diff --git a/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch b/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch new file mode 100644 index 0000000..8fa18b5 --- /dev/null +++ b/SOURCES/bz1018780-fence_vmware_soap-Unknown-exception.patch @@ -0,0 +1,35 @@ +From b9d7388fdb2cf895f16842ac7c5615f6dd405d68 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 17 Feb 2014 15:23:19 +0100 +Subject: [PATCH] fence_vmware_soap: Unknown exception fixed + +Resolves: rhbz#1018780 +--- + fence/agents/vmware_soap/fence_vmware_soap.py | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index acfdcbb..776273e 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -1,7 +1,7 @@ + #!/usr/bin/python + + import sys, exceptions, time +-import shutil, tempfile ++import shutil, tempfile, suds + sys.path.append("@FENCEAGENTSLIBDIR@") + + from suds.client import Client +@@ -164,7 +164,7 @@ def set_power_status(conn, options): + conn.service.PowerOnVM_Task(mo_machine) + else: + conn.service.PowerOffVM_Task(mo_machine) +- except WebFault, ex: ++ except suds.WebFault, ex: + if ((str(ex).find("Permission to perform this operation was denied")) >= 0): + fail(EC_INVALID_PRIVILEGES) + else: +-- +1.7.7.6 + diff --git a/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch b/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch new file mode 100644 index 0000000..ff71df1 --- /dev/null +++ b/SOURCES/bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch @@ -0,0 +1,21 @@ +commit f1ee9c18423a1c65ccab4650601bd0146f200ef3 +Author: Fabio M. Di Nitto +Date: Thu Feb 27 08:27:19 2014 +0100 + + fence_vmware_soap: fix short/long option parsing traceback + + Signed-off-by: Fabio M. Di Nitto + +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index c73a1d6..bbac1c5 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -16,7 +16,7 @@ BUILD_DATE="April, 2011" + #END_VERSION_GENERATION + + def soap_login(options): +- if options["-o"] in ["off", "reboot"]: ++ if options["--action"] in ["off", "reboot"]: + time.sleep(int(options["--delay"])) + + if options.has_key("--ssl"): diff --git a/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch b/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch new file mode 100644 index 0000000..85f1d55 --- /dev/null +++ b/SOURCES/bz1018780-fence_vmware_soap_suppress_suds_message.patch @@ -0,0 +1,43 @@ +commit c360d3eecf6f9976d3371090034d08d03000f0e1 +Author: Fabio M. Di Nitto +Date: Wed Feb 26 09:34:35 2014 +0100 + + vmware_soap: drop warning from python suds when error occours + + prepatch: + fence_vmware_soap -z -l test -p wrongpasswd -a blabla -n vm1 -o reboot -v + No handlers could be found for logger "suds.client" + Failed: The user does not have the correct privileges to do the requested action. + + postpatch: + fence_vmware_soap -z -l test -p wrongpassed -a blabla -n vm1 -o reboot -v + Failed: The user does not have the correct privileges to do the requested action. + + Based on https://fedorahosted.org/suds/wiki/Documentation + logging must be configured and filter for CRITICAL since the harmless + error is at INFO level. + + Signed-off-by: Fabio M. Di Nitto + +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index 400e81f..c73a1d6 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -2,6 +2,7 @@ + + import sys, exceptions, time + import shutil, tempfile, suds ++import logging + sys.path.append("@FENCEAGENTSLIBDIR@") + + from suds.client import Client +@@ -199,6 +200,9 @@ Alternatively you can always use UUID to access virtual machine." + docs["vendorurl"] = "http://www.vmware.com" + show_docs(options, docs) + ++ logging.basicConfig(level=logging.INFO) ++ logging.getLogger('suds.client').setLevel(logging.CRITICAL) ++ + ## + ## Operate the fencing device + #### diff --git a/SOURCES/bz1021392-fencing_default_action_off.patch b/SOURCES/bz1021392-fencing_default_action_off.patch new file mode 100644 index 0000000..986d370 --- /dev/null +++ b/SOURCES/bz1021392-fencing_default_action_off.patch @@ -0,0 +1,32 @@ +From 8b127ebff6a38b0c6dd9c2a1ad738e2d7637e0fa Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 22 Jan 2014 13:51:50 +0100 +Subject: [PATCH 1/3] fencing: Fabric fence agents should have default action + "off" + +Previously, when you have run fence agent without -o XYZ, reboot was performed. Fabric fence agents do not have them +so fence agent fails. This update does not fix only this issue but also text --help and in manual pages. + +Resolves: rhbz#1021392 +--- + fence/agents/lib/fencing.py.py | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index 9cc7407..889bb04 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -618,6 +618,10 @@ def check_input(device_opt, opt): + else: + all_opt["login"]["required"] = "0" + ++ if device_opt.count("fabric_fencing"): ++ all_opt["action"]["default"] = "off" ++ all_opt["action"]["help"] = "-o, --action=[action] Action: status, off (default) or on" ++ + ## Set default values + ##### + for opt in device_opt: +-- +1.7.7.6 + diff --git a/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch b/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch new file mode 100644 index 0000000..1ebc2cd --- /dev/null +++ b/SOURCES/bz1022529-ensure_validity_of_xml_metadata-3.patch @@ -0,0 +1,25 @@ +From 849d0dba262c2111446fb5a03040b22146c35726 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Thu, 23 Jan 2014 18:29:35 +0100 +Subject: [PATCH] fence_kdump: Add vendor-url to metadata + +Resolves: rhbz#1022529 +--- + fence/agents/kdump/fence_kdump.c | 1 + + 1 files changed, 1 insertions(+), 0 deletions(-) + +diff --git a/fence/agents/kdump/fence_kdump.c b/fence/agents/kdump/fence_kdump.c +index fa1f6a4..cae9842 100644 +--- a/fence/agents/kdump/fence_kdump.c ++++ b/fence/agents/kdump/fence_kdump.c +@@ -178,6 +178,7 @@ do_action_metadata (const char *self) + fprintf (stdout, ""); + fprintf (stdout, "The fence_kdump agent is intended to be used with with kdump service."); + fprintf (stdout, "\n"); ++ fprintf (stdout, "http://www.kernel.org/pub/linux/utils/kernel/kexec/\n"); + + fprintf (stdout, "\n"); + +-- +1.7.7.6 + diff --git a/SOURCES/bz1022536-2-fence_wti-named_groups.patch b/SOURCES/bz1022536-2-fence_wti-named_groups.patch new file mode 100644 index 0000000..3ba7c85 --- /dev/null +++ b/SOURCES/bz1022536-2-fence_wti-named_groups.patch @@ -0,0 +1,34 @@ +From 53fe387f00278e769e00ec10b28e2cb6ff52c8b1 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 29 Jan 2014 15:29:21 +0100 +Subject: [PATCH] fence_wti: Add support for firmware v1.40 (on MPC device) + +Previously, named groups were tested only on firmware v1.43 (on NPS device). +--- + fence/agents/wti/fence_wti.py | 7 ++++--- + 1 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/fence/agents/wti/fence_wti.py b/fence/agents/wti/fence_wti.py +index 34967e1..c9c5237 100644 +--- a/fence/agents/wti/fence_wti.py ++++ b/fence/agents/wti/fence_wti.py +@@ -96,12 +96,13 @@ def get_plug_group_status(conn, options): + if (line.find("|") >= 0 and line.lstrip().startswith("GROUP NAME") == False): + plug_line = [x.strip().lower() for x in line.split("|")] + if ["list", "monitor"].count(options["--action"]) == 0 and options["--plug"].lower() == plug_line[name_index]: +- line_index += 1 + plug_status = [] + while line_index < len(lines) and line_index >= 0: + plug_line = [x.strip().lower() for x in lines[line_index].split("|")] +- if len(plug_line[plug_index]) > 0 and len(plug_line[name_index]) == 0: +- plug_status.append(plug_line[status_index]) ++ if len(plug_line) >= max(name_index, status_index) and len(plug_line[plug_index]) > 0 and (len(plug_line[name_index]) == 0 or options["--plug"].lower() == plug_line[name_index]): ++ ## Firmware 1.43 does not have a valid value of plug on first line as only name is defined on that line ++ if not "---" in plug_line[status_index]: ++ plug_status.append(plug_line[status_index]) + line_index += 1 + else: + line_index = -1 +-- +1.7.7.6 + diff --git a/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch b/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch new file mode 100644 index 0000000..6d0f23c --- /dev/null +++ b/SOURCES/bz1048843-fencing-do_not_use_public_keys.patch @@ -0,0 +1,22 @@ +commit cfd1f7490d7958ee25ad5937c9f2072adaa9862e +Author: Marek 'marx' Grac +Date: Mon Jan 6 13:25:43 2014 +0100 + + fencing: Do not use public keys when identity-file is not defined + + Previously, fence agent (ssh) tried to use keys before it asks for password. This lead to a situation + when fence agent did not work correctly as it was waiting for 'Password' which did not occur. + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index a570203..c8b9bda 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -979,7 +979,7 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna + syslog.syslog(syslog.LOG_ERR, str(ex)) + sys.exit(EC_GENERIC_ERROR) + elif options.has_key("--ssh") and 0 == options.has_key("--identity-file"): +- command = '%s %s %s@%s -p %s' % (SSH_PATH, force_ipvx, options["--username"], options["--ip"], options["--ipport"]) ++ command = '%s %s %s@%s -p %s -o PubkeyAuthentication=no' % (SSH_PATH, force_ipvx, options["--username"], options["--ip"], options["--ipport"]) + if options.has_key("--ssh-options"): + command += ' ' + options["--ssh-options"] + try: diff --git a/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch b/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch new file mode 100644 index 0000000..f55e935 --- /dev/null +++ b/SOURCES/bz1057299-fence_vmware_soap-add_delay.patch @@ -0,0 +1,30 @@ +commit 530e97f05e43bdd5bef9d24c75d4cc3057a491e8 +Author: Marek 'marx' Grac +Date: Fri Jan 10 15:54:49 2014 +0100 + + fence_vmware_soap: --delay is not respected + + Because fence agent do not use standard login process, support for the --delay has to be added. + +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index 98ac011..acfdcbb 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -1,6 +1,6 @@ + #!