diff --git a/.corosync.metadata b/.corosync.metadata
index 9a54be5..8426d9a 100644
--- a/.corosync.metadata
+++ b/.corosync.metadata
@@ -1 +1,2 @@
76eea6fe72f933628b3a6ae88cc437c3e8f770d7 SOURCES/corosync-2.4.3.tar.gz
+3c1904b844ec7e1b96f47ef92e4da2d99441c5f0 SOURCES/spausedd-20190320.tar.gz
diff --git a/.gitignore b/.gitignore
index 116e3b9..5f4db70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
SOURCES/corosync-2.4.3.tar.gz
+SOURCES/spausedd-20190320.tar.gz
diff --git a/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch b/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch
new file mode 100644
index 0000000..65a695d
--- /dev/null
+++ b/SOURCES/bz1376819-1-configure-add-with-initconfigdir-option.patch
@@ -0,0 +1,277 @@
+From c0d8af0c7b247df16a90850b0edab4f978cb8192 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= <wferi@debian.org>
+Date: Thu, 24 Nov 2016 12:06:37 +0100
+Subject: [PATCH] configure: add --with-initconfigdir option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Default value is /etc/sysconfig and resulting
+INITCONFIGDIR is used to reduce duplication in init system
+integration code.
+
+Signed-off-by: Ferenc Wágner <wferi@debian.org>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+(cherry picked from commit d7208e88370d2bce40b45224a3971eeb68c22d3c)
+---
+ configure.ac | 8 ++++++++
+ init/Makefile.am | 1 +
+ init/corosync-notifyd.conf.in | 12 ++++--------
+ init/corosync-notifyd.in | 4 ++--
+ init/corosync-notifyd.service.in | 2 +-
+ init/corosync-qdevice.in | 4 ++--
+ init/corosync-qnetd.in | 4 ++--
+ init/corosync-qnetd.service.in | 2 +-
+ init/corosync.conf.in | 15 +++++----------
+ init/corosync.in | 4 ++--
+ 10 files changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e60bf1b..01f7aa5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -364,6 +364,13 @@ AC_ARG_ENABLE([upstart],
+ [ enable_upstart="no" ])
+ AM_CONDITIONAL(INSTALL_UPSTART, test x$enable_upstart = xyes)
+
++AC_ARG_WITH([initconfigdir],
++ [AS_HELP_STRING([--with-initconfigdir=DIR],
++ [configuration directory @<:@SYSCONFDIR/sysconfig@:>@])],
++ [INITCONFIGDIR="$withval"],
++ [INITCONFIGDIR='${sysconfdir}/sysconfig'])
++AC_SUBST([INITCONFIGDIR])
++
+ AC_ARG_WITH([initddir],
+ [ --with-initddir=DIR : path to init script directory. ],
+ [ INITDDIR="$withval" ],
+@@ -771,6 +778,7 @@ AC_MSG_RESULT([ System tmpfiles.d = ${TMPFILESDIR}])
+ AC_MSG_RESULT([ Log directory = ${LOGDIR}])
+ AC_MSG_RESULT([ Log rotate directory = ${LOGROTATEDIR}])
+ AC_MSG_RESULT([ corosync config dir = ${COROSYSCONFDIR}])
++AC_MSG_RESULT([ init config directory = ${INITCONFIGDIR}])
+ AC_MSG_RESULT([ Features =${PACKAGE_FEATURES}])
+ AC_MSG_RESULT([])
+ AC_MSG_RESULT([$PACKAGE build info:])
+diff --git a/init/Makefile.am b/init/Makefile.am
+index 379249f..3161979 100644
+--- a/init/Makefile.am
++++ b/init/Makefile.am
+@@ -76,6 +76,7 @@ endif
+ -e 's#@''SBINDIR@#$(sbindir)#g' \
+ -e 's#@''BINDIR@#$(bindir)#g' \
+ -e 's#@''SYSCONFDIR@#$(sysconfdir)#g' \
++ -e 's#@''INITCONFIGDIR@#$(INITCONFIGDIR)#g' \
+ -e 's#@''INITDDIR@#$(INITDDIR)#g' \
+ -e 's#@''INITWRAPPERSDIR@#$(INITWRAPPERSDIR)#g' \
+ -e 's#@''LOCALSTATEDIR@#$(localstatedir)#g' \
+diff --git a/init/corosync-notifyd.conf.in b/init/corosync-notifyd.conf.in
+index b1ac70c..168a781 100644
+--- a/init/corosync-notifyd.conf.in
++++ b/init/corosync-notifyd.conf.in
+@@ -6,14 +6,12 @@ expect fork
+ respawn
+
+ env prog=corosync-notifyd
+-env rpm_sysconf=@SYSCONFDIR@/sysconfig/corosync-notifyd
++env initconf=@INITCONFIGDIR@/corosync-notifyd
+ env rpm_lockfile=@LOCALSTATEDIR@/lock/subsys/corosync-notifyd
+-env deb_sysconf=@SYSCONFDIR@/default/corosync-notifyd
