starlingx/integ
Code Issues Proposed changes

Merge "Merge remote-tracking branch 'origin/f/centos75'"

Browse Source
This commit is contained in:
Zuul 2018-09-20 04:44:47 +00:00 committed by Gerrit Code Review
commit da38bd2e73
240 changed files with 1825 additions and 5022 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitreview
View File

@ -2,3 +2,4 @@
host=review.openstack.org host=review.openstack.org
port=29418 port=29418
project=openstack/stx-integ.git project=openstack/stx-integ.git
defaultbranch=f/centos75

10
base/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,4 +1,4 @@
From e1f17182a8d105770a2805c9950b776b4437f7ff Mon Sep 17 00:00:00 2001 From 30796013a8d2b3b008a843bd3a4bee33e866a151 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:05:36 -0400 Date: Mon, 2 Oct 2017 16:05:36 -0400
Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/bash.spec b/SPECS/bash.spec diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 5f14bad..115d540 100644 index 4f16c8c..d749f92 100644
--- a/SPECS/bash.spec --- a/SPECS/bash.spec
+++ b/SPECS/bash.spec +++ b/SPECS/bash.spec
@@ -6,7 +6,7 @@ @@ -6,7 +6,7 @@
Version: %{baseversion}%{patchleveltag} Version: %{baseversion}%{patchleveltag}
Name: bash Name: bash
Summary: The GNU Bourne Again shell Summary: The GNU Bourne Again shell
-Release: 29%{?dist} -Release: 30%{?dist}
+Release: 29.el7_4%{?_tis_dist}.%{tis_patch_ver} +Release: 30.el7%{?_tis_dist}.%{tis_patch_ver}
Group: System Environment/Shells Group: System Environment/Shells
License: GPLv3+ License: GPLv3+
Url: http://www.gnu.org/software/bash Url: http://www.gnu.org/software/bash
-- --
1.9.1 2.7.4

16
base/bash/centos/meta_patches/spec-TiS-bash-history.patch
View File

@ -1,4 +1,4 @@
From e8d5b56c303237d0a0ab00ea5f4fbdea3208caa5 Mon Sep 17 00:00:00 2001 From cc0534185464b04c1d320518af7d2b73291ea449 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:05:36 -0400 Date: Mon, 2 Oct 2017 16:05:36 -0400
Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch
@ -10,12 +10,12 @@ Conflicts:
1 file changed, 8 insertions(+) 1 file changed, 8 insertions(+)
diff --git a/SPECS/bash.spec b/SPECS/bash.spec diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 9a6d496..5f14bad 100644 index 4b2ec49..4f16c8c 100644
--- a/SPECS/bash.spec --- a/SPECS/bash.spec
+++ b/SPECS/bash.spec +++ b/SPECS/bash.spec
@@ -192,6 +192,10 @@ Patch151: bash-cve-2016-9401.patch @@ -195,6 +195,10 @@ Patch152: bash-4.3-pipefd-leak.patch
#1473245 #1487615 - bash fails to execute commands containing multibyte characters
Patch152: bash-4.3-pipefd-leak.patch Patch153: bash-4.3-wshouldquote.patch
+# Patches from WindRiver +# Patches from WindRiver
+Patch500: bash-history-syslog.patch +Patch500: bash-history-syslog.patch
@ -24,9 +24,9 @@ index 9a6d496..5f14bad 100644
BuildRequires: texinfo bison BuildRequires: texinfo bison
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext BuildRequires: autoconf, gettext
@@ -323,6 +327,10 @@ This package contains documentation files for %{name}. @@ -327,6 +331,10 @@ This package contains documentation files for %{name}.
%patch151 -p1 -b .cve-2016-9401
%patch152 -p1 -b .pipefd-leak %patch152 -p1 -b .pipefd-leak
%patch153 -p1 -b .wshouldquote
+# WindRiver patches +# WindRiver patches
+%patch500 -p1 -b .history-syslog +%patch500 -p1 -b .history-syslog
@ -36,5 +36,5 @@ index 9a6d496..5f14bad 100644
echo %{release} > _patchlevel echo %{release} > _patchlevel
-- --
1.9.1 2.7.4

2
base/bash/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/bash-4.2.46-29.el7_4.src.rpm mirror:Source/bash-4.2.46-30.el7.src.rpm

12
base/centos-release/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,4 +1,4 @@
From d5890a17f5b07a9d17665c2b4138bb244ab6c680 Mon Sep 17 00:00:00 2001 From 328f19996b93b5be5cd856e600111d0dc87c8616 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400 Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
@ -8,18 +8,18 @@ Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index be95b1b..91dad61 100644 index ce64be4..8c05c28 100644
--- a/SPECS/centos-release.spec --- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec +++ b/SPECS/centos-release.spec
@@ -13,7 +13,7 @@ @@ -14,7 +14,7 @@
Name: centos-release Name: centos-release
Version: %{base_release_version} Version: %{base_release_version}
-Release: %{centos_rel}%{?dist} -Release: %{centos_rel}.1%{?dist}
+Release: %{centos_rel}.el7.centos%{?_tis_dist}.%{tis_patch_ver} +Release: %{centos_rel}.1.el7.centos%{?_tis_dist}.%{tis_patch_ver}
Summary: %{product_family} release file Summary: %{product_family} release file
Group: System Environment/Base Group: System Environment/Base
License: GPLv2 License: GPLv2
-- --
1.9.1 2.7.4

14
base/centos-release/centos/meta_patches/centos-release-include-TiS-changes.patch
View File

@ -1,4 +1,4 @@
From 4905ace48eb3feae48a02d2bd61e3778f8062532 Mon Sep 17 00:00:00 2001 From e18f905977fa94fa20a2d9a9cc565dc8d7fe8dac Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400 Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
@ -8,10 +8,10 @@ Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
1 file changed, 8 insertions(+) 1 file changed, 8 insertions(+)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index af82c8b..be95b1b 100644 index 67f1550..ce64be4 100644
--- a/SPECS/centos-release.spec --- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec +++ b/SPECS/centos-release.spec
@@ -25,6 +25,8 @@ Provides: system-release(releasever) = %{base_release_version} @@ -27,6 +27,8 @@ Provides: system-release(releasever) = %{base_release_version}
Source0: centos-release-%{base_release_version}-%{centos_rel}.tar.gz Source0: centos-release-%{base_release_version}-%{centos_rel}.tar.gz
Source1: 85-display-manager.preset Source1: 85-display-manager.preset
Source2: 90-default.preset Source2: 90-default.preset
@ -20,9 +20,9 @@ index af82c8b..be95b1b 100644
%description %description
%{product_family} release files %{product_family} release files
@@ -118,6 +120,12 @@ mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-preset/ @@ -123,6 +125,12 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/systemd/system-preset/ %posttrans
install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/ /usr/bin/uname -m | grep -q 'x86_64' && echo 'centos' >/etc/yum/vars/contentdir || echo 'altarch' > /etc/yum/vars/contentdir
+# Overwrite default issue files with cgcs related files. +# Overwrite default issue files with cgcs related files.
+install -m 0644 %{SOURCE3} %{buildroot}/etc/issue +install -m 0644 %{SOURCE3} %{buildroot}/etc/issue
@ -34,5 +34,5 @@ index af82c8b..be95b1b 100644
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
-- --
1.9.1 2.7.4

2
base/centos-release/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/centos-release-7-4.1708.el7.centos.src.rpm mirror:Source/centos-release-7-5.1804.1.el7.centos.src.rpm

13
base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,8 +1,7 @@
From 2bc73669b8de70bf32d2f786b158738506e480ff Mon Sep 17 00:00:00 2001 From 85cd40238fb1f76483848007bd1e5663bb3f21ff Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:11:59 -0400 Date: Mon, 2 Oct 2017 15:11:59 -0400
Subject: [PATCH 08/10] WRS: Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/resource-agents.spec SPECS/resource-agents.spec
@ -11,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 6be3418..28a8129 100644 index 21fa049..fd8bc97 100644
--- a/SPECS/resource-agents.spec --- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec
@@ -48,7 +48,7 @@ @@ -48,7 +48,7 @@
Name: resource-agents Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 3.9.5 Version: 3.9.5
-Release: 105%{?dist} -Release: 124%{?dist}
+Release: 105.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 124.el7%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2+, LGPLv2+ and ASL 2.0 License: GPLv2+, LGPLv2+ and ASL 2.0
URL: https://github.com/ClusterLabs/resource-agents URL: https://github.com/ClusterLabs/resource-agents
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
-- --
1.9.1 2.7.4

33
base/cluster-resource-agents/centos/meta_patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
View File

@ -1,33 +0,0 @@
From c4165b39531872b7b56d497c4ebd86b5d1d79800 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Wed, 25 Oct 2017 16:18:02 -0400
Subject: [PATCH]
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop
---
SPECS/resource-agents.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 19580ef..2536cb7 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -252,6 +252,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
Patch1117: lvm_cleanup_refs_on_stop.patch
Patch1118: ipaddr2_if_down.patch
Patch1119: ipaddr2_ignore_lo_if_state.patch
+Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version}
@@ -561,6 +562,7 @@ exit 1
%patch1117 -p1
%patch1118 -p1
%patch1119 -p1
+%patch1120 -p1
%build
if [ ! -f configure ]; then
--
1.9.1

1
base/cluster-resource-agents/centos/meta_patches/PATCH_ORDER
View File

@ -8,7 +8,6 @@ spec-lvm-cleanup-refs-on-stop.patch
0001-Update-package-versioning-for-TIS-format.patch 0001-Update-package-versioning-for-TIS-format.patch
ipaddr2-if-down.patch ipaddr2-if-down.patch
spec-add-ipaddr2-ignore-lo-state.patch spec-add-ipaddr2-ignore-lo-state.patch
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
Disable-creation-of-the-debug-package.patch Disable-creation-of-the-debug-package.patch
metapatch-for-arp_bg.patch metapatch-for-arp_bg.patch
ipaddr2-avoid-failing-svc-if-down-meta.patch ipaddr2-avoid-failing-svc-if-down-meta.patch

18
base/cluster-resource-agents/centos/meta_patches/metapatch-for-arp_bg.patch
View File

@ -1,4 +1,4 @@
From 6dc3b747b2688498a69d3ca8f826f30aecfc9f5b Mon Sep 17 00:00:00 2001 From 00b88829aad297c6732617a706501b466bb9be7a Mon Sep 17 00:00:00 2001
From: Al Bailey <Al.Bailey@windriver.com> From: Al Bailey <Al.Bailey@windriver.com>
Date: Mon, 28 May 2018 14:12:45 -0500 Date: Mon, 28 May 2018 14:12:45 -0500
Subject: [PATCH] metapatch for arp_bg Subject: [PATCH] metapatch for arp_bg
@ -8,25 +8,25 @@ Subject: [PATCH] metapatch for arp_bg
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 2536cb7..5b38434 100644 index c70d20b..520d9c3 100644
--- a/SPECS/resource-agents.spec --- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec
@@ -253,6 +253,7 @@ Patch1117: lvm_cleanup_refs_on_stop.patch @@ -282,6 +282,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
Patch1117: lvm_cleanup_refs_on_stop.patch
Patch1118: ipaddr2_if_down.patch Patch1118: ipaddr2_if_down.patch
Patch1119: ipaddr2_ignore_lo_if_state.patch Patch1119: ipaddr2_ignore_lo_if_state.patch
Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch +Patch1120: Re-enable-background-execution-of-arp-commands.patch
+Patch1121: Re-enable-background-execution-of-arp-commands.patch
Obsoletes: heartbeat-resources <= %{version} Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version} Provides: heartbeat-resources = %{version}
@@ -563,6 +564,7 @@ exit 1 @@ -618,6 +619,7 @@ exit 1
%patch1117 -p1
%patch1118 -p1 %patch1118 -p1
%patch1119 -p1 %patch1119 -p1
%patch1120 -p1 +%patch1120 -p1
+%patch1121 -p1
%build %build
if [ ! -f configure ]; then if [ ! -f configure ]; then
-- --
1.8.3.1 2.7.4

17
base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch
View File

@ -1,6 +1,6 @@
From 98591b479bd64c2835ab1e8884118c57dd499b9c Mon Sep 17 00:00:00 2001 From 7c181a1afdc85456333f9cbf9c5827ceb0554a91 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com> From: Chris Friesen <chris.friesen@windriver.com>
Date: Tue, 21 Jun 2016 14:29:36 -0400 Date: Fri, 24 Aug 2018 03:51:37 +0800
Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script
There is currently an issue in the lvm2 package where if you create an LVM thin There is currently an issue in the lvm2 package where if you create an LVM thin
@ -19,17 +19,20 @@ group is not active.
This commit changes the code to directly query lvm about the volume group This commit changes the code to directly query lvm about the volume group
activity rather than relying on side effects. activity rather than relying on side effects.
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
--- ---
heartbeat/LVM | 15 ++++++--------- heartbeat/LVM | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-) 1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM diff --git a/heartbeat/LVM b/heartbeat/LVM
index 1c23c05..d91a3bc 100755 index 893ece8..1efb207 100755
--- a/heartbeat/LVM --- a/heartbeat/LVM
+++ b/heartbeat/LVM +++ b/heartbeat/LVM
@@ -350,19 +350,16 @@ LVM_status() { @@ -338,19 +338,16 @@ LVM_status() {
ocf_exit_reason "LVM Volume $1 is not available" fi
return $OCF_ERR_GENERIC fi
fi fi
- -
- if [ -d /dev/$1 ]; then - if [ -d /dev/$1 ]; then
@ -54,5 +57,5 @@ index 1c23c05..d91a3bc 100755
1) # exclusive with tagging. 1) # exclusive with tagging.
# If vg is running, make sure the correct tag is present. Otherwise we # If vg is running, make sure the correct tag is present. Otherwise we
-- --
1.9.1 2.7.4

27
base/cluster-resource-agents/centos/patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
View File

@ -1,27 +0,0 @@
From b9fdbdf20d62655c9b529f744f8efb9fb66c5851 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Wed, 25 Oct 2017 16:13:20 -0400
Subject: [PATCH] Modify error code of
bz1454699-LVM-status-check-for-missing-VG.patch to prevent controler-1 reboot
loop
---
heartbeat/LVM | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index 5347765..e4cd0ea 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -348,7 +348,7 @@ LVM_status() {
fi
if ! echo "$output" | grep -q "Found.*\"$1\""; then
ocf_exit_reason "LVM Volume $1 is not available"
- return $OCF_ERR_GENERIC
+ return $OCF_NOT_RUNNING
fi
# Ask lvm whether the volume group is active. This maps to
--
1.9.1

3
base/cluster-resource-agents/centos/srpm_path
View File

@ -1 +1,2 @@
mirror:Source/resource-agents-3.9.5-105.el7.src.rpm mirror:Source/resource-agents-3.9.5-124.el7.src.rpm

38
base/cluster-resource-agents/cluster-resource-agents/copyright.patch
View File

@ -1,38 +0,0 @@
---
heartbeat/Filesystem | 3 ++-
heartbeat/LVM | 1 +
heartbeat/pgsql | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -2,7 +2,8 @@
#
# Support: linux-ha@lists.linux-ha.org
# License: GNU General Public License (GPL)
-#
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
+#
# Filesystem
# Description: Manages a Filesystem on a shared storage medium.
# Original Author: Eric Z. Ayers (eric.ayers@compgen.com)
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -10,6 +10,7 @@
# Support: linux-ha@lists.linux-ha.org
# License: GNU General Public License (GPL)
# Copyright: (C) 2002 - 2005 International Business Machines, Inc.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This code significantly inspired by the LVM resource
# in FailSafe by Lars Marowsky-Bree
--- a/heartbeat/pgsql
+++ b/heartbeat/pgsql
@@ -9,6 +9,7 @@
#
# Copyright: 2006-2012 Serge Dubrouski <sergeyfd@gmail.com>
# and other Linux-HA contributors
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
# License: GNU General Public License (GPL)
#
###############################################################################

15
base/cluster-resource-agents/cluster-resource-agents/exportfs_accept_ipv6.patch
View File

@ -1,15 +0,0 @@
Index: resource-agents-3.9.5/heartbeat/exportfs
===================================================================
--- resource-agents-3.9.5/heartbeat/exportfs 2013-02-07 07:17:42.000000000 -0500
+++ resource-agents-3.9.5/heartbeat/exportfs 2015-12-18 12:40:18.382930869 -0500
@@ -184,7 +184,9 @@
is_exported() {
local dir=$1
- local spec=$2
+ # Because clientspec contains square brackets when using IPv6, and the exports entry does not,
+ # it is necessary to remove the square brackets to compare them with each other.
+ local spec=$(echo $2|sed -r 's/(\[|\])//g')
exportfs |
sed -e '$! N; s/\n[[:space:]]\+/ /; t; s/[[:space:]]\+\([^[:space:]]\+\)\(\n\|$\)/ \1\2/g; P;D;' |
grep -q -x -F "$dir $spec"

