Merge "Merge remote-tracking branch 'origin/f/centos75'"
This commit is contained in:
commit
da38bd2e73
@ -2,3 +2,4 @@
|
||||
host=review.openstack.org
|
||||
port=29418
|
||||
project=openstack/stx-integ.git
|
||||
defaultbranch=f/centos75
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e1f17182a8d105770a2805c9950b776b4437f7ff Mon Sep 17 00:00:00 2001
|
||||
From 30796013a8d2b3b008a843bd3a4bee33e866a151 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:05:36 -0400
|
||||
Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
|
||||
index 5f14bad..115d540 100644
|
||||
index 4f16c8c..d749f92 100644
|
||||
--- a/SPECS/bash.spec
|
||||
+++ b/SPECS/bash.spec
|
||||
@@ -6,7 +6,7 @@
|
||||
Version: %{baseversion}%{patchleveltag}
|
||||
Name: bash
|
||||
Summary: The GNU Bourne Again shell
|
||||
-Release: 29%{?dist}
|
||||
+Release: 29.el7_4%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 30%{?dist}
|
||||
+Release: 30.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Group: System Environment/Shells
|
||||
License: GPLv3+
|
||||
Url: http://www.gnu.org/software/bash
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From e8d5b56c303237d0a0ab00ea5f4fbdea3208caa5 Mon Sep 17 00:00:00 2001
|
||||
From cc0534185464b04c1d320518af7d2b73291ea449 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:05:36 -0400
|
||||
Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch
|
||||
@ -10,12 +10,12 @@ Conflicts:
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
|
||||
index 9a6d496..5f14bad 100644
|
||||
index 4b2ec49..4f16c8c 100644
|
||||
--- a/SPECS/bash.spec
|
||||
+++ b/SPECS/bash.spec
|
||||
@@ -192,6 +192,10 @@ Patch151: bash-cve-2016-9401.patch
|
||||
#1473245
|
||||
Patch152: bash-4.3-pipefd-leak.patch
|
||||
@@ -195,6 +195,10 @@ Patch152: bash-4.3-pipefd-leak.patch
|
||||
#1487615 - bash fails to execute commands containing multibyte characters
|
||||
Patch153: bash-4.3-wshouldquote.patch
|
||||
|
||||
+# Patches from WindRiver
|
||||
+Patch500: bash-history-syslog.patch
|
||||
@ -24,9 +24,9 @@ index 9a6d496..5f14bad 100644
|
||||
BuildRequires: texinfo bison
|
||||
BuildRequires: ncurses-devel
|
||||
BuildRequires: autoconf, gettext
|
||||
@@ -323,6 +327,10 @@ This package contains documentation files for %{name}.
|
||||
%patch151 -p1 -b .cve-2016-9401
|
||||
@@ -327,6 +331,10 @@ This package contains documentation files for %{name}.
|
||||
%patch152 -p1 -b .pipefd-leak
|
||||
%patch153 -p1 -b .wshouldquote
|
||||
|
||||
+# WindRiver patches
|
||||
+%patch500 -p1 -b .history-syslog
|
||||
@ -36,5 +36,5 @@ index 9a6d496..5f14bad 100644
|
||||
echo %{release} > _patchlevel
|
||||
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/bash-4.2.46-29.el7_4.src.rpm
|
||||
mirror:Source/bash-4.2.46-30.el7.src.rpm
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d5890a17f5b07a9d17665c2b4138bb244ab6c680 Mon Sep 17 00:00:00 2001
|
||||
From 328f19996b93b5be5cd856e600111d0dc87c8616 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:58:59 -0400
|
||||
Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
@ -8,18 +8,18 @@ Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
|
||||
index be95b1b..91dad61 100644
|
||||
index ce64be4..8c05c28 100644
|
||||
--- a/SPECS/centos-release.spec
|
||||
+++ b/SPECS/centos-release.spec
|
||||
@@ -13,7 +13,7 @@
|
||||
@@ -14,7 +14,7 @@
|
||||
|
||||
Name: centos-release
|
||||
Version: %{base_release_version}
|
||||
-Release: %{centos_rel}%{?dist}
|
||||
+Release: %{centos_rel}.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: %{centos_rel}.1%{?dist}
|
||||
+Release: %{centos_rel}.1.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: %{product_family} release file
|
||||
Group: System Environment/Base
|
||||
License: GPLv2
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 4905ace48eb3feae48a02d2bd61e3778f8062532 Mon Sep 17 00:00:00 2001
|
||||
From e18f905977fa94fa20a2d9a9cc565dc8d7fe8dac Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:58:59 -0400
|
||||
Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
|
||||
@ -8,10 +8,10 @@ Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
|
||||
index af82c8b..be95b1b 100644
|
||||
index 67f1550..ce64be4 100644
|
||||
--- a/SPECS/centos-release.spec
|
||||
+++ b/SPECS/centos-release.spec
|
||||
@@ -25,6 +25,8 @@ Provides: system-release(releasever) = %{base_release_version}
|
||||
@@ -27,6 +27,8 @@ Provides: system-release(releasever) = %{base_release_version}
|
||||
Source0: centos-release-%{base_release_version}-%{centos_rel}.tar.gz
|
||||
Source1: 85-display-manager.preset
|
||||
Source2: 90-default.preset
|
||||
@ -20,9 +20,9 @@ index af82c8b..be95b1b 100644
|
||||
|
||||
%description
|
||||
%{product_family} release files
|
||||
@@ -118,6 +120,12 @@ mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-preset/
|
||||
install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/systemd/system-preset/
|
||||
install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
|
||||
@@ -123,6 +125,12 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
|
||||
%posttrans
|
||||
/usr/bin/uname -m | grep -q 'x86_64' && echo 'centos' >/etc/yum/vars/contentdir || echo 'altarch' > /etc/yum/vars/contentdir
|
||||
|
||||
+# Overwrite default issue files with cgcs related files.
|
||||
+install -m 0644 %{SOURCE3} %{buildroot}/etc/issue
|
||||
@ -34,5 +34,5 @@ index af82c8b..be95b1b 100644
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/centos-release-7-4.1708.el7.centos.src.rpm
|
||||
mirror:Source/centos-release-7-5.1804.1.el7.centos.src.rpm
|
||||
|
@ -1,8 +1,7 @@
|
||||
From 2bc73669b8de70bf32d2f786b158738506e480ff Mon Sep 17 00:00:00 2001
|
||||
From 85cd40238fb1f76483848007bd1e5663bb3f21ff Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 15:11:59 -0400
|
||||
Subject: [PATCH 08/10] WRS:
|
||||
0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/resource-agents.spec
|
||||
@ -11,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
|
||||
index 6be3418..28a8129 100644
|
||||
index 21fa049..fd8bc97 100644
|
||||
--- a/SPECS/resource-agents.spec
|
||||
+++ b/SPECS/resource-agents.spec
|
||||
@@ -48,7 +48,7 @@
|
||||
Name: resource-agents
|
||||
Summary: Open Source HA Reusable Cluster Resource Scripts
|
||||
Version: 3.9.5
|
||||
-Release: 105%{?dist}
|
||||
+Release: 105.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 124%{?dist}
|
||||
+Release: 124.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
License: GPLv2+, LGPLv2+ and ASL 2.0
|
||||
URL: https://github.com/ClusterLabs/resource-agents
|
||||
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,33 +0,0 @@
|
||||
From c4165b39531872b7b56d497c4ebd86b5d1d79800 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Wed, 25 Oct 2017 16:18:02 -0400
|
||||
Subject: [PATCH]
|
||||
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop
|
||||
|
||||
---
|
||||
SPECS/resource-agents.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
|
||||
index 19580ef..2536cb7 100644
|
||||
--- a/SPECS/resource-agents.spec
|
||||
+++ b/SPECS/resource-agents.spec
|
||||
@@ -252,6 +252,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
|
||||
Patch1117: lvm_cleanup_refs_on_stop.patch
|
||||
Patch1118: ipaddr2_if_down.patch
|
||||
Patch1119: ipaddr2_ignore_lo_if_state.patch
|
||||
+Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
|
||||
|
||||
Obsoletes: heartbeat-resources <= %{version}
|
||||
Provides: heartbeat-resources = %{version}
|
||||
@@ -561,6 +562,7 @@ exit 1
|
||||
%patch1117 -p1
|
||||
%patch1118 -p1
|
||||
%patch1119 -p1
|
||||
+%patch1120 -p1
|
||||
|
||||
%build
|
||||
if [ ! -f configure ]; then
|
||||
--
|
||||
1.9.1
|
||||
|
@ -8,7 +8,6 @@ spec-lvm-cleanup-refs-on-stop.patch
|
||||
0001-Update-package-versioning-for-TIS-format.patch
|
||||
ipaddr2-if-down.patch
|
||||
spec-add-ipaddr2-ignore-lo-state.patch
|
||||
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
|
||||
Disable-creation-of-the-debug-package.patch
|
||||
metapatch-for-arp_bg.patch
|
||||
ipaddr2-avoid-failing-svc-if-down-meta.patch
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6dc3b747b2688498a69d3ca8f826f30aecfc9f5b Mon Sep 17 00:00:00 2001
|
||||
From 00b88829aad297c6732617a706501b466bb9be7a Mon Sep 17 00:00:00 2001
|
||||
From: Al Bailey <Al.Bailey@windriver.com>
|
||||
Date: Mon, 28 May 2018 14:12:45 -0500
|
||||
Subject: [PATCH] metapatch for arp_bg
|
||||
@ -8,25 +8,25 @@ Subject: [PATCH] metapatch for arp_bg
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
|
||||
index 2536cb7..5b38434 100644
|
||||
index c70d20b..520d9c3 100644
|
||||
--- a/SPECS/resource-agents.spec
|
||||
+++ b/SPECS/resource-agents.spec
|
||||
@@ -253,6 +253,7 @@ Patch1117: lvm_cleanup_refs_on_stop.patch
|
||||
@@ -282,6 +282,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
|
||||
Patch1117: lvm_cleanup_refs_on_stop.patch
|
||||
Patch1118: ipaddr2_if_down.patch
|
||||
Patch1119: ipaddr2_ignore_lo_if_state.patch
|
||||
Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
|
||||
+Patch1121: Re-enable-background-execution-of-arp-commands.patch
|
||||
+Patch1120: Re-enable-background-execution-of-arp-commands.patch
|
||||
|
||||
Obsoletes: heartbeat-resources <= %{version}
|
||||
Provides: heartbeat-resources = %{version}
|
||||
@@ -563,6 +564,7 @@ exit 1
|
||||
@@ -618,6 +619,7 @@ exit 1
|
||||
%patch1117 -p1
|
||||
%patch1118 -p1
|
||||
%patch1119 -p1
|
||||
%patch1120 -p1
|
||||
+%patch1121 -p1
|
||||
+%patch1120 -p1
|
||||
|
||||
%build
|
||||
if [ ! -f configure ]; then
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
From 98591b479bd64c2835ab1e8884118c57dd499b9c Mon Sep 17 00:00:00 2001
|
||||
From 7c181a1afdc85456333f9cbf9c5827ceb0554a91 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Friesen <chris.friesen@windriver.com>
|
||||
Date: Tue, 21 Jun 2016 14:29:36 -0400
|
||||
Date: Fri, 24 Aug 2018 03:51:37 +0800
|
||||
Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script
|
||||
|
||||
There is currently an issue in the lvm2 package where if you create an LVM thin
|
||||
@ -19,17 +19,20 @@ group is not active.
|
||||
|
||||
This commit changes the code to directly query lvm about the volume group
|
||||
activity rather than relying on side effects.
|
||||
|
||||
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||
|
||||
---
|
||||
heartbeat/LVM | 15 ++++++---------
|
||||
1 file changed, 6 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/LVM b/heartbeat/LVM
|
||||
index 1c23c05..d91a3bc 100755
|
||||
index 893ece8..1efb207 100755
|
||||
--- a/heartbeat/LVM
|
||||
+++ b/heartbeat/LVM
|
||||
@@ -350,19 +350,16 @@ LVM_status() {
|
||||
ocf_exit_reason "LVM Volume $1 is not available"
|
||||
return $OCF_ERR_GENERIC
|
||||
@@ -338,19 +338,16 @@ LVM_status() {
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
-
|
||||
- if [ -d /dev/$1 ]; then
|
||||
@ -54,5 +57,5 @@ index 1c23c05..d91a3bc 100755
|
||||
1) # exclusive with tagging.
|
||||
# If vg is running, make sure the correct tag is present. Otherwise we
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,27 +0,0 @@
|
||||
From b9fdbdf20d62655c9b529f744f8efb9fb66c5851 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Wed, 25 Oct 2017 16:13:20 -0400
|
||||
Subject: [PATCH] Modify error code of
|
||||
bz1454699-LVM-status-check-for-missing-VG.patch to prevent controler-1 reboot
|
||||
loop
|
||||
|
||||
---
|
||||
heartbeat/LVM | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/LVM b/heartbeat/LVM
|
||||
index 5347765..e4cd0ea 100755
|
||||
--- a/heartbeat/LVM
|
||||
+++ b/heartbeat/LVM
|
||||
@@ -348,7 +348,7 @@ LVM_status() {
|
||||
fi
|
||||
if ! echo "$output" | grep -q "Found.*\"$1\""; then
|
||||
ocf_exit_reason "LVM Volume $1 is not available"
|
||||
- return $OCF_ERR_GENERIC
|
||||
+ return $OCF_NOT_RUNNING
|
||||
fi
|
||||
|
||||
# Ask lvm whether the volume group is active. This maps to
|
||||
--
|
||||
1.9.1
|
||||
|
@ -1 +1,2 @@
|
||||
mirror:Source/resource-agents-3.9.5-105.el7.src.rpm
|
||||
mirror:Source/resource-agents-3.9.5-124.el7.src.rpm
|
||||
|
||||
|
@ -1,38 +0,0 @@
|
||||
---
|
||||
heartbeat/Filesystem | 3 ++-
|
||||
heartbeat/LVM | 1 +
|
||||
heartbeat/pgsql | 1 +
|
||||
3 files changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/heartbeat/Filesystem
|
||||
+++ b/heartbeat/Filesystem
|
||||
@@ -2,7 +2,8 @@
|
||||
#
|
||||
# Support: linux-ha@lists.linux-ha.org
|
||||
# License: GNU General Public License (GPL)
|
||||
-#
|
||||
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
|
||||
+#
|
||||
# Filesystem
|
||||
# Description: Manages a Filesystem on a shared storage medium.
|
||||
# Original Author: Eric Z. Ayers (eric.ayers@compgen.com)
|
||||
--- a/heartbeat/LVM
|
||||
+++ b/heartbeat/LVM
|
||||
@@ -10,6 +10,7 @@
|
||||
# Support: linux-ha@lists.linux-ha.org
|
||||
# License: GNU General Public License (GPL)
|
||||
# Copyright: (C) 2002 - 2005 International Business Machines, Inc.
|
||||
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
|
||||
#
|
||||
# This code significantly inspired by the LVM resource
|
||||
# in FailSafe by Lars Marowsky-Bree
|
||||
--- a/heartbeat/pgsql
|
||||
+++ b/heartbeat/pgsql
|
||||
@@ -9,6 +9,7 @@
|
||||
#
|
||||
# Copyright: 2006-2012 Serge Dubrouski <sergeyfd@gmail.com>
|
||||
# and other Linux-HA contributors
|
||||
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
|
||||
# License: GNU General Public License (GPL)
|
||||
#
|
||||
###############################################################################
|
@ -1,15 +0,0 @@
|
||||
Index: resource-agents-3.9.5/heartbeat/exportfs
|
||||
===================================================================
|
||||
--- resource-agents-3.9.5/heartbeat/exportfs 2013-02-07 07:17:42.000000000 -0500
|
||||
+++ resource-agents-3.9.5/heartbeat/exportfs 2015-12-18 12:40:18.382930869 -0500
|
||||
@@ -184,7 +184,9 @@
|
||||
|
||||
is_exported() {
|
||||
local dir=$1
|
||||
- local spec=$2
|
||||
+ # Because clientspec contains square brackets when using IPv6, and the exports entry does not,
|
||||
+ # it is necessary to remove the square brackets to compare them with each other.
|
||||
+ local spec=$(echo $2|sed -r 's/(\[|\])//g')
|
||||
exportfs |
|
||||
sed -e '$! N; s/\n[[:space:]]\+/ /; t; s/[[:space:]]\+\([^[:space:]]\+\)\(\n\|$\)/ \1\2/g; P;D;' |
|
||||
grep -q -x -F "$dir $spec"
|
@ -1,193 +0,0 @@
|
||||
---
|
||||
heartbeat/Filesystem | 59 ++++++++++++++++++++++++++++++++++++++++++++++++---
|
||||
heartbeat/LVM | 59 +++++++++++++++++++++++++++++++++++++++++++++++----
|
||||
2 files changed, 111 insertions(+), 7 deletions(-)
|
||||
|
||||
--- a/heartbeat/Filesystem
|
||||
+++ b/heartbeat/Filesystem
|
||||
@@ -19,6 +19,7 @@
|
||||
# OCF_RESKEY_run_fsck
|
||||
# OCF_RESKEY_fast_stop
|
||||
# OCF_RESKEY_force_clones
|
||||
+# OCF_RESKEY_rmon_rsc_name
|
||||
#
|
||||
#OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0
|
||||
# Or a -U or -L option for mount, or an NFS mount specification
|
||||
@@ -30,6 +31,7 @@
|
||||
#OCF_RESKEY_fast_stop : fast stop: yes(default)/no
|
||||
#OCF_RESKEY_force_clones : allow running the resource as clone. e.g. local xfs mounts
|
||||
# for each brick in a glusterfs setup
|
||||
+#OCF_RESKEY_rmon_rsc_name: resource name to use when notifing RMON
|
||||
#
|
||||
#
|
||||
# This assumes you want to manage a filesystem on a shared (SCSI) bus,
|
||||
@@ -1053,20 +1055,65 @@ if [ "$OP" != "monitor" ]; then
|
||||
ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT"
|
||||
fi
|
||||
|
||||
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
|
||||
+
|
||||
+rmon_notify() {
|
||||
+ local RSC_STATE=$1 TIMEOUT=$2
|
||||
+
|
||||
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
|
||||
+ then
|
||||
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_directory"
|
||||
+ return
|
||||
+ fi
|
||||
+
|
||||
+ if [[ -x $RMON_NOTIFY ]]
|
||||
+ then
|
||||
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
|
||||
+ --resource-state $RSC_STATE \
|
||||
+ --resource-type mount \
|
||||
+ --device $OCF_RESKEY_device \
|
||||
+ --mount-point $OCF_RESKEY_directory \
|
||||
+ --timeout $TIMEOUT \
|
||||
+ >/dev/null 2>&1
|
||||
+ else
|
||||
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
|
||||
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
|
||||
+--resource-state $RSC_STATE --resource-type mount \
|
||||
+--device $OCF_RESKEY_device --mount-point $OCF_RESKEY_directory \
|
||||
+--timeout $TIMEOUT"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
# These operations do not require the clone checking + OCFS2
|
||||
# initialization.
|
||||
case $OP in
|
||||
status) Filesystem_status
|
||||
- exit $?