+ env deb_lockfile=@LOCALSTATEDIR@/lock/corosync-notifyd
+
+ script
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ exec $prog $OPTIONS
+ end script
+
+@@ -22,16 +20,14 @@ pre-start script
+ end script
+
+ post-start script
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile"
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile"
+ touch $LOCK_FILE
+ end script
+
+ post-stop script
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile"
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile"
+ rm -f $LOCK_FILE
+diff --git a/init/corosync-notifyd.in b/init/corosync-notifyd.in
+index 3711821..cc7fa78 100755
+--- a/init/corosync-notifyd.in
++++ b/init/corosync-notifyd.in
+@@ -47,16 +47,16 @@ status()
+ return $rtrn
+ }
+
++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog
++
+ # rpm based distros
+ if [ -d @SYSCONFDIR@/sysconfig ]; then
+ [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions
+- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog"
+ fi
+
+ # deb based distros
+ if [ -d @SYSCONFDIR@/default ]; then
+- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog"
+ fi
+
+diff --git a/init/corosync-notifyd.service.in b/init/corosync-notifyd.service.in
+index 689ab8e..f74ca33 100644
+--- a/init/corosync-notifyd.service.in
++++ b/init/corosync-notifyd.service.in
+@@ -5,7 +5,7 @@ Wants=corosync.service
+ After=corosync.service
+
+ [Service]
+-EnvironmentFile=@SYSCONFDIR@/sysconfig/corosync-notifyd
++EnvironmentFile=-@INITCONFIGDIR@/corosync-notifyd
+ ExecStart=@SBINDIR@/corosync-notifyd -f $OPTIONS
+ Type=simple
+ Restart=on-failure
+diff --git a/init/corosync-qdevice.in b/init/corosync-qdevice.in
+index 913e033..864cdfa 100755
+--- a/init/corosync-qdevice.in
++++ b/init/corosync-qdevice.in
+@@ -47,16 +47,16 @@ status()
+ return $res
+ }
+
++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog
++
+ # rpm based distros
+ if [ -d @SYSCONFDIR@/sysconfig ]; then
+ [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions
+- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog"
+ fi
+
+ # deb based distros
+ if [ -d @SYSCONFDIR@/default ]; then
+- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog"
+ fi
+
+diff --git a/init/corosync-qnetd.in b/init/corosync-qnetd.in
+index 15d30ea..beee03a 100755
+--- a/init/corosync-qnetd.in
++++ b/init/corosync-qnetd.in
+@@ -47,16 +47,16 @@ status()
+ return $res
+ }
+
++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog
++
+ # rpm based distros
+ if [ -d @SYSCONFDIR@/sysconfig ]; then
+ [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions
+- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog"
+ fi
+
+ # deb based distros
+ if [ -d @SYSCONFDIR@/default ]; then
+- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog"
+ fi
+
+diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in
+index c6cf8c9..cae98fe 100644
+--- a/init/corosync-qnetd.service.in
++++ b/init/corosync-qnetd.service.in
+@@ -6,7 +6,7 @@ Requires=network-online.target
+ After=network-online.target
+
+ [Service]
+-EnvironmentFile=@SYSCONFDIR@/sysconfig/corosync-qnetd
++EnvironmentFile=-@INITCONFIGDIR@/corosync-qnetd
+ ExecStart=@BINDIR@/corosync-qnetd -f $COROSYNC_QNETD_OPTIONS
+ Type=simple
+ Restart=on-abnormal
+diff --git a/init/corosync.conf.in b/init/corosync.conf.in
+index 373565a..0352d2b 100644
+--- a/init/corosync.conf.in
++++ b/init/corosync.conf.in
+@@ -5,14 +5,12 @@
+ expect fork
+
+ env prog=corosync
+-env rpm_sysconf=@SYSCONFDIR@/sysconfig/corosync
++env initconf=@INITCONFIGDIR@/corosync
+ env rpm_lockfile=@LOCALSTATEDIR@/lock/subsys/corosync
+-env deb_sysconf=@SYSCONFDIR@/default/corosync