/usr/bin/python + +-import sys, exceptions ++import sys, exceptions, time + import shutil, tempfile + sys.path.append("@FENCEAGENTSLIBDIR@") + +@@ -15,6 +15,9 @@ BUILD_DATE="April, 2011" + #END_VERSION_GENERATION + + def soap_login(options): ++ if options["-o"] in ["off", "reboot"]: ++ time.sleep(int(options["--delay"])) ++ + if options.has_key("--ssl"): + url = "https://" + else: diff --git a/SOURCES/bz1072564-2-feature_ssl-secure.patch b/SOURCES/bz1072564-2-feature_ssl-secure.patch new file mode 100644 index 0000000..66eba0c --- /dev/null +++ b/SOURCES/bz1072564-2-feature_ssl-secure.patch @@ -0,0 +1,104 @@ +From c40a11439c738b67471da01ebfbc3d3d66db6311 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Fri, 7 Mar 2014 15:13:44 +0100 +Subject: [PATCH] fence_vmware_soap: Add new options --ssl-secure and + --ssl-insecure + +These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device +was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide +if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified. + +python-suds do not validates SSL certificates at all. It is required to change underlying library to +one that can support that what results in new dependency on python-requests. +--- + fence/agents/vmware_soap/fence_vmware_soap.py | 35 +++++++++++++++++++++--- + 1 files changed, 30 insertions(+), 5 deletions(-) + +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index bbac1c5..a578662 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -2,11 +2,13 @@ + + import sys, exceptions, time + import shutil, tempfile, suds +-import logging ++import logging, requests + sys.path.append("@FENCEAGENTSLIBDIR@") + + from suds.client import Client + from suds.sudsobject import Property ++from suds.transport.http import HttpAuthenticated ++from suds.transport import Reply, TransportError + from fencing import * + + #BEGIN_VERSION_GENERATION +@@ -15,13 +17,32 @@ REDHAT_COPYRIGHT="" + BUILD_DATE="April, 2011" + #END_VERSION_GENERATION + ++class RequestsTransport(HttpAuthenticated): ++ def __init__(self, **kwargs): ++ self.cert = kwargs.pop('cert', None) ++ self.verify = kwargs.pop('verify', True) ++ self.session = requests.Session() ++ # super won't work because not using new style class ++ HttpAuthenticated.__init__(self, **kwargs) ++ ++ def send(self, request): ++ self.addcredentials(request) ++ resp = self.session.post(request.url, data = request.message, headers = request.headers, cert = self.cert, verify = self.verify) ++ result = Reply(resp.status_code, resp.headers, resp.content) ++ return result ++ + def soap_login(options): + if options["--action"] in ["off", "reboot"]: + time.sleep(int(options["--delay"])) + +- if options.has_key("--ssl"): ++ if options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"): ++ if options.has_key("--ssl-insecure"): ++ verify = False ++ else: ++ verify = True + url = "https://" + else: ++ verify = False + url = "http://" + + url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk" +@@ -29,10 +50,10 @@ def soap_login(options): + tmp_dir = tempfile.mkdtemp() + tempfile.tempdir = tmp_dir + atexit.register(remove_tmp_dir, tmp_dir) +- ++ + try: +- conn = Client(url + "/vimService.wsdl") +- conn.set_options(location = url) ++ headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : ""} ++ conn = Client(url + "/vimService.wsdl", location = url, transport = RequestsTransport(verify = verify), headers = headers) + + mo_ServiceInstance = Property('ServiceInstance') + mo_ServiceInstance._type = 'ServiceInstance' +@@ -41,6 +62,8 @@ def soap_login(options): + mo_SessionManager._type = 'SessionManager' + + SessionManager = conn.service.Login(mo_SessionManager, options["--username"], options["--password"]) ++ except requests.exceptions.SSLError, ex: ++ fail_usage("Server side certificate verification failed") + except Exception, ex: + fail(EC_LOGIN_DENIED) + +@@ -202,6 +225,8 @@ Alternatively you can always use UUID to access virtual machine." + + logging.basicConfig(level=logging.INFO) + logging.getLogger('suds.client').setLevel(logging.CRITICAL) ++ logging.getLogger("requests").setLevel(logging.CRITICAL) ++ logging.getLogger("urllib3").setLevel(logging.CRITICAL) + + ## + ## Operate the fencing device +-- +1.7.7.6 + diff --git a/SOURCES/bz1072564-feature_ssl-secure.patch b/SOURCES/bz1072564-feature_ssl-secure.patch new file mode 100644 index 0000000..46108d9 --- /dev/null +++ b/SOURCES/bz1072564-feature_ssl-secure.patch @@ -0,0 +1,128 @@ +From e51df7a73141c4d378d12e4a3ade12776e48ebff Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 5 Mar 2014 12:49:17 +0100 +Subject: [PATCH] fencing: Add new options --ssl-secure and --ssl-insecure + +These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device +was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide +if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified. +--- + fence/agents/cisco_ucs/fence_cisco_ucs.py | 10 ++++++- + fence/agents/lib/fencing.py.py | 29 ++++++++++++++++++--- + fence/agents/rhevm/fence_rhevm.py | 11 ++++++-- + 4 files changed, 70 insertions(+), 14 deletions(-) + +diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py +index 71782cb..1e9d983 100644 +--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py ++++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py +@@ -85,8 +85,14 @@ def send_command(opt, command, timeout): + c.setopt(pycurl.POSTFIELDS, command) + c.setopt(pycurl.WRITEFUNCTION, b.write) + c.setopt(pycurl.TIMEOUT, timeout) +- c.setopt(pycurl.SSL_VERIFYPEER, 0) +- c.setopt(pycurl.SSL_VERIFYHOST, 0) ++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): ++ c.setopt(pycurl.SSL_VERIFYPEER, 1) ++ c.setopt(pycurl.SSL_VERIFYHOST, 2) ++ ++ if opt.has_key("--ssl-insecure"): ++ c.setopt(pycurl.SSL_VERIFYPEER, 0) ++ c.setopt(pycurl.SSL_VERIFYHOST, 0) ++ + c.perform() + result = b.getvalue() + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index 2006f0d..e40cbb2 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -170,6 +170,20 @@ all_opt = { + "required" : "0", + "shortdesc" : "SSL connection", + "order" : 1 }, ++ "ssl_insecure" : { ++ "getopt" : "9", ++ "longopt" : "ssl-insecure", ++ "help" : "--ssl-insecure Use ssl connection without verifying certificate", ++ "required" : "0", ++ "shortdesc" : "SSL connection without verifying fence device's certificate", ++ "order" : 1 }, ++ "ssl_secure" : { ++ "getopt" : "9", ++ "longopt" : "ssl-secure", ++ "help" : "--ssl-secure Use ssl connection with verifying certificate", ++ "required" : "0", ++ "shortdesc" : "SSL connection with verifying fence device's certificate", ++ "order" : 1 }, + "notls" : { + "getopt" : "t", + "longopt" : "notls", +@@ -370,6 +384,7 @@ DEPENDENCY_OPT = { + "secure" : [ "identity_file", "ssh_options" ], + "ipaddr" : [ "ipport", "inet4_only", "inet6_only" ], + "port" : [ "separator" ], ++ "ssl" : [ "ssl_secure", "ssl_insecure" ], + "community" : [ "snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \ + "snmp_priv_passwd", "snmp_priv_passwd_script" ] + } +@@ -645,7 +660,7 @@ def check_input(device_opt, opt): + elif options.has_key("--ssh"): + all_opt["ipport"]["default"] = 22 + all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 22)" +- elif options.has_key("--ssl"): ++ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"): + all_opt["ipport"]["default"] = 443 + all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 443)" + elif device_opt.count("web"): +@@ -738,7 +753,7 @@ def check_input(device_opt, opt): + if options.has_key("--ipport") == False: + if options.has_key("--ssh"): + options["--ipport"] = 22 +- elif options.has_key("--ssl"): ++ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"): + options["--ipport"] = 443 + elif device_opt.count("web"): + options["--ipport"] = 80 +@@ -968,11 +983,17 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna + re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE) + + if options.has_key("--ssl"): +- gnutls_opts="" ++ gnutls_opts = "" ++ ssl_opts = "" ++ + if options.has_key("--notls"): + gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\"" + +- command = '%s %s --insecure --crlf -p %s %s' % (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"]) ++ # --ssl is same as the --ssl-secure ++ if options.has_key("--ssl-insecure"): ++ ssl_opts = "--insecure" ++ ++ command = '%s %s %s --crlf -p %s %s' % (SSL_PATH, gnutls_opts, ssl_opts, options["--ipport"], options["--ip"]) + try: + conn = fspawn(options, command) + except pexpect.ExceptionPexpect, ex: +diff --git a/fence/agents/rhevm/fence_rhevm.py b/fence/agents/rhevm/fence_rhevm.py +index ff3d19f..6098071 100644 +--- a/fence/agents/rhevm/fence_rhevm.py ++++ b/fence/agents/rhevm/fence_rhevm.py +@@ -84,9 +84,14 @@ def send_command(opt, command, method = "GET"): + c.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC) + c.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) + c.