193
base/cluster-resource-agents/cluster-resource-agents/filesystem_rmon.patch
View File

@ -1,193 +0,0 @@
---
heartbeat/Filesystem | 59 ++++++++++++++++++++++++++++++++++++++++++++++++---
heartbeat/LVM | 59 +++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 111 insertions(+), 7 deletions(-)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -19,6 +19,7 @@
# OCF_RESKEY_run_fsck
# OCF_RESKEY_fast_stop
# OCF_RESKEY_force_clones
+# OCF_RESKEY_rmon_rsc_name
#
#OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0
# Or a -U or -L option for mount, or an NFS mount specification
@@ -30,6 +31,7 @@
#OCF_RESKEY_fast_stop : fast stop: yes(default)/no
#OCF_RESKEY_force_clones : allow running the resource as clone. e.g. local xfs mounts
# for each brick in a glusterfs setup
+#OCF_RESKEY_rmon_rsc_name: resource name to use when notifing RMON
#
#
# This assumes you want to manage a filesystem on a shared (SCSI) bus,
@@ -1053,20 +1055,65 @@ if [ "$OP" != "monitor" ]; then
ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT"
fi
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
+
+rmon_notify() {
+ local RSC_STATE=$1 TIMEOUT=$2
+
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
+ then
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_directory"
+ return
+ fi
+
+ if [[ -x $RMON_NOTIFY ]]
+ then
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+ --resource-state $RSC_STATE \
+ --resource-type mount \
+ --device $OCF_RESKEY_device \
+ --mount-point $OCF_RESKEY_directory \
+ --timeout $TIMEOUT \
+ >/dev/null 2>&1
+ else
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+--resource-state $RSC_STATE --resource-type mount \
+--device $OCF_RESKEY_device --mount-point $OCF_RESKEY_directory \
+--timeout $TIMEOUT"
+ fi
+}
+
# These operations do not require the clone checking + OCFS2
# initialization.
case $OP in
status) Filesystem_status
- exit $?
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc
;;
monitor) Filesystem_monitor
- exit $?
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc
;;
validate-all) Filesystem_validate_all
exit $?
;;
stop) Filesystem_stop
- exit $?
+ rc=$?
+ rmon_notify "disabled" 300
+ exit $rc
;;
esac
@@ -1114,6 +1161,12 @@ fi
case $OP in
start) Filesystem_start
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ fi
+ exit $rc
;;
notify) Filesystem_notify
;;
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -22,6 +22,7 @@
#
# OCF parameters are as below:
# OCF_RESKEY_volgrpname
+# OCF_RESKEY_rmon_rsc_name
#
#######################################################################
# Initialization:
@@ -311,6 +312,35 @@ then
exit $OCF_ERR_CONFIGURED
fi
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
+
+rmon_notify() {
+ local RSC_STATE=$1 TIMEOUT=$2
+
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
+ then
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_volgrpname"
+ return
+ fi
+
+ if [[ -x $RMON_NOTIFY ]]
+ then
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+ --resource-state $RSC_STATE \
+ --resource-type lvg \
+ --volume-group $OCF_RESKEY_volgrpname \
+ --timeout $TIMEOUT \
+ >/dev/null 2>&1
+ else
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+--resource-state $RSC_STATE --resource-type lvg \
+--volume-group $OCF_RESKEY_volgrpname \
+--timeout $TIMEOUT"
+ fi
+}
+
+
# Get the LVM version number, for this to work we assume(thanks to panjiam):
#
# LVM1 outputs like this
@@ -345,16 +375,37 @@ OP_METHOD=$1
case "$1" in
start) LVM_start $VOLUME
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ fi
+ exit $rc;;
stop) LVM_stop $VOLUME
- exit $?;;
+ rc=$?
+ rmon_notify "disabled" 300
+ exit $rc;;
status) LVM_status $VOLUME $1
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc;;
monitor) LVM_monitor $VOLUME
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc;;
validate-all) LVM_validate_all
;;

37
base/cluster-resource-agents/cluster-resource-agents/ipaddr2_add_if_type.patch
View File

@ -1,37 +0,0 @@
---
heartbeat/IPaddr2 | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -13,6 +13,7 @@
# Copyright (c) 2003 Tuomo Soini
# Copyright (c) 2004-2006 SUSE LINUX AG, Lars Marowsky-Brée
# All Rights Reserved.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
@@ -50,6 +51,7 @@
# OCF_RESKEY_nic
# OCF_RESKEY_cidr_netmask
# OCF_RESKEY_iflabel
+# OCF_RESKEY_if_type
# OCF_RESKEY_mac
# OCF_RESKEY_clusterip_hash
# OCF_RESKEY_arp_interval
@@ -314,7 +316,13 @@ ip_init() {
BASEIP="$OCF_RESKEY_ip"
BRDCAST="$OCF_RESKEY_broadcast"
- NIC="$OCF_RESKEY_nic"
+ IFTYPE="$OCF_RESKEY_if_type"
+ if [ -n "${IFTYPE}" ]
+ then
+ NIC=`grep ${IFTYPE}= /etc/platform/platform.conf | cut -f2 -d '='`
+ else
+ NIC="$OCF_RESKEY_nic"
+ fi
# Note: We had a version out there for a while which used
# netmask instead of cidr_netmask. Don't remove this aliasing code!
if

48
base/cluster-resource-agents/cluster-resource-agents/ipaddr2_check_if_state.patch
View File

@ -1,48 +0,0 @@
---
heartbeat/IPaddr2 | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -661,7 +661,12 @@ ip_start() {
local ip_status=`ip_served`
if [ "$ip_status" = "ok" ]; then
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
fi
if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then
@@ -714,7 +719,12 @@ ip_start() {
fi
;;
esac
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
}
ip_stop() {
@@ -788,7 +798,12 @@ ip_monitor() {
local ip_status=`ip_served`
case $ip_status in
ok)
- return $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ return $OCF_SUCCESS
+ else
+ return $OCF_NOT_RUNNING
+ fi
;;
partial|no|partial2)
exit $OCF_NOT_RUNNING

155
base/cluster-resource-agents/cluster-resource-agents/lvm_vg_activation.patch
View File

@ -1,155 +0,0 @@
commit 69217b67c0d018f129c7cbf526aebf0b236be701
Author: Chris Friesen <chris.friesen@windriver.com>
Date: Thu Sep 17 15:26:16 2015 -0400
CGCS-2553/CGTS-2534: tweak LVM success criteria
It turns out that activating an LVM LV which has a snapshot (or activating
the snapshot) will take an amount of time that is proportional to the
delta between the snapshot and the original volume.
Because of this it's possible that running "vgchange" could take a long
time, since it also activates the LVs.
If this happens, rather than timeout the whole script we want to log which
LVs/snapshots havn't yet been activated, and then just continue on.
Accordingly, we want to set the internal timeout in the "start" operation
to something less than the timeout for the "start" action.
There will be corresponding changes in cinder to properly handle this case.
diff --git a/heartbeat/LVM b/heartbeat/LVM
index bd1a47a..24b0244 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -186,6 +186,81 @@ LVM_monitor() {
}
#
+# Activate one volume explicitly.
+#
+activate_volume() {
+ ocf_run lvchange $1 /dev/${2}/$3
+ if [ $? -eq 0 ] ; then
+ ocf_log info "Succesfully activated $LV."
+ else
+ ocf_log err "Problem activating $LV."
+ fi
+}
+
+#
+# Kick off parallel activation of all volumes
+#
+activate_all_volumes() {
+ VG=$1
+ shift
+ lvchange_args="$*"
+
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $VG |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" == "a" ]; then
+ ocf_log info "$LV is already active."
+ continue
+ fi
+
+ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]}
+ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then
+ # If this is a snapshot, don't activate it.
+ continue
+ fi
+
+ ( activate_volume "$*" $VG $LV ) &
+ done <<< "$VOLS"
+}
+
+#
+# Scan for inactive volumes and log any that are found.
+#
+log_inactive_volumes() {
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $1 |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" != "a" ]; then
+ ocf_log err "Volume $LV is not active after expiry of timeout."
+ fi
+ done <<< "$VOLS"
+}
+
+#
# Enable LVM volume
#
LVM_start() {
@@ -218,7 +293,47 @@ LVM_start() {
vgchange_options="$vgchange_options --monitor y"
fi
- ocf_run vgchange $vgchange_options $1 || return $OCF_ERR_GENERIC
+ # Kick off activation of all volumes. If it doesn't complete within
+ # the timeout period, then we'll log the not-yet-activated volumes and
+ # continue on.
+ (ocf_run vgchange $vgchange_options $1) & PID=$!
+
+ # Check every second for up to TIMEOUT seconds whether the vgchange has
+ # completed.
+ TIMEOUT=300
+ TIMED_OUT=true
+ SECONDS=0;
+ PARALLEL_ACTIVATE_DELAY=10
+ PARALLEL_ACTIVATE_DONE=false
+ while [ $SECONDS -lt $TIMEOUT ] ; do
+ kill -0 $PID &> /dev/null
+ if [ $? -eq 1 ] ; then
+ # process with pid of $PID doesn't exist, vgchange command completed
+ TIMED_OUT=false
+ break
+ fi
+ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \
+ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \
+ [ "$1" == "cinder-volumes" ] ; then
+ # This will kick off parallel activation of all LVs in the VG.
+ # The delay is to ensure the VG is activated first.
+ PARALLEL_ACTIVATE_DONE=true
+ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options
+ activate_all_volumes $1 $vgchange_options
+ fi
+ sleep 1
+ done
+
+ if [ "$TIMED_OUT" = true ] ; then
+ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1"
+ log_inactive_volumes $1
+ else
+ # Child process completed, get its status.
+ wait $PID
+ if [ $? -ne 0 ] ; then
+ return $OCF_ERR_GENERIC
+ fi
+ fi
if LVM_status $1; then
: OK Volume $1 activated just fine!

52
base/cluster-resource-agents/cluster-resource-agents/new_ocf_return_codes.patch
View File

@ -1,52 +0,0 @@
---
heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
--- a/heartbeat/ocf-returncodes
+++ b/heartbeat/ocf-returncodes
@@ -5,6 +5,7 @@
# Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof
# All Rights Reserved.
#
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7
#
OCF_RUNNING_MASTER=8
OCF_FAILED_MASTER=9
+
+# Non-standard values particular to Wind River deployments.
+#
+# OCF does not include the concept of data sync states for master/slave
+# resources.
+#
+# OCF_DATA_INCONSISTENT:
+# The resource's data is not useable.
+#
+# OCF_DATA_OUTDATED:
+# The resource's data is consistent, but a peer with more recent data
+# has been seen.
+#
+# OCF_DATA_CONSISTENT:
+# The resource's data is consistent, but it is unsure that this is the
+# most recent data.
+#
+# OCF_SYNC:
+# The resource is syncing data.
+#
+# OCF_STANDALONE:
+# The resource is operating as standalone. No peer is available or
+# syncing is not possible (i.e. split brain fencing).
+#
+OCF_DATA_INCONSISTENT=32
+OCF_DATA_OUTDATED=33
+OCF_DATA_CONSISTENT=34
+OCF_DATA_SYNC=35
+OCF_DATA_STANDALONE=36
+OCF_RUNNING_MASTER_DATA_INCONSISTENT=37
+OCF_RUNNING_MASTER_DATA_OUTDATED=38
+OCF_RUNNING_MASTER_DATA_CONSISTENT=39
+OCF_RUNNING_MASTER_DATA_SYNC=40
+OCF_RUNNING_MASTER_DATA_STANDALONE=41

18
base/cluster-resource-agents/cluster-resource-agents/ocf-shellfuncs_change_logtag.patch
View File

@ -1,18 +0,0 @@
---
heartbeat/ocf-shellfuncs.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/heartbeat/ocf-shellfuncs.in
+++ b/heartbeat/ocf-shellfuncs.in
@@ -174,9 +174,9 @@ hadate() {
set_logtag() {
if [ -z "$HA_LOGTAG" ]; then
if [ -n "$OCF_RESOURCE_INSTANCE" ]; then
- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
else
- HA_LOGTAG="$__SCRIPT_NAME[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]"
fi
fi
}

77
base/cluster-resource-agents/cluster-resource-agents/pgsql.patch
View File

@ -1,77 +0,0 @@
Index: resource-agents-3.9.5/heartbeat/pgsql
===================================================================
--- resource-agents-3.9.5.orig/heartbeat/pgsql
+++ resource-agents-3.9.5/heartbeat/pgsql
@@ -38,6 +38,7 @@ get_pgsql_param() {
OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl
OCF_RESKEY_psql_default=/usr/bin/psql
OCF_RESKEY_pgdata_default=/var/lib/pgsql/data
+OCF_RESKEY_pgconf_default=/etc/postgresql
OCF_RESKEY_pgdba_default=postgres
OCF_RESKEY_pghost_default=""
OCF_RESKEY_pgport_default=5432
@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_defaul
: ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}}
: ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}}
: ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}}
+: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}}
: ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}}
: ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}}
: ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}}
-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf}
+: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf}
: ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}}
: ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}}
: ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}}
@@ -166,6 +168,14 @@ Path to PostgreSQL data directory.
<content type="string" default="${OCF_RESKEY_pgdata_default}" />
</parameter>
+<parameter name="pgconf" unique="0" required="0">
+<longdesc lang="en">
+Path to PostgreSQL config directory.
+</longdesc>
+<shortdesc lang="en">pgconf</shortdesc>
+<content type="string" default="${OCF_RESKEY_pgconf_default}" />
+</parameter>
+
<parameter name="pgdba" unique="0" required="0">
<longdesc lang="en">
User that owns PostgreSQL.
@@ -220,7 +230,7 @@ SQL script that will be used for monitor
Path to the PostgreSQL configuration file for the instance.
</longdesc>
<shortdesc lang="en">Configuration file</shortdesc>
-<content type="string" default="${OCF_RESKEY_pgdata}/postgresql.conf" />
+<content type="string" default="${OCF_RESKEY_pgconf}/postgresql.conf" />
</parameter>
<parameter name="pgdb" unique="0" required="0">
@@ -475,6 +485,12 @@ pgsql_real_start() {
local postgres_options
local rc
+ # WRS: Create an unversioned symlink under /var/run so SM can easily
+ # find the PID file.
+ if [ ! -h $PIDFILE_SYMLINK ]; then
+ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK
+ fi
+
if pgsql_status; then
ocf_log info "PostgreSQL is already running. PID=`cat $PIDFILE`"
if is_replication; then
@@ -1717,12 +1733,12 @@ then
exit $OCF_ERR_GENERIC
fi
-
PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid
+PIDFILE_SYMLINK=/var/run/postmaster.pid
BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label
RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1`
PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status"
-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf
+RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf
NODENAME=`uname -n | tr '[A-Z]' '[a-z]'`
if is_replication; then

17
base/cluster-resource-agents/cluster-resource-agents/umount-in-namespace.patch
View File

@ -1,17 +0,0 @@
---
heartbeat/Filesystem | 4 ++++
1 file changed, 4 insertions(+)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -727,6 +727,10 @@ signal_processes() {
}
try_umount() {
local SUB=$1
+
+ # We need to ensure we umount in namespaces, too
+ /usr/sbin/umount-in-namespace $SUB
+
$UMOUNT $umount_force $SUB
list_mounts | grep -q " $SUB " >/dev/null 2>&1 || {
ocf_log info "unmounted $SUB successfully"

63
base/dhcp/centos/files/dhcp-handle-default-classless-static-route.patch
View File

@ -1,63 +0,0 @@
Index: 4.2.5-P1-r3/dhclient-exit-hooks
===================================================================
--- 4.2.5-P1-r3.orig/dhclient-exit-hooks
+++ 4.2.5-P1-r3/dhclient-exit-hooks
@@ -4,7 +4,7 @@
#
# This file is sourced by /sbin/dhclient-script.
#
-# dhcp option 121 is defined in RFC3442. The following is the link.
+# dhcp option 121 is defined in RFC3442. The following is the link.
# http://www.ietf.org/rfc/rfc3442.txt
#
# The code for this option is 121, and its minimum length is 5 bytes.
@@ -52,7 +52,7 @@ function add_routes() {
while [ $# -ne 0 ]; do
mask=$1
shift
-
+
# Parse the arguments into a CIDR net/mask string
if [ $mask -eq 32 ]; then
destination="-host $1.$2.$3.$4"
@@ -66,22 +66,31 @@ while [ $# -ne 0 ]; do
elif [ $mask -gt 8 ]; then
destination="-net $1.$2.0.0/$mask"
shift; shift
+ elif [ $mask -gt 0 ]; then
+ destination="-net $1.0.0.0/$mask"
+ shift
else
- destination="-net $1.0.0.0/$mask"
- shift
+ destination="default"
fi
-
+
# Read the gateway
gateway="$1.$2.$3.$4"
shift; shift; shift; shift
- # Add route into routing table
- route add $destination gw $gateway
-
- # Print it out if the route is added successfully
- if [ $? = 0 ]; then
- echo "Added route \"$destination gw $gateway\""
+ if [ $gateway != "0.0.0.0" ]; then
+ # Add route into routing table
+ route add $destination gw $gateway
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination gw $gateway\""
+ fi
+ else
+ # Add onlink route into routing table
+ route add $destination $interface
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination on $interface\""
+ fi
fi
+
done
}