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ else
|
||||
+ rmon_notify "disabled" 300
|
||||
+ fi
|
||||
+ exit $rc
|
||||
;;
|
||||
monitor) Filesystem_monitor
|
||||
- exit $?
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ else
|
||||
+ rmon_notify "disabled" 300
|
||||
+ fi
|
||||
+ exit $rc
|
||||
;;
|
||||
validate-all) Filesystem_validate_all
|
||||
exit $?
|
||||
;;
|
||||
stop) Filesystem_stop
|
||||
- exit $?
|
||||
+ rc=$?
|
||||
+ rmon_notify "disabled" 300
|
||||
+ exit $rc
|
||||
;;
|
||||
esac
|
||||
|
||||
@@ -1114,6 +1161,12 @@ fi
|
||||
|
||||
case $OP in
|
||||
start) Filesystem_start
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ fi
|
||||
+ exit $rc
|
||||
;;
|
||||
notify) Filesystem_notify
|
||||
;;
|
||||
--- a/heartbeat/LVM
|
||||
+++ b/heartbeat/LVM
|
||||
@@ -22,6 +22,7 @@
|
||||
#
|
||||
# OCF parameters are as below:
|
||||
# OCF_RESKEY_volgrpname
|
||||
+# OCF_RESKEY_rmon_rsc_name
|
||||
#
|
||||
#######################################################################
|
||||
# Initialization:
|
||||
@@ -311,6 +312,35 @@ then
|
||||
exit $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
|
||||
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
|
||||
+
|
||||
+rmon_notify() {
|
||||
+ local RSC_STATE=$1 TIMEOUT=$2
|
||||
+
|
||||
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
|
||||
+ then
|
||||
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_volgrpname"
|
||||
+ return
|
||||
+ fi
|
||||
+
|
||||
+ if [[ -x $RMON_NOTIFY ]]
|
||||
+ then
|
||||
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
|
||||
+ --resource-state $RSC_STATE \
|
||||
+ --resource-type lvg \
|
||||
+ --volume-group $OCF_RESKEY_volgrpname \
|
||||
+ --timeout $TIMEOUT \
|
||||
+ >/dev/null 2>&1
|
||||
+ else
|
||||
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
|
||||
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
|
||||
+--resource-state $RSC_STATE --resource-type lvg \
|
||||
+--volume-group $OCF_RESKEY_volgrpname \
|
||||
+--timeout $TIMEOUT"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+
|
||||
# Get the LVM version number, for this to work we assume(thanks to panjiam):
|
||||
#
|
||||
# LVM1 outputs like this
|
||||
@@ -345,16 +375,37 @@ OP_METHOD=$1
|
||||
case "$1" in
|
||||
|
||||
start) LVM_start $VOLUME
|
||||
- exit $?;;
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ fi
|
||||
+ exit $rc;;
|
||||
|
||||
stop) LVM_stop $VOLUME
|
||||
- exit $?;;
|
||||
+ rc=$?
|
||||
+ rmon_notify "disabled" 300
|
||||
+ exit $rc;;
|
||||
|
||||
status) LVM_status $VOLUME $1
|
||||
- exit $?;;
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ else
|
||||
+ rmon_notify "disabled" 300
|
||||
+ fi
|
||||
+ exit $rc;;
|
||||
|
||||
monitor) LVM_monitor $VOLUME
|
||||
- exit $?;;
|
||||
+ rc=$?
|
||||
+ if [ $rc -eq $OCF_SUCCESS ]
|
||||
+ then
|
||||
+ rmon_notify "enabled" 300
|
||||
+ else
|
||||
+ rmon_notify "disabled" 300
|
||||
+ fi
|
||||
+ exit $rc;;
|
||||
|
||||
validate-all) LVM_validate_all
|
||||
;;
|
@ -1,37 +0,0 @@
|
||||
---
|
||||
heartbeat/IPaddr2 | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/heartbeat/IPaddr2
|
||||
+++ b/heartbeat/IPaddr2
|
||||
@@ -13,6 +13,7 @@
|
||||
# Copyright (c) 2003 Tuomo Soini
|
||||
# Copyright (c) 2004-2006 SUSE LINUX AG, Lars Marowsky-Brée
|
||||
# All Rights Reserved.
|
||||
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of version 2 of the GNU General Public License as
|
||||
@@ -50,6 +51,7 @@
|
||||
# OCF_RESKEY_nic
|
||||
# OCF_RESKEY_cidr_netmask
|
||||
# OCF_RESKEY_iflabel
|
||||
+# OCF_RESKEY_if_type
|
||||
# OCF_RESKEY_mac
|
||||
# OCF_RESKEY_clusterip_hash
|
||||
# OCF_RESKEY_arp_interval
|
||||
@@ -314,7 +316,13 @@ ip_init() {
|
||||
|
||||
BASEIP="$OCF_RESKEY_ip"
|
||||
BRDCAST="$OCF_RESKEY_broadcast"
|
||||
- NIC="$OCF_RESKEY_nic"
|
||||
+ IFTYPE="$OCF_RESKEY_if_type"
|
||||
+ if [ -n "${IFTYPE}" ]
|
||||
+ then
|
||||
+ NIC=`grep ${IFTYPE}= /etc/platform/platform.conf | cut -f2 -d '='`
|
||||
+ else
|
||||
+ NIC="$OCF_RESKEY_nic"
|
||||
+ fi
|
||||
# Note: We had a version out there for a while which used
|
||||
# netmask instead of cidr_netmask. Don't remove this aliasing code!
|
||||
if
|
@ -1,48 +0,0 @@
|
||||
---
|
||||
heartbeat/IPaddr2 | 21 ++++++++++++++++++---
|
||||
1 file changed, 18 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/heartbeat/IPaddr2
|
||||
+++ b/heartbeat/IPaddr2
|
||||
@@ -661,7 +661,12 @@ ip_start() {
|
||||
local ip_status=`ip_served`
|
||||
|
||||
if [ "$ip_status" = "ok" ]; then
|
||||
- exit $OCF_SUCCESS
|
||||
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
|
||||
+ then
|
||||
+ exit $OCF_SUCCESS
|
||||
+ else
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
fi
|
||||
|
||||
if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then
|
||||
@@ -714,7 +719,12 @@ ip_start() {
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
- exit $OCF_SUCCESS
|
||||
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
|
||||
+ then
|
||||
+ exit $OCF_SUCCESS
|
||||
+ else
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
}
|
||||
|
||||
ip_stop() {
|
||||
@@ -788,7 +798,12 @@ ip_monitor() {
|
||||
local ip_status=`ip_served`
|
||||
case $ip_status in
|
||||
ok)
|
||||
- return $OCF_SUCCESS
|
||||
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
|
||||
+ then
|
||||
+ return $OCF_SUCCESS
|
||||
+ else
|
||||
+ return $OCF_NOT_RUNNING
|
||||
+ fi
|
||||
;;
|
||||
partial|no|partial2)
|
||||
exit $OCF_NOT_RUNNING
|
@ -1,155 +0,0 @@
|
||||
commit 69217b67c0d018f129c7cbf526aebf0b236be701
|
||||
Author: Chris Friesen <chris.friesen@windriver.com>
|
||||
Date: Thu Sep 17 15:26:16 2015 -0400
|
||||
|
||||
CGCS-2553/CGTS-2534: tweak LVM success criteria
|
||||
|
||||
It turns out that activating an LVM LV which has a snapshot (or activating
|
||||
the snapshot) will take an amount of time that is proportional to the
|
||||
delta between the snapshot and the original volume.
|
||||
|
||||
Because of this it's possible that running "vgchange" could take a long
|
||||
time, since it also activates the LVs.
|
||||
|
||||
If this happens, rather than timeout the whole script we want to log which
|
||||
LVs/snapshots havn't yet been activated, and then just continue on.
|
||||
Accordingly, we want to set the internal timeout in the "start" operation
|
||||
to something less than the timeout for the "start" action.
|
||||
|
||||
There will be corresponding changes in cinder to properly handle this case.
|
||||
|
||||
diff --git a/heartbeat/LVM b/heartbeat/LVM
|
||||
index bd1a47a..24b0244 100755
|
||||
--- a/heartbeat/LVM
|
||||
+++ b/heartbeat/LVM
|
||||
@@ -186,6 +186,81 @@ LVM_monitor() {
|
||||
}
|
||||
|
||||
#
|
||||
+# Activate one volume explicitly.
|
||||
+#
|
||||
+activate_volume() {
|
||||
+ ocf_run lvchange $1 /dev/${2}/$3
|
||||
+ if [ $? -eq 0 ] ; then
|
||||
+ ocf_log info "Succesfully activated $LV."
|
||||
+ else
|
||||
+ ocf_log err "Problem activating $LV."
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+#
|
||||
+# Kick off parallel activation of all volumes
|
||||
+#
|
||||
+activate_all_volumes() {
|
||||
+ VG=$1
|
||||
+ shift
|
||||
+ lvchange_args="$*"
|
||||
+
|
||||
+ # Get the list of volumes, without the first line which is column headings.
|
||||
+ VOLS=`lvs $VG |tail -n +2`
|
||||
+
|
||||
+ while read -r LINE; do
|
||||
+ # Convert the line into an array.
|
||||
+ LINE_ARRAY=($LINE)
|
||||
+
|
||||
+ # First array element is the volume/snapshot name.
|
||||
+ LV=${LINE_ARRAY[0]}
|
||||
+
|
||||
+ # Third array element is the attributes.
|
||||
+ ATTR=${LINE_ARRAY[2]}
|
||||
+
|
||||
+ # Fifth character in the attributes is "a" if it's active.
|
||||
+ ACTIVE=${ATTR:4:1}
|
||||
+ if [ "$ACTIVE" == "a" ]; then
|
||||
+ ocf_log info "$LV is already active."
|
||||
+ continue
|
||||
+ fi
|
||||
+
|
||||
+ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]}
|
||||
+ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then
|
||||
+ # If this is a snapshot, don't activate it.
|
||||
+ continue
|
||||
+ fi
|
||||
+
|
||||
+ ( activate_volume "$*" $VG $LV ) &
|
||||
+ done <<< "$VOLS"
|
||||
+}
|
||||
+
|
||||
+#
|
||||
+# Scan for inactive volumes and log any that are found.
|
||||
+#
|
||||
+log_inactive_volumes() {
|
||||
+ # Get the list of volumes, without the first line which is column headings.
|
||||
+ VOLS=`lvs $1 |tail -n +2`
|
||||
+
|
||||
+ while read -r LINE; do
|
||||
+ # Convert the line into an array.
|
||||
+ LINE_ARRAY=($LINE)
|
||||
+
|
||||
+ # First array element is the volume/snapshot name.
|
||||
+ LV=${LINE_ARRAY[0]}
|
||||
+
|
||||
+ # Third array element is the attributes.
|
||||
+ ATTR=${LINE_ARRAY[2]}
|
||||
+
|
||||
+ # Fifth character in the attributes is "a" if it's active.
|
||||
+ ACTIVE=${ATTR:4:1}
|
||||
+ if [ "$ACTIVE" != "a" ]; then
|
||||
+ ocf_log err "Volume $LV is not active after expiry of timeout."
|
||||
+ fi
|
||||
+ done <<< "$VOLS"
|
||||
+}
|
||||
+
|
||||
+#
|
||||
# Enable LVM volume
|
||||
#
|
||||
LVM_start() {
|
||||
@@ -218,7 +293,47 @@ LVM_start() {
|
||||
vgchange_options="$vgchange_options --monitor y"
|
||||
fi
|
||||
|
||||
- ocf_run vgchange $vgchange_options $1 || return $OCF_ERR_GENERIC
|
||||
+ # Kick off activation of all volumes. If it doesn't complete within
|
||||
+ # the timeout period, then we'll log the not-yet-activated volumes and
|
||||
+ # continue on.
|
||||
+ (ocf_run vgchange $vgchange_options $1) & PID=$!
|
||||
+
|
||||
+ # Check every second for up to TIMEOUT seconds whether the vgchange has
|
||||
+ # completed.
|
||||
+ TIMEOUT=300
|
||||
+ TIMED_OUT=true
|
||||
+ SECONDS=0;
|
||||
+ PARALLEL_ACTIVATE_DELAY=10
|
||||
+ PARALLEL_ACTIVATE_DONE=false
|
||||
+ while [ $SECONDS -lt $TIMEOUT ] ; do
|
||||
+ kill -0 $PID &> /dev/null
|
||||
+ if [ $? -eq 1 ] ; then
|
||||
+ # process with pid of $PID doesn't exist, vgchange command completed
|
||||
+ TIMED_OUT=false
|
||||
+ break
|
||||
+ fi
|
||||
+ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \
|
||||
+ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \
|
||||
+ [ "$1" == "cinder-volumes" ] ; then
|
||||
+ # This will kick off parallel activation of all LVs in the VG.
|
||||
+ # The delay is to ensure the VG is activated first.
|
||||
+ PARALLEL_ACTIVATE_DONE=true
|
||||
+ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options
|
||||
+ activate_all_volumes $1 $vgchange_options
|
||||
+ fi
|
||||
+ sleep 1
|
||||
+ done
|
||||
+
|
||||
+ if [ "$TIMED_OUT" = true ] ; then
|
||||
+ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1"
|
||||
+ log_inactive_volumes $1
|
||||
+ else
|
||||
+ # Child process completed, get its status.
|
||||
+ wait $PID
|
||||
+ if [ $? -ne 0 ] ; then
|
||||
+ return $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
+ fi
|
||||
|
||||
if LVM_status $1; then
|
||||
: OK Volume $1 activated just fine!
|
@ -1,52 +0,0 @@
|
||||
---
|
||||
heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 35 insertions(+)
|
||||
|
||||
--- a/heartbeat/ocf-returncodes
|
||||
+++ b/heartbeat/ocf-returncodes
|
||||
@@ -5,6 +5,7 @@
|
||||
# Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof
|
||||
# All Rights Reserved.
|
||||
#
|
||||
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7
|
||||
#
|
||||
OCF_RUNNING_MASTER=8
|
||||
OCF_FAILED_MASTER=9
|
||||
+
|
||||
+# Non-standard values particular to Wind River deployments.
|
||||
+#
|
||||
+# OCF does not include the concept of data sync states for master/slave
|
||||
+# resources.
|
||||
+#
|
||||
+# OCF_DATA_INCONSISTENT:
|
||||
+# The resource's data is not useable.
|
||||
+#
|
||||
+# OCF_DATA_OUTDATED:
|
||||
+# The resource's data is consistent, but a peer with more recent data
|
||||
+# has been seen.
|
||||
+#
|
||||
+# OCF_DATA_CONSISTENT:
|
||||
+# The resource's data is consistent, but it is unsure that this is the
|
||||
+# most recent data.
|
||||
+#
|
||||
+# OCF_SYNC:
|
||||
+# The resource is syncing data.
|
||||
+#
|
||||
+# OCF_STANDALONE:
|
||||
+# The resource is operating as standalone. No peer is available or
|
||||
+# syncing is not possible (i.e. split brain fencing).
|
||||
+#
|
||||
+OCF_DATA_INCONSISTENT=32
|
||||
+OCF_DATA_OUTDATED=33
|
||||
+OCF_DATA_CONSISTENT=34
|
||||
+OCF_DATA_SYNC=35
|
||||
+OCF_DATA_STANDALONE=36
|
||||
+OCF_RUNNING_MASTER_DATA_INCONSISTENT=37
|
||||
+OCF_RUNNING_MASTER_DATA_OUTDATED=38
|
||||
+OCF_RUNNING_MASTER_DATA_CONSISTENT=39
|
||||
+OCF_RUNNING_MASTER_DATA_SYNC=40
|
||||
+OCF_RUNNING_MASTER_DATA_STANDALONE=41
|
@ -1,18 +0,0 @@
|
||||
---
|
||||
heartbeat/ocf-shellfuncs.in | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/heartbeat/ocf-shellfuncs.in
|
||||
+++ b/heartbeat/ocf-shellfuncs.in
|
||||
@@ -174,9 +174,9 @@ hadate() {
|
||||
set_logtag() {
|
||||
if [ -z "$HA_LOGTAG" ]; then
|
||||
if [ -n "$OCF_RESOURCE_INSTANCE" ]; then
|
||||
- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
|
||||
+ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
|
||||
else
|
||||
- HA_LOGTAG="$__SCRIPT_NAME[$$]"
|
||||
+ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]"
|
||||
fi
|
||||
fi
|
||||
}
|
@ -1,77 +0,0 @@
|
||||
Index: resource-agents-3.9.5/heartbeat/pgsql
|
||||
===================================================================
|
||||
--- resource-agents-3.9.5.orig/heartbeat/pgsql
|
||||
+++ resource-agents-3.9.5/heartbeat/pgsql
|
||||
@@ -38,6 +38,7 @@ get_pgsql_param() {
|
||||
OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl
|
||||
OCF_RESKEY_psql_default=/usr/bin/psql
|
||||
OCF_RESKEY_pgdata_default=/var/lib/pgsql/data
|
||||
+OCF_RESKEY_pgconf_default=/etc/postgresql
|
||||
OCF_RESKEY_pgdba_default=postgres
|
||||
OCF_RESKEY_pghost_default=""
|
||||
OCF_RESKEY_pgport_default=5432
|
||||
@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_defaul
|
||||
: ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}}
|
||||
: ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}}
|
||||
: ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}}
|
||||
+: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}}
|
||||
: ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}}
|
||||
: ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}}
|
||||
: ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}}
|
||||
-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf}
|
||||
+: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf}
|
||||
: ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}}
|
||||
: ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}}
|
||||
: ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}}
|
||||
@@ -166,6 +168,14 @@ Path to PostgreSQL data directory.