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) +- c.setopt(pycurl.SSL_VERIFYPEER, 0) +- c.setopt(pycurl.SSL_VERIFYHOST, 0) +- ++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): ++ c.setopt(pycurl.SSL_VERIFYPEER, 1) ++ c.setopt(pycurl.SSL_VERIFYHOST, 2) ++ ++ if opt.has_key("--ssl-insecure"): ++ c.setopt(pycurl.SSL_VERIFYPEER, 0) ++ c.setopt(pycurl.SSL_VERIFYHOST, 0) ++ + if (method == "POST"): + c.setopt(pycurl.POSTFIELDS, "") + diff --git a/SOURCES/bz1073947-ssh_login_failed.patch b/SOURCES/bz1073947-ssh_login_failed.patch new file mode 100644 index 0000000..53189bd --- /dev/null +++ b/SOURCES/bz1073947-ssh_login_failed.patch @@ -0,0 +1,40 @@ +From a90a90cf56f713be9a4064a02c0f630425b2091c Mon Sep 17 00:00:00 2001 +From: Ondrej Mular +Date: Fri, 7 Mar 2014 09:43:00 -0500 +Subject: [PATCH] fencing: fixed pexpect TypeError exception, when using + identity file for login via ssh + +Previously, fence-agent failed to log in (ssh) using identity file. This caused fence-agent failure because of uncaught exception. + +Resolves: rhbz#1073947 + +Signed-off-by: Marek 'marx' Grac +--- + fence/agents/lib/fencing.py.py | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index 2006f0d..76855e1 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -1022,13 +1022,12 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna + "are not in the spec file and must be installed separately." + "\n") + sys.exit(EC_GENERIC_ERROR) + +- result = conn.log_expect(options, [ options["--command-prompt"], \ +- "Are you sure you want to continue connecting (yes/no)?", \ +- "Enter passphrase for key '" + options["--identity-file"] + "':" ], int(options["--login-timeout"])) ++ result = conn.log_expect(options, [ "Enter passphrase for key '" + options["--identity-file"] + "':",\ ++ "Are you sure you want to continue connecting (yes/no)?" ] + options["--command-prompt"], int(options["--login-timeout"])) + if result == 1: + conn.sendline("yes") +- conn.log_expect(options, [ options["--command-prompt"], "Enter passphrase for key '"+options["--identity-file"]+"':"] , int(options["--login-timeout"])) +- if result != 0: ++ result = conn.log_expect(options, [ "Enter passphrase for key '"+options["--identity-file"]+"':"] + options["--command-prompt"], int(options["--login-timeout"])) ++ if result == 0: + if options.has_key("--password"): + conn.sendline(options["--password"]) + conn.log_expect(options, options["--command-prompt"], int(options["--login-timeout"])) +-- +1.8.5.3 + diff --git a/SOURCES/bz990539-1-replacing_nss_wrapperr.patch b/SOURCES/bz990539-1-replacing_nss_wrapperr.patch new file mode 100644 index 0000000..43188d8 --- /dev/null +++ b/SOURCES/bz990539-1-replacing_nss_wrapperr.patch @@ -0,0 +1,550 @@ +From 52ed50a1bd4b4bfe632bd560de27195fcea65802 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 17 Feb 2014 14:20:24 +0100 +Subject: [PATCH] fence_ilo: Replacing nss_wrapper with gnutls-cli + +SSLv2 was disabled in nss package (rhbz#1001841), ilo2 now supports also SSLv3 +and it is possible to use standard tool for communication. +--- + configure.ac | 2 +- + fence/agents/Makefile.am | 1 - + fence/agents/lib/fencing.py.py | 5 +- + fence/agents/nss_wrapper/Makefile.am | 7 - + fence/agents/nss_wrapper/fence_nss_wrapper.c | 484 -------------------------- + make/fencebuild.mk | 1 + + 6 files changed, 4 insertions(+), 496 deletions(-) + delete mode 100644 fence/agents/nss_wrapper/Makefile.am + delete mode 100644 fence/agents/nss_wrapper/fence_nss_wrapper.c + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index fd21c69..798f855 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -28,7 +28,7 @@ EC_INVALID_PRIVILEGES = 11 + + TELNET_PATH = "/usr/bin/telnet" + SSH_PATH = "/usr/bin/ssh" +-SSL_PATH = "@LIBEXECDIR@/fence_nss_wrapper" ++SSL_PATH = "@GNUTLSCLI_PATH@" + SUDO_PATH = "/usr/bin/sudo" + + all_opt = { +@@ -960,11 +960,10 @@ def fence_login(options, re_login_string = "(login\s*: )|(Login Name: )|(userna + re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE) + + if options.has_key("--ssl"): +- command = '%s %s %s %s' % (SSL_PATH, force_ipvx, options["--ip"], options["--ipport"]) ++ command = '%s --insecure --crlf -p %s %s' % (SSL_PATH, options["--ipport"], options["--ip"]) + try: + conn = fspawn(options, command) + except pexpect.ExceptionPexpect, ex: +- ## SSL telnet is part of the fencing package + sys.stderr.write(str(ex) + "\n") + syslog.syslog(syslog.LOG_ERR, str(ex)) + sys.exit(EC_GENERIC_ERROR) +diff --git a/fence/agents/nss_wrapper/Makefile.am b/fence/agents/nss_wrapper/Makefile.am +deleted file mode 100644 +index 16273ed..0000000 +--- a/fence/agents/nss_wrapper/Makefile.am ++++ /dev/null +@@ -1,7 +0,0 @@ +-MAINTAINERCLEANFILES = Makefile.in +- +-libexec_PROGRAMS = fence_nss_wrapper +- +-fence_nss_wrapper_CFLAGS = $(nss_CFLAGS) $(nspr_CFLAGS) +- +-fence_nss_wrapper_LDFLAGS = $(nss_LIBS) $(nspr_LIBS) +diff --git a/fence/agents/nss_wrapper/fence_nss_wrapper.c b/fence/agents/nss_wrapper/fence_nss_wrapper.c +deleted file mode 100644 +index b960cf0..0000000 +--- a/fence/agents/nss_wrapper/fence_nss_wrapper.c ++++ /dev/null +@@ -1,484 +0,0 @@ +-/** @file fence_nss_wrapper.c - Main source code of hobbit like tool with +- support for NSS (SSL) connection. +-*/ +-#include "clusterautoconfig.h" +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-/*---- CONSTANTS -------------*/ +- +-/** Default operation = connect and telnet*/ +-#define OPERATION_DEFAULT 0 +-/** Operation display help*/ +-#define OPERATION_HELP 1 +- +-/** Default mode of connection. Try first found working address*/ +-#define MODE_DEFAULT 3 +-/** Use only IPv4*/ +-#define MODE_IP4MODE 1 +-/** Use only IPv6*/ +-#define MODE_IP6MODE 2 +-/** Use RAW mode - no change of \r and \n to \r\n*/ +-#define MODE_RAW 4 +-/** Use non-secure mode (without SSL, only pure socket)*/ +-#define MODE_NO_SSL 8 +- +-/*------ Functions ---------------*/ +- +-/** Return port inserted in string. Fuction tests, if port is integer, and than return +- integer value of string. Otherwise, it will use /etc/services. On fail, it returns +- port -1. +- @param port_s Input port or service name +- @return port number (converted with ntohs) on success, otherwise -1. +-*/ +-static int return_port(char *port_s) { +- char *end_c; +- int res; +- struct servent *serv; +- +- res=strtol(port_s,&end_c,10); +- +- if (*end_c=='\0') return res; +- +- /*It's not number, so try service name*/ +- serv=getservbyname(port_s,NULL); +- +- if (serv==NULL) return -1; +- +- return ntohs(serv->s_port); +-} +- +-/** Hook handler for bad certificate (because we have no DB, EVERY certificate is bad). +- Returned value is always SECSuccess = it's ok certificate. +- @param arg NULL value +- @param fd socket cased error +- @return SECSuccess. +-*/ +-static SECStatus nss_bad_cert_hook(void *arg,PRFileDesc *fd) { +- return SECSuccess; +-} +- +-/** Display last NSPR/NSS error code and user readable message. +-*/ +-static void print_nspr_error(void) { +- fprintf(stderr,"Error (%d): %s\n",PR_GetError(),PR_ErrorToString(PR_GetError(),PR_LANGUAGE_I_DEFAULT)); +-} +- +-/** Initialize NSS. NSS is initialized without DB and with +- domnestic policy. +- @return 1 on success, otherwise 0. +-*/ +-static int init_nss(void) { +- if ((NSS_NoDB_Init(NULL)!=SECSuccess) || +- (NSS_SetDomesticPolicy()!=SECSuccess)) { +- print_nspr_error(); +- +- return 0; +- } +- +- SSL_ClearSessionCache(); +- +- return 1; +-} +- +-/** Create socket. If ssl is >0, socket is ssl enabled. +- @param ssl Enable ssl (Client, SSL2+3, no TLS, compatible hello) if PR_TRUE, otherwise no. +- @param ipv6 New socket will be IPv4 if this value is 0, otherwise it will be ipv6 +- @return NULL on error, otherwise socket. +-*/ +-static PRFileDesc *create_socket(int ssl,int ipv6) { +- PRFileDesc *res_socket; +- +- res_socket=PR_OpenTCPSocket((ipv6?PR_AF_INET6:PR_AF_INET)); +- if (res_socket==NULL) { +- print_nspr_error(); +- +- return NULL; +- } +- +- if (!ssl) return res_socket; +- +- if (!(res_socket=SSL_ImportFD(NULL,res_socket))) { +- print_nspr_error(); +- +- return NULL; +- } +- +- if ((SSL_OptionSet(res_socket,SSL_SECURITY,ssl)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_HANDSHAKE_AS_SERVER,PR_FALSE)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_HANDSHAKE_AS_CLIENT,PR_TRUE)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_ENABLE_SSL2,ssl)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_ENABLE_SSL3,ssl)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_ENABLE_TLS,PR_FALSE)!=SECSuccess) || +- (SSL_OptionSet(res_socket,SSL_V2_COMPATIBLE_HELLO,ssl)!=SECSuccess) || +- (SSL_SetPKCS11PinArg(res_socket,NULL)==-1) || +- (SSL_AuthCertificateHook(res_socket,SSL_AuthCertificate,CERT_GetDefaultCertDB())!=SECSuccess) || +- (SSL_BadCertHook(res_socket,nss_bad_cert_hook,NULL)!=SECSuccess)) { +- print_nspr_error(); +- +- if (PR_Close(res_socket)!=PR_SUCCESS) { +- print_nspr_error(); +- } +- +- return NULL; +- } +- +- return res_socket; +-} +- +-/** Create socket and connect to it. +- @param hostname Hostname to connect +- @param port Port name/number to connect +- @param mode Connection mode. Bit-array of MODE_NO_SSL, MODE_IP6MODE, MODE_IP4MODE. +- @return NULL on error, otherwise connected socket. +-*/ +-static PRFileDesc *create_connected_socket(char *hostname,int port,int mode) { +- PRAddrInfo *addr_info; +- void *addr_iter; +- PRNetAddr addr; +- PRFileDesc *localsocket; +- int can_exit,valid_socket; +- PRUint16 af_spec; +- +- localsocket=NULL; +- +- addr_info=NULL; +- +- af_spec=PR_AF_UNSPEC; +- +- if (!(mode&MODE_IP6MODE)) af_spec=PR_AF_INET; +- +- addr_info=PR_GetAddrInfoByName(hostname,af_spec,PR_AI_ADDRCONFIG); +- +- if (addr_info == NULL) { +- print_nspr_error(); +- return NULL; +- } +- +- /*We have socket -> enumerate and try to connect*/ +- addr_iter=NULL; +- can_exit=0; +- valid_socket=0; +- +- while (!can_exit) { +- addr_iter=PR_EnumerateAddrInfo(addr_iter,addr_info,port,&addr); +- +- if (addr_iter==NULL) { +- can_exit=1; +- } else { +- if ((PR_NetAddrFamily(&addr)==PR_AF_INET && (mode&MODE_IP4MODE)) || +- (PR_NetAddrFamily(&addr)==PR_AF_INET6 && (mode&MODE_IP6MODE))) { +- /*Type of address is what user want, try to create socket and make connection*/ +- +- /*Create socket*/ +- localsocket=create_socket(!(mode&MODE_NO_SSL),(PR_NetAddrFamily(&addr)==PR_AF_INET6)); +- +- if (localsocket) { +- /*Try to connect*/ +- if (PR_Connect(localsocket,&addr,PR_INTERVAL_NO_TIMEOUT)==PR_SUCCESS) { +- /*Force handshake*/ +- if ((!(mode&MODE_NO_SSL)) && SSL_ForceHandshake(localsocket)!=SECSuccess) { +- /*Handhake failure -> fail*/ +- print_nspr_error(); +- if (PR_Close(localsocket)!=PR_SUCCESS) { +- print_nspr_error(); +- can_exit=1; +- } +- localsocket=NULL; +- } +- +- /*Socket is connected -> we can return it*/ +- can_exit=1; +- } else { +- /*Try another address*/ +- if (PR_Close(localsocket)!