * +@@ -56,6 +56,8 @@ struct nss_sock_non_blocking_client { + + extern int nss_sock_init_nss(char *config_dir); + ++extern int nss_sock_check_db_dir(const char *config_dir); ++ + extern PRFileDesc *nss_sock_create_listen_socket(const char *hostname, uint16_t port, + PRIntn af); + +-- +1.8.3.1 + diff --git a/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch b/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch new file mode 100644 index 0000000..4c67e5f --- /dev/null +++ b/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch @@ -0,0 +1,89 @@ +From 3f3e6b62719a263cb221c19a06d9a2c570234caa Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Thu, 27 Sep 2018 13:08:48 +0200 +Subject: [PATCH] totemcrypto: Fix importing of the private key + +Import key with length not dividable by wrap key block size was not +possible. + +Wrapping of the key is standard crypto operation which needs data +aligned to cipher block size, otherwise it fails. + +Possible solution is to use a zero filled buffer with size aligned to +required wrap key block size. Private key is copied to the beginning of +the buffer and unwrap operation keeps using only required private key +size. + +Signed-off-by: Jan Friesse +Reviewed-by: Fabio M. Di Nitto +Reviewed-by: Christine Caulfield +--- + exec/totemcrypto.c | 29 +++++++++++++++++++++++++++-- + 1 file changed, 27 insertions(+), 2 deletions(-) + +diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c +index 273c567..55763af 100644 +--- a/exec/totemcrypto.c ++++ b/exec/totemcrypto.c +@@ -247,7 +247,9 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s + SECItem tmp_sec_item; + SECItem wrapped_key; + int wrapped_key_len; ++ int wrap_key_block_size; + unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN]; ++ unsigned char pad_key_data[MAX_WRAPPED_KEY_LEN]; + int case_processed; + + memset(&key_item, 0, sizeof(key_item)); +@@ -256,8 +258,15 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s + res_key = NULL; + wrap_key_crypt_context = NULL; + ++ if (instance->private_key_len > sizeof(pad_key_data)) { ++ log_printf(instance->log_level_security, "Import symmetric key failed. Private key is too long"); ++ goto exit_res_key; ++ } ++ memset(pad_key_data, 0, sizeof(pad_key_data)); ++ memcpy(pad_key_data, instance->private_key, instance->private_key_len); ++ + key_item.type = siBuffer; +- key_item.data = instance->private_key; ++ key_item.data = pad_key_data; + + case_processed = 0; + switch (key_type) { +@@ -318,6 +327,22 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s + */ + + /* ++ * Key must be padded to a block size ++ */ ++ wrap_key_block_size = PK11_GetBlockSize(wrap_mechanism, 0); ++ if (wrap_key_block_size < 0) { ++ log_printf(instance->log_level_security, "Unable to get wrap key block size (%d): %s", ++ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT)); ++ goto exit_res_key; ++ } ++ if (sizeof(pad_key_data) % wrap_key_block_size != 0) { ++ log_printf(instance->log_level_security, "Padded key buffer size (%zu) is not dividable by " ++ "wrap key block size (%u).", sizeof(pad_key_data), (unsigned int)wrap_key_block_size); ++ ++ goto exit_res_key; ++ } ++ ++ /* + * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode + */ + memset(&tmp_sec_item, 0, sizeof(tmp_sec_item)); +@@ -332,7 +357,7 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s + wrapped_key_len = (int)sizeof(wrapped_key_data); + + if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key_data, &wrapped_key_len, +- sizeof(wrapped_key_data), key_item.data, key_item.len) != SECSuccess) { ++ sizeof(wrapped_key_data), key_item.data, sizeof(pad_key_data)) != SECSuccess) { + log_printf(instance->log_level_security, "Unable to encrypt authkey (%d): %s", + PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT)); + goto exit_res_key; +-- +1.8.3.1 + diff --git a/SPECS/corosync.spec b/SPECS/corosync.spec index 1ce46b5..6478265 100644 --- a/SPECS/corosync.spec +++ b/SPECS/corosync.spec @@ -17,22 +17,38 @@ %bcond_without qdevices %bcond_without qnetd %bcond_without libcgroup +%bcond_without spausedd %global gitver %{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}} %global gittarver %{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}} +%if %{with spausedd} +%global spausedd_version 20190320 +%endif + Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces Version: 2.4.3 -Release: 4%{?gitver}%{?dist} +Release: 6%{?gitver}%{?dist} License: BSD Group: System Environment/Base URL: http://corosync.github.io/corosync/ Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz +%if %{with spausedd} +Source1: https://github.com/jfriesse/spausedd/releases/download/%{spausedd_version}/spausedd-%{spausedd_version}.tar.gz +# VMGuestLib exists only for