|
||||
<content type="string" default="${OCF_RESKEY_pgdata_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="pgconf" unique="0" required="0">
|
||||
+<longdesc lang="en">
|
||||
+Path to PostgreSQL config directory.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">pgconf</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_pgconf_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="pgdba" unique="0" required="0">
|
||||
<longdesc lang="en">
|
||||
User that owns PostgreSQL.
|
||||
@@ -220,7 +230,7 @@ SQL script that will be used for monitor
|
||||
Path to the PostgreSQL configuration file for the instance.
|
||||
</longdesc>
|
||||
<shortdesc lang="en">Configuration file</shortdesc>
|
||||
-<content type="string" default="${OCF_RESKEY_pgdata}/postgresql.conf" />
|
||||
+<content type="string" default="${OCF_RESKEY_pgconf}/postgresql.conf" />
|
||||
</parameter>
|
||||
|
||||
<parameter name="pgdb" unique="0" required="0">
|
||||
@@ -475,6 +485,12 @@ pgsql_real_start() {
|
||||
local postgres_options
|
||||
local rc
|
||||
|
||||
+ # WRS: Create an unversioned symlink under /var/run so SM can easily
|
||||
+ # find the PID file.
|
||||
+ if [ ! -h $PIDFILE_SYMLINK ]; then
|
||||
+ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK
|
||||
+ fi
|
||||
+
|
||||
if pgsql_status; then
|
||||
ocf_log info "PostgreSQL is already running. PID=`cat $PIDFILE`"
|
||||
if is_replication; then
|
||||
@@ -1717,12 +1733,12 @@ then
|
||||
exit $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
-
|
||||
PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid
|
||||
+PIDFILE_SYMLINK=/var/run/postmaster.pid
|
||||
BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label
|
||||
RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1`
|
||||
PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status"
|
||||
-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf
|
||||
+RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf
|
||||
NODENAME=`uname -n | tr '[A-Z]' '[a-z]'`
|
||||
|
||||
if is_replication; then
|
@ -1,17 +0,0 @@
|
||||
---
|
||||
heartbeat/Filesystem | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
--- a/heartbeat/Filesystem
|
||||
+++ b/heartbeat/Filesystem
|
||||
@@ -727,6 +727,10 @@ signal_processes() {
|
||||
}
|
||||
try_umount() {
|
||||
local SUB=$1
|
||||
+
|
||||
+ # We need to ensure we umount in namespaces, too
|
||||
+ /usr/sbin/umount-in-namespace $SUB
|
||||
+
|
||||
$UMOUNT $umount_force $SUB
|
||||
list_mounts | grep -q " $SUB " >/dev/null 2>&1 || {
|
||||
ocf_log info "unmounted $SUB successfully"
|
@ -1,63 +0,0 @@
|
||||
Index: 4.2.5-P1-r3/dhclient-exit-hooks
|
||||
===================================================================
|
||||
--- 4.2.5-P1-r3.orig/dhclient-exit-hooks
|
||||
+++ 4.2.5-P1-r3/dhclient-exit-hooks
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
# This file is sourced by /sbin/dhclient-script.
|
||||
#
|
||||
-# dhcp option 121 is defined in RFC3442. The following is the link.
|
||||
+# dhcp option 121 is defined in RFC3442. The following is the link.
|
||||
# http://www.ietf.org/rfc/rfc3442.txt
|
||||
#
|
||||
# The code for this option is 121, and its minimum length is 5 bytes.
|
||||
@@ -52,7 +52,7 @@ function add_routes() {
|
||||
while [ $# -ne 0 ]; do
|
||||
mask=$1
|
||||
shift
|
||||
-
|
||||
+
|
||||
# Parse the arguments into a CIDR net/mask string
|
||||
if [ $mask -eq 32 ]; then
|
||||
destination="-host $1.$2.$3.$4"
|
||||
@@ -66,22 +66,31 @@ while [ $# -ne 0 ]; do
|
||||
elif [ $mask -gt 8 ]; then
|
||||
destination="-net $1.$2.0.0/$mask"
|
||||
shift; shift
|
||||
+ elif [ $mask -gt 0 ]; then
|
||||
+ destination="-net $1.0.0.0/$mask"
|
||||
+ shift
|
||||
else
|
||||
- destination="-net $1.0.0.0/$mask"
|
||||
- shift
|
||||
+ destination="default"
|
||||
fi
|
||||
-
|
||||
+
|
||||
# Read the gateway
|
||||
gateway="$1.$2.$3.$4"
|
||||
shift; shift; shift; shift
|
||||
|
||||
- # Add route into routing table
|
||||
- route add $destination gw $gateway
|
||||
-
|
||||
- # Print it out if the route is added successfully
|
||||
- if [ $? = 0 ]; then
|
||||
- echo "Added route \"$destination gw $gateway\""
|
||||
+ if [ $gateway != "0.0.0.0" ]; then
|
||||
+ # Add route into routing table
|
||||
+ route add $destination gw $gateway
|
||||
+ if [ $? = 0 ]; then
|
||||
+ echo "Added route \"$destination gw $gateway\""
|
||||
+ fi
|
||||
+ else
|
||||
+ # Add onlink route into routing table
|
||||
+ route add $destination $interface
|
||||
+ if [ $? = 0 ]; then
|
||||
+ echo "Added route \"$destination on $interface\""
|
||||
+ fi
|
||||
fi
|
||||
+
|
||||
done
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 80ec3fbb502373b48c54dc075d75b1d13894093e Mon Sep 17 00:00:00 2001
|
||||
From 1eeae27ddc87dc61928b96baa63fe2ff767e35b0 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 15:25:05 -0400
|
||||
Subject: [PATCH 5/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/dhcp.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
|
||||
index edc4113..29dfbcf 100644
|
||||
index 42409f6..70c7a6d 100644
|
||||
--- a/SPECS/dhcp.spec
|
||||
+++ b/SPECS/dhcp.spec
|
||||
@@ -18,7 +18,7 @@
|
||||
Summary: Dynamic host configuration protocol software
|
||||
Name: dhcp
|
||||
Version: 4.2.5
|
||||
-Release: 58%{?dist}
|
||||
+Release: 58.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 68%{?dist}.1
|
||||
+Release: 68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver}
|
||||
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
|
||||
# dcantrell maintaining the package) made incorrect use of the epoch and
|
||||
# that's why it is at 12 now. It should have never been used, but it was.
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,14 +1,14 @@
|
||||
From 68081498cde44d9b5320e795229865e46a1552ac Mon Sep 17 00:00:00 2001
|
||||
From 7e7a9f1bce5884da1e57d5bdc4f5215b7231924e Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 15:25:05 -0400
|
||||
Subject: [PATCH 1/7] WRS: spec-include-TiS-patches.patch
|
||||
Subject: [PATCH] WRS: spec-include-TiS-patches.patch
|
||||
|
||||
---
|
||||
SPECS/dhcp.spec | 28 ++++++++++++++++++++++++++++
|
||||
1 file changed, 28 insertions(+)
|
||||
|
||||
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
|
||||
index 9647a5a..78ee924 100644
|
||||
index 14da097..904e3ad 100644
|
||||
--- a/SPECS/dhcp.spec
|
||||
+++ b/SPECS/dhcp.spec
|
||||
@@ -39,6 +39,10 @@ Source8: dhcrelay.service
|
||||
@ -22,9 +22,9 @@ index 9647a5a..78ee924 100644
|
||||
|
||||
Patch0: dhcp-4.2.0-errwarn-message.patch
|
||||
Patch1: dhcp-4.2.4-dhclient-options.patch
|
||||
@@ -99,6 +103,14 @@ Patch62: dhcp-max-fd-value.patch
|
||||
Patch63: dhcp-4.2.5-rh1355827.patch
|
||||
Patch64: dhcp-4.2.5-centos-branding.patch
|
||||
@@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
|
||||
Patch71: dhcp-4.2.5-centos-branding.patch
|
||||
|
||||
|
||||
+# WRS
|
||||
+Patch101: support-disable-nsupdate.patch
|
||||
@ -37,9 +37,9 @@ index 9647a5a..78ee924 100644
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
@@ -409,6 +421,14 @@ rm -rf includes/isc-dhcp
|
||||
%patch63 -p1
|
||||
%patch64 -p1
|
||||
@@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp
|
||||
%patch70 -p1 -b .reference_overflow
|
||||
%patch71 -p1
|
||||
|
||||
+# WRS
|
||||
+%patch101 -p1
|
||||
@ -52,7 +52,7 @@ index 9647a5a..78ee924 100644
|
||||
# Update paths in all man pages
|
||||
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
|
||||
client/dhclient-script.8 client/dhclient.8 ; do
|
||||
@@ -552,6 +572,10 @@ EOF
|
||||
@@ -582,6 +602,10 @@ EOF
|
||||
# Don't package libtool *.la files
|
||||
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
|
||||
|
||||
@ -63,7 +63,7 @@ index 9647a5a..78ee924 100644
|
||||
%pre
|
||||
# /usr/share/doc/setup/uidgid
|
||||
%global gid_uid 177
|
||||
@@ -667,6 +691,10 @@ done
|
||||
@@ -697,6 +721,10 @@ done
|
||||
%attr(0644,root,root) %{_mandir}/man8/dhclient.8.gz
|
||||
%attr(0644,root,root) %{_mandir}/man8/dhclient-script.8.gz
|
||||
|
||||
@ -75,5 +75,5 @@ index 9647a5a..78ee924 100644
|
||||
%doc LICENSE README RELNOTES doc/References.txt
|
||||
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/dhcp-4.2.5-58.el7.centos.src.rpm
|
||||
mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm
|
||||
|
@ -8,18 +8,18 @@ Subject: [PATCH] update package patching
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
|
||||
index b3f178f..a583cf2 100644
|
||||
index 5cf440a..dd74293 100644
|
||||
--- a/SPECS/dnsmasq.spec
|
||||
+++ b/SPECS/dnsmasq.spec
|
||||
@@ -13,7 +13,7 @@
|
||||
|
||||
Name: dnsmasq
|
||||
Version: 2.76
|
||||
-Release: 2%{?extraversion}%{?dist}.2
|
||||
+Release: 2.el7_4.2%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 5%{?extraversion}%{?dist}
|
||||
+Release: 5.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: A lightweight DHCP/caching DNS server
|
||||
|
||||
Group: System Environment/Daemons
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -3,14 +3,12 @@ From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:27:13 -0400
|
||||
Subject: [PATCH 2/5] WRS: dnsmasq-spec-add-init-script.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/dnsmasq.spec
|
||||
---
|
||||
SPECS/dnsmasq.spec | 26 ++++++++++++++++----------
|
||||
1 file changed, 16 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
|
||||
index 63ff820..f8aace1 100644
|
||||
index 7f370d1..0641503 100644
|
||||
--- a/SPECS/dnsmasq.spec
|
||||
+++ b/SPECS/dnsmasq.spec
|
||||
@@ -21,6 +21,7 @@ License: GPLv2 or GPLv3
|
||||
@ -21,7 +19,7 @@ index 63ff820..f8aace1 100644
|
||||
# upstream git: git://thekelleys.org.uk/dnsmasq.git
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1367772
|
||||
@@ -140,22 +141,26 @@ mkdir -p %{buildroot}%{_unitdir}
|
||||
@@ -168,22 +169,26 @@ mkdir -p %{buildroot}%{_unitdir}
|
||||
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
|
||||
rm -rf %{buildroot}%{_initrddir}
|
||||
|
||||
@ -58,7 +56,7 @@ index 63ff820..f8aace1 100644
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
@@ -167,6 +172,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
@@ -195,6 +200,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_unitdir}/%{name}.service
|
||||
%{_sbindir}/dnsmasq
|
||||
%{_mandir}/man8/dnsmasq*
|
||||
@ -67,5 +65,5 @@ index 63ff820..f8aace1 100644
|
||||
%files utils
|
||||
%{_bindir}/dhcp_*
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -3,25 +3,23 @@ From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:27:13 -0400
|
||||
Subject: [PATCH 3/5] WRS: patch-tftp-to-close-sockets-immediately.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/dnsmasq.spec
|
||||
---
|
||||
SPECS/dnsmasq.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
|
||||
index f8aace1..a3a9e08 100644
|
||||
index 0641503..5cf440a 100644
|
||||
--- a/SPECS/dnsmasq.spec
|
||||
+++ b/SPECS/dnsmasq.spec
|
||||
@@ -42,6 +42,7 @@ Patch8: dnsmasq-2.76-coverity.patch
|
||||
@@ -58,6 +58,7 @@ Patch19: dnsmasq-2.76-misc-cleanups.patch
|
||||
|
||||
# WRS patches
|
||||
Patch30: dnsmasq-update-ipv6-leases-from-config.patch
|
||||
+Patch31: close-tftp-sockets-immediately.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
@@ -88,6 +89,7 @@ query/remove a DHCP server's leases.
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@@ -116,6 +117,7 @@ query/remove a DHCP server's leases.
|
||||
|
||||
# WRS patches
|
||||
%patch30 -p1
|
||||
@ -30,5 +28,5 @@ index f8aace1..a3a9e08 100644
|
||||
# use /var/lib/dnsmasq instead of /var/lib/misc
|
||||
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -3,29 +3,28 @@ From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:27:13 -0400
|
||||
Subject: [PATCH 1/5] WRS: spec-include-TiS-patch.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/dnsmasq.spec
|
||||
---
|
||||
SPECS/dnsmasq.spec | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
SPECS/dnsmasq.spec | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
|
||||
index 8a6450a..63ff820 100644
|
||||
index b312ef3..7f370d1 100644
|
||||
--- a/SPECS/dnsmasq.spec
|
||||
+++ b/SPECS/dnsmasq.spec
|
||||
@@ -39,6 +39,9 @@ Patch6: dnsmasq-2.76-label-warning.patch
|
||||
Patch7: dnsmasq-2.76-label-man.patch
|
||||
Patch8: dnsmasq-2.76-coverity.patch
|
||||
@@ -55,6 +55,10 @@ Patch17: dnsmasq-2.76-gita3303e196.patch
|
||||
Patch18: dnsmasq-2.76-underflow.patch
|
||||
Patch19: dnsmasq-2.76-misc-cleanups.patch
|
||||
|
||||
+# WRS patches
|
||||
+Patch30: dnsmasq-update-ipv6-leases-from-config.patch
|
||||
+
|
||||
+
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: dbus-devel
|
||||
@@ -82,6 +85,9 @@ query/remove a DHCP server's leases.
|
||||
%patch7 -p1
|
||||
%patch8 -p1 -b .coverity
|
||||
@@ -109,6 +113,9 @@ query/remove a DHCP server's leases.