=PR_SUCCESS) { +- print_nspr_error(); +- can_exit=1; +- } +- localsocket=NULL; +- } +- } +- } +- } +- } +- +- if (!localsocket) { +- /*Socket is unvalid -> we don't found any usable address*/ +- fprintf(stderr,"Can't connect to host %s on port %d!\n",hostname,port); +- } +- +- PR_FreeAddrInfo(addr_info); +- +- return localsocket; +-} +- +-/** Parse arguments from command line. +- @param argc Number of arguments in argv +- @param argv Array of arguments +- @param mode Pointer to int will be filled with OPERATION_DEFAULT or OPERATION_HELP. +- @param mode Pointer to int will be filled with MODE_DEFAULT, MODE_IP4MODE or MODE_IP4MODE. +- @return 1 on success, otherwise 0. +-*/ +-static int parse_cli(int argc,char *argv[],int *operation,int *mode,char **hostname,char **port) { +- int opt; +- +- *operation=OPERATION_DEFAULT; +- *mode=MODE_DEFAULT; +- *port=NULL; +- *hostname=NULL; +- +- while ((opt=getopt(argc,argv,"h46rz"))!=-1) { +- switch (opt) { +- case 'h': +- *operation=OPERATION_HELP; +- +- return 0; +- break; +- +- case '4': +- (*mode)&=~MODE_IP6MODE; +- (*mode)|=MODE_IP4MODE; +- break; +- +- case '6': +- (*mode)&=~MODE_IP4MODE; +- (*mode)|=MODE_IP6MODE; +- break; +- +- case 'r': +- (*mode)|=MODE_RAW; +- break; +- +- case 'z': +- (*mode)|=MODE_NO_SSL; +- break; +- +- default: +- return 0; +- break; +- } +- } +- +- if (argc-optind<2) { +- fprintf(stderr,"Hostname and port is expected!\n"); +- +- return 0; +- } +- +- *hostname=argv[optind]; +- *port=argv[optind+1]; +- +- return 1; +-} +- +-/** Show usage of application. +- @param pname Name of program (usually basename of argv[0]) +-*/ +-static void show_usage(char *pname) { +- printf("usage: %s [options] hostname port\n", pname); +- printf(" -4 Force to use IPv4\n"); +- printf(" -6 Force to use IPv6\n"); +- printf(" -r Use RAW connection (don't convert \\r and \\n characters)\n"); +- printf(" -z Don't use SSL connection (use pure socket)\n"); +- printf(" -h Show this help\n"); +-} +- +-/** Convert End Of Lines (Unix \n, Macs \r or DOS/Win \r\n) to \r\n. +- @param in_buffer Input buffer +- @param in_size Input buffer size +- @param out_buffer Output buffer (must be prealocated). Should be (2*in_size) (in worst case) +- @param out_size There will be size of out_buffer +- @param in_state Internal state of finite automata. First call should have this 0, other calls +- shouldn't change this value. After end of file, you may add to this value +100 and call this +- again, to make sure of proper end (in_buffer can be in this case everything, including NULL). +-*/ +-static void convert_eols(char *in_buffer,int in_size,char *out_buffer,int *out_size,int *in_state) { +- int in_pos,out_pos; +- int status; +- char in_char; +- +- out_pos=0; +- status=*in_state; +- +- if (status==100 || status==101) { +- if (status==101) { +- out_buffer[out_pos++]='\r'; +- out_buffer[out_pos++]='\n'; +- } +- } else { +- for (in_pos=0;in_pos0) { +- if (PR_Write(PR_STDOUT,buffer,readed_bytes)!=readed_bytes) { +- print_nspr_error(); +- +- return 0; +- } +- } else { +- /*End of stream -> quit*/ +- can_exit=1; +- } +- } +- +- if (pool[0].out_flags&(PR_POLL_READ|PR_POLL_HUP)) { +- /*We have something in stdin*/ +- if ((readed_bytes=PR_Read(pool[0].fd,buffer,sizeof(buffer)))>0) { +- +- if (!(mode&MODE_RAW)) { +- convert_eols(buffer,readed_bytes,buffer_eol,&bytes_to_write,&eol_state); +- } else +- bytes_to_write=readed_bytes; +- +- if (PR_Write(pool[1].fd,(mode&MODE_RAW?buffer:buffer_eol),bytes_to_write)!=bytes_to_write) { +- print_nspr_error(); +- +- return 0; +- } +- } else { +- /*End of stream -> send EOL (if needed)*/ +- if (!(mode&MODE_RAW)) { +- eol_state+=100; +- convert_eols(NULL,0,buffer_eol,&bytes_to_write,&eol_state); +- if (PR_Write(pool[1].fd,buffer_eol,bytes_to_write)!=bytes_to_write) { +- print_nspr_error(); +- +- return 0; +- } +- } +- } +- } +- +- pool[0].out_flags=pool[1].out_flags=0; +- } /*while (!can_exit)*/ +- +- return 1; +-} +- +-static void atexit_handler(void) { +- if (PR_Initialized()) +- PR_Cleanup(); +- +- if (fclose(stdout)!=0) { +- fprintf(stderr,"Can't close stdout!\n"); +- +- exit(1); +- } +-} +- +-/** Entry point of application. +- @param argc Number of arguments on command line +- @param argv Array of strings with arguments from command line +- @return 0 on success, otherwise >0. +-*/ +-int main(int argc,char *argv[]) { +- int mode,operation; +- char *hostname, *port; +- char *pname; +- int port_n; +- PRFileDesc *fd_socket; +- int res; +- +- pname=basename(argv[0]); +- +- atexit(atexit_handler); +- +- if (!parse_cli(argc,argv,&operation,&mode,&hostname,&port) || operation==OPERATION_HELP) { +- show_usage(pname); +- +- if (operation!=OPERATION_HELP) return 1; +- +- return 0; +- } +- +- if ((port_n=return_port(port))==-1) { +- fprintf(stderr,"Error. Unknown port number/name %s!\n",port); +- +- return 1; +- } +- +- if (!(mode&MODE_NO_SSL)) { +- if (!init_nss()) return 1; +- } +- +- if (!(fd_socket=create_connected_socket(hostname,port_n,mode))) +- return 1; +- +- res=poll_cycle(fd_socket,mode); +- +- if (PR_Close(fd_socket)!=PR_SUCCESS) { +- print_nspr_error(); +- +- return 1; +- } +- +- return (res?0:1); +-} +-- +1.7.7.6 + diff --git a/SOURCES/bz990539-2-replacing_nss_wrapperr.patch b/SOURCES/bz990539-2-replacing_nss_wrapperr.patch new file mode 100644 index 0000000..364d2ba --- /dev/null +++ b/SOURCES/bz990539-2-replacing_nss_wrapperr.patch @@ -0,0 +1,40 @@ +diff -urN fence-agents-4.0.2.orig/configure.ac fence-agents-4.0.2/configure.ac +--- fence-agents-4.0.2.orig/configure.ac 2014-02-17 14:55:59.768097454 +0100 ++++ fence-agents-4.0.2/configure.ac 2014-02-17 14:57:05.567548670 +0100 +@@ -243,6 +243,8 @@ + CPPFLAGS="-I\$(top_builddir)/make -I\$(top_srcdir)/make -I. $ENV_CPPFLAGS" + LDFLAGS="$ENV_LDFLAGS" + ++AC_PATH_PROG([GNUTLSCLI_PATH], [gnutlscli], [/usr/bin/gnutls-cli]) ++ + AC_CONFIG_FILES([Makefile + fence/Makefile + fence/agents/Makefile +@@ -276,7 +278,6 @@ + fence/agents/lpar/Makefile + fence/agents/manual/Makefile + fence/agents/mcdata/Makefile +- fence/agents/nss_wrapper/Makefile + fence/agents/rackswitch/Makefile + fence/agents/ovh/Makefile + fence/agents/rhevm/Makefile +diff -urN fence-agents-4.0.2.orig/fence/agents/Makefile.am fence-agents-4.0.2/fence/agents/Makefile.am +--- fence-agents-4.0.2.orig/fence/agents/Makefile.am 2014-02-17 14:55:59.774097497 +0100 ++++ fence-agents-4.0.2/fence/agents/Makefile.am 2014-02-17 14:58:09.426990207 +0100 +@@ -1,5 +1,4 @@ + MAINTAINERCLEANFILES = Makefile.in + + SUBDIRS = lib \ +- nss_wrapper \ + $(AGENTS_LIST) +diff -urN fence-agents-4.0.2.orig/make/fencebuild.mk fence-agents-4.0.2/make/fencebuild.mk +--- fence-agents-4.0.2.orig/make/fencebuild.mk 2014-02-17 14:55:59.768097454 +0100 ++++ fence-agents-4.0.2/make/fencebuild.mk 2014-02-17 14:59:06.653383134 +0100 +@@ -9,6 +9,7 @@ + -e 's#@''LOGDIR@#${LOGDIR}#g' \ + -e 's#@''SBINDIR@#${sbindir}#g' \ + -e 's#@''LIBEXECDIR@#${libexecdir}#g' \ ++ -e 's#@''GNUTLSCLI_PATH@#${GNUTLSCLI_PATH}#g' \ + > $@ + + if [ 0 -eq `echo "$(SRC)" | grep fence_ &> /dev/null; echo $$?` ]; then \ diff --git a/SOURCES/bz990539-3-remove_nss_nspr_check.patch b/SOURCES/bz990539-3-remove_nss_nspr_check.patch new file mode 100644 index 0000000..76b39f8 --- /dev/null +++ b/SOURCES/bz990539-3-remove_nss_nspr_check.patch @@ -0,0 +1,14 @@ +diff -urN fence-agents-4.0.2.orig/configure.ac fence-agents-4.0.2/configure.ac +--- fence-agents-4.0.2.orig/configure.ac 2014-02-18 21:26:07.091204997 +0100 ++++ fence-agents-4.0.2/configure.ac 2014-02-18 21:26:18.572286647 +0100 +@@ -83,10 +83,6 @@ + LIBS=$ac_check_lib_save_LIBS + } + +-# external libs +-PKG_CHECK_MODULES([nss],[nss]) +-PKG_CHECK_MODULES([nspr],[nspr]) +- + # Checks for header files. + AC_CHECK_HEADERS([arpa/inet.h fcntl.h libintl.h limits.h netdb.h stddef.h sys/socket.h sys/time.h syslog.h]) + diff --git a/SOURCES/bz990539-4-remove_nss_nspr_check.patch b/SOURCES/bz990539-4-remove_nss_nspr_check.patch new file mode 100644 index 0000000..3bcba86 --- /dev/null +++ b/SOURCES/bz990539-4-remove_nss_nspr_check.patch @@ -0,0 +1,426 @@ +diff -urN fence-agents-4.0.2.orig/configure fence-agents-4.0.2/configure +--- fence-agents-4.0.2.orig/configure 2014-02-18 21:26:07.087204966 +0100 ++++ fence-agents-4.0.2/configure 2014-02-18 21:32:17.932860775 +0100 +@@ -615,6 +615,7 @@ + ac_subst_vars='am__EXEEXT_FALSE + am__EXEEXT_TRUE + LTLIBOBJS ++GNUTLSCLI_PATH + BUILD_XENAPILIB_FALSE + BUILD_XENAPILIB_TRUE + AGENTS_LIST +@@ -626,13 +627,6 @@ + DEFAULT_CONFIG_FILE + DEFAULT_CONFIG_DIR + LIBOBJS +-nspr_LIBS +-nspr_CFLAGS +-nss_LIBS +-nss_CFLAGS +-PKG_CONFIG_LIBDIR +-PKG_CONFIG_PATH +-PKG_CONFIG + CXXCPP + am__fastdepCXX_FALSE + am__fastdepCXX_TRUE +@@ -778,14 +772,7 @@ + CXX + CXXFLAGS + CCC +-CXXCPP +-PKG_CONFIG +-PKG_CONFIG_PATH +-PKG_CONFIG_LIBDIR +-nss_CFLAGS +-nss_LIBS +-nspr_CFLAGS +-nspr_LIBS' ++CXXCPP' + + + # Initialize some variables set by options. +@@ -1446,15 +1433,6 @@ + CXX C++ compiler command + CXXFLAGS C++ compiler flags + CXXCPP C++ preprocessor +- PKG_CONFIG path to pkg-config utility +- PKG_CONFIG_PATH +- directories to add to pkg-config's search path +- PKG_CONFIG_LIBDIR +- path overriding pkg-config's built-in search path +- nss_CFLAGS C compiler flags for nss, overriding pkg-config +- nss_LIBS linker flags for nss, overriding pkg-config +- nspr_CFLAGS C compiler flags for nspr, overriding pkg-config +- nspr_LIBS linker flags for nspr, overriding pkg-config + + Use these variables to override the choices made by `configure' or to help + it to find libraries and programs with nonstandard names/locations. +@@ -16179,309 +16157,6 @@ + LIBS=$ac_check_lib_save_LIBS + } + +-# external libs +- +- +- +- +- +- +-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then +- if test -n "$ac_tool_prefix"; then +- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_PKG_CONFIG+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- case $PKG_CONFIG in +- [\\/]* | ?:[\\/]*) +- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. +- ;; +- *) +- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-for