12
base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 80ec3fbb502373b48c54dc075d75b1d13894093e Mon Sep 17 00:00:00 2001 From 1eeae27ddc87dc61928b96baa63fe2ff767e35b0 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400 Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH 5/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/dhcp.spec SPECS/dhcp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index edc4113..29dfbcf 100644 index 42409f6..70c7a6d 100644
--- a/SPECS/dhcp.spec --- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
Summary: Dynamic host configuration protocol software Summary: Dynamic host configuration protocol software
Name: dhcp Name: dhcp
Version: 4.2.5 Version: 4.2.5
-Release: 58%{?dist} -Release: 68%{?dist}.1
+Release: 58.el7.centos%{?_tis_dist}.%{tis_patch_ver} +Release: 68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to # NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and # dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was. # that's why it is at 12 now. It should have never been used, but it was.
-- --
1.9.1 2.7.4

24
base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch
View File

@ -1,14 +1,14 @@
From 68081498cde44d9b5320e795229865e46a1552ac Mon Sep 17 00:00:00 2001 From 7e7a9f1bce5884da1e57d5bdc4f5215b7231924e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400 Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH 1/7] WRS: spec-include-TiS-patches.patch Subject: [PATCH] WRS: spec-include-TiS-patches.patch
--- ---
SPECS/dhcp.spec | 28 ++++++++++++++++++++++++++++ SPECS/dhcp.spec | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+) 1 file changed, 28 insertions(+)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 9647a5a..78ee924 100644 index 14da097..904e3ad 100644
--- a/SPECS/dhcp.spec --- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec +++ b/SPECS/dhcp.spec
@@ -39,6 +39,10 @@ Source8: dhcrelay.service @@ -39,6 +39,10 @@ Source8: dhcrelay.service
@ -22,9 +22,9 @@ index 9647a5a..78ee924 100644
Patch0: dhcp-4.2.0-errwarn-message.patch Patch0: dhcp-4.2.0-errwarn-message.patch
Patch1: dhcp-4.2.4-dhclient-options.patch Patch1: dhcp-4.2.4-dhclient-options.patch
@@ -99,6 +103,14 @@ Patch62: dhcp-max-fd-value.patch @@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch63: dhcp-4.2.5-rh1355827.patch Patch71: dhcp-4.2.5-centos-branding.patch
Patch64: dhcp-4.2.5-centos-branding.patch
+# WRS +# WRS
+Patch101: support-disable-nsupdate.patch +Patch101: support-disable-nsupdate.patch
@ -37,9 +37,9 @@ index 9647a5a..78ee924 100644
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
@@ -409,6 +421,14 @@ rm -rf includes/isc-dhcp @@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp
%patch63 -p1 %patch70 -p1 -b .reference_overflow
%patch64 -p1 %patch71 -p1
+# WRS +# WRS
+%patch101 -p1 +%patch101 -p1
@ -52,7 +52,7 @@ index 9647a5a..78ee924 100644
# Update paths in all man pages # Update paths in all man pages
for page in client/dhclient.conf.5 client/dhclient.leases.5 \ for page in client/dhclient.conf.5 client/dhclient.leases.5 \
client/dhclient-script.8 client/dhclient.8 ; do client/dhclient-script.8 client/dhclient.8 ; do
@@ -552,6 +572,10 @@ EOF @@ -582,6 +602,10 @@ EOF
# Don't package libtool *.la files # Don't package libtool *.la files
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';'; find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
@ -63,7 +63,7 @@ index 9647a5a..78ee924 100644
%pre %pre
# /usr/share/doc/setup/uidgid # /usr/share/doc/setup/uidgid
%global gid_uid 177 %global gid_uid 177
@@ -667,6 +691,10 @@ done @@ -697,6 +721,10 @@ done
%attr(0644,root,root) %{_mandir}/man8/dhclient.8.gz %attr(0644,root,root) %{_mandir}/man8/dhclient.8.gz
%attr(0644,root,root) %{_mandir}/man8/dhclient-script.8.gz %attr(0644,root,root) %{_mandir}/man8/dhclient-script.8.gz
@ -75,5 +75,5 @@ index 9647a5a..78ee924 100644
%doc LICENSE README RELNOTES doc/References.txt %doc LICENSE README RELNOTES doc/References.txt
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz %attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
-- --
1.9.1 2.7.4

2
base/dhcp/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/dhcp-4.2.5-58.el7.centos.src.rpm mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm

8
base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -8,18 +8,18 @@ Subject: [PATCH] update package patching
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index b3f178f..a583cf2 100644 index 5cf440a..dd74293 100644
--- a/SPECS/dnsmasq.spec --- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec +++ b/SPECS/dnsmasq.spec
@@ -13,7 +13,7 @@ @@ -13,7 +13,7 @@
Name: dnsmasq Name: dnsmasq
Version: 2.76 Version: 2.76
-Release: 2%{?extraversion}%{?dist}.2 -Release: 5%{?extraversion}%{?dist}
+Release: 2.el7_4.2%{?_tis_dist}.%{tis_patch_ver} +Release: 5.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A lightweight DHCP/caching DNS server Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons Group: System Environment/Daemons
-- --
1.8.3.1 2.7.4

10
base/dnsmasq/centos/meta_patches/dnsmasq-spec-add-init-script.patch
View File

@ -3,14 +3,12 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400 Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 2/5] WRS: dnsmasq-spec-add-init-script.patch Subject: [PATCH 2/5] WRS: dnsmasq-spec-add-init-script.patch
Conflicts:
SPECS/dnsmasq.spec
--- ---
SPECS/dnsmasq.spec | 26 ++++++++++++++++---------- SPECS/dnsmasq.spec | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-) 1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index 63ff820..f8aace1 100644 index 7f370d1..0641503 100644
--- a/SPECS/dnsmasq.spec --- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec +++ b/SPECS/dnsmasq.spec
@@ -21,6 +21,7 @@ License: GPLv2 or GPLv3 @@ -21,6 +21,7 @@ License: GPLv2 or GPLv3
@ -21,7 +19,7 @@ index 63ff820..f8aace1 100644
# upstream git: git://thekelleys.org.uk/dnsmasq.git # upstream git: git://thekelleys.org.uk/dnsmasq.git
# https://bugzilla.redhat.com/show_bug.cgi?id=1367772 # https://bugzilla.redhat.com/show_bug.cgi?id=1367772
@@ -140,22 +141,26 @@ mkdir -p %{buildroot}%{_unitdir} @@ -168,22 +169,26 @@ mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir} install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
rm -rf %{buildroot}%{_initrddir} rm -rf %{buildroot}%{_initrddir}
@ -58,7 +56,7 @@ index 63ff820..f8aace1 100644
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
@@ -167,6 +172,7 @@ rm -rf $RPM_BUILD_ROOT @@ -195,6 +200,7 @@ rm -rf $RPM_BUILD_ROOT
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq %{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq* %{_mandir}/man8/dnsmasq*
@ -67,5 +65,5 @@ index 63ff820..f8aace1 100644
%files utils %files utils
%{_bindir}/dhcp_* %{_bindir}/dhcp_*
-- --
1.9.1 2.7.4

12
base/dnsmasq/centos/meta_patches/patch-tftp-to-close-sockets-immediately.patch
View File

@ -3,25 +3,23 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400 Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 3/5] WRS: patch-tftp-to-close-sockets-immediately.patch Subject: [PATCH 3/5] WRS: patch-tftp-to-close-sockets-immediately.patch
Conflicts:
SPECS/dnsmasq.spec
--- ---
SPECS/dnsmasq.spec | 2 ++ SPECS/dnsmasq.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index f8aace1..a3a9e08 100644 index 0641503..5cf440a 100644
--- a/SPECS/dnsmasq.spec --- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec +++ b/SPECS/dnsmasq.spec
@@ -42,6 +42,7 @@ Patch8: dnsmasq-2.76-coverity.patch @@ -58,6 +58,7 @@ Patch19: dnsmasq-2.76-misc-cleanups.patch
# WRS patches # WRS patches
Patch30: dnsmasq-update-ipv6-leases-from-config.patch Patch30: dnsmasq-update-ipv6-leases-from-config.patch
+Patch31: close-tftp-sockets-immediately.patch +Patch31: close-tftp-sockets-immediately.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -88,6 +89,7 @@ query/remove a DHCP server's leases. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -116,6 +117,7 @@ query/remove a DHCP server's leases.
# WRS patches # WRS patches
%patch30 -p1 %patch30 -p1
@ -30,5 +28,5 @@ index f8aace1..a3a9e08 100644
# use /var/lib/dnsmasq instead of /var/lib/misc # use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
-- --
1.9.1 2.7.4

25
base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch
View File

@ -3,29 +3,28 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400 Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 1/5] WRS: spec-include-TiS-patch.patch Subject: [PATCH 1/5] WRS: spec-include-TiS-patch.patch
Conflicts:
SPECS/dnsmasq.spec
--- ---
SPECS/dnsmasq.spec | 10 ++++++++-- SPECS/dnsmasq.spec | 11 +++++++++--
1 file changed, 8 insertions(+), 2 deletions(-) 1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index 8a6450a..63ff820 100644 index b312ef3..7f370d1 100644
--- a/SPECS/dnsmasq.spec --- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec +++ b/SPECS/dnsmasq.spec
@@ -39,6 +39,9 @@ Patch6: dnsmasq-2.76-label-warning.patch @@ -55,6 +55,10 @@ Patch17: dnsmasq-2.76-gita3303e196.patch
Patch7: dnsmasq-2.76-label-man.patch Patch18: dnsmasq-2.76-underflow.patch
Patch8: dnsmasq-2.76-coverity.patch Patch19: dnsmasq-2.76-misc-cleanups.patch
+# WRS patches +# WRS patches
+Patch30: dnsmasq-update-ipv6-leases-from-config.patch +Patch30: dnsmasq-update-ipv6-leases-from-config.patch
+
+ +
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel BuildRequires: dbus-devel
@@ -82,6 +85,9 @@ query/remove a DHCP server's leases. @@ -109,6 +113,9 @@ query/remove a DHCP server's leases.
%patch7 -p1 %patch18 -p1 -b .underflow
%patch8 -p1 -b .coverity %patch19 -p1 -b .misc
+# WRS patches +# WRS patches
+%patch30 -p1 +%patch30 -p1
@ -33,7 +32,7 @@ index 8a6450a..63ff820 100644
# use /var/lib/dnsmasq instead of /var/lib/misc # use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -154,8 +160,8 @@ rm -rf $RPM_BUILD_ROOT @@ -181,8 +188,8 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface %doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface
@ -45,5 +44,5 @@ index 8a6450a..63ff820 100644
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf %config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
-- --
1.9.1 2.7.4

2
base/dnsmasq/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/dnsmasq-2.76-2.el7_4.2.src.rpm mirror:Source/dnsmasq-2.76-5.el7.src.rpm

12
base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001 From 55d52d8bc9f649b4871336aaffd87fb7d931eac8 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:12:36 -0400 Date: Mon, 2 Oct 2017 16:12:36 -0400
Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/haproxy.spec SPECS/haproxy.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
index c1547ef..097aa79 100644 index 0d6e19a..3bc75e1 100644
--- a/SPECS/haproxy.spec --- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec +++ b/SPECS/haproxy.spec
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
Name: haproxy Name: haproxy
Version: 1.5.18 Version: 1.5.18
-Release: 6%{?dist} -Release: 7%{?dist}
+Release: 6.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: TCP/HTTP proxy and load balancer for high availability environments Summary: TCP/HTTP proxy and load balancer for high availability environments
Group: System Environment/Daemons Group: System Environment/Daemons
-- --
1.9.1 2.7.4

2
base/haproxy/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/haproxy-1.5.18-6.el7.src.rpm mirror:Source/haproxy-1.5.18-7.el7.src.rpm

1
base/initscripts/centos/meta_patches/PATCH_ORDER
View File

@ -10,7 +10,6 @@ run-ifdown-on-all-interfaces.patch
spec-sysconfig-affirmative-check-for-link-carrier.patch spec-sysconfig-affirmative-check-for-link-carrier.patch
spec-sysconfig-unsafe-usage-of-linkdelay-variable.patch spec-sysconfig-unsafe-usage-of-linkdelay-variable.patch
fix-build-failures-due-to-unwanted-sgid.patch fix-build-failures-due-to-unwanted-sgid.patch
add_build_require_on_systemd.patch
ipv6-static-route-support.patch ipv6-static-route-support.patch
spec-ifup-eth-stop-waiting-if-link-is-up.patch spec-ifup-eth-stop-waiting-if-link-is-up.patch
spec-run-dhclient-as-daemon-for-ipv6.patch spec-run-dhclient-as-daemon-for-ipv6.patch

24
base/initscripts/centos/meta_patches/add_build_require_on_systemd.patch
View File

@ -1,24 +0,0 @@
From 075dd032f651d469e639eb1f25f3d5b7f5ff5485 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 13/13] WRS: add_build_require_on_systemd.patch
---
SPECS/initscripts.spec | 1 +
1 file changed, 1 insertion(+)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index 09674a7..cdc282e 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -41,6 +41,7 @@ Requires(pre): /usr/sbin/groupadd
Requires(post): /sbin/chkconfig, coreutils
Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig
+BuildRequires: systemd-devel
Provides: /sbin/service
Patch4: support-interface-scriptlets.patch
--
1.9.1

22
base/initscripts/centos/meta_patches/fix-build-failures-due-to-unwanted-sgid.patch
View File

@ -1,25 +1,17 @@
From 8351b22a5a517ebe779d4bf4904694bd1bd85890 Mon Sep 17 00:00:00 2001 From 2c096cfd84fea55fd1f2df466d5635c06daab2a2 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400 Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 12/13] WRS: fix-build-failures-due-to-unwanted-sgid.patch Subject: [PATCH] WRS: fix-build-failures-due-to-unwanted-sgid.patch
--- ---
SPECS/initscripts.spec | 3 ++- SPECS/initscripts.spec | 2 +-
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index f2d0271..09674a7 100644 index 938e9bb..e60c826 100644
--- a/SPECS/initscripts.spec --- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec +++ b/SPECS/initscripts.spec
@@ -197,6 +197,7 @@ rm -rf $RPM_BUILD_ROOT @@ -239,7 +239,7 @@ rm -rf $RPM_BUILD_ROOT
%dir /etc/rwtab.d
%dir /etc/statetab.d
/usr/lib/systemd/rhel-*
+%dir %attr(0755,root,root) /usr/lib/systemd/system/*wants
/usr/lib/systemd/system/*
/etc/inittab
/etc/rc[0-9].d
@@ -237,7 +238,7 @@ rm -rf $RPM_BUILD_ROOT
%ghost %attr(0664,root,utmp) /var/run/utmp %ghost %attr(0664,root,utmp) /var/run/utmp
%ghost %attr(0644,root,root) /etc/sysconfig/kvm %ghost %attr(0644,root,root) /etc/sysconfig/kvm
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab %ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
@ -29,5 +21,5 @@ index f2d0271..09674a7 100644
%dir /usr/libexec/initscripts %dir /usr/libexec/initscripts
%dir /usr/libexec/initscripts/legacy-actions %dir /usr/libexec/initscripts/legacy-actions
-- --
1.9.1 2.7.4