+ env deb_lockfile=@LOCALSTATEDIR@/lock/corosync
+
+ script
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ exec $prog $COROSYNC_OPTIONS
+ end script
+
+@@ -25,8 +23,7 @@ end script
+ post-start script
+ wait_for_ipc()
+ {
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ try=0
+ max_try=$((COROSYNC_INIT_TIMEOUT*2-1))
+ [ "$max_try" -le "0" ] && max_try=120
+@@ -43,16 +40,14 @@ wait_for_ipc()
+ }
+ wait_for_ipc || { stop; exit 1; }
+
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile"
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile"
+ touch $LOCK_FILE
+ end script
+
+ post-stop script
+- [ -f "$rpm_sysconf" ] && . $rpm_sysconf
+- [ -f "$deb_sysconf" ] && . $deb_sysconf
++ [ -f "$initconf" ] && . $initconf
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/sysconfig ] && LOCK_FILE="$rpm_lockfile"
+ [ -z "$LOCK_FILE" -a -d @SYSCONFDIR@/default ] && LOCK_FILE="$deb_lockfile"
+ rm -f $LOCK_FILE
+diff --git a/init/corosync.in b/init/corosync.in
+index c93f971..a258c36 100755
+--- a/init/corosync.in
++++ b/init/corosync.in
+@@ -48,16 +48,16 @@ status()
+ return $res
+ }
+
++[ -f @INITCONFIGDIR@/$prog ] && . @INITCONFIGDIR@/$prog
++
+ # rpm based distros
+ if [ -d @SYSCONFDIR@/sysconfig ]; then
+ [ -f @INITDDIR@/functions ] && . @INITDDIR@/functions
+- [ -f @SYSCONFDIR@/sysconfig/$prog ] && . @SYSCONFDIR@/sysconfig/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/subsys/$prog"
+ fi
+
+ # deb based distros
+ if [ -d @SYSCONFDIR@/default ]; then
+- [ -f @SYSCONFDIR@/default/$prog ] && . @SYSCONFDIR@/default/$prog
+ [ -z "$LOCK_FILE" ] && LOCK_FILE="@LOCALSTATEDIR@/lock/$prog"
+ fi
+
+--
+1.8.3.1
+
diff --git a/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch b/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch
new file mode 100644
index 0000000..4ecd66a
--- /dev/null
+++ b/SOURCES/bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch
@@ -0,0 +1,194 @@
+From fde7fa0c6408709ccdd090aa9064e6a78232498a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ferenc=20W=C3=A1gner?= <wferi@debian.org>
+Date: Mon, 28 Nov 2016 14:47:05 +0100
+Subject: [PATCH] Use RuntimeDirectory instead of tmpfiles.d
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This reverts part of commit 32123f6bb2ebc4f9ac7865945cc85a9c9b903dc6.
+
+A simple directive is a much lighter solution to the same problem, and
+automatically follows the specified User. I copied the 0770 modes from
+the corresponding init scripts; they could use a little documentation.
+
+Signed-off-by: Ferenc Wágner <wferi@debian.org>
+Reviewed-by: Jan Friesse <jfriesse@redhat.com>
+(cherry picked from commit c733e9417ef1d2f31268e9b6f99a8fc7712fcea7)
+---
+ conf/Makefile.am | 2 +-
+ conf/tmpfiles.d/Makefile.am | 40 -------------------------------------
+ conf/tmpfiles.d/corosync-qnetd.conf | 1 -
+ configure.ac | 10 +---------
+ corosync.spec.in | 6 +-----
+ init/corosync-qdevice.service.in | 2 ++
+ init/corosync-qnetd.service.in | 2 ++
+ 7 files changed, 7 insertions(+), 56 deletions(-)
+ delete mode 100644 conf/tmpfiles.d/Makefile.am
+ delete mode 100644 conf/tmpfiles.d/corosync-qnetd.conf
+
+diff --git a/conf/Makefile.am b/conf/Makefile.am
+index 6382386..807b6cc 100644
+--- a/conf/Makefile.am
++++ b/conf/Makefile.am
+@@ -70,4 +70,4 @@ dbusdir = $(sysconfdir)/dbus-1/system.d
+ dbus_DATA = corosync-signals.conf
+ endif
+
+-SUBDIRS = logrotate tmpfiles.d
++SUBDIRS = logrotate
+diff --git a/conf/tmpfiles.d/Makefile.am b/conf/tmpfiles.d/Makefile.am
+deleted file mode 100644
+index 653129a..0000000
+--- a/conf/tmpfiles.d/Makefile.am
++++ /dev/null
+@@ -1,40 +0,0 @@
+-# Copyright (c) 2016 Red Hat, Inc.