as_dir in $PATH +-do +- IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_exec_ext in '' $ac_executable_extensions; do +- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then +- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 +- break 2 +- fi +-done +- done +-IFS=$as_save_IFS +- +- ;; +-esac +-fi +-PKG_CONFIG=$ac_cv_path_PKG_CONFIG +-if test -n "$PKG_CONFIG"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +-$as_echo "$PKG_CONFIG" >&6; } +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +- +- +-fi +-if test -z "$ac_cv_path_PKG_CONFIG"; then +- ac_pt_PKG_CONFIG=$PKG_CONFIG +- # Extract the first word of "pkg-config", so it can be a program name with args. +-set dummy pkg-config; ac_word=$2 +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +-$as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- case $ac_pt_PKG_CONFIG in +- [\\/]* | ?:[\\/]*) +- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. +- ;; +- *) +- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +-for as_dir in $PATH +-do +- IFS=$as_save_IFS +- test -z "$as_dir" && as_dir=. +- for ac_exec_ext in '' $ac_executable_extensions; do +- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then +- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" +- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 +- break 2 +- fi +-done +- done +-IFS=$as_save_IFS +- +- ;; +-esac +-fi +-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +-if test -n "$ac_pt_PKG_CONFIG"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +-$as_echo "$ac_pt_PKG_CONFIG" >&6; } +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +- +- if test "x$ac_pt_PKG_CONFIG" = x; then +- PKG_CONFIG="" +- else +- case $cross_compiling:$ac_tool_warned in +-yes:) +-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +-ac_tool_warned=yes ;; +-esac +- PKG_CONFIG=$ac_pt_PKG_CONFIG +- fi +-else +- PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +-fi +- +-fi +-if test -n "$PKG_CONFIG"; then +- _pkg_min_version=0.9.0 +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } +- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- PKG_CONFIG="" +- fi +-fi +- +-pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss" >&5 +-$as_echo_n "checking for nss... " >&6; } +- +-if test -n "$nss_CFLAGS"; then +- pkg_cv_nss_CFLAGS="$nss_CFLAGS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "nss") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_nss_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null` +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +-if test -n "$nss_LIBS"; then +- pkg_cv_nss_LIBS="$nss_LIBS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "nss") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_nss_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null` +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +- +- +- +-if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then +- _pkg_short_errors_supported=yes +-else +- _pkg_short_errors_supported=no +-fi +- if test $_pkg_short_errors_supported = yes; then +- nss_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nss" 2>&1` +- else +- nss_PKG_ERRORS=`$PKG_CONFIG --print-errors "nss" 2>&1` +- fi +- # Put the nasty error message in config.log where it belongs +- echo "$nss_PKG_ERRORS" >&5 +- +- as_fn_error $? "Package requirements (nss) were not met: +- +-$nss_PKG_ERRORS +- +-Consider adjusting the PKG_CONFIG_PATH environment variable if you +-installed software in a non-standard prefix. +- +-Alternatively, you may set the environment variables nss_CFLAGS +-and nss_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details." "$LINENO" 5 +- +-elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +-is in your PATH or set the PKG_CONFIG environment variable to the full +-path to pkg-config. +- +-Alternatively, you may set the environment variables nss_CFLAGS +-and nss_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details. +- +-To get pkg-config, see . +-See \`config.log' for more details" "$LINENO" 5; } +- +-else +- nss_CFLAGS=$pkg_cv_nss_CFLAGS +- nss_LIBS=$pkg_cv_nss_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-fi +- +-pkg_failed=no +-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for nspr" >&5 +-$as_echo_n "checking for nspr... " >&6; } +- +-if test -n "$nspr_CFLAGS"; then +- pkg_cv_nspr_CFLAGS="$nspr_CFLAGS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "nspr") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_nspr_CFLAGS=`$PKG_CONFIG --cflags "nspr" 2>/dev/null` +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +-if test -n "$nspr_LIBS"; then +- pkg_cv_nspr_LIBS="$nspr_LIBS" +- elif test -n "$PKG_CONFIG"; then +- if test -n "$PKG_CONFIG" && \ +- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr\""; } >&5 +- ($PKG_CONFIG --exists --print-errors "nspr") 2>&5 +- ac_status=$? +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; }; then +- pkg_cv_nspr_LIBS=`$PKG_CONFIG --libs "nspr" 2>/dev/null` +-else +- pkg_failed=yes +-fi +- else +- pkg_failed=untried +-fi +- +- +- +-if test $pkg_failed = yes; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then +- _pkg_short_errors_supported=yes +-else +- _pkg_short_errors_supported=no +-fi +- if test $_pkg_short_errors_supported = yes; then +- nspr_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nspr" 2>&1` +- else +- nspr_PKG_ERRORS=`$PKG_CONFIG --print-errors "nspr" 2>&1` +- fi +- # Put the nasty error message in config.log where it belongs +- echo "$nspr_PKG_ERRORS" >&5 +- +- as_fn_error $? "Package requirements (nspr) were not met: +- +-$nspr_PKG_ERRORS +- +-Consider adjusting the PKG_CONFIG_PATH environment variable if you +-installed software in a non-standard prefix. +- +-Alternatively, you may set the environment variables nspr_CFLAGS +-and nspr_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details." "$LINENO" 5 +- +-elif test $pkg_failed = untried; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +-is in your PATH or set the PKG_CONFIG environment variable to the full +-path to pkg-config. +- +-Alternatively, you may set the environment variables nspr_CFLAGS +-and nspr_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details. +- +-To get pkg-config, see . +-See \`config.log' for more details" "$LINENO" 5; } +- +-else +- nspr_CFLAGS=$pkg_cv_nspr_CFLAGS +- nspr_LIBS=$pkg_cv_nspr_LIBS +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-fi +- + # Checks for header files. + for ac_header in arpa/inet.h fcntl.h libintl.h limits.h netdb.h stddef.h sys/socket.h sys/time.h syslog.h + do : +@@ -17064,7 +16739,49 @@ + CPPFLAGS="-I\$(top_builddir)/make -I\$(top_srcdir)/make -I. $ENV_CPPFLAGS" + LDFLAGS="$ENV_LDFLAGS" + +-ac_config_files="$ac_config_files Makefile fence/Makefile fence/agents/Makefile fence/agents/alom/Makefile fence/agents/apc/Makefile fence/agents/apc_snmp/Makefile fence/agents/baytech/Makefile fence/agents/bladecenter/Makefile fence/agents/brocade/Makefile fence/agents/bullpap/Makefile fence/agents/cisco_mds/Makefile fence/agents/cisco_ucs/Makefile fence/agents/cpint/Makefile fence/agents/drac/Makefile fence/agents/drac5/Makefile fence/agents/dummy/Makefile fence/agents/eaton_snmp/Makefile fence/agents/egenera/Makefile fence/agents/eps/Makefile fence/agents/hpblade/Makefile fence/agents/ibmblade/Makefile fence/agents/ipdu/Makefile fence/agents/ifmib/Makefile fence/agents/ilo/Makefile fence/agents/ilo_mp/Makefile fence/agents/intelmodular/Makefile fence/agents/ipmilan/Makefile fence/agents/kdump/Makefile fence/agents/ldom/Makefile fence/agents/lib/Makefile fence/agents/lpar/Makefile fence/agents/manual/Makefile fence/agents/mcdata/Makefile fence/agents/nss_wrapper/Makefile fence/agents/rackswitch/Makefile fence/agents/ovh/Makefile fence/agents/rhevm/Makefile fence/agents/rsa/Makefile fence/agents/rsb/Makefile fence/agents/sanbox2/Makefile fence/agents/scsi/Makefile fence/agents/virsh/Makefile fence/agents/vixel/Makefile fence/agents/vmware/Makefile fence/agents/vmware_soap/Makefile fence/agents/wti/Makefile fence/agents/xcat/Makefile fence/agents/xenapi/Makefile fence/agents/hds_cb/Makefile fence/agents/zvm/Makefile doc/Makefile" ++# Extract the first word of "gnutlscli", so it can be a program name with args. ++set dummy gnutlscli; ac_word=$2 ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 ++$as_echo_n "checking for $ac_word... " >&6; } ++if ${ac_cv_path_GNUTLSCLI_PATH+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ case $GNUTLSCLI_PATH in ++ [\\/]* | ?:[\\/]*) ++ ac_cv_path_GNUTLSCLI_PATH="$GNUTLSCLI_PATH" # Let the user override the test with a path. ++ ;; ++ *) ++ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR ++for as_dir in $PATH ++do ++ IFS=$as_save_IFS ++ test -z "$as_dir" && as_dir=. ++ for ac_exec_ext in '' $ac_executable_extensions; do ++ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ++ ac_cv_path_GNUTLSCLI_PATH="$as_dir/$ac_word$ac_exec_ext" ++ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 ++ break 2 ++ fi ++done ++ done ++IFS=$as_save_IFS ++ ++ test -z "$ac_cv_path_GNUTLSCLI_PATH" && ac_cv_path_GNUTLSCLI_PATH="/usr/bin/gnutls-cli" ++ ;; ++esac ++fi ++GNUTLSCLI_PATH=$ac_cv_path_GNUTLSCLI_PATH ++if test -n "$GNUTLSCLI_PATH"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GNUTLSCLI_PATH" >&5 ++$as_echo "$GNUTLSCLI_PATH" >&6; } ++else ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++fi ++ ++ ++ ++ac_config_files="$ac_config_files Makefile fence/Makefile fence/agents/Makefile fence/agents/alom/Makefile fence/agents/apc/Makefile fence/agents/apc_snmp/Makefile fence/agents/baytech/Makefile fence/agents/bladecenter/Makefile fence/agents/brocade/Makefile fence/agents/bullpap/Makefile fence/agents/cisco_mds/Makefile fence/agents/cisco_ucs/Makefile fence/agents/cpint/Makefile fence/agents/drac/Makefile fence/agents/drac5/Makefile fence/agents/dummy/Makefile