16
base/initscripts/centos/meta_patches/spec-include-TiS-changes.patch
View File

@ -1,7 +1,7 @@
From 9caa7a0860a8adcf38047fb39b6e1577099104d6 Mon Sep 17 00:00:00 2001 From 29d8980d8c67a302a27a3084f58657414578a2b9 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400 Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 01/13] WRS: spec-include-TiS-changes.patch Subject: [PATCH] WRS: spec-include-TiS-changes.patch
Conflicts: Conflicts:
SPECS/initscripts.spec SPECS/initscripts.spec
@ -10,7 +10,7 @@ Conflicts:
1 file changed, 15 insertions(+) 1 file changed, 15 insertions(+)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index 6b81095..7f93a30 100644 index e96290a..665b576 100644
--- a/SPECS/initscripts.spec --- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec +++ b/SPECS/initscripts.spec
@@ -7,6 +7,10 @@ Group: System Environment/Base @@ -7,6 +7,10 @@ Group: System Environment/Base
@ -24,8 +24,8 @@ index 6b81095..7f93a30 100644
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Obsoletes: initscripts-legacy <= 9.39 Obsoletes: initscripts-legacy <= 9.39
Requires: /bin/awk, sed, coreutils Requires: /bin/awk, sed, coreutils
@@ -35,6 +39,10 @@ Requires(preun): /sbin/chkconfig @@ -36,6 +40,10 @@ Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig BuildRequires: glib2-devel popt-devel gettext pkgconfig systemd
Provides: /sbin/service Provides: /sbin/service
+Patch4: support-interface-scriptlets.patch +Patch4: support-interface-scriptlets.patch
@ -35,7 +35,7 @@ index 6b81095..7f93a30 100644
%description %description
The initscripts package contains basic system scripts used The initscripts package contains basic system scripts used
during a boot of the system. It also contains scripts which during a boot of the system. It also contains scripts which
@@ -54,6 +62,10 @@ Currently, this consists of various memory checking code. @@ -55,6 +63,10 @@ Currently, this consists of various memory checking code.
%prep %prep
%setup -q %setup -q
@ -46,7 +46,7 @@ index 6b81095..7f93a30 100644
%build %build
make make
@@ -74,6 +86,9 @@ rm -f \ @@ -75,6 +87,9 @@ rm -f \
touch $RPM_BUILD_ROOT/etc/crypttab touch $RPM_BUILD_ROOT/etc/crypttab
chmod 600 $RPM_BUILD_ROOT/etc/crypttab chmod 600 $RPM_BUILD_ROOT/etc/crypttab
@ -57,5 +57,5 @@ index 6b81095..7f93a30 100644
/usr/sbin/groupadd -g 22 -r -f utmp /usr/sbin/groupadd -g 22 -r -f utmp
-- --
1.9.1 2.7.4

10
base/initscripts/centos/patches/sysconfig-affirmative-check-for-link-carrier.patch
View File

@ -1,4 +1,4 @@
From 974b70a23b6a6c579fc4d43efd42e42f26c27310 Mon Sep 17 00:00:00 2001 From cd3e0b0fea9588c987db119cb6d7840ace399368 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com> From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 08:27:42 -0500 Date: Thu, 17 Nov 2016 08:27:42 -0500
Subject: [PATCH] sysconfig: affirmative check for link carrier Subject: [PATCH] sysconfig: affirmative check for link carrier
@ -25,18 +25,18 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index 798f28a..affa8ba 100644 index d08f618..13cf4de 100644
--- a/sysconfig/network-scripts/network-functions --- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions +++ b/sysconfig/network-scripts/network-functions
@@ -463,7 +463,7 @@ check_link_down () @@ -473,7 +473,7 @@ check_link_down ()
delay=20 delay=20
[ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2)) [ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do while [ $timeout -le $delay ]; do
- [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1 - [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1
+ [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1 + [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
usleep 500000 sleep 0.5
timeout=$((timeout+1)) timeout=$((timeout+1))
done done
-- --
1.9.1 2.7.4

10
base/initscripts/centos/patches/sysconfig-unsafe-usage-of-linkdelay-variable.patch
View File

@ -1,4 +1,4 @@
From d3d109136f6e01ec1d8291ff89f3e00ff64cab31 Mon Sep 17 00:00:00 2001 From 9b12287d8dade60c012969db3ae56b36d1e50966 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com> From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 11:37:38 -0500 Date: Thu, 17 Nov 2016 11:37:38 -0500
Subject: [PATCH] sysconfig: unsafe usage of linkdelay variable Subject: [PATCH] sysconfig: unsafe usage of linkdelay variable
@ -16,10 +16,10 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index affa8ba..a9821f6 100644 index 13cf4de..4bcc48f 100644
--- a/sysconfig/network-scripts/network-functions --- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions +++ b/sysconfig/network-scripts/network-functions
@@ -461,7 +461,7 @@ check_link_down () @@ -471,7 +471,7 @@ check_link_down ()
fi fi
timeout=0 timeout=0
delay=20 delay=20
@ -27,7 +27,7 @@ index affa8ba..a9821f6 100644
+ [[ $LINKDELAY =~ ^[0-9]+$ ]] && delay=$(($LINKDELAY * 2)) + [[ $LINKDELAY =~ ^[0-9]+$ ]] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do while [ $timeout -le $delay ]; do
[ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1 [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
usleep 500000 sleep 0.5
-- --
1.9.1 2.7.4

2
base/initscripts/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/initscripts-9.49.39-1.el7.src.rpm mirror:Source/initscripts-9.49.41-1.el7.src.rpm

2
base/lighttpd/PKG-INFO
View File

@ -1,6 +1,6 @@
Metadata-Version: 1.1 Metadata-Version: 1.1
Name: lighttpd Name: lighttpd
Version: 1.4.39 Version: 1.4.50
Summary: Lightning fast webserver with light system requirements Summary: Lightning fast webserver with light system requirements
Home-page: Home-page:
Author: Author:

9
base/lighttpd/centos/build_srpm.data
View File

@ -1,9 +1,2 @@
COPY_LIST="lighttpd-1.4.35/index.html.lighttpd \ COPY_LIST="files/*"
lighttpd-1.4.35/lighttpd.conf \
lighttpd-1.4.35/lighttpd.init \
lighttpd-1.4.35/lighttpd-inc.conf \
lighttpd-1.4.35/lighttpd.logrotate \
lighttpd-1.4.35/lighttpd-csr.conf \
lighttpd-1.4.35/check-content-length.patch \
lighttpd-1.4.35/lighttpd-tpm-support.patch"
TIS_PATCH_VER=6 TIS_PATCH_VER=6

10
base/lighttpd/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 4bea2840e8b22d904be29d24d501c25201e13c57 Mon Sep 17 00:00:00 2001 From 1c4a8d83d96eab943d1cb7b4f0d9b7175e6858f1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400 Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH 3/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/lighttpd.spec SPECS/lighttpd.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index 71737ac..b795a3f 100644 index 2f7b261..2553b27 100644
--- a/SPECS/lighttpd.spec --- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec +++ b/SPECS/lighttpd.spec
@@ -45,7 +45,7 @@ @@ -45,7 +45,7 @@
Summary: Lightning fast webserver with light system requirements Summary: Lightning fast webserver with light system requirements
Name: lighttpd Name: lighttpd
Version: 1.4.45 Version: 1.4.50
-Release: 1%{?dist} -Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
License: BSD License: BSD
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.lighttpd.net/ URL: http://www.lighttpd.net/
-- --
1.8.3.1 2.7.4

2
base/lighttpd/centos/meta_patches/meta_add_support_for_tpm.patch
View File

@ -1,7 +1,7 @@
From 653e25505b1df7e7b3fd89e08729d6d9f9698d39 Mon Sep 17 00:00:00 2001 From 653e25505b1df7e7b3fd89e08729d6d9f9698d39 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com> From: Kam Nasim <kam.nasim@windriver.com>
Date: Tue, 28 Mar 2017 17:33:34 -0400 Date: Tue, 28 Mar 2017 17:33:34 -0400
Subject: [PATCH] dding support for TPM 2.0 Subject: [PATCH] Adding support for TPM 2.0
--- ---
SPECS/lighttpd.spec | 2 ++ SPECS/lighttpd.spec | 2 ++

16
base/lighttpd/centos/meta_patches/spec-check-content-length.patch
View File

@ -1,7 +1,7 @@
From c684477fa2b47bb3c00b0e501e817d088408bead Mon Sep 17 00:00:00 2001 From 730a5321581e70790da4e94085698fd299072be5 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400 Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH 4/4] WRS: spec-check-content-length.patch Subject: [PATCH] WRS: spec-check-content-length.patch
Conflicts: Conflicts:
SPECS/lighttpd.spec SPECS/lighttpd.spec
@ -10,13 +10,13 @@ Conflicts:
1 file changed, 8 insertions(+) 1 file changed, 8 insertions(+)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index b795a3f..9fd062a 100644 index 2553b27..c27f78f 100644
--- a/SPECS/lighttpd.spec --- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec +++ b/SPECS/lighttpd.spec
@@ -78,6 +78,10 @@ Patch3: lighttpd-1.4.39-socket.patch @@ -79,6 +79,10 @@ Patch3: lighttpd-1.4.39-socket.patch
#Patch6: changeset_r779c133c16f9af168b004dce7a2a64f16c1cb3a4.diff
#Patch7: lighttpd-1.4.42-bignum.patch #Patch7: lighttpd-1.4.42-bignum.patch
#Patch8: lighttpd-1.4.43-mysql.patch #Patch8: lighttpd-1.4.43-mysql.patch
#Patch9: lighttpd-1.4.48-autoconf.patch
+ +
+# WRS Patches +# WRS Patches
+Patch100: check-content-length.patch +Patch100: check-content-length.patch
@ -24,10 +24,10 @@ index b795a3f..9fd062a 100644
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
# For the target poweredby.png image (skip requirement + provide image on EL5) # For the target poweredby.png image (skip requirement + provide image on EL5)
%if %{with systemlogos} %if %{with systemlogos}
@@ -179,6 +183,10 @@ Authentication module for lighttpd that uses GSSAPI @@ -182,6 +186,10 @@ Authentication module for lighttpd that uses GSSAPI
#%patch6 -p1 -b .http_proxy
#%patch7 -p0 -b .bignum #%patch7 -p0 -b .bignum
#%patch8 -p0 -b .mysql #%patch8 -p0 -b .mysql
#%patch9 -p0 -b .autoconf
+ +
+# WRS Patches +# WRS Patches
+%patch100 -p1 -b .content_length +%patch100 -p1 -b .content_length
@ -36,5 +36,5 @@ index b795a3f..9fd062a 100644
#install -p -m 0644 %{SOURCE101} mod_geoip.txt #install -p -m 0644 %{SOURCE101} mod_geoip.txt
-- --
1.8.3.1 2.7.4

2
base/lighttpd/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/lighttpd-1.4.45-1.el7.src.rpm mirror:Source/lighttpd-1.4.50-1.el7.src.rpm

55
base/lighttpd/lighttpd-1.4.35/check-content-length.patch → base/lighttpd/files/check-content-length.patch
View File

@ -1,24 +1,27 @@
From b9410d967faf627d72fc5496a4c2e7aab879b7aa Mon Sep 17 00:00:00 2001 From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
From: Giao Le <giao.le@windriver.com> From: Giao Le <giao.le@windriver.com>
Date: Wed, 19 Oct 2016 15:06:17 -0400 Date: Mon, 27 Aug 2018 19:41:36 +0800
Subject: [PATCH 1/1] check Subject: [PATCH] check-length
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
--- ---
src/request.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ src/request.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 49 insertions(+) 1 file changed, 46 insertions(+), 1 deletion(-)
diff --git a/src/request.c b/src/request.c diff --git a/src/request.c b/src/request.c
index a2de944..857076c 100644 index 213a87e..8c97f45 100644
--- a/src/request.c --- a/src/request.c
+++ b/src/request.c +++ b/src/request.c
@@ -12,6 +12,39 @@ @@ -8,10 +8,39 @@
#include <stdio.h> #include "sock_addr.h"
#include <ctype.h>
#include <sys/stat.h>
-
+#include <sys/statvfs.h> +#include <sys/statvfs.h>
+#include <string.h> #include <limits.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h> +#include <errno.h>
+#include <limits.h>
+ +
+static size_t get_tempdirs_free_space(server *srv) +static size_t get_tempdirs_free_space(server *srv)
+{ +{
@ -47,19 +50,10 @@ index a2de944..857076c 100644
+ return (valid) ? total : SSIZE_MAX; + return (valid) ? total : SSIZE_MAX;
+} +}
+ +
+
static int request_check_hostname(buffer *host) { static int request_check_hostname(buffer *host) {
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL; enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
size_t i; @@ -1287,6 +1316,22 @@ int http_request_parse(server *srv, connection *con) {
@@ -409,6 +442,7 @@ static int request_uri_is_valid_char(unsigned char c) {
return 1;
}
+
int http_request_parse(server *srv, connection *con) {
char *uri = NULL, *proto = NULL, *method = NULL, con_length_set;
int is_key = 1, key_len = 0, is_ws_after_key = 0, in_folding;
@@ -1294,6 +1328,21 @@ int http_request_parse(server *srv, connection *con) {
return 0; return 0;
} }
@ -71,16 +65,17 @@ index a2de944..857076c 100644
+ con->keep_alive = 0; + con->keep_alive = 0;
+ +
+ log_error_write(srv, __FILE__, __LINE__, "ssosos", + log_error_write(srv, __FILE__, __LINE__, "ssosos",
+ "not enough free space in tempdirs:", + "not enough free space in tempdirs:",
+ "length =", (off_t) con->request.content_length, + "length =", (off_t) con->request.content_length,
+ "free =", (off_t) disk_free, + "free =", (off_t) disk_free,
+ "-> 413"); + "-> 413");
+ return 0; + return 0;
+ } + }
+ } + }
+
break; break;
default: default:
break; break;
-- --
1.8.3.1 2.7.4

0
base/lighttpd/lighttpd-1.4.35/index.html.lighttpd → base/lighttpd/files/index.html.lighttpd
View File

0
base/lighttpd/lighttpd-1.4.35/lighttpd-csr.conf → base/lighttpd/files/lighttpd-csr.conf
View File

0
base/lighttpd/lighttpd-1.4.35/lighttpd-inc.conf → base/lighttpd/files/lighttpd-inc.conf
View File