+-#
+-# Authors:Jan Friesse (jfriesse@redhat.com)
+-#
+-# This software licensed under BSD license, the text of which follows:
+-#
+-# Redistribution and use in source and binary forms, with or without
+-# modification, are permitted provided that the following conditions are met:
+-#
+-# - Redistributions of source code must retain the above copyright notice,
+-# this list of conditions and the following disclaimer.
+-# - Redistributions in binary form must reproduce the above copyright notice,
+-# this list of conditions and the following disclaimer in the documentation
+-# and/or other materials provided with the distribution.
+-# - Neither the name of the MontaVista Software, Inc. nor the names of its
+-# contributors may be used to endorse or promote products derived from this
+-# software without specific prior written permission.
+-#
+-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+-# THE POSSIBILITY OF SUCH DAMAGE.
+-
+-MAINTAINERCLEANFILES = Makefile.in
+-
+-EXTRA_DIST = corosync-qnetd.conf
+-
+-if BUILD_QNETD
+-if INSTALL_SYSTEMD
+-tmpfilesdirdir = ${TMPFILESDIR}
+-tmpfilesdir_DATA = corosync-qnetd.conf
+-endif
+-endif
+diff --git a/conf/tmpfiles.d/corosync-qnetd.conf b/conf/tmpfiles.d/corosync-qnetd.conf
+deleted file mode 100644
+index f4cbd03..0000000
+--- a/conf/tmpfiles.d/corosync-qnetd.conf
++++ /dev/null
+@@ -1 +0,0 @@
+-d /var/run/corosync-qnetd 0770 root root -
+diff --git a/configure.ac b/configure.ac
+index 01f7aa5..342da77 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -204,8 +204,7 @@ AC_CONFIG_FILES([Makefile
+ conf/Makefile
+ qdevices/Makefile
+ Doxyfile
+- conf/logrotate/Makefile
+- conf/tmpfiles.d/Makefile])
++ conf/logrotate/Makefile])
+
+ ### Local business
+
+@@ -401,11 +400,6 @@ AC_ARG_WITH([logrotatedir],
+ [ LOGROTATEDIR="$withval" ],
+ [ LOGROTATEDIR="$sysconfdir/logrotate.d" ])
+
+-AC_ARG_WITH([tmpfilesdir],
+- [ --with-tmpfilesdir=DIR : path to tmpfiles.d configuration files directory. ],
+- [ TMPFILESDIR="$withval" ],
+- [ TMPFILESDIR="/lib/tmpfiles.d" ])
+-
+ AC_ARG_ENABLE([snmp],
+ [ --enable-snmp : SNMP protocol support ],
+ [ default="no" ])
+@@ -731,7 +725,6 @@ INITWRAPPERSDIR=$(eval echo ${INITWRAPPERSDIR})
+ AC_SUBST([INITWRAPPERSDIR])
+ AC_SUBST([LOGDIR])
+ AC_SUBST([LOGROTATEDIR])
+-AC_SUBST([TMPFILESDIR])
+
+ AC_SUBST([SOMAJOR])
+ AC_SUBST([SOMINOR])
+@@ -774,7 +767,6 @@ AC_MSG_RESULT([ System init.d directory = ${INITDDIR}])
+ AC_MSG_RESULT([ System systemd directory = ${SYSTEMDDIR}])
+ AC_MSG_RESULT([ System upstart directory = ${UPSTARTDIR}])
+ AC_MSG_RESULT([ System init wraps dir = ${INITWRAPPERSDIR}])
+-AC_MSG_RESULT([ System tmpfiles.d = ${TMPFILESDIR}])
+ AC_MSG_RESULT([ Log directory = ${LOGDIR}])
+ AC_MSG_RESULT([ Log rotate directory = ${LOGROTATEDIR}])
+ AC_MSG_RESULT([ corosync config dir = ${COROSYSCONFDIR}])
+diff --git a/corosync.spec.in b/corosync.spec.in
+index d101189..6e57c97 100644
+--- a/corosync.spec.in
++++ b/corosync.spec.in
+@@ -134,8 +134,7 @@ export rdmacm_LIBS=-lrdmacm \
+ %endif
+ --with-initddir=%{_initrddir} \
+ --with-systemddir=%{_unitdir} \
+- --with-upstartdir=%{_sysconfdir}/init \
+- --with-tmpfilesdir=%{_tmpfilesdir}
++ --with-upstartdir=%{_sysconfdir}/init
+
+ make %{_smp_mflags}
+
+@@ -176,8 +175,6 @@ install -m 644 init/corosync-qnetd.sysconfig.example \
+ %if %{with systemd}
+ sed -i -e 's/^#User=/User=/' \
+ %{buildroot}%{_unitdir}/corosync-qnetd.service