fence/agents/eaton_snmp/Makefile fence/agents/egenera/Makefile fence/agents/eps/Makefile fence/agents/hpblade/Makefile fence/agents/ibmblade/Makefile fence/agents/ipdu/Makefile fence/agents/ifmib/Makefile fence/agents/ilo/Makefile fence/agents/ilo_mp/Makefile fence/agents/intelmodular/Makefile fence/agents/ipmilan/Makefile fence/agents/kdump/Makefile fence/agents/ldom/Makefile fence/agents/lib/Makefile fence/agents/lpar/Makefile fence/agents/manual/Makefile fence/agents/mcdata/Makefile fence/agents/rackswitch/Makefile fence/agents/ovh/Makefile fence/agents/rhevm/Makefile fence/agents/rsa/Makefile fence/agents/rsb/Makefile fence/agents/sanbox2/Makefile fence/agents/scsi/Makefile fence/agents/virsh/Makefile fence/agents/vixel/Makefile fence/agents/vmware/Makefile fence/agents/vmware_soap/Makefile fence/agents/wti/Makefile fence/agents/xcat/Makefile fence/agents/xenapi/Makefile fence/agents/hds_cb/Makefile fence/agents/zvm/Makefile doc/Makefile" + + + cat >confcache <<\_ACEOF +@@ -18221,7 +17938,6 @@ + "fence/agents/lpar/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/lpar/Makefile" ;; + "fence/agents/manual/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/manual/Makefile" ;; + "fence/agents/mcdata/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/mcdata/Makefile" ;; +- "fence/agents/nss_wrapper/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/nss_wrapper/Makefile" ;; + "fence/agents/rackswitch/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/rackswitch/Makefile" ;; + "fence/agents/ovh/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/ovh/Makefile" ;; + "fence/agents/rhevm/Makefile") CONFIG_FILES="$CONFIG_FILES fence/agents/rhevm/Makefile" ;; diff --git a/SOURCES/bz990539-5-remove_nss_nspr_check.patch b/SOURCES/bz990539-5-remove_nss_nspr_check.patch new file mode 100644 index 0000000..661a27c --- /dev/null +++ b/SOURCES/bz990539-5-remove_nss_nspr_check.patch @@ -0,0 +1,52 @@ +diff -urN fence-agents-4.0.2/fence/agents/Makefile.in fence-agents-4.0.2.new/fence/agents/Makefile.in +--- fence-agents-4.0.2/fence/agents/Makefile.in 2013-07-30 12:48:53.000000000 +0200 ++++ fence-agents-4.0.2.new/fence/agents/Makefile.in 2014-02-18 21:47:59.622684528 +0100 +@@ -145,6 +145,7 @@ + EXEEXT = @EXEEXT@ + FENCEAGENTSLIBDIR = @FENCEAGENTSLIBDIR@ + FGREP = @FGREP@ ++GNUTLSCLI_PATH = @GNUTLSCLI_PATH@ + GREP = @GREP@ + INSTALL = @INSTALL@ + INSTALL_DATA = @INSTALL_DATA@ +@@ -177,9 +178,6 @@ + PACKAGE_URL = @PACKAGE_URL@ + PACKAGE_VERSION = @PACKAGE_VERSION@ + PATH_SEPARATOR = @PATH_SEPARATOR@ +-PKG_CONFIG = @PKG_CONFIG@ +-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + RANLIB = @RANLIB@ + SED = @SED@ + SET_MAKE = @SET_MAKE@ +@@ -227,10 +225,6 @@ + localstatedir = @localstatedir@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ +-nspr_CFLAGS = @nspr_CFLAGS@ +-nspr_LIBS = @nspr_LIBS@ +-nss_CFLAGS = @nss_CFLAGS@ +-nss_LIBS = @nss_LIBS@ + oldincludedir = @oldincludedir@ + pdfdir = @pdfdir@ + prefix = @prefix@ +@@ -246,7 +240,6 @@ + top_srcdir = @top_srcdir@ + MAINTAINERCLEANFILES = Makefile.in + SUBDIRS = lib \ +- nss_wrapper \ + $(AGENTS_LIST) + + all: all-recursive +@@ -261,9 +254,9 @@ + exit 1;; \ + esac; \ + done; \ +- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu fence/agents/Makefile'; \ ++ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign fence/agents/Makefile'; \ + $(am__cd) $(top_srcdir) && \ +- $(AUTOMAKE) --gnu fence/agents/Makefile ++ $(AUTOMAKE) --foreign fence/agents/Makefile + .PRECIOUS: Makefile + Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ diff --git a/SOURCES/bz990539-6-remove_nss_nspr_check.patch b/SOURCES/bz990539-6-remove_nss_nspr_check.patch new file mode 100644 index 0000000..00c347a --- /dev/null +++ b/SOURCES/bz990539-6-remove_nss_nspr_check.patch @@ -0,0 +1,12 @@ +diff -urN fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py fence-agents-4.0.2/fence/agents/lib/fencing.py.py +--- fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py 2014-02-19 18:09:44.000000000 +0100 ++++ fence-agents-4.0.2/fence/agents/lib/fencing.py.py 2014-02-19 18:11:04.530890059 +0100 +@@ -28,7 +28,7 @@ + + TELNET_PATH = "/usr/bin/telnet" + SSH_PATH = "/usr/bin/ssh" +-SSL_PATH = "@GNUTLSCLI_PATH@" ++SSL_PATH = "/usr/bin/gnutls-cli" + SUDO_PATH = "/usr/bin/sudo" + + all_opt = { diff --git a/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch b/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch new file mode 100644 index 0000000..ef004f1 --- /dev/null +++ b/SOURCES/bz990539-7-allow_notls_negotiation_with_old_devices.patch @@ -0,0 +1,79 @@ +diff -Naurd fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py +--- fence-agents-4.0.2.orig/fence/agents/cisco_ucs/fence_cisco_ucs.py 2013-07-30 12:46:11.000000000 +0200 ++++ fence-agents-4.0.2/fence/agents/cisco_ucs/fence_cisco_ucs.py 2014-02-20 11:53:07.576955152 +0100 +@@ -107,7 +107,7 @@ + "order" : 1 } + + def main(): +- device_opt = [ "ipaddr", "login", "passwd", "ssl", "port", "web", "suborg" ] ++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg" ] + + atexit.register(atexit_handler) + +diff -Naurd fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py +--- fence-agents-4.0.2.orig/fence/agents/ilo/fence_ilo.py 2014-02-20 11:52:28.948883919 +0100 ++++ fence-agents-4.0.2/fence/agents/ilo/fence_ilo.py 2014-02-20 11:53:07.655955297 +0100 +@@ -63,7 +63,7 @@ + "order" : 1 } + + def main(): +- device_opt = [ "ipaddr", "login", "passwd", "ssl", "ribcl" ] ++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "ribcl" ] + + atexit.register(atexit_handler) + +diff -Naurd fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py fence-agents-4.0.2/fence/agents/lib/fencing.py.py +--- fence-agents-4.0.2.orig/fence/agents/lib/fencing.py.py 2014-02-20 11:52:29.345884646 +0100 ++++ fence-agents-4.0.2/fence/agents/lib/fencing.py.py 2014-02-20 11:53:07.655955297 +0100 +@@ -177,6 +177,14 @@ + "required" : "0", + "shortdesc" : "SSL connection", + "order" : 1 }, ++ "notls" : { ++ "getopt" : "t", ++ "longopt" : "notls", ++ "help" : "-t, --notls Disable TLS negotiation and force SSL3.0.\n" + ++ " This should only be used for devices that do not support TLS1.0 and up.", ++ "required" : "0", ++ "shortdesc" : "Disable TLS negotiation", ++ "order" : 1 }, + "port" : { + "getopt" : "n:", + "longopt" : "plug", +@@ -927,7 +935,11 @@ + re_pass = re.compile("(password)|(pass phrase)", re.IGNORECASE) + + if options.has_key("--ssl"): +- command = '%s --insecure --crlf -p %s %s' % (SSL_PATH, options["--ipport"], options["--ip"]) ++ gnutls_opts="" ++ if options.has_key("--notls"): ++ gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\"" ++ ++ command = '%s %s --insecure --crlf -p %s %s' % (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"]) + try: + conn = fspawn(options, command) + except pexpect.ExceptionPexpect, ex: +diff -Naurd fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py +--- fence-agents-4.0.2.orig/fence/agents/rhevm/fence_rhevm.py 2013-07-30 12:46:12.000000000 +0200 ++++ fence-agents-4.0.2/fence/agents/rhevm/fence_rhevm.py 2014-02-20 11:53:07.655955297 +0100 +@@ -101,7 +101,7 @@ + return result + + def main(): +- device_opt = [ "ipaddr", "login", "passwd", "ssl", "web", "port" ] ++ device_opt = [ "ipaddr", "login", "passwd", "ssl", "notls", "web", "port" ] + + atexit.register(atexit_handler) + +diff -Naurd fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py +--- fence-agents-4.0.2.orig/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:52:29.000884014 +0100 ++++ fence-agents-4.0.2/fence/agents/vmware_soap/fence_vmware_soap.py 2014-02-20 11:53:07.656955299 +0100 +@@ -177,7 +177,7 @@ + shutil.rmtree(tmp_dir) + + def main(): +- device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "port" ] ++ device_opt = [ "ipaddr", "login", "passwd", "web", "ssl", "notls", "port" ] + + atexit.register(atexit_handler) + diff --git a/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch b/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch new file mode 100644 index 0000000..c855179 --- /dev/null +++ b/SOURCES/bz994466-1-fence_scsi-automatic_key_generation.patch @@ -0,0 +1,92 @@ +From 116512c174f4acef0faee4459158c45ddf6922d2 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 22 Jan 2014 15:35:20 +0100 +Subject: [PATCH 2/3] fence_scsi: Replace automatic key generation to work + with corosync clusters instead of cman + +Resolves: rhbz#994466 +--- + fence/agents/scsi/fence_scsi.pl | 38 ++++++++++++++++++++++---------------- + 1 files changed, 22 insertions(+), 16 deletions(-) + +diff --git a/fence/agents/scsi/fence_scsi.pl b/fence/agents/scsi/fence_scsi.pl +index c959417..3ad0f09 100644 +--- a/fence/agents/scsi/fence_scsi.pl ++++ b/fence/agents/scsi/fence_scsi.pl +@@ -5,6 +5,7 @@ use File::Basename; + use File::Path; + use Getopt::Std; + use POSIX; ++use B; + + #BEGIN_VERSION_GENERATION + $RELEASE_VERSION=""; +@@ -426,10 +427,10 @@ sub get_key ($) + sub get_node_id ($) + { + my $self = (caller(0))[3]; +- my $node_id; ++ my $node = $_[0]; + +- my $cmd = "cman_tool nodes -n $_[0] -F id"; +- my $out = qx { $cmd 2> /dev/null }; ++ my $cmd = "/sbin/corosync-cmapctl nodelist."; ++ my @out = qx { $cmd 2> /dev/null }; + my $err = ($?>>8); + + if ($err != 0) { +@@ -438,11 +439,14 @@ sub get_node_id ($) + + # die "[error]: $self\n" if ($?>>8); + +- chomp ($out); +- +- $node_id = $out; +- +- return ($node_id); ++ foreach my $line (@out) { ++ chomp($line); ++ if ($line =~ /.(\d+?).ring._addr \(str\) = ${node}$/) { ++ return $1; ++ } ++ } ++ ++ log_error("$self (unable to parse output of corosync-cmapctl or node does not exist)"); + } + + sub get_cluster_id () +@@ -450,8 +454,8 @@ sub get_cluster_id () + my $self = (caller(0))[3]; + my $cluster_id; + +- my $cmd = "cman_tool status"; +- my @out = qx { $cmd 2> /dev/null }; ++ my $cmd = "/sbin/corosync-cmapctl totem.cluster_name"; ++ my $out = qx { $cmd 2> /dev/null }; + my $err = ($?