289
base/lighttpd/files/lighttpd-tpm-support.patch Normal file
View File

@ -0,0 +1,289 @@
From c58d174a1d2872272bfa9d83c642591f04effcb1 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 29 Mar 2017 21:56:41 -0400
Subject: [PATCH] lighttpd tpm support
---
src/base.h | 24 ++++++++++++
src/configfile.c | 6 ++-
src/mod_openssl.c | 113 +++++++++++++++++++++++++++++++++++++++++++++---------
src/server.c | 17 +++++++-
4 files changed, 139 insertions(+), 21 deletions(-)
diff --git a/src/base.h b/src/base.h
index 2fe60b6..bddcd01 100644
--- a/src/base.h
+++ b/src/base.h
@@ -15,6 +15,21 @@
#include "sock_addr.h"
#include "etag.h"
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+# define USE_OPENSSL
+# include <openssl/opensslconf.h>
+# ifndef USE_OPENSSL_KERBEROS
+# ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+# endif
+# endif
+# include <openssl/ssl.h>
+# include <openssl/engine.h>
+# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define OPENSSL_NO_TLSEXT
+# endif
+#endif
+
struct fdevents; /* declaration */
struct stat_cache; /* declaration */
@@ -360,6 +375,13 @@ typedef struct {
unsigned short high_precision_timestamps;
time_t loadts;
double loadavg[3];
+#ifdef USE_OPENSSL
+ // TPM engine and object configuration
+ buffer *tpm_object;
+ buffer *tpm_engine;
+ ENGINE *tpm_engine_ref;
+ EVP_PKEY *tpm_key;
+#endif
buffer *syslog_facility;
} server_config;
@@ -400,6 +422,8 @@ struct server {
int con_written;
int con_closed;
+ int tpm_is_init; // has TPM been initialized already
+
int max_fds; /* max possible fds */
int cur_fds; /* currently used fds */
int want_fds; /* waiting fds */
diff --git a/src/configfile.c b/src/configfile.c
index c3b0f16..dca2a29 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -276,8 +276,10 @@ static int config_insert(server *srv) {
{ "server.syslog-facility", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
{ "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */
{ "server.http-parseopts", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_SERVER }, /* 82 */
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 83 */
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 84 */
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
+ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
/* all T_CONFIG_SCOPE_SERVER options */
@@ -318,6 +320,8 @@ static int config_insert(server *srv) {
cv[80].destination = srv->srvconf.syslog_facility;
http_parseopts = array_init();
cv[82].destination = http_parseopts;
+ cv[83].destination = srv->srvconf.tpm_object;
+ cv[84].destination = srv->srvconf.tpm_engine;
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index 75e0873..4cb0335 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -422,6 +422,29 @@ error:
return NULL;
}
+static EVP_PKEY*
+evp_pkey_load_tpm_object_file(server *srv) {
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
+ return NULL;
+
+ if (srv->srvconf.tpm_key) {
+ // if a TPM key was previously loaded
+ // then return that as there is no need to
+ // reload this key into TPM
+ return srv->srvconf.tpm_key;
+ }
+
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
+ srv->srvconf.tpm_object->ptr,
+ NULL, NULL);
+ if (!pkey) {
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ return NULL;
+ }
+ srv->srvconf.tpm_key = pkey;
+ return pkey;
+}
static EVP_PKEY *
evp_pkey_load_pem_file (server *srv, const char *file)
@@ -476,15 +499,23 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
if (NULL == s->ssl_pemfile_x509) return -1;
- s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr);
- if (NULL == s->ssl_pemfile_pkey) return -1;
-
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key,"
- " reason:", ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+
+ // if TPM mode is enabled then load the TPM key otherwise load
+ // the regular SSL private key
+ if (srv->tpm_is_init) {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
+ }
+ else {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
+
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
+
}
return 0;
@@ -651,6 +682,43 @@ network_init_ssl (server *srv, void *p_d)
force_assert(NULL != local_send_buffer);
}
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * if TPM mode is configured, and we have not previously
+ * initialized the engine then do so now
+ */
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
+ (!srv->tpm_is_init)) {
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
+ // load the dynamic TPM engine
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)");
+ return -1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
+ srv->srvconf.tpm_engine->ptr, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ if (ENGINE_init(engine) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_finish(engine);
+ return -1;
+ }
+ srv->tpm_is_init = 1;
+ // stow away for ENGINE cleanup
+ srv->srvconf.tpm_engine_ref = engine;
+ }
+ else { // no TPM engine found
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "TPM engine option not set when TPM mode expected");
+ return -1;
+ }
+ }
+
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
@@ -911,29 +979,36 @@ network_init_ssl (server *srv, void *p_d)
}
}
- if (1 != SSL_CTX_use_certificate_chain_file(s->ssl_ctx,
- s->ssl_pemfile->ptr)) {
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile);
return -1;
}
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile);
return -1;
}
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public "
- "key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+ /*
+ * Only check private key against loaded
+ * certificate, in non TPM mode, since
+ * if this is a TPM key then it is wrapped
+ * and will not match the public key
+ */
+ if (!srv->tpm_is_init) {
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
}
+
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
| SSL_MODE_ENABLE_PARTIAL_WRITE
diff --git a/src/server.c b/src/server.c
index f6409bb..2ace3f8 100644
--- a/src/server.c
+++ b/src/server.c
@@ -246,6 +246,11 @@ static server *server_init(void) {
CLEAN(srvconf.pid_file);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -347,6 +352,14 @@ static void server_free(server *srv) {
CLEAN(srvconf.xattr_name);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+ // don't free the tpm_key as that will be freed
+ // below as ssl_pemfile_pkey
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -776,7 +789,9 @@ static int log_error_open(server *srv) {
if (-1 == (errfd = fdevent_open_devnull())) {
log_error_write(srv, __FILE__, __LINE__, "ss",
"opening /dev/null failed:", strerror(errno));
- return -1;
+ /* In version 1.4.45 it will also failed here but not check return value of openDevNull(STDERR_FILENO)
+ need further check with upstrean to see if there is a potential bug */
+ //return -1;
}
}
else {
--
2.7.4

0
base/lighttpd/lighttpd-1.4.35/lighttpd.conf → base/lighttpd/files/lighttpd.conf
View File

0
base/lighttpd/lighttpd-1.4.35/lighttpd.init → base/lighttpd/files/lighttpd.init
View File

0
base/lighttpd/lighttpd-1.4.35/lighttpd.logrotate → base/lighttpd/files/lighttpd.logrotate
View File

255
base/lighttpd/lighttpd-1.4.35/lighttpd-tpm-support.patch
View File

@ -1,255 +0,0 @@
From 3cf42638ea162be04cbfc8b8eedbef6292336640 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 29 Mar 2017 21:56:41 -0400
Subject: [PATCH] lighttpd tpm support
---
src/base.h | 10 ++++-
src/configfile.c | 4 ++
src/network.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++---------
src/server.c | 12 +++++-
4 files changed, 118 insertions(+), 19 deletions(-)
diff --git a/src/base.h b/src/base.h
index 134fc41..5fab1fd 100644
--- a/src/base.h
+++ b/src/base.h
@@ -37,6 +37,7 @@
# endif
# endif
# include <openssl/ssl.h>
+# include <openssl/engine.h>
# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
# define OPENSSL_NO_TLSEXT
# endif
@@ -567,6 +568,13 @@ typedef struct {
unsigned short high_precision_timestamps;
time_t loadts;
double loadavg[3];
+#ifdef USE_OPENSSL
+ // TPM engine and object configuration
+ buffer *tpm_object;
+ buffer *tpm_engine;
+ ENGINE *tpm_engine_ref;
+ EVP_PKEY *tpm_key;
+#endif
} server_config;
typedef struct server_socket {
@@ -610,7 +618,7 @@ typedef struct server {
int con_closed;
int ssl_is_init;
-
+ int tpm_is_init; // has TPM been initialized already
int max_fds; /* max possible fds */
int cur_fds; /* currently used fds */
int want_fds; /* waiting fds */
diff --git a/src/configfile.c b/src/configfile.c
index bba6925..da818ed 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -145,6 +145,8 @@ static int config_insert(server *srv) {
{ "server.stream-response-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 77 */
{ "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */
{ "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 81 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@@ -184,6 +186,8 @@ static int config_insert(server *srv) {
cv[73].destination = &(srv->srvconf.http_host_strict);
cv[74].destination = &(srv->srvconf.http_host_normalize);
cv[78].destination = &(srv->srvconf.max_request_field_size);
+ cv[80].destination = srv->srvconf.tpm_object;
+ cv[81].destination = srv->srvconf.tpm_engine;
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
diff --git a/src/network.c b/src/network.c
index 4295fe9..6460e72 100644
--- a/src/network.c
+++ b/src/network.c
@@ -613,6 +613,29 @@ error:
return NULL;
}
+static EVP_PKEY* evp_pkey_load_tpm_object_file(server *srv) {
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
+ return NULL;
+
+ if (srv->srvconf.tpm_key) {
+ // if a TPM key was previously loaded
+ // then return that as there is no need to
+ // reload this key into TPM
+ return srv->srvconf.tpm_key;
+ }
+
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
+ srv->srvconf.tpm_object->ptr,
+ NULL, NULL);
+ if (!pkey) {
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ return NULL;
+ }
+ srv->srvconf.tpm_key = pkey;
+ return pkey;
+}
+
static EVP_PKEY* evp_pkey_load_pem_file(server *srv, const char *file) {
BIO *in;
EVP_PKEY *x = NULL;
@@ -658,15 +681,23 @@ static int network_openssl_load_pemfile(server *srv, size_t ndx) {
#endif
if (NULL == (s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
- if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
- }
+ // if TPM mode is enabled then load the TPM key otherwise load
+ // the regular SSL private key
+ if (srv->tpm_is_init) {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
+ }
+ else {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
+
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
+ }
return 0;
}
@@ -791,6 +822,44 @@ int network_init(server *srv) {
}
}
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * if TPM mode is configured, and we have not previously
+ * initialized the engine then do so now
+ */
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
+ (!srv->tpm_is_init)) {
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
+ // load the dynamic TPM engine
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)");
+ return -1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
+ srv->srvconf.tpm_engine->ptr, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ if (ENGINE_init(engine) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_finish(engine);
+ return -1;
+ }
+ srv->tpm_is_init = 1;
+ // stow away for ENGINE cleanup
+ srv->srvconf.tpm_engine_ref = engine;
+ }
+ else { // no TPM engine found
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "TPM engine option not set when TPM mode expected");
+ return -1;
+ }
+ }
+ ///
+
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
@@ -975,24 +1044,32 @@ int network_init(server *srv) {
SSL_CTX_set_verify_depth(s->ssl_ctx, s->ssl_verifyclient_depth);
}
- if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
return -1;
}
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
return -1;
}
-
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+
+ /*
+ * Only check private key against loaded
+ * certificate, in non TPM mode, since
+ * if this is a TPM key then it is wrapped
+ * and will not match the public key
+ */
+ if (!srv->tpm_is_init) {
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
}
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
diff --git a/src/server.c b/src/server.c
index f27b003..5adfa15 100644
--- a/src/server.c
+++ b/src/server.c
@@ -226,7 +226,10 @@ static server *server_init(void) {
CLEAN(srvconf.bindhost);
CLEAN(srvconf.event_handler);
CLEAN(srvconf.pid_file);
-
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+#endif
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -316,6 +319,13 @@ static void server_free(server *srv) {
CLEAN(srvconf.modules_dir);
CLEAN(srvconf.network_backend);
CLEAN(srvconf.xattr_name);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+ // don't free the tpm_key as that will be freed
+ // below as ssl_pemfile_pkey
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
+#endif
CLEAN(tmp_chunk_len);
#undef CLEAN
--
1.8.3.1

117
base/lighttpd/lighttpd-1.4.35/remote-ip-ipv6-support.patch
View File

@ -1,117 +0,0 @@
--- lighttpd-1.4.35/src/configfile-glue.c.orig 2014-03-06 15:08:00.000000000 +0100
+++ lighttpd-1.4.35/src/configfile-glue.c 2015-11-26 11:39:23.000000000 +0100
@@ -8,6 +8,10 @@
#include <string.h>
#include <stdlib.h>
+#include <stdint.h>
+#ifndef __WIN32
+#include <arpa/inet.h>
+#endif
/**
* like all glue code this file contains functions which
@@ -336,12 +340,22 @@ static cond_result_t config_check_cond_n
if ((dc->cond == CONFIG_COND_EQ ||
dc->cond == CONFIG_COND_NE) &&
- (con->dst_addr.plain.sa_family == AF_INET) &&
(NULL != (nm_slash = strchr(dc->string->ptr, '/')))) {
int nm_bits;
- long nm;
char *err;
struct in_addr val_inp;
+ struct in6_addr val_inp6;
+ int val_af;
+ uint8_t *a, *b;
+ int result_match, result_nomatch;
+
+ if (dc->cond == CONFIG_COND_EQ) {
+ result_match = COND_RESULT_TRUE;
+ result_nomatch = COND_RESULT_FALSE;
+ } else {
+ result_match = COND_RESULT_FALSE;
+ result_nomatch = COND_RESULT_TRUE;
+ }
if (*(nm_slash+1) == '\0') {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: no number after / ", dc->string);
@@ -356,10 +370,16 @@ static cond_result_t config_check_cond_n
return COND_RESULT_FALSE;
}
+ if (nm_bits < 0) {
+ log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: negative netmask:", dc->string, err);
+
+ return COND_RESULT_FALSE;
+ }
/* take IP convert to the native */
buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
#ifdef __WIN32
+ val_af = AF_INET;
if (INADDR_NONE == (val_inp.s_addr = inet_addr(srv->cond_check_buf->ptr))) {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
@@ -367,21 +387,54 @@ static cond_result_t config_check_cond_n
}
#else
- if (0 == inet_aton(srv->cond_check_buf->ptr, &val_inp)) {
+ if (1 == inet_pton(AF_INET, srv->cond_check_buf->ptr, &val_inp)) {
+ val_af = AF_INET;
+ } else if (1 == inet_pton(AF_INET6, srv->cond_check_buf->ptr, &val_inp6)) {
+ val_af = AF_INET6;
+ } else {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
return COND_RESULT_FALSE;
}
#endif
- /* build netmask */
- nm = htonl(~((1 << (32 - nm_bits)) - 1));
+ if (val_af == AF_INET) {
+ if (nm_bits > 32) {
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv4 netmask too large:", nm_bits);
- if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;
+ return COND_RESULT_FALSE;
+ }
+ a = (uint8_t *)&val_inp;
+ if (con->dst_addr.plain.sa_family == AF_INET) {
+ b = (uint8_t *)&con->dst_addr.ipv4.sin_addr.s_addr;
+ } else if (IN6_IS_ADDR_V4MAPPED(&con->dst_addr.ipv6.sin6_addr)) {
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[12];
+ } else {
+ return result_nomatch;
+ }
} else {
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_FALSE : COND_RESULT_TRUE;
+ if (nm_bits > 128) {
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv6 netmask too large:", nm_bits);
+
+ return COND_RESULT_FALSE;
+ }
+ a = (uint8_t *)&val_inp6;
+ if (con->dst_addr.plain.sa_family == AF_INET) {
+ return result_nomatch;
+ } else {
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[0];
+ }
+ }
+ while (nm_bits) {
+ if (nm_bits >= 8) {
+ if (*a++ != *b++) return result_nomatch;
+ nm_bits -= 8;
+ } else {
+ if (*a >> (8 - nm_bits) != *b >> (8 - nm_bits)) return result_nomatch;
+ nm_bits = 0;
+ }
}
+ return result_match;
} else {
l = con->dst_addr_buf;
}

12
base/net-snmp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 2b9054a9278f5b7a6af660eb5842b9ec32d50e74 Mon Sep 17 00:00:00 2001 From c25a30b4a0c7347234c2af4afab099b5735bbf71 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:59 -0400 Date: Mon, 2 Oct 2017 17:05:59 -0400
Subject: [PATCH 8/9] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/net-snmp.spec SPECS/net-snmp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 0ac1eef..8d109b8 100644 index 9b313cb..b015436 100644
--- a/SPECS/net-snmp.spec --- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec
@@ -14,7 +14,7 @@ @@ -14,7 +14,7 @@
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: 5.7.2 Version: 5.7.2
-Release: 28%{?dist}.1 -Release: 33%{?dist}.2
+Release: 28.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 33.el7_5.2%{?_tis_dist}.%{tis_patch_ver}
Epoch: 1 Epoch: 1
License: BSD License: BSD
-- --
1.9.1 2.7.4

23
base/net-snmp/centos/meta_patches/run-snmpd-as-non-root-user.patch
View File

@ -1,14 +1,14 @@
From d984ab4a020a20082190e8029f45f06031f320da Mon Sep 17 00:00:00 2001 From 5dc19ad10a3f91803116a88c303134e9ff361bd5 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:59 -0400 Date: Mon, 2 Oct 2017 17:05:59 -0400
Subject: [PATCH 6/9] WRS: run-snmpd-as-non-root-user.patch Subject: [PATCH] WRS: run-snmpd-as-non-root-user.patch
Conflicts: Conflicts:
SPECS/net-snmp.spec SPECS/net-snmp.spec
--- ---
SOURCES/snmpd.service | 2 +- SOURCES/snmpd.service | 2 +-
SPECS/net-snmp.spec | 4 ++-- SPECS/net-snmp.spec | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-) 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service
index 84b6ca3..ad689c8 100644 index 84b6ca3..ad689c8 100644
@ -24,19 +24,10 @@ index 84b6ca3..ad689c8 100644
ExecStart=/etc/init.d/snmpd start ExecStart=/etc/init.d/snmpd start
ExecStop=/etc/init.d/snmpd stop ExecStop=/etc/init.d/snmpd stop
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index a433f40..0ac1eef 100644 index 3e36cb5..9b313cb 100644
--- a/SPECS/net-snmp.spec --- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec
@@ -14,7 +14,7 @@ @@ -428,7 +428,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.2
-Release: 28%{?dist}
+Release: 28%{?dist}.1
Epoch: 1
License: BSD
@@ -413,7 +413,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
# WRS # WRS
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
@ -46,5 +37,5 @@ index a433f40..0ac1eef 100644
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
install -m 755 %SOURCE13 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/snmpd install -m 755 %SOURCE13 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/snmpd
-- --
1.9.1 2.7.4