|
||||
%patch18 -p1 -b .underflow
|
||||
%patch19 -p1 -b .misc
|
||||
|
||||
+# WRS patches
|
||||
+%patch30 -p1
|
||||
@ -33,7 +32,7 @@ index 8a6450a..63ff820 100644
|
||||
# use /var/lib/dnsmasq instead of /var/lib/misc
|
||||
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
|
||||
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
|
||||
@@ -154,8 +160,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
@@ -181,8 +188,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface
|
||||
@ -45,5 +44,5 @@ index 8a6450a..63ff820 100644
|
||||
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
|
||||
%{_unitdir}/%{name}.service
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/dnsmasq-2.76-2.el7_4.2.src.rpm
|
||||
mirror:Source/dnsmasq-2.76-5.el7.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001
|
||||
From 55d52d8bc9f649b4871336aaffd87fb7d931eac8 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:12:36 -0400
|
||||
Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/haproxy.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
|
||||
index c1547ef..097aa79 100644
|
||||
index 0d6e19a..3bc75e1 100644
|
||||
--- a/SPECS/haproxy.spec
|
||||
+++ b/SPECS/haproxy.spec
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
Name: haproxy
|
||||
Version: 1.5.18
|
||||
-Release: 6%{?dist}
|
||||
+Release: 6.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 7%{?dist}
|
||||
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: TCP/HTTP proxy and load balancer for high availability environments
|
||||
|
||||
Group: System Environment/Daemons
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/haproxy-1.5.18-6.el7.src.rpm
|
||||
mirror:Source/haproxy-1.5.18-7.el7.src.rpm
|
||||
|
@ -10,7 +10,6 @@ run-ifdown-on-all-interfaces.patch
|
||||
spec-sysconfig-affirmative-check-for-link-carrier.patch
|
||||
spec-sysconfig-unsafe-usage-of-linkdelay-variable.patch
|
||||
fix-build-failures-due-to-unwanted-sgid.patch
|
||||
add_build_require_on_systemd.patch
|
||||
ipv6-static-route-support.patch
|
||||
spec-ifup-eth-stop-waiting-if-link-is-up.patch
|
||||
spec-run-dhclient-as-daemon-for-ipv6.patch
|
||||
|
@ -1,24 +0,0 @@
|
||||
From 075dd032f651d469e639eb1f25f3d5b7f5ff5485 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:49:27 -0400
|
||||
Subject: [PATCH 13/13] WRS: add_build_require_on_systemd.patch
|
||||
|
||||
---
|
||||
SPECS/initscripts.spec | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
|
||||
index 09674a7..cdc282e 100644
|
||||
--- a/SPECS/initscripts.spec
|
||||
+++ b/SPECS/initscripts.spec
|
||||
@@ -41,6 +41,7 @@ Requires(pre): /usr/sbin/groupadd
|
||||
Requires(post): /sbin/chkconfig, coreutils
|
||||
Requires(preun): /sbin/chkconfig
|
||||
BuildRequires: glib2-devel popt-devel gettext pkgconfig
|
||||
+BuildRequires: systemd-devel
|
||||
Provides: /sbin/service
|
||||
|
||||
Patch4: support-interface-scriptlets.patch
|
||||
--
|
||||
1.9.1
|
||||
|
@ -1,25 +1,17 @@
|
||||
From 8351b22a5a517ebe779d4bf4904694bd1bd85890 Mon Sep 17 00:00:00 2001
|
||||
From 2c096cfd84fea55fd1f2df466d5635c06daab2a2 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:49:27 -0400
|
||||
Subject: [PATCH 12/13] WRS: fix-build-failures-due-to-unwanted-sgid.patch
|
||||
Subject: [PATCH] WRS: fix-build-failures-due-to-unwanted-sgid.patch
|
||||
|
||||
---
|
||||
SPECS/initscripts.spec | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
SPECS/initscripts.spec | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
|
||||
index f2d0271..09674a7 100644
|
||||
index 938e9bb..e60c826 100644
|
||||
--- a/SPECS/initscripts.spec
|
||||
+++ b/SPECS/initscripts.spec
|
||||
@@ -197,6 +197,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%dir /etc/rwtab.d
|
||||
%dir /etc/statetab.d
|
||||
/usr/lib/systemd/rhel-*
|
||||
+%dir %attr(0755,root,root) /usr/lib/systemd/system/*wants
|
||||
/usr/lib/systemd/system/*
|
||||
/etc/inittab
|
||||
/etc/rc[0-9].d
|
||||
@@ -237,7 +238,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
@@ -239,7 +239,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%ghost %attr(0664,root,utmp) /var/run/utmp
|
||||
%ghost %attr(0644,root,root) /etc/sysconfig/kvm
|
||||
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
|
||||
@ -29,5 +21,5 @@ index f2d0271..09674a7 100644
|
||||
%dir /usr/libexec/initscripts
|
||||
%dir /usr/libexec/initscripts/legacy-actions
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 9caa7a0860a8adcf38047fb39b6e1577099104d6 Mon Sep 17 00:00:00 2001
|
||||
From 29d8980d8c67a302a27a3084f58657414578a2b9 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 14:49:27 -0400
|
||||
Subject: [PATCH 01/13] WRS: spec-include-TiS-changes.patch
|
||||
Subject: [PATCH] WRS: spec-include-TiS-changes.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/initscripts.spec
|
||||
@ -10,7 +10,7 @@ Conflicts:
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
|
||||
index 6b81095..7f93a30 100644
|
||||
index e96290a..665b576 100644
|
||||
--- a/SPECS/initscripts.spec
|
||||
+++ b/SPECS/initscripts.spec
|
||||
@@ -7,6 +7,10 @@ Group: System Environment/Base
|
||||
@ -24,8 +24,8 @@ index 6b81095..7f93a30 100644
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
Obsoletes: initscripts-legacy <= 9.39
|
||||
Requires: /bin/awk, sed, coreutils
|
||||
@@ -35,6 +39,10 @@ Requires(preun): /sbin/chkconfig
|
||||
BuildRequires: glib2-devel popt-devel gettext pkgconfig
|
||||
@@ -36,6 +40,10 @@ Requires(preun): /sbin/chkconfig
|
||||
BuildRequires: glib2-devel popt-devel gettext pkgconfig systemd
|
||||
Provides: /sbin/service
|
||||
|
||||
+Patch4: support-interface-scriptlets.patch
|
||||
@ -35,7 +35,7 @@ index 6b81095..7f93a30 100644
|
||||
%description
|
||||
The initscripts package contains basic system scripts used
|
||||
during a boot of the system. It also contains scripts which
|
||||
@@ -54,6 +62,10 @@ Currently, this consists of various memory checking code.
|
||||
@@ -55,6 +63,10 @@ Currently, this consists of various memory checking code.
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
@ -46,7 +46,7 @@ index 6b81095..7f93a30 100644
|
||||
%build
|
||||
make
|
||||
|
||||
@@ -74,6 +86,9 @@ rm -f \
|
||||
@@ -75,6 +87,9 @@ rm -f \
|
||||
touch $RPM_BUILD_ROOT/etc/crypttab
|
||||
chmod 600 $RPM_BUILD_ROOT/etc/crypttab
|
||||
|
||||
@ -57,5 +57,5 @@ index 6b81095..7f93a30 100644
|
||||
/usr/sbin/groupadd -g 22 -r -f utmp
|
||||
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 974b70a23b6a6c579fc4d43efd42e42f26c27310 Mon Sep 17 00:00:00 2001
|
||||
From cd3e0b0fea9588c987db119cb6d7840ace399368 Mon Sep 17 00:00:00 2001
|
||||
From: Allain Legacy <allain.legacy@windriver.com>
|
||||
Date: Thu, 17 Nov 2016 08:27:42 -0500
|
||||
Subject: [PATCH] sysconfig: affirmative check for link carrier
|
||||
@ -25,18 +25,18 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
|
||||
index 798f28a..affa8ba 100644
|
||||
index d08f618..13cf4de 100644
|
||||
--- a/sysconfig/network-scripts/network-functions
|
||||
+++ b/sysconfig/network-scripts/network-functions
|
||||
@@ -463,7 +463,7 @@ check_link_down ()
|
||||
@@ -473,7 +473,7 @@ check_link_down ()
|
||||
delay=20
|
||||
[ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
|
||||
while [ $timeout -le $delay ]; do
|
||||
- [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1
|
||||
+ [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
|
||||
usleep 500000
|
||||
sleep 0.5
|
||||
timeout=$((timeout+1))
|
||||
done
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d3d109136f6e01ec1d8291ff89f3e00ff64cab31 Mon Sep 17 00:00:00 2001
|
||||
From 9b12287d8dade60c012969db3ae56b36d1e50966 Mon Sep 17 00:00:00 2001
|
||||
From: Allain Legacy <allain.legacy@windriver.com>
|
||||
Date: Thu, 17 Nov 2016 11:37:38 -0500
|
||||
Subject: [PATCH] sysconfig: unsafe usage of linkdelay variable
|
||||
@ -16,10 +16,10 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
|
||||
index affa8ba..a9821f6 100644
|
||||
index 13cf4de..4bcc48f 100644
|
||||
--- a/sysconfig/network-scripts/network-functions
|
||||
+++ b/sysconfig/network-scripts/network-functions
|
||||
@@ -461,7 +461,7 @@ check_link_down ()
|
||||
@@ -471,7 +471,7 @@ check_link_down ()
|
||||
fi
|
||||
timeout=0
|
||||
delay=20
|
||||
@ -27,7 +27,7 @@ index affa8ba..a9821f6 100644
|
||||
+ [[ $LINKDELAY =~ ^[0-9]+$ ]] && delay=$(($LINKDELAY * 2))
|
||||
while [ $timeout -le $delay ]; do
|
||||
[ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
|
||||
usleep 500000
|
||||
sleep 0.5
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/initscripts-9.49.39-1.el7.src.rpm
|
||||
mirror:Source/initscripts-9.49.41-1.el7.src.rpm
|
||||
|
@ -1,6 +1,6 @@
|
||||
Metadata-Version: 1.1
|
||||
Name: lighttpd
|
||||
Version: 1.4.39
|
||||
Version: 1.4.50
|
||||
Summary: Lightning fast webserver with light system requirements
|
||||
Home-page:
|
||||
Author:
|
||||
|
@ -1,9 +1,2 @@
|
||||
COPY_LIST="lighttpd-1.4.35/index.html.lighttpd \
|
||||
lighttpd-1.4.35/lighttpd.conf \
|
||||
lighttpd-1.4.35/lighttpd.init \
|
||||
lighttpd-1.4.35/lighttpd-inc.conf \
|
||||
lighttpd-1.4.35/lighttpd.logrotate \
|
||||
lighttpd-1.4.35/lighttpd-csr.conf \
|
||||
lighttpd-1.4.35/check-content-length.patch \
|
||||
lighttpd-1.4.35/lighttpd-tpm-support.patch"
|
||||
COPY_LIST="files/*"
|
||||
TIS_PATCH_VER=6
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 4bea2840e8b22d904be29d24d501c25201e13c57 Mon Sep 17 00:00:00 2001
|
||||
From 1c4a8d83d96eab943d1cb7b4f0d9b7175e6858f1 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 20 Mar 2017 10:21:28 -0400
|
||||
Subject: [PATCH 3/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/lighttpd.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
|
||||
index 71737ac..b795a3f 100644
|
||||
index 2f7b261..2553b27 100644
|
||||
--- a/SPECS/lighttpd.spec
|
||||
+++ b/SPECS/lighttpd.spec
|
||||
@@ -45,7 +45,7 @@
|
||||
Summary: Lightning fast webserver with light system requirements
|
||||
Name: lighttpd
|
||||
Version: 1.4.45
|
||||
Version: 1.4.50
|
||||
-Release: 1%{?dist}
|
||||
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
License: BSD
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.lighttpd.net/
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 653e25505b1df7e7b3fd89e08729d6d9f9698d39 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Tue, 28 Mar 2017 17:33:34 -0400
|
||||
Subject: [PATCH] dding support for TPM 2.0
|
||||
Subject: [PATCH] Adding support for TPM 2.0
|
||||
|
||||
---
|
||||
SPECS/lighttpd.spec | 2 ++
|
||||
|
@ -1,7 +1,7 @@
|
||||
From c684477fa2b47bb3c00b0e501e817d088408bead Mon Sep 17 00:00:00 2001
|
||||
From 730a5321581e70790da4e94085698fd299072be5 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 20 Mar 2017 10:21:28 -0400
|
||||
Subject: [PATCH 4/4] WRS: spec-check-content-length.patch
|
||||
Subject: [PATCH] WRS: spec-check-content-length.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/lighttpd.spec
|
||||
@ -10,13 +10,13 @@ Conflicts:
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
|
||||
index b795a3f..9fd062a 100644
|
||||
index 2553b27..c27f78f 100644
|
||||
--- a/SPECS/lighttpd.spec
|
||||
+++ b/SPECS/lighttpd.spec
|
||||
@@ -78,6 +78,10 @@ Patch3: lighttpd-1.4.39-socket.patch
|
||||
#Patch6: changeset_r779c133c16f9af168b004dce7a2a64f16c1cb3a4.diff
|
||||
@@ -79,6 +79,10 @@ Patch3: lighttpd-1.4.39-socket.patch
|
||||
#Patch7: lighttpd-1.4.42-bignum.patch
|
||||
#Patch8: lighttpd-1.4.43-mysql.patch
|
||||
#Patch9: lighttpd-1.4.48-autoconf.patch
|
||||
+
|
||||
+# WRS Patches
|
||||
+Patch100: check-content-length.patch
|
||||
@ -24,10 +24,10 @@ index b795a3f..9fd062a 100644
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
# For the target poweredby.png image (skip requirement + provide image on EL5)
|
||||
%if %{with systemlogos}
|
||||
@@ -179,6 +183,10 @@ Authentication module for lighttpd that uses GSSAPI
|
||||
#%patch6 -p1 -b .http_proxy
|
||||
@@ -182,6 +186,10 @@ Authentication module for lighttpd that uses GSSAPI
|
||||
#%patch7 -p0 -b .bignum
|
||||
#%patch8 -p0 -b .mysql
|
||||
#%patch9 -p0 -b .autoconf
|
||||
+
|
||||
+# WRS Patches
|
||||
+%patch100 -p1 -b .content_length
|
||||
@ -36,5 +36,5 @@ index b795a3f..9fd062a 100644
|
||||
#install -p -m 0644 %{SOURCE101} mod_geoip.txt
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/lighttpd-1.4.45-1.el7.src.rpm
|
||||
mirror:Source/lighttpd-1.4.50-1.el7.src.rpm
|
||||
|
@ -1,24 +1,27 @@
|
||||
From b9410d967faf627d72fc5496a4c2e7aab879b7aa Mon Sep 17 00:00:00 2001
|
||||
From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
|
||||
From: Giao Le <giao.le@windriver.com>
|
||||
Date: Wed, 19 Oct 2016 15:06:17 -0400
|
||||
Subject: [PATCH 1/1] check
|
||||
Date: Mon, 27 Aug 2018 19:41:36 +0800
|
||||
Subject: [PATCH] check-length
|
||||
|
||||
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||
---
|
||||
src/request.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 49 insertions(+)
|
||||
src/request.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 46 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/request.c b/src/request.c
|
||||
index a2de944..857076c 100644
|
||||
index 213a87e..8c97f45 100644
|
||||
--- a/src/request.c
|
||||
+++ b/src/request.c
|
||||
@@ -12,6 +12,39 @@
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
@@ -8,10 +8,39 @@
|
||||
#include "sock_addr.h"
|
||||
|
||||
#include <sys/stat.h>
|
||||
-
|
||||
+#include <sys/statvfs.h>
|
||||
+#include <string.h>
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
+#include <errno.h>
|
||||
+#include <limits.h>
|
||||
+
|
||||
+static size_t get_tempdirs_free_space(server *srv)
|
||||
+{
|
||||
@ -47,19 +50,10 @@ index a2de944..857076c 100644
|
||||
+ return (valid) ? total : SSIZE_MAX;
|
||||
+}
|
||||
+
|
||||
+
|
||||
|
||||
static int request_check_hostname(buffer *host) {
|
||||
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
|
||||
size_t i;
|
||||
@@ -409,6 +442,7 @@ static int request_uri_is_valid_char(unsigned char c) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
+
|
||||
int http_request_parse(server *srv, connection *con) {
|
||||
char *uri = NULL, *proto = NULL, *method = NULL, con_length_set;
|
||||
int is_key = 1, key_len = 0, is_ws_after_key = 0, in_folding;
|
||||
@@ -1294,6 +1328,21 @@ int http_request_parse(server *srv, connection *con) {
|
||||
@@ -1287,6 +1316,22 @@ int http_request_parse(server *srv, connection *con) {
|
||||
return 0;
|
||||
|
||||
}
|
||||
@ -78,9 +72,10 @@ index a2de944..857076c 100644
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
289
base/lighttpd/files/lighttpd-tpm-support.patch
Normal file
289
base/lighttpd/files/lighttpd-tpm-support.patch
Normal file
@ -0,0 +1,289 @@
|
||||
From c58d174a1d2872272bfa9d83c642591f04effcb1 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Wed, 29 Mar 2017 21:56:41 -0400
|
||||
Subject: [PATCH] lighttpd tpm support
|
||||
|
||||
---
|
||||
src/base.h | 24 ++++++++++++
|
||||
src/configfile.c | 6 ++-
|
||||
src/mod_openssl.c | 113 +++++++++++++++++++++++++++++++++++++++++++++---------
|
||||
src/server.c | 17 +++++++-
|
||||
4 files changed, 139 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/src/base.h b/src/base.h
|
||||
index 2fe60b6..bddcd01 100644
|
||||
--- a/src/base.h
|
||||
+++ b/src/base.h
|
||||
@@ -15,6 +15,21 @@
|
||||
#include "sock_addr.h"
|
||||
#include "etag.h"
|
||||
|
||||
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
|
||||
+# define USE_OPENSSL
|
||||
+# include <openssl/opensslconf.h>
|
||||
+# ifndef USE_OPENSSL_KERBEROS
|
||||
+# ifndef OPENSSL_NO_KRB5
|
||||
+# define OPENSSL_NO_KRB5
|
||||
+# endif
|
||||
+# endif
|
||||
+# include <openssl/ssl.h>
|
||||
+# include <openssl/engine.h>
|
||||
+# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
+# define OPENSSL_NO_TLSEXT
|
||||
+# endif
|
||||
+#endif
|
||||
+
|
||||
struct fdevents; /* declaration */
|
||||
struct stat_cache; /* declaration */
|
||||
|
||||
@@ -360,6 +375,13 @@ typedef struct {
|
||||
unsigned short high_precision_timestamps;
|
||||
time_t loadts;
|
||||
double loadavg[3];
|
||||
+#ifdef USE_OPENSSL
|
||||
+ // TPM engine and object configuration
|
||||
+ buffer *tpm_object;
|
||||
+ buffer *tpm_engine;
|
||||
+ ENGINE *tpm_engine_ref;
|
||||
+ EVP_PKEY *tpm_key;
|
||||
+#endif
|
||||
buffer *syslog_facility;
|
||||
} server_config;
|
||||
|
||||
@@ -400,6 +422,8 @@ struct server {
|
||||
int con_written;
|
||||
int con_closed;
|
||||
|
||||
+ int tpm_is_init; // has TPM been initialized already
|
||||
+
|
||||
int max_fds; /* max possible fds */
|
||||
int cur_fds; /* currently used fds */
|
||||
int want_fds; /* waiting fds */