>>8); + + if ($err != 0) { +@@ -460,12 +464,14 @@ sub get_cluster_id () + + # die "[error]: $self\n" if ($?>>8); + +- foreach (@out) { +- chomp; +- my ($param, $value) = split (/\s*:\s*/, $_); +- if ($param =~ /^cluster\s+id/i) { +- $cluster_id = $value; +- } ++ chomp($out); ++ ++ if ($out =~ /=\s(.*?)$/) { ++ my $cluster_name = $1; ++ # tranform string to a number ++ $cluster_id = (hex B::hash($cluster_name)) % 65536; ++ } else { ++ log_error("$self (unable to parse output of corosync-cmapctl)"); + } + + return ($cluster_id); +-- +1.7.7.6 + diff --git a/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch b/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch new file mode 100644 index 0000000..cd2e139 --- /dev/null +++ b/SOURCES/bz994466-2-fence_scsi-automatic_key_generation.patch @@ -0,0 +1,36 @@ +From cc04df682a343c6627c250cffc0f4d60383a7baa Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Thu, 23 Jan 2014 17:32:25 +0100 +Subject: [PATCH 3/3] fence_scsi: Change path to corosync from /sbin to + /usr/sbin + +/sbin is just a symlink to /usr/bin - so it does not impact functionality +--- + fence/agents/scsi/fence_scsi.pl | 4 ++-- + 1 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fence/agents/scsi/fence_scsi.pl b/fence/agents/scsi/fence_scsi.pl +index 3ad0f09..6808ff5 100644 +--- a/fence/agents/scsi/fence_scsi.pl ++++ b/fence/agents/scsi/fence_scsi.pl +@@ -429,7 +429,7 @@ sub get_node_id ($) + my $self = (caller(0))[3]; + my $node = $_[0]; + +- my $cmd = "/sbin/corosync-cmapctl nodelist."; ++ my $cmd = "/usr/sbin/corosync-cmapctl nodelist."; + my @out = qx { $cmd 2> /dev/null }; + my $err = ($?>>8); + +@@ -454,7 +454,7 @@ sub get_cluster_id () + my $self = (caller(0))[3]; + my $cluster_id; + +- my $cmd = "/sbin/corosync-cmapctl totem.cluster_name"; ++ my $cmd = "/usr/sbin/corosync-cmapctl totem.cluster_name"; + my $out = qx { $cmd 2> /dev/null }; + my $err = ($?>>8); + +-- +1.7.7.6 + diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec old mode 100755 new mode 100644 index d553c05..f0a4b9e --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -16,7 +16,7 @@ Name: fence-agents Summary: Fence Agents for Red Hat Cluster Version: 4.0.2 -Release: 6%{?alphatag:.%{alphatag}}%{?dist} +Release: 21%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: http://sourceware.org/cluster/wiki/ @@ -38,6 +38,26 @@ Patch13: bz1022533-invalid_use_of_options-2.patch Patch14: bz1022533-invalid_use_of_options-3.patch Patch15: bz1022529-ensure_validity_of_xml_metadata-2.patch Patch16: bz1021392-fence_brocade-add_agent.patch +Patch17: bz1021392-fencing_default_action_off.patch +Patch18: bz994466-1-fence_scsi-automatic_key_generation.patch +Patch19: bz994466-2-fence_scsi-automatic_key_generation.patch +Patch20: bz1022529-ensure_validity_of_xml_metadata-3.patch +Patch21: bz1022536-2-fence_wti-named_groups.patch +Patch22: bz1057299-fence_vmware_soap-add_delay.patch +Patch23: bz1048843-fencing-do_not_use_public_keys.patch +Patch24: bz990539-1-replacing_nss_wrapperr.patch +Patch25: bz990539-2-replacing_nss_wrapperr.patch +Patch26: bz1018780-fence_vmware_soap-Unknown-exception.patch +Patch27: bz990539-3-remove_nss_nspr_check.patch +Patch28: bz990539-4-remove_nss_nspr_check.patch +Patch29: bz990539-5-remove_nss_nspr_check.patch +Patch30: bz990539-6-remove_nss_nspr_check.patch +Patch31: bz990539-7-allow_notls_negotiation_with_old_devices.patch +Patch32: bz1018780-fence_vmware_soap_suppress_suds_message.patch +Patch33: bz1018780-fence_vmware_soap_fix_option_parsing_from_stdin.patch +Patch34: bz1072564-feature_ssl-secure.patch +Patch35: bz1072564-2-feature_ssl-secure.patch +Patch36: bz1073947-ssh_login_failed.patch %if 0%{?fedora} %global supportedagents alom apc apc_snmp bladecenter brocade cisco_mds cisco_ucs drac5 eaton_snmp eps hpblade ibmblade ifmib ilo ilo_mp intelmodular ipdu ipmilan kdump ldom lpar rhevm rsa rsb scsi vmware_soap wti @@ -58,9 +78,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) # Build dependencies BuildRequires: perl BuildRequires: glibc-devel -BuildRequires: nss-devel nspr-devel +BuildRequires: gnutls-utils BuildRequires: libxslt -BuildRequires: python pexpect python-pycurl python-suds +BuildRequires: python pexpect python-pycurl python-suds python-requests BuildRequires: perl(Net::Telnet) net-snmp-utils %if 0%{?fedora} BuildRequires: perl(Pod::MinimumVersion) @@ -76,7 +96,7 @@ BuildRequires: perl(Pod::MinimumVersion) %patch5 -p1 -b .bug5 %patch6 -p1 -b .bz1012994 %patch7 -p1 -b .bz1022528 -%patch8 -p1 -b .bz1018780 +%patch8 -p1 -b .bz1018780-1 %patch9 -p1 -b .bz1022536 %patch10 -p1 -b .bz1022538 %patch11 -p1 -b .bz1022529-1 @@ -85,6 +105,26 @@ BuildRequires: perl(Pod::MinimumVersion) %patch14 -p1 -b .bz1022533-3 %patch15 -p1 -b .bz1022529-2 %patch16 -p1 -b .bz1021392 +%patch17 -p1 -b .bz1021392 +%patch18 -p1 -b .bz994466-1 +%patch19 -p1 -b .bz994466-2 +%patch20 -p1 -b .bz1022529-3 +%patch21 -p1 -b .bz1022536-2 +%patch22 -p1 -b .bz1057299 +%patch23 -p1 -b .bz1048843 +%patch24 -p1 -b .bz990539-1 +%patch25 -p1 -b .bz990539-2 +%patch26 -p1 -b .bz1018780-2 +%patch27 -p1 -b .bz990539-3 +%patch28 -p1 -b .bz990539-4 +%patch29 -p1 -b .bz990539-5 +%patch30 -p1 -b .bz990539-6 +%patch31 -p1 -b .bz990539-7 +%patch32 -p1 -b .bz1018780-3 +%patch33 -p1 -b .bz1018780-4 +%patch34 -p1 -b .bz1072564-1 +%patch35 -p1 -b .bz1072564-2 +%patch36 -p1 -b .bz1073947-1 %build %{configure} --with-agents='%{supportedagents} %{testagents}' @@ -103,9 +143,6 @@ rm -rf %{buildroot}/usr/share/doc/fence-agents %clean rm -rf %{buildroot} -%post -ccs_update_schema > /dev/null 2>&1 ||: - %description Red Hat Fence Agents is a collection of scripts to handle remote power management for several devices. @@ -130,6 +167,9 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agents Requires: %{allfenceagents} +%ifarch i686 x86_64 +Requires: fence-virt +%endif Provides: fence-agents = %{version}-%{release} Obsoletes: fence-agents < 3.1.13 %description all @@ -141,7 +181,8 @@ Red Hat Fence Agents is a collection of all supported fence agents. License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for SUN ALOM -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description alom Red Hat Fence Agents @@ -155,7 +196,8 @@ Red Hat Fence Agents License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for APC devices -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description apc The fence-agents-apc package contains a fence agent for APC devices that are accessed via telnet or SSH. @@ -168,7 +210,8 @@ The fence-agents-apc package contains a fence agent for APC devices that are acc License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for APC devices (SNMP) -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description apc-snmp The fence-agents-apc-snmp package contains a fence agent for APC devices that are accessed via the SNMP protocol. @@ -181,7 +224,8 @@ The fence-agents-apc-snmp package contains a fence agent for APC devices that ar License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM BladeCenter -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description bladecenter The fence-agents-bladecenter package contains a fence agent for IBM BladeCenter devices that are accessed via telnet or SSH. @@ -194,7 +238,8 @@ The fence-agents-bladecenter package contains a fence agent for IBM BladeCenter License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for HP Brocade -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description brocade The fence-agents-brocade package contains a fence agent for HP Brocade devices that are accessed via telnet or SSH. @@ -207,7 +252,8 @@ The fence-agents-brocade package contains a fence agent for HP Brocade devices t License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Cisco MDS 9000 series -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description cisco-mds The fence-agents-cisco-mds package contains a fence agent for Cisco MDS 9000 series devices that are accessed via the SNMP protocol. @@ -220,7 +266,8 @@ The fence-agents-cisco-mds package contains a fence agent for Cisco MDS 9000 ser License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Cisco UCS series -Requires: fence-agents-common pycurl +Requires: fence-agents-common >= %{version}-%{release} +Requires: pycurl Obsoletes: fence-agents %description cisco-ucs The fence-agents-cisco-ucs package contains a fence agent for Cisco UCS series devices that are accessed via the SNMP protocol. @@ -233,7 +280,8 @@ The fence-agents-cisco-ucs package contains a fence agent for Cisco UCS series d License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Dell DRAC 5 -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description drac5 The fence-agents-drac5 package contains a fence agent for Dell DRAC 5 series devices that are accessed via telnet or SSH. @@ -246,7 +294,8 @@ The fence-agents-drac5 package contains a fence agent for Dell DRAC 5 series dev License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Eaton network power switches -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description eaton-snmp The fence-agents-eaton-snmp package contains a fence agent for Eaton network power switches that are accessed via the SNMP protocol. @@ -259,7 +308,7 @@ The fence-agents-eaton-snmp package contains a fence agent for Eaton network pow License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for ePowerSwitch 8M+ power switches -Requires: fence-agents-common +Requires: fence-agents-common >= %{version}-%{release} Obsoletes: fence-agents %description eps The fence-agents-eps package contains a fence agent for ePowerSwitch 8M+ power switches that are accessed via the HTTP(s) protocol. @@ -272,7 +321,8 @@ The fence-agents-eps package contains a fence agent for ePowerSwitch 8M+ power s License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for HP BladeSystem devices -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description