14
base/net-snmp/centos/meta_patches/snmp-spec-add-init-script.patch
View File

@ -1,14 +1,14 @@
From 05124f2495f4173848cac245c6579247a0e255d6 Mon Sep 17 00:00:00 2001 From 492d89dca4ca498b77847abc1f1313a800fec85e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:58 -0400 Date: Mon, 2 Oct 2017 17:05:58 -0400
Subject: [PATCH 3/9] WRS: snmp-spec-add-init-script.patch Subject: [PATCH] WRS: snmp-spec-add-init-script.patch
--- ---
SPECS/net-snmp.spec | 5 +++++ SPECS/net-snmp.spec | 5 +++++
1 file changed, 5 insertions(+) 1 file changed, 5 insertions(+)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 85955d0..df248ac 100644 index da7706b..035d2f8 100644
--- a/SPECS/net-snmp.spec --- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec
@@ -41,6 +41,7 @@ Source11: snmptrapd.service @@ -41,6 +41,7 @@ Source11: snmptrapd.service
@ -19,7 +19,7 @@ index 85955d0..df248ac 100644
Patch1: net-snmp-5.7.2-pie.patch Patch1: net-snmp-5.7.2-pie.patch
Patch2: net-snmp-5.5-dir-fix.patch Patch2: net-snmp-5.5-dir-fix.patch
@@ -414,6 +415,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf @@ -429,6 +430,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
chmod 600 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf chmod 600 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
@ -29,14 +29,14 @@ index 85955d0..df248ac 100644
install -d ${RPM_BUILD_ROOT}%{_initrddir} install -d ${RPM_BUILD_ROOT}%{_initrddir}
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}%{_initrddir}/snmpd install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}%{_initrddir}/snmpd
install -m 755 %SOURCE3 ${RPM_BUILD_ROOT}%{_initrddir}/snmptrapd install -m 755 %SOURCE3 ${RPM_BUILD_ROOT}%{_initrddir}/snmptrapd
@@ -553,6 +557,7 @@ rm -rf ${RPM_BUILD_ROOT} @@ -568,6 +572,7 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{_localstatedir}/run/net-snmp %dir %{_localstatedir}/run/net-snmp
%{_prefix}/lib/tmpfiles.d/net-snmp.conf %{_prefix}/lib/tmpfiles.d/net-snmp.conf
%{_unitdir}/snmp* %{_unitdir}/snmp*
+%{_sysconfdir}/rc.d/init.d/snmpd +%{_sysconfdir}/rc.d/init.d/snmpd
%config(noreplace) %{_sysconfdir}/sysconfig/snmpd %config(noreplace) %{_sysconfdir}/sysconfig/snmpd
%config(noreplace) %{_sysconfdir}/sysconfig/snmptrapd %config(noreplace) %{_sysconfdir}/sysconfig/snmptrapd
%attr(0755,root,root) %{_bindir}/net-snmp-config*
-- --
1.9.1 2.7.4

19
base/net-snmp/centos/meta_patches/spec-configure-without-HOST-RESOURCES-MIB.patch
View File

@ -1,8 +1,18 @@
From 0358f8ee4e56fbd3f4c54409b3dbe5c9fdff3a27 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Sun, 12 Aug 2018 22:07:24 +0800
Subject: [PATCH] spec-configure-without-HOST-RESOURCES-MIB
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/net-snmp.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 12323a4..1e23fba 100644 index a1b3720..e6e5d8c 100644
--- a/SPECS/net-snmp.spec --- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec
@@ -331,7 +331,7 @@ rm testing/fulltests/default/T200* @@ -342,7 +342,7 @@ rm testing/fulltests/default/T200*
%endif %endif
%build %build
@ -11,7 +21,7 @@ index 12323a4..1e23fba 100644
ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \ ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \ ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
@@ -352,6 +352,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" @@ -363,6 +363,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-logfile="/var/log/snmpd.log" \ --with-logfile="/var/log/snmpd.log" \
--with-persistent-directory="/var/lib/net-snmp" \ --with-persistent-directory="/var/lib/net-snmp" \
--with-mib-modules="$MIBS" \ --with-mib-modules="$MIBS" \
@ -19,3 +29,6 @@ index 12323a4..1e23fba 100644
%if %{netsnmp_tcp_wrappers} %if %{netsnmp_tcp_wrappers}
--with-libwrap=yes \ --with-libwrap=yes \
%endif %endif
--
2.7.4

2
base/net-snmp/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/net-snmp-5.7.2-28.el7.src.rpm mirror:Source/net-snmp-5.7.2-33.el7_5.2.src.rpm

12
base/netpbm/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,4 +1,4 @@
From 55b381fed1b1bae9bd0bdfabd07246f40805252e Mon Sep 17 00:00:00 2001 From bb0bf50256fd7d85d7f6f9eeb64d621a5698cfcc Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com> From: Don Penney <don.penney@windriver.com>
Date: Tue, 27 Sep 2016 21:23:24 -0400 Date: Tue, 27 Sep 2016 21:23:24 -0400
Subject: [PATCH] Update package versioning for TIS format Subject: [PATCH] Update package versioning for TIS format
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
index c10c448..74c13eb 100644 index 02dd5f8..a4579f5 100644
--- a/SPECS/netpbm.spec --- a/SPECS/netpbm.spec
+++ b/SPECS/netpbm.spec +++ b/SPECS/netpbm.spec
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
Summary: A library for handling different graphics file formats Summary: A library for handling different graphics file formats
Name: netpbm Name: netpbm
Version: 10.61.02 Version: 10.79.00
-Release: 9%{?dist} -Release: 7%{?dist}
+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
# See copyright_summary for details # See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain License: BSD and GPLv2 and IJG and MIT and Public Domain
Group: System Environment/Libraries Group: System Environment/Libraries
-- --
1.8.3.1 2.7.4

40
base/netpbm/centos/meta_patches/0001-remove-ghostscript.patch
View File

@ -1,16 +1,26 @@
From 4d8601d4eda671c7da04f7eb438e20407f33b09b Mon Sep 17 00:00:00 2001
From: zhipengl <zhipengs.liu@intel.com>
Date: Wed, 22 Aug 2018 01:02:40 +0800
Subject: 0001-remove-ghostscript.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/netpbm.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
index c0a2d27..c10c448 100644 index 82eafb8..02dd5f8 100644
--- a/SPECS/netpbm.spec --- a/SPECS/netpbm.spec
+++ b/SPECS/netpbm.spec +++ b/SPECS/netpbm.spec
@@ -40,6 +40,7 @@ Patch28: netpbm-compare-same-images.patch @@ -31,6 +31,7 @@ Patch15: netpbm-pamtojpeg2k.patch
Patch29: netpbm-manual-pages.patch Patch16: netpbm-manfix.patch
Patch30: netpbm-pnmtops-hangs.patch Patch17: netpbm-manual-pages.patch
Patch31: netpbm-pgmtexture-fault.patch Patch18: netpbm-ppmfadeusage.patch
+Patch32: remove-pstopnm.patch +Patch19: remove-pstopnm.patch
BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
@@ -66,7 +67,6 @@ to have the netpbm package installed. @@ -57,7 +58,6 @@ to have the netpbm package installed.
%package progs %package progs
Summary: Tools for manipulating graphics files in netpbm supported formats Summary: Tools for manipulating graphics files in netpbm supported formats
Group: Applications/Multimedia Group: Applications/Multimedia
@ -18,12 +28,14 @@ index c0a2d27..c10c448 100644
Requires: netpbm = %{version}-%{release} Requires: netpbm = %{version}-%{release}
%description progs %description progs
@@ -102,6 +102,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch16 -p1 -b .manfix
%patch17 -p1 -b .manual-pages
%patch18 -p1 -b .ppmfadeusage
+%patch19 -p1
@@ -120,6 +120,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch29 -p1 -b .manual-pages
%patch30 -p1 -b .pnmtops-hangs
%patch31 -p1 -b .pgmtexture-fault
+%patch32 -p1
sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
rm -rf converter/other/jpeg2000/libjasper/ rm -rf converter/other/jpeg2000/libjasper/
sed -i -e 's/SUBDIRS += libjasper//' converter/other/jpeg2000/Makefile
--
2.7.4

34
base/netpbm/centos/patches/remove-pstopnm.patch
View File

@ -1,25 +1,37 @@
diff --git a/netpbm-10.61.02/converter/other/Makefile b/netpbm-10.61.02/converter/other/Makefile From ba7b88e20f58d1d549bf7eec2e7fc2fa2a229362 Mon Sep 17 00:00:00 2001
index 746db87..02c66b4 100644 From: zhipengl <zhipengs.liu@intel.com>
--- a/netpbm-10.61.02/converter/other/Makefile Date: Wed, 22 Aug 2018 00:50:54 +0800
+++ b/netpbm-10.61.02/converter/other/Makefile Subject: remove-pstopnm.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
converter/other/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/converter/other/Makefile b/converter/other/Makefile
index b01f66a..6e9c84f 100644
--- a/converter/other/Makefile
+++ b/converter/other/Makefile
@@ -7,6 +7,7 @@ VPATH=.:$(SRCDIR)/$(SUBDIR) @@ -7,6 +7,7 @@ VPATH=.:$(SRCDIR)/$(SUBDIR)
include $(BUILDDIR)/config.mk include $(BUILDDIR)/config.mk
+USE_GHOSTSCRIPT=N +USE_GHOSTSCRIPT=N
TEST_PKGCONFIG_LIBXML2 = if pkg-config libxml-2.0; then echo exists; fi TEST_PKGCONFIG_LIBXML2 = if $(PKG_CONFIG) libxml-2.0; then echo exists; fi
ifneq ($(shell $(TEST_PKGCONFIG_LIBXML2)),) ifneq ($(shell $(TEST_PKGCONFIG_LIBXML2)),)
@@ -134,10 +135,12 @@ BINARIES = \ @@ -126,9 +127,11 @@ PORTBINARIES = avstopam bmptopnm fitstopnm \
rasttopnm \ rasttopnm rlatopam sgitopnm sirtopnm srftopam sunicontopnm \
srftopam \ winicontopam xwdtopnm yuy2topam zeisstopnm
+ifneq ($(USE_GHOSTSCRIPT),N) +ifneq ($(USE_GHOSTSCRIPT),N)
ifneq ($(DONT_HAVE_PROCESS_MGMT),Y) ifneq ($(DONT_HAVE_PROCESS_MGMT),Y)
PORTBINARIES += pstopnm PORTBINARIES += pstopnm pnmtops
BINARIES += pnmtops
endif endif
+endif +endif
ifeq ($(HAVE_PNGLIB),Y) ifeq ($(HAVE_PNGLIB),Y)
BINARIES += pnmtopng pngtopam pamrgbatopng PORTBINARIES += pamtopng pnmtopng pngtopam
--
2.7.4

2
base/netpbm/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/netpbm-10.61.02-9.el7.src.rpm mirror:Source/netpbm-10.79.00-7.el7.src.rpm

12
base/ntp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From af36b0f028b07a6487e57040bb6c980ff6a4a41c Mon Sep 17 00:00:00 2001 From 30615fcee3c857e0bb2900a64e14b807adff5495 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:29:01 -0400 Date: Mon, 2 Oct 2017 16:29:01 -0400
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/ntp.spec SPECS/ntp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
index f717899..454020c 100644 index 73ab0f7..bf9c32b 100644
--- a/SPECS/ntp.spec --- a/SPECS/ntp.spec
+++ b/SPECS/ntp.spec +++ b/SPECS/ntp.spec
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities Summary: The NTP daemon and utilities
Name: ntp Name: ntp
Version: 4.2.6p5 Version: 4.2.6p5
-Release: 25%{?dist}.2 -Release: 28%{?dist}
+Release: 25.el7.centos.2%{?_tis_dist}.%{tis_patch_ver} +Release: 28.el7.centos%{?_tis_dist}.%{tis_patch_ver}
# primary license (COPYRIGHT) : MIT # primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2 # ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising # kernel/sys/ppsclock.h (not used) : BSD with advertising
-- --
1.9.1 2.7.4

2
base/ntp/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/ntp-4.2.6p5-25.el7.centos.2.src.rpm mirror:Source/ntp-4.2.6p5-28.el7.centos.src.rpm

16
base/openssh/centos/meta_patches/spec-harden-server-and-client-config.patch
View File

@ -1,7 +1,7 @@
From 099d1c1f3376673e9a3c5747c87c8c756c883ce6 Mon Sep 17 00:00:00 2001 From 857b95ac924a980c60d894148d3c5d41aca8447d Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com> From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 22 Mar 2018 11:45:26 -0400 Date: Thu, 22 Mar 2018 11:45:26 -0400
Subject: [PATCH 1/1] CGTS-9265: patch to harden server and client config Subject: [PATCH] CGTS-9265: patch to harden server and client config
Replace the hardcoded sshd_config and ssh_config files with patches Replace the hardcoded sshd_config and ssh_config files with patches
to openssh. to openssh.
@ -12,12 +12,12 @@ Signed-off-by: Andy Ning <andy.ning@windriver.com>
1 file changed, 6 insertions(+) 1 file changed, 6 insertions(+)
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 7ee5bd8..7c464a2 100644 index 442261e..c62e6c8 100644
--- a/SPECS/openssh.spec --- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec +++ b/SPECS/openssh.spec
@@ -240,6 +240,9 @@ Patch955: openssh-7.4p1-sandbox-ibmca.patch @@ -251,6 +251,9 @@ Patch959: openssh-7.4p1-authorized_keys_command.patch
# Back to UseDNS=yes by default (#1478175) # Fix for CVE-2017-15906 (#1517226)
Patch956: openssh-7.4p1-usedns-yes.patch Patch960: openssh-7.5p1-sftp-empty-files.patch
+# WRS: harden server and client config +# WRS: harden server and client config
+Patch1000: harden-server-and-client-config.patch +Patch1000: harden-server-and-client-config.patch
@ -25,7 +25,7 @@ index 7ee5bd8..7c464a2 100644
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -494,6 +497,9 @@ popd @@ -511,6 +514,9 @@ popd
%patch100 -p1 -b .coverity %patch100 -p1 -b .coverity
@ -36,5 +36,5 @@ index 7ee5bd8..7c464a2 100644
# Nothing here yet # Nothing here yet
%endif %endif
-- --
1.8.3.1 2.7.4

2
base/openssh/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/openssh-7.4p1-12.el7_4.src.rpm mirror:Source/openssh-7.4p1-16.el7.src.rpm

10
base/pam/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,4 +1,4 @@
From df02d7127b6feba73728380493033f5b212faab7 Mon Sep 17 00:00:00 2001 From ebeb61340d3bc91c2489846a00878c557310634d Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com> From: Don Penney <don.penney@windriver.com>
Date: Tue, 27 Sep 2016 10:49:05 -0400 Date: Tue, 27 Sep 2016 10:49:05 -0400
Subject: [PATCH] Update package versioning for TIS format Subject: [PATCH] Update package versioning for TIS format
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/pam.spec b/SPECS/pam.spec diff --git a/SPECS/pam.spec b/SPECS/pam.spec
index a702aca..dabbeee 100644 index 0ee1747..e397385 100644
--- a/SPECS/pam.spec --- a/SPECS/pam.spec
+++ b/SPECS/pam.spec +++ b/SPECS/pam.spec
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.8 Version: 1.1.8
-Release: 18%{?dist} -Release: 22%{?dist}
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 22.el7%{?_tis_dist}.%{tis_patch_ver}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
-- --
1.8.3.1 2.7.4

2
base/pam/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/pam-1.1.8-18.el7.src.rpm mirror:Source/pam-1.1.8-22.el7.src.rpm

14
base/rsync/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 20f4e2f0f19c6d0e9c8ee1314481bc8e85dbd5bb Mon Sep 17 00:00:00 2001 From a6709dfc64368bac4970e3b99512a4e1b4b8e756 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:32:24 -0400 Date: Mon, 2 Oct 2017 16:32:24 -0400
Subject: [PATCH 1/1] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/rsync.spec SPECS/rsync.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
index 85b01f2..310b284 100644 index d5f6d55..d9cb5ed 100644
--- a/SPECS/rsync.spec --- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec +++ b/SPECS/rsync.spec
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
Summary: A program for synchronizing files over a network Summary: A program for synchronizing files over a network
Name: rsync Name: rsync
Version: 3.0.9 Version: 3.1.2
-Release: 18%{?prerelease}%{?dist} -Release: 4%{?prerelease}%{?dist}
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 4.el7%{?_tis_dist}.%{tis_patch_ver}
Group: Applications/Internet Group: Applications/Internet
URL: http://rsync.samba.org/ URL: http://rsync.samba.org/
-- --
1.9.1 2.7.4

2
base/rsync/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/rsync-3.0.9-18.el7.src.rpm mirror:Source/rsync-3.1.2-4.el7.src.rpm

10
base/sanlock/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 112dfdc394a779a860c79c067d47142dc1db2484 Mon Sep 17 00:00:00 2001 From b37781fdf5c5f4b373f124875c39ae10697c5898 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:45:32 -0400 Date: Mon, 2 Oct 2017 16:45:32 -0400
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/sanlock.spec SPECS/sanlock.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/sanlock.spec b/SPECS/sanlock.spec diff --git a/SPECS/sanlock.spec b/SPECS/sanlock.spec
index b4996de..ebce8c1 100644 index 5bfb8e4..587fcb2 100644
--- a/SPECS/sanlock.spec --- a/SPECS/sanlock.spec
+++ b/SPECS/sanlock.spec +++ b/SPECS/sanlock.spec
@@ -6,7 +6,7 @@ @@ -6,7 +6,7 @@
Name: sanlock Name: sanlock
Version: 3.5.0 Version: 3.6.0
-Release: 1%{?dist} -Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A shared storage lock manager Summary: A shared storage lock manager
Group: System Environment/Base Group: System Environment/Base
-- --
1.9.1 2.7.4