|
||||
diff --git a/src/configfile.c b/src/configfile.c
|
||||
index c3b0f16..dca2a29 100644
|
||||
--- a/src/configfile.c
|
||||
+++ b/src/configfile.c
|
||||
@@ -276,8 +276,10 @@ static int config_insert(server *srv) {
|
||||
{ "server.syslog-facility", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
|
||||
{ "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */
|
||||
{ "server.http-parseopts", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_SERVER }, /* 82 */
|
||||
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 83 */
|
||||
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 84 */
|
||||
|
||||
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
+ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
};
|
||||
|
||||
/* all T_CONFIG_SCOPE_SERVER options */
|
||||
@@ -318,6 +320,8 @@ static int config_insert(server *srv) {
|
||||
cv[80].destination = srv->srvconf.syslog_facility;
|
||||
http_parseopts = array_init();
|
||||
cv[82].destination = http_parseopts;
|
||||
+ cv[83].destination = srv->srvconf.tpm_object;
|
||||
+ cv[84].destination = srv->srvconf.tpm_engine;
|
||||
|
||||
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
|
||||
|
||||
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
|
||||
index 75e0873..4cb0335 100644
|
||||
--- a/src/mod_openssl.c
|
||||
+++ b/src/mod_openssl.c
|
||||
@@ -422,6 +422,29 @@ error:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+static EVP_PKEY*
|
||||
+evp_pkey_load_tpm_object_file(server *srv) {
|
||||
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
|
||||
+ return NULL;
|
||||
+
|
||||
+ if (srv->srvconf.tpm_key) {
|
||||
+ // if a TPM key was previously loaded
|
||||
+ // then return that as there is no need to
|
||||
+ // reload this key into TPM
|
||||
+ return srv->srvconf.tpm_key;
|
||||
+ }
|
||||
+
|
||||
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
|
||||
+ srv->srvconf.tpm_object->ptr,
|
||||
+ NULL, NULL);
|
||||
+ if (!pkey) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ srv->srvconf.tpm_key = pkey;
|
||||
+ return pkey;
|
||||
+}
|
||||
|
||||
static EVP_PKEY *
|
||||
evp_pkey_load_pem_file (server *srv, const char *file)
|
||||
@@ -476,15 +499,23 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
|
||||
|
||||
s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
|
||||
if (NULL == s->ssl_pemfile_x509) return -1;
|
||||
- s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr);
|
||||
- if (NULL == s->ssl_pemfile_pkey) return -1;
|
||||
-
|
||||
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
|
||||
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
- "Private key does not match the certificate public key,"
|
||||
- " reason:", ERR_error_string(ERR_get_error(), NULL),
|
||||
- s->ssl_pemfile);
|
||||
- return -1;
|
||||
+
|
||||
+ // if TPM mode is enabled then load the TPM key otherwise load
|
||||
+ // the regular SSL private key
|
||||
+ if (srv->tpm_is_init) {
|
||||
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
|
||||
+ }
|
||||
+ else {
|
||||
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
|
||||
+
|
||||
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
+ "Private key does not match the certificate public key, reason:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL),
|
||||
+ s->ssl_pemfile);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -651,6 +682,43 @@ network_init_ssl (server *srv, void *p_d)
|
||||
force_assert(NULL != local_send_buffer);
|
||||
}
|
||||
|
||||
+ /* NOTE (knasim-wrs): US93721: TPM support
|
||||
+ * if TPM mode is configured, and we have not previously
|
||||
+ * initialized the engine then do so now
|
||||
+ */
|
||||
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
|
||||
+ (!srv->tpm_is_init)) {
|
||||
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
|
||||
+ // load the dynamic TPM engine
|
||||
+ ENGINE_load_dynamic();
|
||||
+ ENGINE *engine = ENGINE_by_id("dynamic");
|
||||
+ if (!engine) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
|
||||
+ "Unable to load the dynamic engine "
|
||||
+ "(needed for loading custom TPM engine)");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
|
||||
+ srv->srvconf.tpm_engine->ptr, 0);
|
||||
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
|
||||
+ if (ENGINE_init(engine) != 1) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL));
|
||||
+ ENGINE_finish(engine);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ srv->tpm_is_init = 1;
|
||||
+ // stow away for ENGINE cleanup
|
||||
+ srv->srvconf.tpm_engine_ref = engine;
|
||||
+ }
|
||||
+ else { // no TPM engine found
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
|
||||
+ "TPM engine option not set when TPM mode expected");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (!buffer_string_is_empty(s->ssl_pemfile)) {
|
||||
#ifdef OPENSSL_NO_TLSEXT
|
||||
data_config *dc = (data_config *)srv->config_context->data[i];
|
||||
@@ -911,29 +979,36 @@ network_init_ssl (server *srv, void *p_d)
|
||||
}
|
||||
}
|
||||
|
||||
- if (1 != SSL_CTX_use_certificate_chain_file(s->ssl_ctx,
|
||||
- s->ssl_pemfile->ptr)) {
|
||||
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
ERR_error_string(ERR_get_error(), NULL),
|
||||
s->ssl_pemfile);
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
|
||||
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
ERR_error_string(ERR_get_error(), NULL),
|
||||
s->ssl_pemfile);
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
|
||||
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
- "Private key does not match the certificate public "
|
||||
- "key, reason:",
|
||||
- ERR_error_string(ERR_get_error(), NULL),
|
||||
- s->ssl_pemfile);
|
||||
- return -1;
|
||||
+ /*
|
||||
+ * Only check private key against loaded
|
||||
+ * certificate, in non TPM mode, since
|
||||
+ * if this is a TPM key then it is wrapped
|
||||
+ * and will not match the public key
|
||||
+ */
|
||||
+ if (!srv->tpm_is_init) {
|
||||
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
+ "Private key does not match the certificate public key, reason:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL),
|
||||
+ s->ssl_pemfile);
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
+
|
||||
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
|
||||
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
|
||||
| SSL_MODE_ENABLE_PARTIAL_WRITE
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index f6409bb..2ace3f8 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -246,6 +246,11 @@ static server *server_init(void) {
|
||||
CLEAN(srvconf.pid_file);
|
||||
CLEAN(srvconf.syslog_facility);
|
||||
|
||||
+#ifdef USE_OPENSSL
|
||||
+ CLEAN(srvconf.tpm_object);
|
||||
+ CLEAN(srvconf.tpm_engine);
|
||||
+#endif
|
||||
+
|
||||
CLEAN(tmp_chunk_len);
|
||||
#undef CLEAN
|
||||
|
||||
@@ -347,6 +352,14 @@ static void server_free(server *srv) {
|
||||
CLEAN(srvconf.xattr_name);
|
||||
CLEAN(srvconf.syslog_facility);
|
||||
|
||||
+#ifdef USE_OPENSSL
|
||||
+ CLEAN(srvconf.tpm_object);
|
||||
+ CLEAN(srvconf.tpm_engine);
|
||||
+ // don't free the tpm_key as that will be freed
|
||||
+ // below as ssl_pemfile_pkey
|
||||
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
|
||||
+#endif
|
||||
+
|
||||
CLEAN(tmp_chunk_len);
|
||||
#undef CLEAN
|
||||
|
||||
@@ -776,7 +789,9 @@ static int log_error_open(server *srv) {
|
||||
if (-1 == (errfd = fdevent_open_devnull())) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss",
|
||||
"opening /dev/null failed:", strerror(errno));
|
||||
- return -1;
|
||||
+ /* In version 1.4.45 it will also failed here but not check return value of openDevNull(STDERR_FILENO)
|
||||
+ need further check with upstrean to see if there is a potential bug */
|
||||
+ //return -1;
|
||||
}
|
||||
}
|
||||
else {
|
||||
--
|
||||
2.7.4
|
||||
|
@ -1,255 +0,0 @@
|
||||
From 3cf42638ea162be04cbfc8b8eedbef6292336640 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Wed, 29 Mar 2017 21:56:41 -0400
|
||||
Subject: [PATCH] lighttpd tpm support
|
||||
|
||||
---
|
||||
src/base.h | 10 ++++-
|
||||
src/configfile.c | 4 ++
|
||||
src/network.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++---------
|
||||
src/server.c | 12 +++++-
|
||||
4 files changed, 118 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/src/base.h b/src/base.h
|
||||
index 134fc41..5fab1fd 100644
|
||||
--- a/src/base.h
|
||||
+++ b/src/base.h
|
||||
@@ -37,6 +37,7 @@
|
||||
# endif
|
||||
# endif
|
||||
# include <openssl/ssl.h>
|
||||
+# include <openssl/engine.h>
|
||||
# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
# define OPENSSL_NO_TLSEXT
|
||||
# endif
|
||||
@@ -567,6 +568,13 @@ typedef struct {
|
||||
unsigned short high_precision_timestamps;
|
||||
time_t loadts;
|
||||
double loadavg[3];
|
||||
+#ifdef USE_OPENSSL
|
||||
+ // TPM engine and object configuration
|
||||
+ buffer *tpm_object;
|
||||
+ buffer *tpm_engine;
|
||||
+ ENGINE *tpm_engine_ref;
|
||||
+ EVP_PKEY *tpm_key;
|
||||
+#endif
|
||||
} server_config;
|
||||
|
||||
typedef struct server_socket {
|
||||
@@ -610,7 +618,7 @@ typedef struct server {
|
||||
int con_closed;
|
||||
|
||||
int ssl_is_init;
|
||||
-
|
||||
+ int tpm_is_init; // has TPM been initialized already
|
||||
int max_fds; /* max possible fds */
|
||||
int cur_fds; /* currently used fds */
|
||||
int want_fds; /* waiting fds */
|
||||
diff --git a/src/configfile.c b/src/configfile.c
|
||||
index bba6925..da818ed 100644
|
||||
--- a/src/configfile.c
|
||||
+++ b/src/configfile.c
|
||||
@@ -145,6 +145,8 @@ static int config_insert(server *srv) {
|
||||
{ "server.stream-response-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 77 */
|
||||
{ "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */
|
||||
{ "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
|
||||
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
|
||||
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 81 */
|
||||
|
||||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
};
|
||||
@@ -184,6 +186,8 @@ static int config_insert(server *srv) {
|
||||
cv[73].destination = &(srv->srvconf.http_host_strict);
|
||||
cv[74].destination = &(srv->srvconf.http_host_normalize);
|
||||
cv[78].destination = &(srv->srvconf.max_request_field_size);
|
||||
+ cv[80].destination = srv->srvconf.tpm_object;
|
||||
+ cv[81].destination = srv->srvconf.tpm_engine;
|
||||
|
||||
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
|
||||
|
||||
diff --git a/src/network.c b/src/network.c
|
||||
index 4295fe9..6460e72 100644
|
||||
--- a/src/network.c
|
||||
+++ b/src/network.c
|
||||
@@ -613,6 +613,29 @@ error:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+static EVP_PKEY* evp_pkey_load_tpm_object_file(server *srv) {
|
||||
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
|
||||
+ return NULL;
|
||||
+
|
||||
+ if (srv->srvconf.tpm_key) {
|
||||
+ // if a TPM key was previously loaded
|
||||
+ // then return that as there is no need to
|
||||
+ // reload this key into TPM
|
||||
+ return srv->srvconf.tpm_key;
|
||||
+ }
|
||||
+
|
||||
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
|
||||
+ srv->srvconf.tpm_object->ptr,
|
||||
+ NULL, NULL);
|
||||
+ if (!pkey) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ srv->srvconf.tpm_key = pkey;
|
||||
+ return pkey;
|
||||
+}
|
||||
+
|
||||
static EVP_PKEY* evp_pkey_load_pem_file(server *srv, const char *file) {
|
||||
BIO *in;
|
||||
EVP_PKEY *x = NULL;
|
||||
@@ -658,15 +681,23 @@ static int network_openssl_load_pemfile(server *srv, size_t ndx) {
|
||||
#endif
|
||||
|
||||
if (NULL == (s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
|
||||
- if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
|
||||
|
||||
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
|
||||
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
- "Private key does not match the certificate public key, reason:",
|
||||
- ERR_error_string(ERR_get_error(), NULL),
|
||||
- s->ssl_pemfile);
|
||||
- return -1;
|
||||
- }
|
||||
+ // if TPM mode is enabled then load the TPM key otherwise load
|
||||
+ // the regular SSL private key
|
||||
+ if (srv->tpm_is_init) {
|
||||
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
|
||||
+ }
|
||||
+ else {
|
||||
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
|
||||
+
|
||||
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
+ "Private key does not match the certificate public key, reason:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL),
|
||||
+ s->ssl_pemfile);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -791,6 +822,44 @@ int network_init(server *srv) {
|
||||
}
|
||||
}
|
||||
|
||||
+ /* NOTE (knasim-wrs): US93721: TPM support
|
||||
+ * if TPM mode is configured, and we have not previously
|
||||
+ * initialized the engine then do so now
|
||||
+ */
|
||||
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
|
||||
+ (!srv->tpm_is_init)) {
|
||||
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
|
||||
+ // load the dynamic TPM engine
|
||||
+ ENGINE_load_dynamic();
|
||||
+ ENGINE *engine = ENGINE_by_id("dynamic");
|
||||
+ if (!engine) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
|
||||
+ "Unable to load the dynamic engine "
|
||||
+ "(needed for loading custom TPM engine)");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
|
||||
+ srv->srvconf.tpm_engine->ptr, 0);
|
||||
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
|
||||
+ if (ENGINE_init(engine) != 1) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL));
|
||||
+ ENGINE_finish(engine);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ srv->tpm_is_init = 1;
|
||||
+ // stow away for ENGINE cleanup
|
||||
+ srv->srvconf.tpm_engine_ref = engine;
|
||||
+ }
|
||||
+ else { // no TPM engine found
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
|
||||
+ "TPM engine option not set when TPM mode expected");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ ///
|
||||
+
|
||||
if (!buffer_string_is_empty(s->ssl_pemfile)) {
|
||||
#ifdef OPENSSL_NO_TLSEXT
|
||||
data_config *dc = (data_config *)srv->config_context->data[i];
|
||||
@@ -975,24 +1044,32 @@ int network_init(server *srv) {
|
||||
SSL_CTX_set_verify_depth(s->ssl_ctx, s->ssl_verifyclient_depth);
|
||||
}
|
||||
|
||||
- if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
|
||||
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
|
||||
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
|
||||
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
|
||||
return -1;
|
||||
}
|
||||
-
|
||||
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
|
||||
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
- "Private key does not match the certificate public key, reason:",
|
||||
- ERR_error_string(ERR_get_error(), NULL),
|
||||
- s->ssl_pemfile);
|
||||
- return -1;
|
||||
+
|
||||
+ /*
|
||||
+ * Only check private key against loaded
|
||||
+ * certificate, in non TPM mode, since
|
||||
+ * if this is a TPM key then it is wrapped
|
||||
+ * and will not match the public key
|
||||
+ */
|
||||
+ if (!srv->tpm_is_init) {
|
||||
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
|
||||
+ "Private key does not match the certificate public key, reason:",
|
||||
+ ERR_error_string(ERR_get_error(), NULL),
|
||||
+ s->ssl_pemfile);
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
|
||||
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index f27b003..5adfa15 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -226,7 +226,10 @@ static server *server_init(void) {
|
||||
CLEAN(srvconf.bindhost);
|
||||
CLEAN(srvconf.event_handler);
|
||||
CLEAN(srvconf.pid_file);
|
||||
-
|
||||
+#ifdef USE_OPENSSL
|
||||
+ CLEAN(srvconf.tpm_object);
|
||||
+ CLEAN(srvconf.tpm_engine);
|
||||
+#endif
|
||||
CLEAN(tmp_chunk_len);
|
||||
#undef CLEAN
|
||||
|
||||
@@ -316,6 +319,13 @@ static void server_free(server *srv) {
|
||||
CLEAN(srvconf.modules_dir);
|
||||
CLEAN(srvconf.network_backend);
|
||||
CLEAN(srvconf.xattr_name);
|
||||
+#ifdef USE_OPENSSL
|
||||
+ CLEAN(srvconf.tpm_object);
|
||||
+ CLEAN(srvconf.tpm_engine);
|
||||
+ // don't free the tpm_key as that will be freed
|
||||
+ // below as ssl_pemfile_pkey
|
||||
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
|
||||
+#endif
|
||||
|
||||
CLEAN(tmp_chunk_len);
|
||||
#undef CLEAN
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,117 +0,0 @@
|
||||
--- lighttpd-1.4.35/src/configfile-glue.c.orig 2014-03-06 15:08:00.000000000 +0100
|
||||
+++ lighttpd-1.4.35/src/configfile-glue.c 2015-11-26 11:39:23.000000000 +0100
|
||||