hpblade The fence-agents-hpblade package contains a fence agent for HP BladeSystem devices that are accessed via telnet or SSH. @@ -285,7 +335,8 @@ The fence-agents-hpblade package contains a fence agent for HP BladeSystem devic License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM BladeCenter -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description ibmblade The fence-agents-ibmblade package contains a fence agent for IBM BladeCenter devices that are accessed via the SNMP protocol. @@ -298,7 +349,8 @@ The fence-agents-ibmblade package contains a fence agent for IBM BladeCenter dev License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for devices with IF-MIB interfaces -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description ifmib The fence-agents-ifmib package contains a fence agent for IF-MIB interfaces that are accessed via the SNMP protocol. @@ -311,13 +363,13 @@ The fence-agents-ifmib package contains a fence agent for IF-MIB interfaces that License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for HP iLO2 devices -Requires: fence-agents-common +Requires: fence-agents-common >= %{version}-%{release} +Requires: gnutls-utils Obsoletes: fence-agents %description ilo2 The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that are accessed via the HTTP(s) protocol. %files ilo2 %defattr(-,root,root,-) -%{_libexecdir}/fence_nss_wrapper %{_sbindir}/fence_ilo %{_sbindir}/fence_ilo2 %{_mandir}/man8/fence_ilo.8* @@ -327,7 +379,8 @@ The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that ar License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for HP iLO MP devices -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description ilo-mp The fence-agents-ilo-mp package contains a fence agent for HP iLO MP devices that are accessed via telnet or SSH. @@ -340,7 +393,8 @@ The fence-agents-ilo-mp package contains a fence agent for HP iLO MP devices tha License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for devices with Intel Modular interfaces -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description intelmodular The fence-agents-intelmodular package contains a fence agent for Intel Modular interfaces that are accessed via the SNMP protocol. @@ -353,7 +407,8 @@ The fence-agents-intelmodular package contains a fence agent for Intel Modular i License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM iPDU network power switches -Requires: fence-agents-common net-snmp-utils +Requires: fence-agents-common >= %{version}-%{release} +Requires: net-snmp-utils Obsoletes: fence-agents %description ipdu The fence-agents-ipdu package contains a fence agent for IBM iPDU network power switches that are accessed via the SNMP protocol. @@ -366,7 +421,8 @@ The fence-agents-ipdu package contains a fence agent for IBM iPDU network power License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for devices with IPMI interface -Requires: fence-agents-common /usr/bin/ipmitool +Requires: fence-agents-common >= %{version}-%{release} +Requires: /usr/bin/ipmitool Obsoletes: fence-agents %description ipmilan The fence-agents-ipmilan package contains a fence agent for devices with IPMI interface. @@ -387,7 +443,7 @@ The fence-agents-ipmilan package contains a fence agent for devices with IPMI in License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for use with kdump crash recovery service -Requires: fence-agents-common +Requires: fence-agents-common >= %{version}-%{release} Obsoletes: fence-agents %description kdump The fence-agents-kdump package contains a fence agent for use with kdump crash recovery service. @@ -403,10 +459,11 @@ The fence-agents-kdump package contains a fence agent for use with kdump crash r License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Sun LDom virtual machines -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description ldom -The fence-agents-ldom package contains a fence agent for APC devices that are accessed via telnet or SSH. +The fence-agents-ldom package contains a fence agent for Sun LDom devices that are accessed via telnet or SSH. %files ldom %defattr(-,root,root,-) %{_sbindir}/fence_ldom @@ -418,7 +475,8 @@ The fence-agents-ldom package contains a fence agent for APC devices that are ac License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM LPAR -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description lpar The fence-agents-lpar package contains a fence agent for IBM LPAR devices that are accessed via telnet or SSH. @@ -432,7 +490,7 @@ The fence-agents-lpar package contains a fence agent for IBM LPAR devices that a License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for RHEV-M -Requires: fence-agents-common +Requires: fence-agents-common >= %{version}-%{release} Obsoletes: fence-agents %description rhevm The fence-agents-rhevm package contains a fence agent for RHEV-M via REST API @@ -446,7 +504,8 @@ The fence-agents-rhevm package contains a fence agent for RHEV-M via REST API License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM RSA II -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description rsa The fence-agents-rsa package contains a fence agent for IBM RSA II devices that are accessed via telnet or SSH. @@ -460,7 +519,8 @@ The fence-agents-rsa package contains a fence agent for IBM RSA II devices that License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Fujitsu RSB -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description rsb The fence-agents-rsb package contains a fence agent for Fujitsu RSB devices that are accessed via telnet or SSH. @@ -474,7 +534,8 @@ The fence-agents-rsb package contains a fence agent for Fujitsu RSB devices that License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for QLogic SANBox2 FC switches -Requires: fence-agents-common telnet +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet Obsoletes: fence-agents %description sanbox2 The fence-agents-sanbox2 package contains a fence agent for QLogic SANBox2 switches that are accessed via telnet. @@ -502,7 +563,8 @@ The fence-agents-scsi package contains fence agent for SCSI persisent reservatio License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for virtual machines based on libvirt -Requires: fence-agents-common openssh-clients /usr/bin/virsh +Requires: fence-agents-common >= %{version}-%{release} +Requires: openssh-clients /usr/bin/virsh Obsoletes: fence-agents %description virsh The fence-agents-virsh package contains a fence agent for virtual machines that are accessed via SSH. @@ -515,7 +577,8 @@ The fence-agents-virsh package contains a fence agent for virtual machines that License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for VMWare with SOAP API v4.1+ -Requires: fence-agents-common python-suds +Requires: fence-agents-common >= %{version}-%{release} +Requires: python-suds python-requests Obsoletes: fence-agents %description vmware-soap The fence-agents-vmware-soap package contains a fence agent for VMWare with SOAP API v4.1+ @@ -528,7 +591,8 @@ The fence-agents-vmware-soap package contains a fence agent for VMWare with SOAP License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for WTI Network power switches -Requires: fence-agents-common telnet openssh-clients +Requires: fence-agents-common >= %{version}-%{release} +Requires: telnet openssh-clients Obsoletes: fence-agents %description wti The fence-agents-wti package contains a fence agent for WTI network power switches that are accessed via telnet or SSH. @@ -538,6 +602,72 @@ The fence-agents-wti package contains a fence agent for WTI network power switch %{_mandir}/man8/fence_wti.8* %changelog +* Wed Mar 19 2014 Marek Grac - 4.0.2-21 +- fencing: Add --ssl-secure and --ssl-insecure for fence_vmware_soap + Resolves: rhbz#1072564 + +* Fri Mar 07 2014 Marek Grac - 4.0.2-20 +- fencing: Add --ssl-secure and --ssl-insecure for fence_vmware_soap + Resolves: rhbz#1072564 + +* Wed Mar 05 2014 Marek Grac - 4.0.2-19 +- fencing: Add --ssl-secure and --ssl-insecure + Resolves: rhbz#1072564 + +* Thu Feb 27 2014 Fabio M. Di Nitto - 4.0.2-18 +- fence_vmware_soap: fix short/long option parsing traceback + Resolves: rhbz#1018780 + +* Wed Feb 26 2014 Fabio M. Di Nitto - 4.0.2-17 +- Fix fence-agents-* Requires on proper fence-agents-common and silence + suds error + Resolves: rhbz#1018780 + +* Thu Feb 20 2014 Fabio M. Di Nitto - 4.0.2-16 +- Allow ssl connections to disable TLS negotiation with "notls" option. + Resolves: rhbz#990539 + +* Wed Feb 19 2014 Marek Grac - 4.0.2-15 +- Fix dependencies issues + +* Mon Feb 17 2014 Marek Grac - 4.0.2-14 +- fence_vmware_soap: Fix unexpected exception + Resolves: rhbz#1018780 +- nss_wrapper was replaced by gnutls-cli + Resolves: rhbz#990539 + +* Wed Jan 29 2014 Marek Grac - 4.0.2-13 +- fencing: Do not use public key if identity file is not defined + Resolves: rhbz#1048843 +- fence_vmware_soap: Add support for --delay option + Resolves: rhbz#1057299 +- fence_wti: Add support for named groups (also for firmware 1.43) + Resolves: rhbz#1022536 + +* Fri Jan 24 2014 Daniel Mach - 4.0.2-12 +- Mass rebuild 2014-01-24 + +* Thu Jan 23 2014 Marek Grac - 4.0.2-11 +- fencing: Ensure validity of XML metadata using Relax NG + Resolves: rhbz#1022529 + +* Thu Jan 23 2014 Marek Grac - 4.0.2-10 +- fix default action for fabric fencing agents + Resolves: rhbz#1021392 +- modify key generation in fence_scsi to support pacemaker/corosync cluster + Resolves: rhbz#994466 + +* Fri Dec 27 2013 Daniel Mach - 4.0.2-9 +- Mass rebuild 2013-12-27 + +* Wed Nov 20 2013 Marek Grac - 4.0.2-8 +- fence-agents-all now includes fence-virt which is not available everywhere + Resolves: rhbz#1028940 + +* Tue Nov 12 2013 Marek Grac - 4.0.2-7 +- fence-agents-all now includes fence-virt + Resolves: rhbz#1028940 + * Mon Nov 04 2013 Marek Grac - 4.0.2-6 - fencing: Ensure validity of XML metadata using Relax NG Resolves: rhbz#1022529