+-sed -i -e 's/root/coroqnetd/g' \
+- %{buildroot}%{_tmpfilesdir}/corosync-qnetd.conf
+ %else
+ sed -i -e 's/^COROSYNC_QNETD_RUNAS=""$/COROSYNC_QNETD_RUNAS="coroqnetd"/' \
+ %{buildroot}%{_sysconfdir}/sysconfig/corosync-qnetd
+@@ -503,7 +500,6 @@ fi
+ %{_unitdir}/corosync-qnetd.service
+ %dir %{_datadir}/corosync
+ %{_datadir}/corosync/corosync-qnetd
+-%{_tmpfilesdir}/corosync-qnetd.conf
+ %else
+ %{_initrddir}/corosync-qnetd
+ %endif
+diff --git a/init/corosync-qdevice.service.in b/init/corosync-qdevice.service.in
+index 8de4e5b..33746a0 100644
+--- a/init/corosync-qdevice.service.in
++++ b/init/corosync-qdevice.service.in
+@@ -9,6 +9,8 @@ After=corosync.service
+ ExecStart=@INITWRAPPERSDIR@/corosync-qdevice start
+ ExecStop=@INITWRAPPERSDIR@/corosync-qdevice stop
+ Type=forking
++RuntimeDirectory=corosync-qdevice
++RuntimeDirectoryMode=0770
+
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in
+index cae98fe..54b9849 100644
+--- a/init/corosync-qnetd.service.in
++++ b/init/corosync-qnetd.service.in
+@@ -12,6 +12,8 @@ Type=simple
+ Restart=on-abnormal
+ # Uncomment and set user who should be used for executing qnetd
+ #User=coroqnetd
++RuntimeDirectory=corosync-qnetd
++RuntimeDirectoryMode=0770
+
+ [Install]
+ WantedBy=multi-user.target
+--
+1.8.3.1
+
diff --git a/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch b/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch
new file mode 100644
index 0000000..1268592
--- /dev/null
+++ b/SOURCES/bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch
@@ -0,0 +1,141 @@
+From eac28dffdf7f060f41f2b2e95bb0f4c6c033425d Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 19 Mar 2019 14:40:12 +0100
+Subject: [PATCH] qnetd: Check existence of NSS DB dir before fork
+
+Previously, when user tried start corosync-qnetd without
+initialized NSS database then generic (not very helpful
+and misleading) NSS error was logged
+"NSS error (-8015): The certificate/key database is in an old,
+unsupported format.".
+
+Solution is to check if it's possible to open NSS DB directory and
+display (usually much more informative) result of strerror function.
+
+Such check is called before fork, so init system can return error code
+during start.
+
+To make error reporting work with systemd it's also needed to change
+unit type from simple to forking.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
+---
+ init/corosync-qnetd.service.in | 4 ++--
+ qdevices/corosync-qnetd.c | 12 +++++++++++-
+ qdevices/nss-sock.c | 23 ++++++++++++++++++++++-
+ qdevices/nss-sock.h | 4 +++-
+ 4 files changed, 38 insertions(+), 5 deletions(-)
+
+diff --git a/init/corosync-qnetd.service.in b/init/corosync-qnetd.service.in
+index 54b9849..8cff766 100644
+--- a/init/corosync-qnetd.service.in
++++ b/init/corosync-qnetd.service.in
+@@ -7,8 +7,8 @@ After=network-online.target
+
+ [Service]
+ EnvironmentFile=-@INITCONFIGDIR@/corosync-qnetd
+-ExecStart=@BINDIR@/corosync-qnetd -f $COROSYNC_QNETD_OPTIONS
+-Type=simple
++ExecStart=@BINDIR@/corosync-qnetd $COROSYNC_QNETD_OPTIONS
++Type=forking
+ Restart=on-abnormal
+ # Uncomment and set user who should be used for executing qnetd
+ #User=coroqnetd
+diff --git a/qdevices/corosync-qnetd.c b/qdevices/corosync-qnetd.c
+index 9af94b7..938e4ce 100644
+--- a/qdevices/corosync-qnetd.c
++++ b/qdevices/corosync-qnetd.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2016 Red Hat, Inc.