2
base/sanlock/centos/srpm_path
View File

@ -1,2 +1,2 @@
mirror:Source/sanlock-3.5.0-1.el7.src.rpm mirror:Source/sanlock-3.6.0-1.el7.src.rpm

12
base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,14 +1,14 @@
From 412fc338e588c92ee0be3bf1b1af0040fac9f500 Mon Sep 17 00:00:00 2001 From 667cc2ccdd4451ce9d943064d714bcf1a8d1e4ed Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com> From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:40:54 -0400 Date: Mon, 26 Sep 2016 17:40:54 -0400
Subject: [PATCH] Update package versioning for TIS format Subject: [PATCH 09/15] Update package versioning for TIS format
--- ---
SPECS/setup.spec | 2 +- SPECS/setup.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 223bfd5..89a4d2f 100644 index 3ad2458..8f5fc46 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
@ -16,10 +16,10 @@ index 223bfd5..89a4d2f 100644
Name: setup Name: setup
Version: 2.8.71 Version: 2.8.71
-Release: 9%{?dist} -Release: 9%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver} +Release: 9.el7%{?_tis_dist}.%{tis_patch_ver}
License: Public Domain License: Public Domain
Group: System Environment/Base Group: System Environment/Base
URL: https://fedorahosted.org/setup/ URL: https://pagure.io/setup/
-- --
1.8.3.1 2.7.4

13
base/setup/centos/meta_patches/security-make-exports-and-fstab-only-root-accessible.patch
View File

@ -1,8 +1,7 @@
From 2f6906e33b91dc28c7b48ce5604501ce09cfaed6 Mon Sep 17 00:00:00 2001 From 6d54fd5dff19e69d2d9c01e508fd4276e4eaef5b Mon Sep 17 00:00:00 2001
Message-Id: <2f6906e33b91dc28c7b48ce5604501ce09cfaed6.1468352966.git.Jim.Somerville@windriver.com>
From: Jim Somerville <Jim.Somerville@windriver.com> From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Tue, 12 Jul 2016 15:43:47 -0400 Date: Tue, 12 Jul 2016 15:43:47 -0400
Subject: [PATCH 1/1] security make exports and fstab only root accessible Subject: [PATCH 07/15] security make exports and fstab only root accessible
Apply a chmod of 600 to the two files. Apply a chmod of 600 to the two files.
@ -12,17 +11,17 @@ Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
1 file changed, 1 insertion(+) 1 file changed, 1 insertion(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index d40113f..6c18614 100644 index db3ed17..a612d24 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -65,6 +65,7 @@ chmod 0644 %{buildroot}/var/log/lastlog @@ -69,6 +69,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid touch %{buildroot}/etc/subgid
+chmod 0600 %{buildroot}/etc/{exports,fstab} +chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/ install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
mkdir -p %{buildroot}/etc/profile.d
-- --
1.8.3.1 2.7.4

33
base/setup/centos/meta_patches/spec-add-TMOUT-variable.patch
View File

@ -1,40 +1,43 @@
From 13bee9ed7d91fae3d66f91d4e4aa139ca3d05f66 Mon Sep 17 00:00:00 2001 From d8ab20a896750f9fcd257d3e64cb0ef34e35140a Mon Sep 17 00:00:00 2001
From: David Balme <david.balme@windriver.com> From: David Balme <david.balme@windriver.com>
Date: Thu, 13 Oct 2016 08:40:27 -0400 Date: Thu, 13 Oct 2016 08:40:27 -0400
Subject: [PATCH 1/1] add TMOUT variable Subject: [PATCH 10/15] add TMOUT variable
--- ---
SPECS/setup.spec | 3 +++ SPECS/setup.spec | 5 ++++-
1 file changed, 3 insertions(+) 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89a4d2f..1f5c96a 100644 index 8f5fc46..a6465dc 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -8,6 +8,7 @@ URL: https://fedorahosted.org/setup/ @@ -8,6 +8,7 @@ URL: https://pagure.io/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2 Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
Source1: motd Source1: motd
Source2: prompt.sh Source2: prompt.sh
+Source3: custom.sh +Source3: custom.sh
BuildArch: noarch BuildArch: noarch
BuildRequires: bash tcsh perl BuildRequires: bash tcsh perl
#require system release for saner dependency order #require system release for saner dependency order
@@ -70,6 +71,7 @@ touch %{buildroot}/etc/subgid @@ -73,8 +74,9 @@ touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
chmod 0600 %{buildroot}/etc/{exports,fstab} chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/ install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh -install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
mkdir -p %{buildroot}/etc/profile.d
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
+install -m 644 %{SOURCE3} %{buildroot}/etc/profile.d/custom.sh +install -m 644 %{SOURCE3} %{buildroot}/etc/profile.d/custom.sh
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
# remove unpackaged files from the buildroot @@ -133,6 +135,7 @@ end
rm -f %{buildroot}/etc/Makefile
@@ -125,6 +127,7 @@ end
%config(noreplace) /etc/motd %config(noreplace) /etc/motd
%dir /etc/profile.d %dir /etc/profile.d
/etc/profile.d/prompt.sh /etc/profile.d/prompt.sh
+/etc/profile.d/custom.sh +/etc/profile.d/custom.sh
%config(noreplace) /etc/profile.d/sh.local
%config(noreplace) /etc/profile.d/csh.local
%config(noreplace) %verify(not md5 size mtime) /etc/shells %config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
-- --
1.8.3.1 2.7.4

33
base/setup/centos/meta_patches/spec-add-ironic-uid-gid.patch
View File

@ -1,26 +1,33 @@
commit f944ef677dc090e91b790ac54064d61d071edb5c From 1c1e025ff9cdf5a5041959434a79014e24015271 Mon Sep 17 00:00:00 2001
Author: Shoaib Nasir <shoaib.nasir@windriver.com> From: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon Sep 25 12:20:43 2017 -0400 Date: Mon, 27 Aug 2018 17:55:18 +0800
Add ironic-uid-gid.patch to SPECS Add ironic-uid-gid.patch to SPECS
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 2ec3541..55dd30b 100644 index 367a13b..974113e 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -28,6 +28,7 @@ Patch9: snmpd-fm-user-group.patch @@ -30,6 +30,7 @@ Patch11: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch Patch12: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch Patch13: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch Patch14: add-magnum-uid-gid.patch
+Patch13: add-ironic-uid-gid.patch +Patch15: add-ironic-uid-gid.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile. @@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile.
%patch10 -p1
%patch11 -p1
%patch12 -p1 %patch12 -p1
+%patch13 -p1 %patch13 -p1
%patch14 -p1
+%patch15 -p1
./shadowconvert.sh ./shadowconvert.sh
--
2.7.4

26
base/setup/centos/meta_patches/spec-add-magnum-uid-gid.patch
View File

@ -1,32 +1,32 @@
From 11086bd4422e8f24a0b070eb16e53b08f4561c61 Mon Sep 17 00:00:00 2001 From 23dda8869b96f7df3db3fc885ca960b4889c82c0 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com> From: Jerry Sun <jerry.sun@windriver.com>
Date: Thu, 3 Aug 2017 16:18:34 -0400 Date: Thu, 3 Aug 2017 16:18:34 -0400
Subject: [PATCH 1/1] meta add magnum uid and gid Subject: [PATCH 12/15] meta add magnum uid and gid
--- ---
SPECS/setup.spec | 2 ++ SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9ee24ca..2ec3541 100644 index 6a871f3..367a13b 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -27,6 +27,7 @@ Patch8: passwd-remove-unused-default-users-and-groups.patch @@ -29,6 +29,7 @@ Patch10: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch Patch11: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch Patch12: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch Patch13: add-fm-user-to-snmpd-group.patch
+Patch12: add-magnum-uid-gid.patch +Patch14: add-magnum-uid-gid.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -46,6 +47,7 @@ setup files, such as passwd, group, and profile. @@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
%patch9 -p1
%patch10 -p1
%patch11 -p1 %patch11 -p1
+%patch12 -p1 %patch12 -p1
%patch13 -p1
+%patch14 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

26
base/setup/centos/meta_patches/spec-add-murano-uid-gid.patch
View File

@ -1,32 +1,32 @@
From bb774f39b779de4e31007fc70bead641820ae74f Mon Sep 17 00:00:00 2001 From 07aca8a7f571059552dceb9a83d7b231e6ba01ff Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com> From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 8 Jan 2018 12:28:08 -0500 Date: Mon, 8 Jan 2018 12:28:08 -0500
Subject: [PATCH 1/1] meta add murano uid and gid Subject: [PATCH 14/15] meta add murano uid and gid
--- ---
SPECS/setup.spec | 2 ++ SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 55dd30b..b652b3c 100644 index 974113e..7f636ea 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -29,6 +29,7 @@ Patch10: remove-unused-default-groups.patch @@ -31,6 +31,7 @@ Patch12: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch Patch13: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch Patch14: add-magnum-uid-gid.patch
Patch13: add-ironic-uid-gid.patch Patch15: add-ironic-uid-gid.patch
+Patch14: add-murano-uid-gid.patch +Patch16: add-murano-uid-gid.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile. @@ -54,6 +55,7 @@ setup files, such as passwd, group, and profile.
%patch11 -p1
%patch12 -p1
%patch13 -p1 %patch13 -p1
+%patch14 -p1 %patch14 -p1
%patch15 -p1
+%patch16 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

26
base/setup/centos/meta_patches/spec-add-uid-gid-for-telemetry-services.patch
View File

@ -1,32 +1,32 @@
From 8c24c1c8bc9b703714c52b9b45cd3ea90f4a6604 Mon Sep 17 00:00:00 2001 From 34c8b5f204877ae54d07248b9729353c8f8dfecf Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.Wang@windriver.com> From: Angie Wang <angie.Wang@windriver.com>
Date: Thu, 7 Jun 2018 16:39:08 -0400 Date: Thu, 7 Jun 2018 16:39:08 -0400
Subject: [PATCH] spec add uid gid for telemetry services Subject: [PATCH 15/15] spec add uid gid for telemetry services
--- ---
SPECS/setup.spec | 2 ++ SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index b652b3c..76d4feb 100644 index 7f636ea..4f11a37 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -30,6 +30,7 @@ Patch11: add-fm-user-to-snmpd-group.patch @@ -32,6 +32,7 @@ Patch13: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch Patch14: add-magnum-uid-gid.patch
Patch13: add-ironic-uid-gid.patch Patch15: add-ironic-uid-gid.patch
Patch14: add-murano-uid-gid.patch Patch16: add-murano-uid-gid.patch
+Patch15: add-uid-gid-for-telemetry-services.patch +Patch17: add-uid-gid-for-telemetry-services.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile. @@ -56,6 +57,7 @@ setup files, such as passwd, group, and profile.
%patch12 -p1
%patch13 -p1
%patch14 -p1 %patch14 -p1
+%patch15 -p1 %patch15 -p1
%patch16 -p1
+%patch17 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

32
base/setup/centos/meta_patches/spec-include-TiS-changes.patch
View File

@ -1,35 +1,43 @@
setup.spec: to include Titanium Cloud specific changes From 236314295289b829e6216022a247017f7c0851c7 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 22:41:01 +0800
Subject: [PATCH 01/15] setup.spec: to include Titanium Cloud specific changes
To include files under cgcs/recipes-base/setup/files/* To include files under cgcs/recipes-base/setup/files/*
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9174b5a..efc52ca 100644 index 317132b..4ac1019 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -6,6 +6,7 @@ License: Public Domain @@ -6,6 +6,7 @@ License: Public Domain
Group: System Environment/Base Group: System Environment/Base
URL: https://fedorahosted.org/setup/ URL: https://pagure.io/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2 Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
+Source1: motd +Source1: motd
BuildArch: noarch BuildArch: noarch
BuildRequires: bash tcsh perl BuildRequires: bash tcsh perl
#require system release for saner dependency order #require system release for saner dependency order
@@ -55,6 +56,7 @@ chmod 0644 %{buildroot}/var/log/lastlog @@ -59,6 +60,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid touch %{buildroot}/etc/subgid
+install -m 644 %{SOURCE1} %{buildroot}/etc/ +install -m 644 %{SOURCE1} %{buildroot}/etc/
mkdir -p %{buildroot}/etc/profile.d
# remove unpackaged files from the buildroot echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
rm -f %{buildroot}/etc/Makefile echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
@@ -107,6 +109,7 @@ end @@ -115,6 +117,7 @@ end
%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty %attr(0600,root,root) %config(noreplace,missingok) /etc/securetty
%config(noreplace) /etc/csh.login %config(noreplace) /etc/csh.login
%config(noreplace) /etc/csh.cshrc %config(noreplace) /etc/csh.cshrc
+%config(noreplace) /etc/motd +%config(noreplace) /etc/motd
%dir /etc/profile.d %dir /etc/profile.d
%config(noreplace) %verify(not md5 size mtime) /etc/shells %config(noreplace) /etc/profile.d/sh.local
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog %config(noreplace) /etc/profile.d/csh.local
-- --
1.8.3.1 2.7.4

31
base/setup/centos/meta_patches/spec-include-add-fm-user-to-snmpd-group.patch
View File

@ -1,22 +1,33 @@
From 3eb03183dc24b865dd3e84495a82899f39665690 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 23:17:05 +0800
Subject: [PATCH 11/15] spec-include-add-fm-user-to-snmpd-group
Signed-off-by: slin14 <shuicheng.lin@intel.com>
--- ---
SPECS/setup.spec | 2 ++ SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index a6465dc..6a871f3 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -26,6 +26,7 @@ Patch6: updating-gids-and-uids-to-suppor @@ -28,6 +28,7 @@ Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch Patch10: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch Patch11: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch Patch12: remove-unused-default-groups.patch
+Patch11: add-fm-user-to-snmpd-group.patch +Patch13: add-fm-user-to-snmpd-group.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -44,6 +45,7 @@ setup files, such as passwd, group, and @@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
%patch8 -p1
%patch9 -p1
%patch10 -p1 %patch10 -p1
+%patch11 -p1 %patch11 -p1
%patch12 -p1
+%patch13 -p1
./shadowconvert.sh ./shadowconvert.sh
--
2.7.4

39
base/setup/centos/meta_patches/spec-include-snmpd-fm-user-group.patch
View File

@ -1,41 +1,32 @@
From 35ebbf2ca7e5e412f55cdaa875845728d203b34d Mon Sep 17 00:00:00 2001 From f0882fad769c71cb70b44251c79f39e7e13dbc48 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com> From: Kam Nasim <kam.nasim@windriver.com>
Date: Fri, 12 Aug 2016 17:35:28 -0400 Date: Fri, 12 Aug 2016 17:35:28 -0400
Subject: [PATCH] meta patch for snmpd-user-group.patch Subject: [PATCH 06/15] meta patch for snmpd-user-group.patch
--- ---
SPECS/setup.spec | 4 +++- SPECS/setup.spec | 2 ++
1 file changed, 3 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89ff683..d40113f 100644 index 10d151b..db3ed17 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@ @@ -25,6 +25,7 @@ Patch7: setup-2.8.71-shlocal.patch
Summary: A set of system configuration and setup files Patch8: tis-uid-gid.patch
Name: setup Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Version: 2.8.71 Patch10: passwd-remove-unused-default-users-and-groups.patch
-Release: 7%{?dist} +Patch11: snmpd-fm-user-group.patch
+Release: 8%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
+Patch9: snmpd-fm-user-group.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile. @@ -43,6 +44,7 @@ setup files, such as passwd, group, and profile.
%patch6 -p1
%patch7 -p1
%patch8 -p1 %patch8 -p1
+%patch9 -p1 %patch9 -p1
%patch10 -p1
+%patch11 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

1074
base/setup/centos/meta_patches/spec-include-tis-uid-gid.patch
View File

File diff suppressed because it is too large Load Diff

26
base/setup/centos/meta_patches/spec-passwd-remove-unused-default-users-and-groups.patch
View File