x86_64 architecture +%ifarch x86_64 +%global use_vmguestlib 1 +%endif +%endif Patch0: bz1536219-1-logging-Make-blackbox-configurable.patch Patch1: bz1536219-2-logging-Close-before-and-open-blackbox-after-fork.patch Patch2: bz1560468-1-totemcrypto-Check-length-of-the-packet.patch +Patch3: bz1376819-1-configure-add-with-initconfigdir-option.patch +Patch4: bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch +Patch5: bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch +Patch6: bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch %if 0%{?rhel} ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 @@ -85,14 +101,26 @@ BuildRequires: sed %if %{with libcgroup} BuildRequires: libcgroup-devel %endif +%if %{defined use_vmguestlib} +BuildRequires: pkgconfig(vmguestlib) +%endif BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %prep +%if %{with spausedd} +%setup -q -a 1 -n %{name}-%{version}%{?gittarver} +%else %setup -q -n %{name}-%{version}%{?gittarver} +%endif + %patch0 -p1 -b .bz1536219-1 %patch1 -p1 -b .bz1536219-2 %patch2 -p1 -b .bz1560468-1 +%patch3 -p1 -b .bz1376819-1 +%patch4 -p1 -b .bz1376819-2 +%patch5 -p1 -b .bz1634710-1 +%patch6 -p1 -b .bz1376819-3 %build %if %{with runautogen} @@ -144,11 +172,21 @@ export rdmacm_LIBS=-lrdmacm \ %endif --with-initddir=%{_initrddir} \ --with-systemddir=%{_unitdir} \ - --with-upstartdir=%{_sysconfdir}/init \ - --with-tmpfilesdir=%{_tmpfilesdir} + --with-upstartdir=%{_sysconfdir}/init make %{_smp_mflags} +%if %{with spausedd} +cd spausedd-%{spausedd_version} +make \ +%if %{defined use_vmguestlib} + WITH_VMGUESTLIB=1 \ +%else + WITH_VMGUESTLIB=0 \ +%endif + %{?_smp_mflags} CFLAGS="%{optflags}" +%endif + %install rm -rf %{buildroot} @@ -186,14 +224,27 @@ install -m 644 init/corosync-qnetd.sysconfig.example \ %if %{with systemd} sed -i -e 's/^#User=/User=/' \ %{buildroot}%{_unitdir}/corosync-qnetd.service -sed -i -e 's/root/coroqnetd/g' \ - %{buildroot}%{_tmpfilesdir}/corosync-qnetd.conf %else sed -i -e 's/^COROSYNC_QNETD_RUNAS=""$/COROSYNC_QNETD_RUNAS="coroqnetd"/' \ %{buildroot}%{_sysconfdir}/sysconfig/corosync-qnetd %endif %endif +%if %{with spausedd} +cd spausedd-%{spausedd_version} +make DESTDIR="%{buildroot}" PREFIX="%{_prefix}" install + +%if %{with systemd} +mkdir -p %{buildroot}/%{_unitdir} +install -m 755 -p init/spausedd.service %{buildroot}/%{_unitdir} +%else +mkdir -p %{buildroot}/%{_initrddir} +install -m 755 -p init/spausedd %{buildroot}/%{_initrddir} +%endif + +cd .. +%endif + %clean rm -rf %{buildroot} @@ -514,7 +565,6 @@ fi %{_unitdir}/corosync-qnetd.service %dir %{_datadir}/corosync %{_datadir}/corosync/corosync-qnetd -%{_tmpfilesdir}/corosync-qnetd.conf %else %{_initrddir}/corosync-qnetd %endif @@ -523,7 +573,78 @@ fi %{_mandir}/man8/corosync-qnetd.8* %endif +# optional spausedd +%if %{with spausedd} + +%package -n spausedd +Summary: Utility to detect and log scheduler pause +URL: https://github.com/jfriesse/spausedd + +%if %{with systemd} +%{?systemd_requires} +%else +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/chkconfig +%endif + +%description -n spausedd +Utility to detect and log scheduler pause + +%files -n spausedd +%doc spausedd-%{spausedd_version}/AUTHORS spausedd-%{spausedd_version}/COPYING +%{_bindir}/spausedd +%{_mandir}/man8/spausedd* +%if %{with systemd} +%{_unitdir}/spausedd.service +%else +%{_initrddir}/spausedd +%endif + +%post -n spausedd +%if %{with systemd} && 0%{?systemd_post:1} +%systemd_post spausedd.service +%else +if [ $1 -eq 1 ]; then + /sbin/chkconfig --add spausedd || : +fi +%endif + +%preun -n spausedd +%if %{with systemd} && 0%{?systemd_preun:1} +%systemd_preun spausedd.service +%else +if [ $1 -eq 0 ]; then + /sbin/service spausedd stop &>/dev/null || : + /sbin/chkconfig --del spausedd || : +fi +%endif + +%postun -n spausedd +%if %{with systemd} && 0%{?systemd_postun:1} + %systemd_postun spausedd.service +%endif + +%endif + %changelog +* Thu Mar 21 2019 Jan Friesse 2.4.3-6 +- Resolves: rhbz#1542703 + +- Add spausedd subpackage + +* Thu Mar 21 2019 Jan Friesse 2.4.3-5 +- Resolves: rhbz#1376819 +- Resolves: rhbz#1634710 + +- configure: add --with-initconfigdir option (rhbz#1376819) +- merge upstream commit c0d8af0c7b247df16a90850b0edab4f978cb8192 (rhbz#1376819) +- Use RuntimeDirectory instead of tmpfiles.d (rhbz#1376819) +- merge upstream commit fde7fa0c6408709ccdd090aa9064e6a78232498a (rhbz#1376819) +- totemcrypto: Fix importing of the private key (rhbz#1634710) +- merge upstream commit 3f3e6b62719a263cb221c19a06d9a2c570234caa (rhbz#1634710) +- qnetd: Check existence of NSS DB dir before fork (rhbz#1376819) +- merge upstream commit eac28dffdf7f060f41f2b2e95bb0f4c6c033425d (rhbz#1376819) + * Tue Apr 17 2018 Jan Friesse 2.4.3-4 - Resolves: rhbz#1422598