++ * Copyright (c) 2015-2019 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+@@ -543,6 +543,16 @@ main(int argc, char * const argv[])
+ qnetd_log_set_priority_bump(bump_log_priority);
+
+ /*
++ * Check that it's possible to open NSS dir if needed
++ */
++ if (nss_sock_check_db_dir((tls_supported != TLV_TLS_UNSUPPORTED ?
++ advanced_settings.nss_db_dir : NULL)) != 0) {
++ qnetd_log_err(LOG_ERR, "Can't open NSS DB directory");
++
++ exit (1);
++ }
++
++ /*
+ * Daemonize
+ */
+ if (!foreground) {
+diff --git a/qdevices/nss-sock.c b/qdevices/nss-sock.c
+index 3c63927..483d417 100644
+--- a/qdevices/nss-sock.c
++++ b/qdevices/nss-sock.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2016 Red Hat, Inc.
++ * Copyright (c) 2015-2019 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+@@ -32,6 +32,9 @@
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
++#include <sys/types.h>
++
++#include <dirent.h>
+ #include <limits.h>
+
+ #include "nss-sock.h"
+@@ -56,6 +59,24 @@ nss_sock_init_nss(char *config_dir)
+ return (0);
+ }
+
++int
++nss_sock_check_db_dir(const char *config_dir)
++{
++ DIR *dirp;
++
++ if (config_dir == NULL) {
++ return (0);
++ }
++
++ if ((dirp = opendir(config_dir)) == NULL) {
++ return (-1);
++ }
++
++ (void)closedir(dirp);
++
++ return (0);
++}
++
+ /*
+ * Set NSS socket non-blocking
+ */
+diff --git a/qdevices/nss-sock.h b/qdevices/nss-sock.h
+index cc16d96..4f82e0a 100644
+--- a/qdevices/nss-sock.h
++++ b/qdevices/nss-sock.h
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2016 Red Hat, Inc.
++ * Copyright (c) 2015-2019 Red Hat, Inc.
+ *
+ * All rights reserved.
+ *
+@@ -56,6 +56,8 @@ struct nss_sock_non_blocking_client {
+
+ extern int nss_sock_init_nss(char *config_dir);
+
++extern int nss_sock_check_db_dir(const char *config_dir);
++
+ extern PRFileDesc *nss_sock_create_listen_socket(const char *hostname, uint16_t port,
+ PRIntn af);
+
+--
+1.8.3.1
+
diff --git a/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch b/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch
new file mode 100644
index 0000000..4c67e5f
--- /dev/null
+++ b/SOURCES/bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch
@@ -0,0 +1,89 @@
+From 3f3e6b62719a263cb221c19a06d9a2c570234caa Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Thu, 27 Sep 2018 13:08:48 +0200
+Subject: [PATCH] totemcrypto: Fix importing of the private key
+
+Import key with length not dividable by wrap key block size was not
+possible.
+
+Wrapping of the key is standard crypto operation which needs data
+aligned to cipher block size, otherwise it fails.
+
+Possible solution is to use a zero filled buffer with size aligned to
+required wrap key block size. Private key is copied to the beginning of
+the buffer and unwrap operation keeps using only required private key
+size.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+Reviewed-by: Fabio M. Di Nitto <fdinitto@redhat.com>
+Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
+---
+ exec/totemcrypto.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
+index 273c567..55763af 100644
+--- a/exec/totemcrypto.c
++++ b/exec/totemcrypto.c
+@@ -247,7 +247,9 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s
+ SECItem tmp_sec_item;
+ SECItem wrapped_key;
+ int wrapped_key_len;
++ int wrap_key_block_size;
+ unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN];
++ unsigned char pad_key_data[MAX_WRAPPED_KEY_LEN];
+ int case_processed;
+
+ memset(&key_item, 0, sizeof(key_item));
+@@ -256,8 +258,15 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s
+ res_key = NULL;
+ wrap_key_crypt_context = NULL;
+
++ if (instance->private_key_len > sizeof(pad_key_data)) {
++ log_printf(instance->log_level_security, "Import symmetric key failed. Private key is too long");
++ goto exit_res_key;
++ }
++ memset(pad_key_data, 0, sizeof(pad_key_data));
++ memcpy(pad_key_data, instance->private_key, instance->private_key_len);
++
+ key_item.type = siBuffer;
+- key_item.data = instance->private_key;
++ key_item.data = pad_key_data;
+
+ case_processed = 0;
+ switch (key_type) {
+@@ -318,6 +327,22 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s
+ */
+
+ /*
++ * Key must be padded to a block size
++ */
++ wrap_key_block_size = PK11_GetBlockSize(wrap_mechanism, 0);
++ if (wrap_key_block_size < 0) {
++ log_printf(instance->log_level_security, "Unable to get wrap key block size (%d): %s",
++ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
++ goto exit_res_key;
++ }
++ if (sizeof(pad_key_data) % wrap_key_block_size != 0) {
++ log_printf(instance->log_level_security, "Padded key buffer size (%zu) is not dividable by "
++ "wrap key block size (%u).", sizeof(pad_key_data), (unsigned int)wrap_key_block_size);
++
++ goto exit_res_key;
++ }
++
++ /*
+ * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode
+ */
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
+@@ -332,7 +357,7 @@ static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum s
+ wrapped_key_len = (int)sizeof(wrapped_key_data);
+
+ if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key_data, &wrapped_key_len,
+- sizeof(wrapped_key_data), key_item.data, key_item.len) != SECSuccess) {
++ sizeof(wrapped_key_data), key_item.data, sizeof(pad_key_data)) != SECSuccess) {
+ log_printf(instance->log_level_security, "Unable to encrypt authkey (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
+--
+1.8.3.1
+
diff --git a/SPECS/corosync.spec b/SPECS/corosync.spec
index 1ce46b5..6478265 100644
--- a/SPECS/corosync.spec
+++ b/SPECS/corosync.spec
@@ -17,22 +17,38 @@
%bcond_without qdevices
%bcond_without qnetd
%bcond_without libcgroup
+%bcond_without spausedd
%global gitver %{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}
%global gittarver %{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}}
+%if %{with spausedd}
+%global spausedd_version 20190320
+%endif
+
Name: corosync
Summary: The Corosync Cluster Engine and Application Programming Interfaces
Version: 2.4.3
-Release: 4%{?gitver}%{?dist}
+Release: 6%{?gitver}%{?dist}
License: BSD
Group: System Environment/Base
URL: http://corosync.github.io/corosync/
Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
+%if %{with spausedd}
+Source1: https://github.com/jfriesse/spausedd/releases/download/%{spausedd_version}/spausedd-%{spausedd_version}.tar.gz
+# VMGuestLib exists only for x86_64 architecture
+%ifarch x86_64
+%global use_vmguestlib 1
+%endif
+%endif
Patch0: bz1536219-1-logging-Make-blackbox-configurable.patch
Patch1: bz1536219-2-logging-Close-before-and-open-blackbox-after-fork.patch
Patch2: bz1560468-1-totemcrypto-Check-length-of-the-packet.patch
+Patch3: bz1376819-1-configure-add-with-initconfigdir-option.patch
+Patch4: bz1376819-2-Use-RuntimeDirectory-instead-of-tmpfiles.d.patch
+Patch5: bz1634710-1-totemcrypto-Fix-importing-of-the-private-key.patch
+Patch6: bz1376819-3-qnetd-Check-existence-of-NSS-DB-dir-before-fork.patch
%if 0%{?rhel}
ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
@@ -85,14 +101,26 @@ BuildRequires: sed
%if %{with libcgroup}
BuildRequires: libcgroup-devel
%endif
+%if %{defined use_vmguestlib}
+BuildRequires: pkgconfig(vmguestlib)
+%endif
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
%prep
+%if %{with spausedd}
+%setup -q -a 1 -n %{name}-%{version}%{?gittarver}
+%else
%setup -q -n %{name}-%{version}%{?gittarver}
+%endif
+
%patch0 -p1 -b .bz1536219-1
%patch1 -p1 -b .bz1536219-2
%patch2 -p1 -b .bz1560468-1
+%patch3 -p1 -b .bz1376819-1
+%patch4 -p1 -b .bz1376819-2
+%patch5 -p1 -b .bz1634710-1
+%patch6 -p1 -b .bz1376819-3
%build
%if %{with runautogen}
@@ -144,11 +172,21 @@ export rdmacm_LIBS=-lrdmacm \
%endif
--with-initddir=%{_initrddir} \
--with-systemddir=%{_unitdir} \
- --with-upstartdir=%{_sysconfdir}/init \
- --with-tmpfilesdir=%{_tmpfilesdir}
+ --with-upstartdir=%{_sysconfdir}/init
make %{_smp_mflags}
+%if %{with spausedd}
+cd spausedd-%{spausedd_version}
+make \
+%if %{defined use_vmguestlib}
+ WITH_VMGUESTLIB=1 \
+%else
+ WITH_VMGUESTLIB=0 \
+%endif
+ %{?_smp_mflags} CFLAGS="%{optflags}"
+%endif
+
%install
rm -rf %{buildroot}
@@ -186,14 +224,27 @@ install -m 644 init/corosync-qnetd.sysconfig.example \
%if %{with systemd}
sed -i -e 's/^#User=/User=/' \
%{buildroot}%{_unitdir}/corosync-qnetd.service
-sed -i -e 's/root/coroqnetd/g' \
- %{buildroot}%{_tmpfilesdir}/corosync-qnetd.conf
%else
sed -i -e 's/^COROSYNC_QNETD_RUNAS=""$/COROSYNC_QNETD_RUNAS="coroqnetd"/' \
%{buildroot}%{_sysconfdir}/sysconfig/corosync-qnetd
%endif
%endif
+%if %{with spausedd}
+cd spausedd-%{spausedd_version}
+make DESTDIR="%{buildroot}" PREFIX="%{_prefix}" install
+
+%if %{with systemd}
+mkdir -p %{buildroot}/%{_unitdir}
+install -m 755 -p init/spausedd.service %{buildroot}/%{_unitdir}
+%else
+mkdir -p %{buildroot}/%{_initrddir}
+install -m 755 -p init/spausedd %{buildroot}/%{_initrddir}
+%endif
+
+cd ..