@@ -8,6 +8,10 @@
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
+#include <stdint.h>
|
||||
+#ifndef __WIN32
|
||||
+#include <arpa/inet.h>
|
||||
+#endif
|
||||
|
||||
/**
|
||||
* like all glue code this file contains functions which
|
||||
@@ -336,12 +340,22 @@ static cond_result_t config_check_cond_n
|
||||
|
||||
if ((dc->cond == CONFIG_COND_EQ ||
|
||||
dc->cond == CONFIG_COND_NE) &&
|
||||
- (con->dst_addr.plain.sa_family == AF_INET) &&
|
||||
(NULL != (nm_slash = strchr(dc->string->ptr, '/')))) {
|
||||
int nm_bits;
|
||||
- long nm;
|
||||
char *err;
|
||||
struct in_addr val_inp;
|
||||
+ struct in6_addr val_inp6;
|
||||
+ int val_af;
|
||||
+ uint8_t *a, *b;
|
||||
+ int result_match, result_nomatch;
|
||||
+
|
||||
+ if (dc->cond == CONFIG_COND_EQ) {
|
||||
+ result_match = COND_RESULT_TRUE;
|
||||
+ result_nomatch = COND_RESULT_FALSE;
|
||||
+ } else {
|
||||
+ result_match = COND_RESULT_FALSE;
|
||||
+ result_nomatch = COND_RESULT_TRUE;
|
||||
+ }
|
||||
|
||||
if (*(nm_slash+1) == '\0') {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: no number after / ", dc->string);
|
||||
@@ -356,10 +370,16 @@ static cond_result_t config_check_cond_n
|
||||
|
||||
return COND_RESULT_FALSE;
|
||||
}
|
||||
+ if (nm_bits < 0) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: negative netmask:", dc->string, err);
|
||||
+
|
||||
+ return COND_RESULT_FALSE;
|
||||
+ }
|
||||
|
||||
/* take IP convert to the native */
|
||||
buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
|
||||
#ifdef __WIN32
|
||||
+ val_af = AF_INET;
|
||||
if (INADDR_NONE == (val_inp.s_addr = inet_addr(srv->cond_check_buf->ptr))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
|
||||
|
||||
@@ -367,21 +387,54 @@ static cond_result_t config_check_cond_n
|
||||
}
|
||||
|
||||
#else
|
||||
- if (0 == inet_aton(srv->cond_check_buf->ptr, &val_inp)) {
|
||||
+ if (1 == inet_pton(AF_INET, srv->cond_check_buf->ptr, &val_inp)) {
|
||||
+ val_af = AF_INET;
|
||||
+ } else if (1 == inet_pton(AF_INET6, srv->cond_check_buf->ptr, &val_inp6)) {
|
||||
+ val_af = AF_INET6;
|
||||
+ } else {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
|
||||
|
||||
return COND_RESULT_FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
- /* build netmask */
|
||||
- nm = htonl(~((1 << (32 - nm_bits)) - 1));
|
||||
+ if (val_af == AF_INET) {
|
||||
+ if (nm_bits > 32) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv4 netmask too large:", nm_bits);
|
||||
|
||||
- if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
|
||||
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;
|
||||
+ return COND_RESULT_FALSE;
|
||||
+ }
|
||||
+ a = (uint8_t *)&val_inp;
|
||||
+ if (con->dst_addr.plain.sa_family == AF_INET) {
|
||||
+ b = (uint8_t *)&con->dst_addr.ipv4.sin_addr.s_addr;
|
||||
+ } else if (IN6_IS_ADDR_V4MAPPED(&con->dst_addr.ipv6.sin6_addr)) {
|
||||
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[12];
|
||||
+ } else {
|
||||
+ return result_nomatch;
|
||||
+ }
|
||||
} else {
|
||||
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_FALSE : COND_RESULT_TRUE;
|
||||
+ if (nm_bits > 128) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv6 netmask too large:", nm_bits);
|
||||
+
|
||||
+ return COND_RESULT_FALSE;
|
||||
+ }
|
||||
+ a = (uint8_t *)&val_inp6;
|
||||
+ if (con->dst_addr.plain.sa_family == AF_INET) {
|
||||
+ return result_nomatch;
|
||||
+ } else {
|
||||
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[0];
|
||||
+ }
|
||||
+ }
|
||||
+ while (nm_bits) {
|
||||
+ if (nm_bits >= 8) {
|
||||
+ if (*a++ != *b++) return result_nomatch;
|
||||
+ nm_bits -= 8;
|
||||
+ } else {
|
||||
+ if (*a >> (8 - nm_bits) != *b >> (8 - nm_bits)) return result_nomatch;
|
||||
+ nm_bits = 0;
|
||||
+ }
|
||||
}
|
||||
+ return result_match;
|
||||
} else {
|
||||
l = con->dst_addr_buf;
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 2b9054a9278f5b7a6af660eb5842b9ec32d50e74 Mon Sep 17 00:00:00 2001
|
||||
From c25a30b4a0c7347234c2af4afab099b5735bbf71 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:05:59 -0400
|
||||
Subject: [PATCH 8/9] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/net-snmp.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
|
||||
index 0ac1eef..8d109b8 100644
|
||||
index 9b313cb..b015436 100644
|
||||
--- a/SPECS/net-snmp.spec
|
||||
+++ b/SPECS/net-snmp.spec
|
||||
@@ -14,7 +14,7 @@
|
||||
Summary: A collection of SNMP protocol tools and libraries
|
||||
Name: net-snmp
|
||||
Version: 5.7.2
|
||||
-Release: 28%{?dist}.1
|
||||
+Release: 28.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 33%{?dist}.2
|
||||
+Release: 33.el7_5.2%{?_tis_dist}.%{tis_patch_ver}
|
||||
Epoch: 1
|
||||
|
||||
License: BSD
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,14 +1,14 @@
|
||||
From d984ab4a020a20082190e8029f45f06031f320da Mon Sep 17 00:00:00 2001
|
||||
From 5dc19ad10a3f91803116a88c303134e9ff361bd5 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:05:59 -0400
|
||||
Subject: [PATCH 6/9] WRS: run-snmpd-as-non-root-user.patch
|
||||
Subject: [PATCH] WRS: run-snmpd-as-non-root-user.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/net-snmp.spec
|
||||
---
|
||||
SOURCES/snmpd.service | 2 +-
|
||||
SPECS/net-snmp.spec | 4 ++--
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
SPECS/net-snmp.spec | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service
|
||||
index 84b6ca3..ad689c8 100644
|
||||
@ -24,19 +24,10 @@ index 84b6ca3..ad689c8 100644
|
||||
ExecStart=/etc/init.d/snmpd start
|
||||
ExecStop=/etc/init.d/snmpd stop
|
||||
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
|
||||
index a433f40..0ac1eef 100644
|
||||
index 3e36cb5..9b313cb 100644
|
||||
--- a/SPECS/net-snmp.spec
|
||||
+++ b/SPECS/net-snmp.spec
|
||||
@@ -14,7 +14,7 @@
|
||||
Summary: A collection of SNMP protocol tools and libraries
|
||||
Name: net-snmp
|
||||
Version: 5.7.2
|
||||
-Release: 28%{?dist}
|
||||
+Release: 28%{?dist}.1
|
||||
Epoch: 1
|
||||
|
||||
License: BSD
|
||||
@@ -413,7 +413,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
|
||||
@@ -428,7 +428,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
|
||||
|
||||
# WRS
|
||||
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
|
||||
@ -46,5 +37,5 @@ index a433f40..0ac1eef 100644
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
|
||||
install -m 755 %SOURCE13 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/snmpd
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,14 +1,14 @@
|
||||
From 05124f2495f4173848cac245c6579247a0e255d6 Mon Sep 17 00:00:00 2001
|
||||
From 492d89dca4ca498b77847abc1f1313a800fec85e Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 17:05:58 -0400
|
||||
Subject: [PATCH 3/9] WRS: snmp-spec-add-init-script.patch
|
||||
Subject: [PATCH] WRS: snmp-spec-add-init-script.patch
|
||||
|
||||
---
|
||||
SPECS/net-snmp.spec | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
|
||||
index 85955d0..df248ac 100644
|
||||
index da7706b..035d2f8 100644
|
||||
--- a/SPECS/net-snmp.spec
|
||||
+++ b/SPECS/net-snmp.spec
|
||||
@@ -41,6 +41,7 @@ Source11: snmptrapd.service
|
||||
@ -19,7 +19,7 @@ index 85955d0..df248ac 100644
|
||||
|
||||
Patch1: net-snmp-5.7.2-pie.patch
|
||||
Patch2: net-snmp-5.5-dir-fix.patch
|
||||
@@ -414,6 +415,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
|
||||
@@ -429,6 +430,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
|
||||
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
|
||||
chmod 600 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
|
||||
|
||||
@ -29,14 +29,14 @@ index 85955d0..df248ac 100644
|
||||
install -d ${RPM_BUILD_ROOT}%{_initrddir}
|
||||
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}%{_initrddir}/snmpd
|
||||
install -m 755 %SOURCE3 ${RPM_BUILD_ROOT}%{_initrddir}/snmptrapd
|
||||
@@ -553,6 +557,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
@@ -568,6 +572,7 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%dir %{_localstatedir}/run/net-snmp
|
||||
%{_prefix}/lib/tmpfiles.d/net-snmp.conf
|
||||
%{_unitdir}/snmp*
|
||||
+%{_sysconfdir}/rc.d/init.d/snmpd
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/snmpd
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/snmptrapd
|
||||
|
||||
%attr(0755,root,root) %{_bindir}/net-snmp-config*
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,8 +1,18 @@
|
||||
From 0358f8ee4e56fbd3f4c54409b3dbe5c9fdff3a27 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Sun, 12 Aug 2018 22:07:24 +0800
|
||||
Subject: [PATCH] spec-configure-without-HOST-RESOURCES-MIB
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
SPECS/net-snmp.spec | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
|
||||
index 12323a4..1e23fba 100644
|
||||
index a1b3720..e6e5d8c 100644
|
||||
--- a/SPECS/net-snmp.spec
|
||||
+++ b/SPECS/net-snmp.spec
|
||||
@@ -331,7 +331,7 @@ rm testing/fulltests/default/T200*
|
||||
@@ -342,7 +342,7 @@ rm testing/fulltests/default/T200*
|
||||
%endif
|
||||
|
||||
%build
|
||||
@ -11,7 +21,7 @@ index 12323a4..1e23fba 100644
|
||||
ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
|
||||
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
|
||||
ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
|
||||
@@ -352,6 +352,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
|
||||
@@ -363,6 +363,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
|
||||
--with-logfile="/var/log/snmpd.log" \
|
||||
--with-persistent-directory="/var/lib/net-snmp" \
|
||||
--with-mib-modules="$MIBS" \
|
||||
@ -19,3 +29,6 @@ index 12323a4..1e23fba 100644
|
||||
%if %{netsnmp_tcp_wrappers}
|
||||
--with-libwrap=yes \
|
||||
%endif
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/net-snmp-5.7.2-28.el7.src.rpm
|
||||
mirror:Source/net-snmp-5.7.2-33.el7_5.2.src.rpm
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 55b381fed1b1bae9bd0bdfabd07246f40805252e Mon Sep 17 00:00:00 2001
|
||||
From bb0bf50256fd7d85d7f6f9eeb64d621a5698cfcc Mon Sep 17 00:00:00 2001
|
||||
From: Don Penney <don.penney@windriver.com>
|
||||
Date: Tue, 27 Sep 2016 21:23:24 -0400
|
||||
Subject: [PATCH] Update package versioning for TIS format
|
||||
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
|
||||
index c10c448..74c13eb 100644
|
||||
index 02dd5f8..a4579f5 100644
|
||||
--- a/SPECS/netpbm.spec
|
||||
+++ b/SPECS/netpbm.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
Summary: A library for handling different graphics file formats
|
||||
Name: netpbm
|
||||
Version: 10.61.02
|
||||
-Release: 9%{?dist}
|
||||
+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Version: 10.79.00
|
||||
-Release: 7%{?dist}
|
||||
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
# See copyright_summary for details
|
||||
License: BSD and GPLv2 and IJG and MIT and Public Domain
|
||||
Group: System Environment/Libraries
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,16 +1,26 @@
|
||||
From 4d8601d4eda671c7da04f7eb438e20407f33b09b Mon Sep 17 00:00:00 2001
|
||||
From: zhipengl <zhipengs.liu@intel.com>
|
||||
Date: Wed, 22 Aug 2018 01:02:40 +0800
|
||||
Subject: 0001-remove-ghostscript.patch
|
||||
|
||||
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||
---
|
||||
SPECS/netpbm.spec | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
|
||||
index c0a2d27..c10c448 100644
|
||||
index 82eafb8..02dd5f8 100644
|
||||
--- a/SPECS/netpbm.spec
|
||||
+++ b/SPECS/netpbm.spec
|
||||
@@ -40,6 +40,7 @@ Patch28: netpbm-compare-same-images.patch
|
||||
Patch29: netpbm-manual-pages.patch
|
||||
Patch30: netpbm-pnmtops-hangs.patch
|
||||
Patch31: netpbm-pgmtexture-fault.patch
|
||||
+Patch32: remove-pstopnm.patch
|
||||
@@ -31,6 +31,7 @@ Patch15: netpbm-pamtojpeg2k.patch
|
||||
Patch16: netpbm-manfix.patch
|
||||
Patch17: netpbm-manual-pages.patch
|
||||
Patch18: netpbm-ppmfadeusage.patch
|
||||
+Patch19: remove-pstopnm.patch
|
||||
BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
|
||||
BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
|
||||
|
||||
@@ -66,7 +67,6 @@ to have the netpbm package installed.
|
||||
@@ -57,7 +58,6 @@ to have the netpbm package installed.
|
||||
%package progs
|
||||
Summary: Tools for manipulating graphics files in netpbm supported formats
|
||||
Group: Applications/Multimedia
|
||||
@ -18,12 +28,14 @@ index c0a2d27..c10c448 100644
|
||||
Requires: netpbm = %{version}-%{release}
|
||||
|
||||
%description progs
|
||||
@@ -102,6 +102,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
|
||||
%patch16 -p1 -b .manfix
|
||||
%patch17 -p1 -b .manual-pages
|
||||
%patch18 -p1 -b .ppmfadeusage
|
||||
+%patch19 -p1
|
||||
|
||||
@@ -120,6 +120,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
|
||||
%patch29 -p1 -b .manual-pages
|
||||
%patch30 -p1 -b .pnmtops-hangs
|
||||
%patch31 -p1 -b .pgmtexture-fault
|
||||
+%patch32 -p1
|
||||
|
||||
sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
|
||||
rm -rf converter/other/jpeg2000/libjasper/
|
||||
sed -i -e 's/SUBDIRS += libjasper//' converter/other/jpeg2000/Makefile
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1,25 +1,37 @@
|
||||
diff --git a/netpbm-10.61.02/converter/other/Makefile b/netpbm-10.61.02/converter/other/Makefile
|
||||
index 746db87..02c66b4 100644
|
||||
--- a/netpbm-10.61.02/converter/other/Makefile
|
||||
+++ b/netpbm-10.61.02/converter/other/Makefile
|
||||
From ba7b88e20f58d1d549bf7eec2e7fc2fa2a229362 Mon Sep 17 00:00:00 2001
|
||||
From: zhipengl <zhipengs.liu@intel.com>
|
||||
Date: Wed, 22 Aug 2018 00:50:54 +0800
|
||||
Subject: remove-pstopnm.patch
|
||||
|
||||
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
|
||||
---
|
||||
converter/other/Makefile | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/converter/other/Makefile b/converter/other/Makefile
|
||||
index b01f66a..6e9c84f 100644
|
||||
--- a/converter/other/Makefile
|
||||
+++ b/converter/other/Makefile
|
||||
@@ -7,6 +7,7 @@ VPATH=.:$(SRCDIR)/$(SUBDIR)
|
||||
|
||||
include $(BUILDDIR)/config.mk
|
||||
|
||||
+USE_GHOSTSCRIPT=N
|
||||
TEST_PKGCONFIG_LIBXML2 = if pkg-config libxml-2.0; then echo exists; fi
|
||||
TEST_PKGCONFIG_LIBXML2 = if $(PKG_CONFIG) libxml-2.0; then echo exists; fi
|
||||
|
||||
ifneq ($(shell $(TEST_PKGCONFIG_LIBXML2)),)
|
||||
@@ -134,10 +135,12 @@ BINARIES = \
|
||||
rasttopnm \
|
||||
srftopam \
|
||||
@@ -126,9 +127,11 @@ PORTBINARIES = avstopam bmptopnm fitstopnm \
|
||||
rasttopnm rlatopam sgitopnm sirtopnm srftopam sunicontopnm \
|
||||
winicontopam xwdtopnm yuy2topam zeisstopnm
|
||||
|
||||
+ifneq ($(USE_GHOSTSCRIPT),N)
|
||||
ifneq ($(DONT_HAVE_PROCESS_MGMT),Y)
|
||||
PORTBINARIES += pstopnm
|
||||
BINARIES += pnmtops
|
||||
PORTBINARIES += pstopnm pnmtops
|
||||
endif
|
||||
+endif
|
||||
|
||||
ifeq ($(HAVE_PNGLIB),Y)
|
||||
BINARIES += pnmtopng pngtopam pamrgbatopng
|
||||
PORTBINARIES += pamtopng pnmtopng pngtopam
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/netpbm-10.61.02-9.el7.src.rpm
|
||||
mirror:Source/netpbm-10.79.00-7.el7.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From af36b0f028b07a6487e57040bb6c980ff6a4a41c Mon Sep 17 00:00:00 2001
|
||||
From 30615fcee3c857e0bb2900a64e14b807adff5495 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:29:01 -0400
|
||||
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/ntp.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
|
||||
index f717899..454020c 100644
|
||||
index 73ab0f7..bf9c32b 100644
|
||||
--- a/SPECS/ntp.spec
|
||||
+++ b/SPECS/ntp.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
Summary: The NTP daemon and utilities
|
||||
Name: ntp
|
||||
Version: 4.2.6p5
|
||||
-Release: 25%{?dist}.2
|
||||
+Release: 25.el7.centos.2%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 28%{?dist}
|
||||
+Release: 28.el7.centos%{?_tis_dist}.%{tis_patch_ver}
|
||||
# primary license (COPYRIGHT) : MIT
|
||||
# ElectricFence/ (not used) : GPLv2
|
||||
# kernel/sys/ppsclock.h (not used) : BSD with advertising
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/ntp-4.2.6p5-25.el7.centos.2.src.rpm
|
||||
mirror:Source/ntp-4.2.6p5-28.el7.centos.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 099d1c1f3376673e9a3c5747c87c8c756c883ce6 Mon Sep 17 00:00:00 2001
|
||||
From 857b95ac924a980c60d894148d3c5d41aca8447d Mon Sep 17 00:00:00 2001
|
||||
From: Andy Ning <andy.ning@windriver.com>
|
||||
Date: Thu, 22 Mar 2018 11:45:26 -0400
|
||||
Subject: [PATCH 1/1] CGTS-9265: patch to harden server and client config
|
||||
Subject: [PATCH] CGTS-9265: patch to harden server and client config
|
||||
|
||||
Replace the hardcoded sshd_config and ssh_config files with patches
|
||||
to openssh.