@ -1,7 +1,7 @@
From f882ce44d7e8574e9affc5e6471265029f9724ca Mon Sep 17 00:00:00 2001 From 1285d1381237a94df55df913aa268cd5bb9c6b89 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com> From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 21 Jul 2016 11:47:55 -0400 Date: Thu, 21 Jul 2016 11:47:55 -0400
Subject: [PATCH] spec: add patch to remove unused users and groups Subject: [PATCH 05/15] spec: add patch to remove unused users and groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com> Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
--- ---
@ -9,25 +9,25 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3debacf..89ff683 100644 index 18283cd..10d151b 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -22,6 +22,7 @@ Patch4: setup-2.8.71-filesystems.patch @@ -24,6 +24,7 @@ Patch6: setup-2.8.71-tapeid.patch
Patch5: setup-2.8.71-fullpath.patch Patch7: setup-2.8.71-shlocal.patch
Patch6: tis-uid-gid.patch Patch8: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
+Patch8: passwd-remove-unused-default-users-and-groups.patch +Patch10: passwd-remove-unused-default-users-and-groups.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -37,6 +38,7 @@ setup files, such as passwd, group, and profile. @@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
%patch5 -p1
%patch6 -p1
%patch7 -p1 %patch7 -p1
+%patch8 -p1 %patch8 -p1
%patch9 -p1
+%patch10 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

39
base/setup/centos/meta_patches/spec-remove-unused-default-groups.patch
View File

@ -1,42 +1,33 @@
From e882a5dfad4ad41a256ea3867e1a4c4a08df9a98 Mon Sep 17 00:00:00 2001 From 22d06a6c5c7b44db10060bf95b623dc3c1943a9a Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com> From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:28:43 -0400 Date: Fri, 19 Aug 2016 09:28:43 -0400
Subject: [PATCH] spec: add patch to remove unused groups Subject: [PATCH 08/15] spec: add patch to remove unused groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com> Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
--- ---
SPECS/setup.spec | 4 +++- SPECS/setup.spec | 2 ++
1 file changed, 3 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 6c18614..223bfd5 100644 index a612d24..3ad2458 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@ @@ -26,6 +26,7 @@ Patch8: tis-uid-gid.patch
Summary: A set of system configuration and setup files Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Name: setup Patch10: passwd-remove-unused-default-users-and-groups.patch
Version: 2.8.71 Patch11: snmpd-fm-user-group.patch
-Release: 8%{?dist} +Patch12: remove-unused-default-groups.patch
+Release: 9%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -24,6 +24,7 @@ Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
+Patch10: remove-unused-default-groups.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile. @@ -45,6 +46,7 @@ setup files, such as passwd, group, and profile.
%patch7 -p1
%patch8 -p1
%patch9 -p1 %patch9 -p1
+%patch10 -p1 %patch10 -p1
%patch11 -p1
+%patch12 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

28
base/setup/centos/meta_patches/spec-set-custom-prompt.patch
View File

@ -1,42 +1,46 @@
setup.spec: add custom shell login prompt From d298b3b8a8a27e23d1589b99a2f9419505563a92 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 22:53:18 +0800
Subject: [PATCH 03/15] setup.spec: add custom shell login prompt
A user can be set to use "sh" (which points to bash) as login prompt. A user can be set to use "sh" (which points to bash) as login prompt.
This makes the login shell to enter "POSIX" mode which will only This makes the login shell to enter "POSIX" mode which will only
read/executes file /etc/profle and files in /etc/profiled.d. So create read/executes file /etc/profle and files in /etc/profiled.d. So create
custom login prompt in /etc/profiles.d custom login prompt in /etc/profiles.d
Signed-off-by: slin14 <shuicheng.lin@intel.com>
--- ---
SPECS/setup.spec | 3 +++ SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+) 1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3f74b90..184670f 100644 index 72cbcba..aa6b36e 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -7,6 +7,7 @@ Group: System Environment/Base @@ -7,6 +7,7 @@ Group: System Environment/Base
URL: https://fedorahosted.org/setup/ URL: https://pagure.io/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2 Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
Source1: motd Source1: motd
+Source2: prompt.sh +Source2: prompt.sh
BuildArch: noarch BuildArch: noarch
BuildRequires: bash tcsh perl BuildRequires: bash tcsh perl
#require system release for saner dependency order #require system release for saner dependency order
@@ -59,6 +60,7 @@ touch %{buildroot}/etc/fstab @@ -63,6 +64,7 @@ touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid touch %{buildroot}/etc/subgid
install -m 644 %{SOURCE1} %{buildroot}/etc/ install -m 644 %{SOURCE1} %{buildroot}/etc/
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh +install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
mkdir -p %{buildroot}/etc/profile.d
# remove unpackaged files from the buildroot echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
rm -f %{buildroot}/etc/Makefile echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
@@ -113,6 +115,7 @@ end @@ -121,6 +123,7 @@ end
%config(noreplace) /etc/csh.cshrc %config(noreplace) /etc/csh.cshrc
%config(noreplace) /etc/motd %config(noreplace) /etc/motd
%dir /etc/profile.d %dir /etc/profile.d
+/etc/profile.d/prompt.sh +/etc/profile.d/prompt.sh
%config(noreplace) /etc/profile.d/sh.local
%config(noreplace) /etc/profile.d/csh.local
%config(noreplace) %verify(not md5 size mtime) /etc/shells %config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
-- --
1.8.3.1 2.7.4

27
base/setup/centos/meta_patches/updating-gids-and-uids-to-support-upgrade-from-wrl.patch
View File

@ -1,32 +1,33 @@
From b4a83aefe522dc1674c4979436398661f3ae4572 Mon Sep 17 00:00:00 2001 From 935277306d01c917b81fa33ebc7f27b0edd61f7f Mon Sep 17 00:00:00 2001
From: Bart Wensley <barton.wensley@windriver.com> From: Bart Wensley <barton.wensley@windriver.com>
Date: Mon, 27 Jun 2016 12:28:36 -0400 Date: Mon, 27 Jun 2016 12:28:36 -0400
Subject: [PATCH 1/1] updating-gids-and-uids-to-support-upgrade-from-wrl.patch Subject: [PATCH 04/15]
updating-gids-and-uids-to-support-upgrade-from-wrl.patch
--- ---
SPECS/setup.spec | 2 ++ SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+) 1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 184670f..3debacf 100644 index aa6b36e..18283cd 100644
--- a/SPECS/setup.spec --- a/SPECS/setup.spec
+++ b/SPECS/setup.spec +++ b/SPECS/setup.spec
@@ -21,6 +21,7 @@ Patch3: setup-2.8.71-uidgidchanges.patch @@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
Patch4: setup-2.8.71-filesystems.patch Patch6: setup-2.8.71-tapeid.patch
Patch5: setup-2.8.71-fullpath.patch Patch7: setup-2.8.71-shlocal.patch
Patch6: tis-uid-gid.patch Patch8: tis-uid-gid.patch
+Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch +Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
%description %description
The setup package contains a set of important system configuration and The setup package contains a set of important system configuration and
@@ -35,6 +36,7 @@ setup files, such as passwd, group, and profile. @@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
%patch4 -p1
%patch5 -p1
%patch6 -p1 %patch6 -p1
+%patch7 -p1 %patch7 -p1
%patch8 -p1
+%patch9 -p1
./shadowconvert.sh ./shadowconvert.sh
-- --
1.8.3.1 2.7.4

13
base/setup/centos/patches/add-fm-user-to-snmpd-group.patch
View File

@ -1,7 +1,15 @@
From 02610c6c7bf89593a9b1e98eb5ee0cfba5c48707 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Thu, 16 Aug 2018 00:13:14 +0800
Subject: [PATCH] add-fm-user-to-snmpd-group
Signed-off-by: slin14 <shuicheng.lin@intel.com>
--- ---
group | 2 +- group | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/group b/group
index a3bb69e..9b77aae 100644
--- a/group --- a/group
+++ b/group +++ b/group
@@ -21,7 +21,7 @@ neutron:x:164:neutron @@ -21,7 +21,7 @@ neutron:x:164:neutron
@ -13,3 +21,6 @@
heat:x:187:heat heat:x:187:heat
nfv:x:172:nfv nfv:x:172:nfv
fm:x:195:fm fm:x:195:fm
--
2.7.4

18
base/setup/centos/patches/add-ironic-uid-gid.patch
View File

@ -1,11 +1,16 @@
commit 51c505c59a1512c011fcda01d0583a2ddc6f3337 From 15d0ef24f88290887f1e154352b53f373a04e783 Mon Sep 17 00:00:00 2001
Author: Shoaib Nasir <shoaib.nasir@windriver.com> From: slin14 <shuicheng.lin@intel.com>
Date: Mon Sep 25 11:39:29 2017 -0400 Date: Thu, 16 Aug 2018 00:15:04 +0800
Subject: [PATCH] add-ironic-uid-gid
add ironic group and passwd Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
group | 1 +
passwd | 1 +
2 files changed, 2 insertions(+)
diff --git a/group b/group diff --git a/group b/group
index 7d0244f..9979b99 100644 index f6a75e5..d9050fa 100644
--- a/group --- a/group
+++ b/group +++ b/group
@@ -27,3 +27,4 @@ nfv:x:172:nfv @@ -27,3 +27,4 @@ nfv:x:172:nfv
@ -22,3 +27,6 @@ index fce82e7..fb49ea3 100644
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
+ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin +ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
--
2.7.4

8
base/setup/centos/patches/passwd-remove-unused-default-users-and-groups.patch
View File

@ -1,4 +1,4 @@
From 737295c6ad990e8e248fef6b378198c3326b90ba Mon Sep 17 00:00:00 2001 From fed037afbe78b47d46dbbd5838468e57bfe19884 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com> From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 11 Aug 2016 18:24:25 -0400 Date: Thu, 11 Aug 2016 18:24:25 -0400
Subject: [PATCH] passwd: remove unused default users and groups Subject: [PATCH] passwd: remove unused default users and groups
@ -13,7 +13,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
2 files changed, 16 deletions(-) 2 files changed, 16 deletions(-)
diff --git a/group b/group diff --git a/group b/group
index c21e2de..87a03c1 100644 index 825edbb..0a0a1b0 100644
--- a/group --- a/group
+++ b/group +++ b/group
@@ -1,11 +1,7 @@ @@ -1,11 +1,7 @@
@ -33,7 +33,7 @@ index c21e2de..87a03c1 100644
dialout::18: dialout::18:
floppy::19: floppy::19:
-games::20: -games::20:
tape::30: tape::33:
-video::39: -video::39:
-ftp::50: -ftp::50:
lock::54: lock::54:
@ -62,5 +62,5 @@ index 548435f..46a3d52 100644
rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
nova:x:994:162::/var/lib/nova:/bin/false nova:x:994:162::/var/lib/nova:/bin/false
-- --
1.8.3.1 2.7.4

8
base/setup/centos/patches/remove-unused-default-groups.patch
View File

@ -1,4 +1,4 @@
From d79451c9a047313fb8da27007ea9d99435e05ff2 Mon Sep 17 00:00:00 2001 From dbc791c8f24ffac0d98e86213e4d592660f6087c Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com> From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:21:44 -0400 Date: Fri, 19 Aug 2016 09:21:44 -0400
Subject: [PATCH] CGTS-4685: setup: remove unused default groups Subject: [PATCH] CGTS-4685: setup: remove unused default groups
@ -14,7 +14,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
1 file changed, 2 deletions(-) 1 file changed, 2 deletions(-)
diff --git a/group b/group diff --git a/group b/group
index 8794dde..0b93beb 100644 index 42a8ed1..a3bb69e 100644
--- a/group --- a/group
+++ b/group +++ b/group
@@ -2,12 +2,10 @@ root::0: @@ -2,12 +2,10 @@ root::0:
@ -29,7 +29,7 @@ index 8794dde..0b93beb 100644
-man::15: -man::15:
dialout::18: dialout::18:
floppy::19: floppy::19:
tape::30: tape::33:
-- --
1.8.3.1 2.7.4

2
base/setup/centos/srpm_path
View File

@ -1 +1 @@
mirror:Source/setup-2.8.71-7.el7.src.rpm mirror:Source/setup-2.8.71-9.el7.src.rpm

12
base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,7 +1,7 @@
From 39b08b2cc4eb6d47490593a599db95703b74b754 Mon Sep 17 00:00:00 2001 From 21db84dcb55f87c792a6d59cef0c68741a9d24b1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:50:44 -0400 Date: Mon, 2 Oct 2017 16:50:44 -0400
Subject: [PATCH 1/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch Subject: [PATCH 1/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts: Conflicts:
SPECS/sudo.spec SPECS/sudo.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index c3a1a52..7d1486b 100644 index c8d2f64..b6402bb 100644
--- a/SPECS/sudo.spec --- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec +++ b/SPECS/sudo.spec
@@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users Summary: Allows restricted root access for specified users
Name: sudo Name: sudo
Version: 1.8.19p2 Version: 1.8.19p2
-Release: 11%{?dist} -Release: 14%{?dist}
+Release: 11.el7_4%{?_tis_dist}.%{tis_patch_ver} +Release: 14.el7_5%{?_tis_dist}.%{tis_patch_ver}
License: ISC License: ISC
Group: Applications/System Group: Applications/System
URL: http://www.courtesan.com/sudo/ URL: http://www.courtesan.com/sudo/
-- --
1.9.1 2.7.4

30
base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch
View File

@ -1,35 +1,35 @@
From abc3ec24a957002962bb4038946291b84bea3859 Mon Sep 17 00:00:00 2001 From 70046603b8d607445e2fbf5e7d934bcd43a77dc8 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com> From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:50:44 -0400 Date: Mon, 2 Oct 2017 16:50:44 -0400
Subject: [PATCH 2/3] WRS: 0002-spec-include-TiS-changes.patch Subject: [PATCH 2/4] WRS: 0002-spec-include-TiS-changes.patch
--- ---
SPECS/sudo.spec | 17 +++++++++++++++-- SPECS/sudo.spec | 15 +++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-) 1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 7d1486b..d731ba9 100644 index b6402bb..acbcb26 100644
--- a/SPECS/sudo.spec --- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec +++ b/SPECS/sudo.spec
@@ -64,6 +64,8 @@ Patch17: sudo-1.8.19p2-get_process_ttyname.patch @@ -78,6 +78,8 @@ Patch24: sudo-1.8.19p2-sssd-double-free.patch
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) # 1560657 - sudo blocks in poll() for /dev/ptmx with iolog enabled
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch Patch25: sudo-1.8.19p2-iolog-zombie.patch
+# WRS patches +# WRS patches
+ +
%description %description
Sudo (superuser do) allows a system administrator to give certain Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands users (or groups of users) the ability to run some (or all) commands
@@ -106,6 +108,8 @@ plugins that use %{name}. @@ -127,6 +129,8 @@ plugins that use %{name}.
%patch17 -p1 -b .get_process_ttyname %patch24 -p1 -b .double-free
%patch18 -p1 -b .CVE-2017-1000368 %patch25 -p1 -b .iolog-zombie
+# WRS patches +# WRS patches
+ +
%build %build
autoreconf -I m4 -fv --install autoreconf -I m4 -fv --install
@@ -132,7 +136,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -153,7 +157,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-ignore-dot \ --with-ignore-dot \
--with-tty-tickets \ --with-tty-tickets \
--with-ldap \ --with-ldap \
@ -38,7 +38,7 @@ index 7d1486b..d731ba9 100644
--with-selinux \ --with-selinux \
--with-passprompt="[sudo] password for %p: " \ --with-passprompt="[sudo] password for %p: " \
--with-linux-audit \ --with-linux-audit \
@@ -158,6 +162,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers @@ -179,6 +183,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
@ -51,7 +51,7 @@ index 7d1486b..d731ba9 100644
# Remove execute permission on this script so we don't pull in perl deps # Remove execute permission on this script so we don't pull in perl deps
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
@@ -226,7 +236,8 @@ rm -rf $RPM_BUILD_ROOT @@ -247,7 +257,8 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/visudo.8* %{_mandir}/man8/visudo.8*
%dir %{_docdir}/sudo-%{version} %dir %{_docdir}/sudo-%{version}
%{_docdir}/sudo-%{version}/* %{_docdir}/sudo-%{version}/*
@ -62,5 +62,5 @@ index 7d1486b..d731ba9 100644
# Make sure permissions are ok even if we're updating # Make sure permissions are ok even if we're updating
%post %post
-- --
1.9.1 2.7.4

17
base/sudo/centos/meta_patches/0004-remove-make-check.patch
View File

@ -1,8 +1,18 @@
From b531e69617e54bd767ff58d1794e48b8150d74b9 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 14 Aug 2018 22:10:32 +0800
Subject: [PATCH 4/4] remove-make-check
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/sudo.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 4a34dba..fcb2e05 100644 index 8c3f395..17531f7 100644
--- a/SPECS/sudo.spec --- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec +++ b/SPECS/sudo.spec
@@ -145,7 +145,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL @@ -166,7 +166,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
# --without-kerb4 # --without-kerb4
make -j"%(nproc)" make -j"%(nproc)"
@ -12,3 +22,6 @@ index 4a34dba..fcb2e05 100644
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
--
2.7.4

Some files were not shown because too many files have changed in this diff Show More