+%endif
+
%clean
rm -rf %{buildroot}
@@ -514,7 +565,6 @@ fi
%{_unitdir}/corosync-qnetd.service
%dir %{_datadir}/corosync
%{_datadir}/corosync/corosync-qnetd
-%{_tmpfilesdir}/corosync-qnetd.conf
%else
%{_initrddir}/corosync-qnetd
%endif
@@ -523,7 +573,78 @@ fi
%{_mandir}/man8/corosync-qnetd.8*
%endif
+# optional spausedd
+%if %{with spausedd}
+
+%package -n spausedd
+Summary: Utility to detect and log scheduler pause
+URL: https://github.com/jfriesse/spausedd
+
+%if %{with systemd}
+%{?systemd_requires}
+%else
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+%endif
+
+%description -n spausedd
+Utility to detect and log scheduler pause
+
+%files -n spausedd
+%doc spausedd-%{spausedd_version}/AUTHORS spausedd-%{spausedd_version}/COPYING
+%{_bindir}/spausedd
+%{_mandir}/man8/spausedd*
+%if %{with systemd}
+%{_unitdir}/spausedd.service
+%else
+%{_initrddir}/spausedd
+%endif
+
+%post -n spausedd
+%if %{with systemd} && 0%{?systemd_post:1}
+%systemd_post spausedd.service
+%else
+if [ $1 -eq 1 ]; then
+ /sbin/chkconfig --add spausedd || :
+fi
+%endif
+
+%preun -n spausedd
+%if %{with systemd} && 0%{?systemd_preun:1}
+%systemd_preun spausedd.service
+%else
+if [ $1 -eq 0 ]; then
+ /sbin/service spausedd stop &>/dev/null || :
+ /sbin/chkconfig --del spausedd || :
+fi
+%endif
+
+%postun -n spausedd
+%if %{with systemd} && 0%{?systemd_postun:1}
+ %systemd_postun spausedd.service
+%endif
+
+%endif
+
%changelog
+* Thu Mar 21 2019 Jan Friesse <jfriesse@redhat.com> 2.4.3-6
+- Resolves: rhbz#1542703
+
+- Add spausedd subpackage
+
+* Thu Mar 21 2019 Jan Friesse <jfriesse@redhat.com> 2.4.3-5
+- Resolves: rhbz#1376819
+- Resolves: rhbz#1634710
+
+- configure: add --with-initconfigdir option (rhbz#1376819)
+- merge upstream commit c0d8af0c7b247df16a90850b0edab4f978cb8192 (rhbz#1376819)
+- Use RuntimeDirectory instead of tmpfiles.d (rhbz#1376819)
+- merge upstream commit fde7fa0c6408709ccdd090aa9064e6a78232498a (rhbz#1376819)
+- totemcrypto: Fix importing of the private key (rhbz#1634710)
+- merge upstream commit 3f3e6b62719a263cb221c19a06d9a2c570234caa (rhbz#1634710)
+- qnetd: Check existence of NSS DB dir before fork (rhbz#1376819)
+- merge upstream commit eac28dffdf7f060f41f2b2e95bb0f4c6c033425d (rhbz#1376819)
+
* Tue Apr 17 2018 Jan Friesse <jfriesse@redhat.com> 2.4.3-4
- Resolves: rhbz#1422598