|
||||
@ -12,12 +12,12 @@ Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
|
||||
index 7ee5bd8..7c464a2 100644
|
||||
index 442261e..c62e6c8 100644
|
||||
--- a/SPECS/openssh.spec
|
||||
+++ b/SPECS/openssh.spec
|
||||
@@ -240,6 +240,9 @@ Patch955: openssh-7.4p1-sandbox-ibmca.patch
|
||||
# Back to UseDNS=yes by default (#1478175)
|
||||
Patch956: openssh-7.4p1-usedns-yes.patch
|
||||
@@ -251,6 +251,9 @@ Patch959: openssh-7.4p1-authorized_keys_command.patch
|
||||
# Fix for CVE-2017-15906 (#1517226)
|
||||
Patch960: openssh-7.5p1-sftp-empty-files.patch
|
||||
|
||||
+# WRS: harden server and client config
|
||||
+Patch1000: harden-server-and-client-config.patch
|
||||
@ -25,7 +25,7 @@ index 7ee5bd8..7c464a2 100644
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@@ -494,6 +497,9 @@ popd
|
||||
@@ -511,6 +514,9 @@ popd
|
||||
|
||||
%patch100 -p1 -b .coverity
|
||||
|
||||
@ -36,5 +36,5 @@ index 7ee5bd8..7c464a2 100644
|
||||
# Nothing here yet
|
||||
%endif
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/openssh-7.4p1-12.el7_4.src.rpm
|
||||
mirror:Source/openssh-7.4p1-16.el7.src.rpm
|
||||
|
@ -1,4 +1,4 @@
|
||||
From df02d7127b6feba73728380493033f5b212faab7 Mon Sep 17 00:00:00 2001
|
||||
From ebeb61340d3bc91c2489846a00878c557310634d Mon Sep 17 00:00:00 2001
|
||||
From: Don Penney <don.penney@windriver.com>
|
||||
Date: Tue, 27 Sep 2016 10:49:05 -0400
|
||||
Subject: [PATCH] Update package versioning for TIS format
|
||||
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/pam.spec b/SPECS/pam.spec
|
||||
index a702aca..dabbeee 100644
|
||||
index 0ee1747..e397385 100644
|
||||
--- a/SPECS/pam.spec
|
||||
+++ b/SPECS/pam.spec
|
||||
@@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.1.8
|
||||
-Release: 18%{?dist}
|
||||
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 22%{?dist}
|
||||
+Release: 22.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/pam-1.1.8-18.el7.src.rpm
|
||||
mirror:Source/pam-1.1.8-22.el7.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 20f4e2f0f19c6d0e9c8ee1314481bc8e85dbd5bb Mon Sep 17 00:00:00 2001
|
||||
From a6709dfc64368bac4970e3b99512a4e1b4b8e756 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:32:24 -0400
|
||||
Subject: [PATCH 1/1] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/rsync.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
|
||||
index 85b01f2..310b284 100644
|
||||
index d5f6d55..d9cb5ed 100644
|
||||
--- a/SPECS/rsync.spec
|
||||
+++ b/SPECS/rsync.spec
|
||||
@@ -8,7 +8,7 @@
|
||||
Summary: A program for synchronizing files over a network
|
||||
Name: rsync
|
||||
Version: 3.0.9
|
||||
-Release: 18%{?prerelease}%{?dist}
|
||||
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Version: 3.1.2
|
||||
-Release: 4%{?prerelease}%{?dist}
|
||||
+Release: 4.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Group: Applications/Internet
|
||||
URL: http://rsync.samba.org/
|
||||
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/rsync-3.0.9-18.el7.src.rpm
|
||||
mirror:Source/rsync-3.1.2-4.el7.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 112dfdc394a779a860c79c067d47142dc1db2484 Mon Sep 17 00:00:00 2001
|
||||
From b37781fdf5c5f4b373f124875c39ae10697c5898 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:45:32 -0400
|
||||
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/sanlock.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/sanlock.spec b/SPECS/sanlock.spec
|
||||
index b4996de..ebce8c1 100644
|
||||
index 5bfb8e4..587fcb2 100644
|
||||
--- a/SPECS/sanlock.spec
|
||||
+++ b/SPECS/sanlock.spec
|
||||
@@ -6,7 +6,7 @@
|
||||
|
||||
Name: sanlock
|
||||
Version: 3.5.0
|
||||
Version: 3.6.0
|
||||
-Release: 1%{?dist}
|
||||
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
Summary: A shared storage lock manager
|
||||
|
||||
Group: System Environment/Base
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,2 +1,2 @@
|
||||
mirror:Source/sanlock-3.5.0-1.el7.src.rpm
|
||||
mirror:Source/sanlock-3.6.0-1.el7.src.rpm
|
||||
|
||||
|
@ -1,14 +1,14 @@
|
||||
From 412fc338e588c92ee0be3bf1b1af0040fac9f500 Mon Sep 17 00:00:00 2001
|
||||
From 667cc2ccdd4451ce9d943064d714bcf1a8d1e4ed Mon Sep 17 00:00:00 2001
|
||||
From: Don Penney <don.penney@windriver.com>
|
||||
Date: Mon, 26 Sep 2016 17:40:54 -0400
|
||||
Subject: [PATCH] Update package versioning for TIS format
|
||||
Subject: [PATCH 09/15] Update package versioning for TIS format
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 223bfd5..89a4d2f 100644
|
||||
index 3ad2458..8f5fc46 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
@ -16,10 +16,10 @@ index 223bfd5..89a4d2f 100644
|
||||
Name: setup
|
||||
Version: 2.8.71
|
||||
-Release: 9%{?dist}
|
||||
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver}
|
||||
License: Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/setup/
|
||||
URL: https://pagure.io/setup/
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,8 +1,7 @@
|
||||
From 2f6906e33b91dc28c7b48ce5604501ce09cfaed6 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <2f6906e33b91dc28c7b48ce5604501ce09cfaed6.1468352966.git.Jim.Somerville@windriver.com>
|
||||
From 6d54fd5dff19e69d2d9c01e508fd4276e4eaef5b Mon Sep 17 00:00:00 2001
|
||||
From: Jim Somerville <Jim.Somerville@windriver.com>
|
||||
Date: Tue, 12 Jul 2016 15:43:47 -0400
|
||||
Subject: [PATCH 1/1] security make exports and fstab only root accessible
|
||||
Subject: [PATCH 07/15] security make exports and fstab only root accessible
|
||||
|
||||
Apply a chmod of 600 to the two files.
|
||||
|
||||
@ -12,17 +11,17 @@ Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index d40113f..6c18614 100644
|
||||
index db3ed17..a612d24 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -65,6 +65,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
|
||||
@@ -69,6 +69,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
|
||||
touch %{buildroot}/etc/fstab
|
||||
touch %{buildroot}/etc/subuid
|
||||
touch %{buildroot}/etc/subgid
|
||||
+chmod 0600 %{buildroot}/etc/{exports,fstab}
|
||||
install -m 644 %{SOURCE1} %{buildroot}/etc/
|
||||
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
|
||||
|
||||
mkdir -p %{buildroot}/etc/profile.d
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,40 +1,43 @@
|
||||
From 13bee9ed7d91fae3d66f91d4e4aa139ca3d05f66 Mon Sep 17 00:00:00 2001
|
||||
From d8ab20a896750f9fcd257d3e64cb0ef34e35140a Mon Sep 17 00:00:00 2001
|
||||
From: David Balme <david.balme@windriver.com>
|
||||
Date: Thu, 13 Oct 2016 08:40:27 -0400
|
||||
Subject: [PATCH 1/1] add TMOUT variable
|
||||
Subject: [PATCH 10/15] add TMOUT variable
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
SPECS/setup.spec | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 89a4d2f..1f5c96a 100644
|
||||
index 8f5fc46..a6465dc 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -8,6 +8,7 @@ URL: https://fedorahosted.org/setup/
|
||||
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
|
||||
@@ -8,6 +8,7 @@ URL: https://pagure.io/setup/
|
||||
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
|
||||
Source1: motd
|
||||
Source2: prompt.sh
|
||||
+Source3: custom.sh
|
||||
BuildArch: noarch
|
||||
BuildRequires: bash tcsh perl
|
||||
#require system release for saner dependency order
|
||||
@@ -70,6 +71,7 @@ touch %{buildroot}/etc/subgid
|
||||
@@ -73,8 +74,9 @@ touch %{buildroot}/etc/subuid
|
||||
touch %{buildroot}/etc/subgid
|
||||
chmod 0600 %{buildroot}/etc/{exports,fstab}
|
||||
install -m 644 %{SOURCE1} %{buildroot}/etc/
|
||||
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
|
||||
-install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
|
||||
mkdir -p %{buildroot}/etc/profile.d
|
||||
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
|
||||
+install -m 644 %{SOURCE3} %{buildroot}/etc/profile.d/custom.sh
|
||||
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
|
||||
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
|
||||
|
||||
# remove unpackaged files from the buildroot
|
||||
rm -f %{buildroot}/etc/Makefile
|
||||
@@ -125,6 +127,7 @@ end
|
||||
@@ -133,6 +135,7 @@ end
|
||||
%config(noreplace) /etc/motd
|
||||
%dir /etc/profile.d
|
||||
/etc/profile.d/prompt.sh
|
||||
+/etc/profile.d/custom.sh
|
||||
%config(noreplace) /etc/profile.d/sh.local
|
||||
%config(noreplace) /etc/profile.d/csh.local
|
||||
%config(noreplace) %verify(not md5 size mtime) /etc/shells
|
||||
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
|
||||
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,26 +1,33 @@
|
||||
commit f944ef677dc090e91b790ac54064d61d071edb5c
|
||||
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
Date: Mon Sep 25 12:20:43 2017 -0400
|
||||
From 1c1e025ff9cdf5a5041959434a79014e24015271 Mon Sep 17 00:00:00 2001
|
||||
From: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
Date: Mon, 27 Aug 2018 17:55:18 +0800
|
||||
|
||||
Add ironic-uid-gid.patch to SPECS
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 2ec3541..55dd30b 100644
|
||||
index 367a13b..974113e 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -28,6 +28,7 @@ Patch9: snmpd-fm-user-group.patch
|
||||
Patch10: remove-unused-default-groups.patch
|
||||
Patch11: add-fm-user-to-snmpd-group.patch
|
||||
Patch12: add-magnum-uid-gid.patch
|
||||
+Patch13: add-ironic-uid-gid.patch
|
||||
@@ -30,6 +30,7 @@ Patch11: snmpd-fm-user-group.patch
|
||||
Patch12: remove-unused-default-groups.patch
|
||||
Patch13: add-fm-user-to-snmpd-group.patch
|
||||
Patch14: add-magnum-uid-gid.patch
|
||||
+Patch15: add-ironic-uid-gid.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
@@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch12 -p1
|
||||
+%patch13 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
+%patch15 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1,32 +1,32 @@
|
||||
From 11086bd4422e8f24a0b070eb16e53b08f4561c61 Mon Sep 17 00:00:00 2001
|
||||
From 23dda8869b96f7df3db3fc885ca960b4889c82c0 Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Sun <jerry.sun@windriver.com>
|
||||
Date: Thu, 3 Aug 2017 16:18:34 -0400
|
||||
Subject: [PATCH 1/1] meta add magnum uid and gid
|
||||
Subject: [PATCH 12/15] meta add magnum uid and gid
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 9ee24ca..2ec3541 100644
|
||||
index 6a871f3..367a13b 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -27,6 +27,7 @@ Patch8: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch9: snmpd-fm-user-group.patch
|
||||
Patch10: remove-unused-default-groups.patch
|
||||
Patch11: add-fm-user-to-snmpd-group.patch
|
||||
+Patch12: add-magnum-uid-gid.patch
|
||||
@@ -29,6 +29,7 @@ Patch10: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch11: snmpd-fm-user-group.patch
|
||||
Patch12: remove-unused-default-groups.patch
|
||||
Patch13: add-fm-user-to-snmpd-group.patch
|
||||
+Patch14: add-magnum-uid-gid.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -46,6 +47,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch11 -p1
|
||||
+%patch12 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
+%patch14 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,32 +1,32 @@
|
||||
From bb774f39b779de4e31007fc70bead641820ae74f Mon Sep 17 00:00:00 2001
|
||||
From 07aca8a7f571059552dceb9a83d7b231e6ba01ff Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Sun <jerry.sun@windriver.com>
|
||||
Date: Mon, 8 Jan 2018 12:28:08 -0500
|
||||
Subject: [PATCH 1/1] meta add murano uid and gid
|
||||
Subject: [PATCH 14/15] meta add murano uid and gid
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 55dd30b..b652b3c 100644
|
||||
index 974113e..7f636ea 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -29,6 +29,7 @@ Patch10: remove-unused-default-groups.patch
|
||||
Patch11: add-fm-user-to-snmpd-group.patch
|
||||
Patch12: add-magnum-uid-gid.patch
|
||||
Patch13: add-ironic-uid-gid.patch
|
||||
+Patch14: add-murano-uid-gid.patch
|
||||
@@ -31,6 +31,7 @@ Patch12: remove-unused-default-groups.patch
|
||||
Patch13: add-fm-user-to-snmpd-group.patch
|
||||
Patch14: add-magnum-uid-gid.patch
|
||||
Patch15: add-ironic-uid-gid.patch
|
||||
+Patch16: add-murano-uid-gid.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
@@ -54,6 +55,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch13 -p1
|
||||
+%patch14 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
+%patch16 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,32 +1,32 @@
|
||||
From 8c24c1c8bc9b703714c52b9b45cd3ea90f4a6604 Mon Sep 17 00:00:00 2001
|
||||
From 34c8b5f204877ae54d07248b9729353c8f8dfecf Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.Wang@windriver.com>
|
||||
Date: Thu, 7 Jun 2018 16:39:08 -0400
|
||||
Subject: [PATCH] spec add uid gid for telemetry services
|
||||
Subject: [PATCH 15/15] spec add uid gid for telemetry services
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index b652b3c..76d4feb 100644
|
||||
index 7f636ea..4f11a37 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -30,6 +30,7 @@ Patch11: add-fm-user-to-snmpd-group.patch
|
||||
Patch12: add-magnum-uid-gid.patch
|
||||
Patch13: add-ironic-uid-gid.patch
|
||||
Patch14: add-murano-uid-gid.patch
|
||||
+Patch15: add-uid-gid-for-telemetry-services.patch
|
||||
@@ -32,6 +32,7 @@ Patch13: add-fm-user-to-snmpd-group.patch
|
||||
Patch14: add-magnum-uid-gid.patch
|
||||
Patch15: add-ironic-uid-gid.patch
|
||||
Patch16: add-murano-uid-gid.patch
|
||||
+Patch17: add-uid-gid-for-telemetry-services.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
@@ -56,6 +57,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch14 -p1
|
||||
+%patch15 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
+%patch17 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,35 +1,43 @@
|
||||
setup.spec: to include Titanium Cloud specific changes
|
||||
From 236314295289b829e6216022a247017f7c0851c7 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Tue, 7 Aug 2018 22:41:01 +0800
|
||||
Subject: [PATCH 01/15] setup.spec: to include Titanium Cloud specific changes
|
||||
|
||||
To include files under cgcs/recipes-base/setup/files/*
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
SPECS/setup.spec | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 9174b5a..efc52ca 100644
|
||||
index 317132b..4ac1019 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -6,6 +6,7 @@ License: Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/setup/
|
||||
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
|
||||
URL: https://pagure.io/setup/
|
||||
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
|
||||
+Source1: motd
|
||||
BuildArch: noarch
|
||||
BuildRequires: bash tcsh perl
|
||||
#require system release for saner dependency order
|
||||
@@ -55,6 +56,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
|
||||
@@ -59,6 +60,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
|
||||
touch %{buildroot}/etc/fstab
|
||||
touch %{buildroot}/etc/subuid
|
||||
touch %{buildroot}/etc/subgid
|
||||
+install -m 644 %{SOURCE1} %{buildroot}/etc/
|
||||
|
||||
# remove unpackaged files from the buildroot
|
||||
rm -f %{buildroot}/etc/Makefile
|
||||
@@ -107,6 +109,7 @@ end
|
||||
mkdir -p %{buildroot}/etc/profile.d
|
||||
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
|
||||
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
|
||||
@@ -115,6 +117,7 @@ end
|
||||
%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty
|
||||
%config(noreplace) /etc/csh.login
|
||||
%config(noreplace) /etc/csh.cshrc
|
||||
+%config(noreplace) /etc/motd
|
||||
%dir /etc/profile.d
|
||||
%config(noreplace) %verify(not md5 size mtime) /etc/shells
|
||||
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
|
||||
%config(noreplace) /etc/profile.d/sh.local
|
||||
%config(noreplace) /etc/profile.d/csh.local
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,22 +1,33 @@
|
||||
From 3eb03183dc24b865dd3e84495a82899f39665690 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Tue, 7 Aug 2018 23:17:05 +0800
|
||||
Subject: [PATCH 11/15] spec-include-add-fm-user-to-snmpd-group
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index a6465dc..6a871f3 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -26,6 +26,7 @@ Patch6: updating-gids-and-uids-to-suppor
|
||||
Patch8: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch9: snmpd-fm-user-group.patch
|
||||
Patch10: remove-unused-default-groups.patch
|
||||
+Patch11: add-fm-user-to-snmpd-group.patch
|
||||
@@ -28,6 +28,7 @@ Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Patch10: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch11: snmpd-fm-user-group.patch
|
||||
Patch12: remove-unused-default-groups.patch
|
||||
+Patch13: add-fm-user-to-snmpd-group.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -44,6 +45,7 @@ setup files, such as passwd, group, and
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch10 -p1
|
||||
+%patch11 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
+%patch13 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1,41 +1,32 @@
|
||||
From 35ebbf2ca7e5e412f55cdaa875845728d203b34d Mon Sep 17 00:00:00 2001
|
||||
From f0882fad769c71cb70b44251c79f39e7e13dbc48 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Fri, 12 Aug 2016 17:35:28 -0400
|
||||
Subject: [PATCH] meta patch for snmpd-user-group.patch
|
||||
Subject: [PATCH 06/15] meta patch for snmpd-user-group.patch
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 89ff683..d40113f 100644
|
||||
index 10d151b..db3ed17 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
Summary: A set of system configuration and setup files
|
||||
Name: setup
|
||||
Version: 2.8.71
|
||||
-Release: 7%{?dist}
|
||||
+Release: 8%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/setup/
|
||||
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
|
||||
Patch6: tis-uid-gid.patch
|
||||
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Patch8: passwd-remove-unused-default-users-and-groups.patch
|
||||
+Patch9: snmpd-fm-user-group.patch
|
||||
@@ -25,6 +25,7 @@ Patch7: setup-2.8.71-shlocal.patch
|
||||
Patch8: tis-uid-gid.patch
|
||||
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Patch10: passwd-remove-unused-default-users-and-groups.patch
|
||||
+Patch11: snmpd-fm-user-group.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
@@ -43,6 +44,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch8 -p1
|
||||
+%patch9 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
+%patch11 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,7 @@
|
||||
From f882ce44d7e8574e9affc5e6471265029f9724ca Mon Sep 17 00:00:00 2001
|
||||
From 1285d1381237a94df55df913aa268cd5bb9c6b89 Mon Sep 17 00:00:00 2001
|
||||
From: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
Date: Thu, 21 Jul 2016 11:47:55 -0400
|
||||
Subject: [PATCH] spec: add patch to remove unused users and groups
|
||||
Subject: [PATCH 05/15] spec: add patch to remove unused users and groups
|
||||
|
||||
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
---
|
||||
@ -9,25 +9,25 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 3debacf..89ff683 100644
|
||||
index 18283cd..10d151b 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -22,6 +22,7 @@ Patch4: setup-2.8.71-filesystems.patch
|
||||
Patch5: setup-2.8.71-fullpath.patch
|
||||
Patch6: tis-uid-gid.patch
|
||||
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
+Patch8: passwd-remove-unused-default-users-and-groups.patch
|
||||
@@ -24,6 +24,7 @@ Patch6: setup-2.8.71-tapeid.patch
|
||||
Patch7: setup-2.8.71-shlocal.patch
|
||||
Patch8: tis-uid-gid.patch
|
||||
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
+Patch10: passwd-remove-unused-default-users-and-groups.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -37,6 +38,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch7 -p1
|
||||
+%patch8 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
+%patch10 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,42 +1,33 @@
|
||||
From e882a5dfad4ad41a256ea3867e1a4c4a08df9a98 Mon Sep 17 00:00:00 2001
|
||||
From 22d06a6c5c7b44db10060bf95b623dc3c1943a9a Mon Sep 17 00:00:00 2001
|
||||
From: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
Date: Fri, 19 Aug 2016 09:28:43 -0400
|
||||
Subject: [PATCH] spec: add patch to remove unused groups
|
||||
Subject: [PATCH 08/15] spec: add patch to remove unused groups
|
||||
|
||||
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
---
|
||||
SPECS/setup.spec | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 6c18614..223bfd5 100644
|
||||
index a612d24..3ad2458 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
Summary: A set of system configuration and setup files
|
||||
Name: setup
|
||||
Version: 2.8.71
|
||||
-Release: 8%{?dist}
|
||||
+Release: 9%{?dist}
|
||||
License: Public Domain
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/setup/
|
||||
@@ -24,6 +24,7 @@ Patch6: tis-uid-gid.patch
|
||||
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Patch8: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch9: snmpd-fm-user-group.patch
|
||||
+Patch10: remove-unused-default-groups.patch
|
||||
@@ -26,6 +26,7 @@ Patch8: tis-uid-gid.patch
|
||||
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Patch10: passwd-remove-unused-default-users-and-groups.patch
|
||||
Patch11: snmpd-fm-user-group.patch
|
||||
+Patch12: remove-unused-default-groups.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
@@ -45,6 +46,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch9 -p1
|
||||
+%patch10 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
+%patch12 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,42 +1,46 @@
|
||||
setup.spec: add custom shell login prompt
|
||||
From d298b3b8a8a27e23d1589b99a2f9419505563a92 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Tue, 7 Aug 2018 22:53:18 +0800
|
||||
Subject: [PATCH 03/15] setup.spec: add custom shell login prompt
|
||||
|
||||
A user can be set to use "sh" (which points to bash) as login prompt.
|
||||
This makes the login shell to enter "POSIX" mode which will only
|
||||
read/executes file /etc/profle and files in /etc/profiled.d. So create
|
||||
custom login prompt in /etc/profiles.d
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
SPECS/setup.spec | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 3f74b90..184670f 100644
|
||||
index 72cbcba..aa6b36e 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -7,6 +7,7 @@ Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/setup/
|
||||
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
|
||||
URL: https://pagure.io/setup/
|
||||
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
|
||||
Source1: motd
|
||||
+Source2: prompt.sh
|
||||
BuildArch: noarch
|
||||
BuildRequires: bash tcsh perl
|
||||
#require system release for saner dependency order
|
||||
@@ -59,6 +60,7 @@ touch %{buildroot}/etc/fstab
|
||||
@@ -63,6 +64,7 @@ touch %{buildroot}/etc/fstab
|
||||
touch %{buildroot}/etc/subuid
|
||||
touch %{buildroot}/etc/subgid
|
||||
install -m 644 %{SOURCE1} %{buildroot}/etc/
|
||||
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
|
||||
|
||||
# remove unpackaged files from the buildroot
|
||||
rm -f %{buildroot}/etc/Makefile
|
||||
@@ -113,6 +115,7 @@ end
|
||||
mkdir -p %{buildroot}/etc/profile.d
|
||||
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
|
||||
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
|
||||
@@ -121,6 +123,7 @@ end
|
||||
%config(noreplace) /etc/csh.cshrc
|
||||
%config(noreplace) /etc/motd
|
||||
%dir /etc/profile.d
|
||||
+/etc/profile.d/prompt.sh
|
||||
%config(noreplace) /etc/profile.d/sh.local
|
||||
%config(noreplace) /etc/profile.d/csh.local
|
||||
%config(noreplace) %verify(not md5 size mtime) /etc/shells
|
||||
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
|
||||
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,32 +1,33 @@
|
||||
From b4a83aefe522dc1674c4979436398661f3ae4572 Mon Sep 17 00:00:00 2001
|
||||
From 935277306d01c917b81fa33ebc7f27b0edd61f7f Mon Sep 17 00:00:00 2001
|
||||
From: Bart Wensley <barton.wensley@windriver.com>
|
||||
Date: Mon, 27 Jun 2016 12:28:36 -0400
|
||||
Subject: [PATCH 1/1] updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
Subject: [PATCH 04/15]
|
||||
updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
|
||||
---
|
||||
SPECS/setup.spec | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
|
||||
index 184670f..3debacf 100644
|
||||
index aa6b36e..18283cd 100644
|
||||
--- a/SPECS/setup.spec
|
||||
+++ b/SPECS/setup.spec
|
||||
@@ -21,6 +21,7 @@ Patch3: setup-2.8.71-uidgidchanges.patch
|
||||
Patch4: setup-2.8.71-filesystems.patch
|
||||
Patch5: setup-2.8.71-fullpath.patch
|
||||
Patch6: tis-uid-gid.patch
|
||||
+Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
|
||||
Patch6: setup-2.8.71-tapeid.patch
|
||||
Patch7: setup-2.8.71-shlocal.patch
|
||||
Patch8: tis-uid-gid.patch
|
||||
+Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
|
||||
|
||||
%description
|
||||
The setup package contains a set of important system configuration and
|
||||
@@ -35,6 +36,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
|
||||
%patch6 -p1
|
||||
+%patch7 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
+%patch9 -p1
|
||||
|
||||
./shadowconvert.sh
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,7 +1,15 @@
|
||||
From 02610c6c7bf89593a9b1e98eb5ee0cfba5c48707 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Thu, 16 Aug 2018 00:13:14 +0800
|
||||
Subject: [PATCH] add-fm-user-to-snmpd-group
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
group | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/group b/group
|
||||
index a3bb69e..9b77aae 100644
|
||||
--- a/group
|
||||
+++ b/group
|
||||
@@ -21,7 +21,7 @@ neutron:x:164:neutron
|
||||
@ -13,3 +21,6 @@
|
||||
heat:x:187:heat
|
||||
nfv:x:172:nfv
|
||||
fm:x:195:fm
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1,11 +1,16 @@
|
||||
commit 51c505c59a1512c011fcda01d0583a2ddc6f3337
|
||||
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
|
||||
Date: Mon Sep 25 11:39:29 2017 -0400
|
||||
From 15d0ef24f88290887f1e154352b53f373a04e783 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Thu, 16 Aug 2018 00:15:04 +0800
|
||||
Subject: [PATCH] add-ironic-uid-gid
|
||||
|
||||
add ironic group and passwd
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
group | 1 +
|
||||
passwd | 1 +
|
||||
2 files changed, 2 insertions(+)
|
||||
|
||||
diff --git a/group b/group
|
||||
index 7d0244f..9979b99 100644
|
||||
index f6a75e5..d9050fa 100644
|
||||
--- a/group
|
||||
+++ b/group
|
||||
@@ -27,3 +27,4 @@ nfv:x:172:nfv
|
||||
@ -22,3 +27,6 @@ index fce82e7..fb49ea3 100644
|
||||
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
|
||||
magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
|
||||
+ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 737295c6ad990e8e248fef6b378198c3326b90ba Mon Sep 17 00:00:00 2001
|
||||
From fed037afbe78b47d46dbbd5838468e57bfe19884 Mon Sep 17 00:00:00 2001
|
||||
From: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
Date: Thu, 11 Aug 2016 18:24:25 -0400
|
||||
Subject: [PATCH] passwd: remove unused default users and groups
|
||||
@ -13,7 +13,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
2 files changed, 16 deletions(-)
|
||||
|
||||
diff --git a/group b/group
|
||||
index c21e2de..87a03c1 100644
|
||||
index 825edbb..0a0a1b0 100644
|
||||
--- a/group
|
||||
+++ b/group
|
||||
@@ -1,11 +1,7 @@
|
||||
@ -33,7 +33,7 @@ index c21e2de..87a03c1 100644
|
||||
dialout::18:
|
||||
floppy::19:
|
||||
-games::20:
|
||||
tape::30:
|
||||
tape::33:
|
||||
-video::39:
|
||||
-ftp::50:
|
||||
lock::54:
|
||||
@ -62,5 +62,5 @@ index 548435f..46a3d52 100644
|
||||
rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
|
||||
nova:x:994:162::/var/lib/nova:/bin/false
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From d79451c9a047313fb8da27007ea9d99435e05ff2 Mon Sep 17 00:00:00 2001
|
||||
From dbc791c8f24ffac0d98e86213e4d592660f6087c Mon Sep 17 00:00:00 2001
|
||||
From: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
Date: Fri, 19 Aug 2016 09:21:44 -0400
|
||||
Subject: [PATCH] CGTS-4685: setup: remove unused default groups
|
||||
@ -14,7 +14,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/group b/group
|
||||
index 8794dde..0b93beb 100644
|
||||
index 42a8ed1..a3bb69e 100644
|
||||
--- a/group
|
||||
+++ b/group
|
||||
@@ -2,12 +2,10 @@ root::0:
|
||||
@ -29,7 +29,7 @@ index 8794dde..0b93beb 100644
|
||||
-man::15:
|
||||
dialout::18:
|
||||
floppy::19:
|
||||
tape::30:
|
||||
tape::33:
|
||||
--
|
||||
1.8.3.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/setup-2.8.71-7.el7.src.rpm
|
||||
mirror:Source/setup-2.8.71-9.el7.src.rpm
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 39b08b2cc4eb6d47490593a599db95703b74b754 Mon Sep 17 00:00:00 2001
|
||||
From 21db84dcb55f87c792a6d59cef0c68741a9d24b1 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:50:44 -0400
|
||||
Subject: [PATCH 1/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
Subject: [PATCH 1/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch
|
||||
|
||||
Conflicts:
|
||||
SPECS/sudo.spec
|
||||
@ -10,18 +10,18 @@ Conflicts:
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
|
||||
index c3a1a52..7d1486b 100644
|
||||
index c8d2f64..b6402bb 100644
|
||||
--- a/SPECS/sudo.spec
|
||||
+++ b/SPECS/sudo.spec
|
||||
@@ -1,7 +1,7 @@
|
||||
Summary: Allows restricted root access for specified users
|
||||
Name: sudo
|
||||
Version: 1.8.19p2
|
||||
-Release: 11%{?dist}
|
||||
+Release: 11.el7_4%{?_tis_dist}.%{tis_patch_ver}
|
||||
-Release: 14%{?dist}
|
||||
+Release: 14.el7_5%{?_tis_dist}.%{tis_patch_ver}
|
||||
License: ISC
|
||||
Group: Applications/System
|
||||
URL: http://www.courtesan.com/sudo/
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,35 +1,35 @@
|
||||
From abc3ec24a957002962bb4038946291b84bea3859 Mon Sep 17 00:00:00 2001
|
||||
From 70046603b8d607445e2fbf5e7d934bcd43a77dc8 Mon Sep 17 00:00:00 2001
|
||||
From: Scott Little <scott.little@windriver.com>
|
||||
Date: Mon, 2 Oct 2017 16:50:44 -0400
|
||||
Subject: [PATCH 2/3] WRS: 0002-spec-include-TiS-changes.patch
|
||||
Subject: [PATCH 2/4] WRS: 0002-spec-include-TiS-changes.patch
|
||||
|
||||
---
|
||||
SPECS/sudo.spec | 17 +++++++++++++++--
|
||||
1 file changed, 15 insertions(+), 2 deletions(-)
|
||||
SPECS/sudo.spec | 15 +++++++++++++--
|
||||
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
|
||||
index 7d1486b..d731ba9 100644
|
||||
index b6402bb..acbcb26 100644
|
||||
--- a/SPECS/sudo.spec
|
||||
+++ b/SPECS/sudo.spec
|
||||
@@ -64,6 +64,8 @@ Patch17: sudo-1.8.19p2-get_process_ttyname.patch
|
||||
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
|
||||
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
|
||||
@@ -78,6 +78,8 @@ Patch24: sudo-1.8.19p2-sssd-double-free.patch
|
||||
# 1560657 - sudo blocks in poll() for /dev/ptmx with iolog enabled
|
||||
Patch25: sudo-1.8.19p2-iolog-zombie.patch
|
||||
|
||||
+# WRS patches
|
||||
+
|
||||
%description
|
||||
Sudo (superuser do) allows a system administrator to give certain
|
||||
users (or groups of users) the ability to run some (or all) commands
|
||||
@@ -106,6 +108,8 @@ plugins that use %{name}.
|
||||
%patch17 -p1 -b .get_process_ttyname
|
||||
%patch18 -p1 -b .CVE-2017-1000368
|
||||
@@ -127,6 +129,8 @@ plugins that use %{name}.
|
||||
%patch24 -p1 -b .double-free
|
||||
%patch25 -p1 -b .iolog-zombie
|
||||
|
||||
+# WRS patches
|
||||
+
|
||||
%build
|
||||
autoreconf -I m4 -fv --install
|
||||
|
||||
@@ -132,7 +136,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
|
||||
@@ -153,7 +157,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
|
||||
--with-ignore-dot \
|
||||
--with-tty-tickets \
|
||||
--with-ldap \
|
||||
@ -38,7 +38,7 @@ index 7d1486b..d731ba9 100644
|
||||
--with-selinux \
|
||||
--with-passprompt="[sudo] password for %p: " \
|
||||
--with-linux-audit \
|
||||
@@ -158,6 +162,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
||||
@@ -179,6 +183,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
||||
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
|
||||
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
|
||||
|
||||
@ -51,7 +51,7 @@ index 7d1486b..d731ba9 100644
|
||||
# Remove execute permission on this script so we don't pull in perl deps
|
||||
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
|
||||
|
||||
@@ -226,7 +236,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
@@ -247,7 +257,8 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man8/visudo.8*
|
||||
%dir %{_docdir}/sudo-%{version}
|
||||
%{_docdir}/sudo-%{version}/*
|
||||
@ -62,5 +62,5 @@ index 7d1486b..d731ba9 100644
|
||||
# Make sure permissions are ok even if we're updating
|
||||
%post
|
||||
--
|
||||
1.9.1
|
||||
2.7.4
|
||||
|
||||
|
@ -1,8 +1,18 @@
|
||||
From b531e69617e54bd767ff58d1794e48b8150d74b9 Mon Sep 17 00:00:00 2001
|
||||
From: slin14 <shuicheng.lin@intel.com>
|
||||
Date: Tue, 14 Aug 2018 22:10:32 +0800
|
||||
Subject: [PATCH 4/4] remove-make-check
|
||||
|
||||
Signed-off-by: slin14 <shuicheng.lin@intel.com>
|
||||
---
|
||||
SPECS/sudo.spec | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
|
||||
index 4a34dba..fcb2e05 100644
|
||||
index 8c3f395..17531f7 100644
|
||||
--- a/SPECS/sudo.spec
|
||||
+++ b/SPECS/sudo.spec
|
||||
@@ -145,7 +145,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
|
||||
@@ -166,7 +166,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
|
||||
# --without-kerb4
|
||||
make -j"%(nproc)"
|
||||
|
||||
@ -12,3 +22,6 @@ index 4a34dba..fcb2e05 100644
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user