Merge "Merge remote-tracking branch 'origin/f/centos75'"

This commit is contained in:
Zuul 2018-09-20 04:44:47 +00:00 committed by Gerrit Code Review
commit da38bd2e73
240 changed files with 1825 additions and 5022 deletions

View File

@ -2,3 +2,4 @@
host=review.openstack.org
port=29418
project=openstack/stx-integ.git
defaultbranch=f/centos75

View File

@ -1,4 +1,4 @@
From e1f17182a8d105770a2805c9950b776b4437f7ff Mon Sep 17 00:00:00 2001
From 30796013a8d2b3b008a843bd3a4bee33e866a151 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:05:36 -0400
Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 5f14bad..115d540 100644
index 4f16c8c..d749f92 100644
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@@ -6,7 +6,7 @@
Version: %{baseversion}%{patchleveltag}
Name: bash
Summary: The GNU Bourne Again shell
-Release: 29%{?dist}
+Release: 29.el7_4%{?_tis_dist}.%{tis_patch_ver}
-Release: 30%{?dist}
+Release: 30.el7%{?_tis_dist}.%{tis_patch_ver}
Group: System Environment/Shells
License: GPLv3+
Url: http://www.gnu.org/software/bash
--
1.9.1
2.7.4

View File

@ -1,4 +1,4 @@
From e8d5b56c303237d0a0ab00ea5f4fbdea3208caa5 Mon Sep 17 00:00:00 2001
From cc0534185464b04c1d320518af7d2b73291ea449 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:05:36 -0400
Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch
@ -10,12 +10,12 @@ Conflicts:
1 file changed, 8 insertions(+)
diff --git a/SPECS/bash.spec b/SPECS/bash.spec
index 9a6d496..5f14bad 100644
index 4b2ec49..4f16c8c 100644
--- a/SPECS/bash.spec
+++ b/SPECS/bash.spec
@@ -192,6 +192,10 @@ Patch151: bash-cve-2016-9401.patch
#1473245
Patch152: bash-4.3-pipefd-leak.patch
@@ -195,6 +195,10 @@ Patch152: bash-4.3-pipefd-leak.patch
#1487615 - bash fails to execute commands containing multibyte characters
Patch153: bash-4.3-wshouldquote.patch
+# Patches from WindRiver
+Patch500: bash-history-syslog.patch
@ -24,9 +24,9 @@ index 9a6d496..5f14bad 100644
BuildRequires: texinfo bison
BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext
@@ -323,6 +327,10 @@ This package contains documentation files for %{name}.
%patch151 -p1 -b .cve-2016-9401
@@ -327,6 +331,10 @@ This package contains documentation files for %{name}.
%patch152 -p1 -b .pipefd-leak
%patch153 -p1 -b .wshouldquote
+# WindRiver patches
+%patch500 -p1 -b .history-syslog
@ -36,5 +36,5 @@ index 9a6d496..5f14bad 100644
echo %{release} > _patchlevel
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/bash-4.2.46-29.el7_4.src.rpm
mirror:Source/bash-4.2.46-30.el7.src.rpm

View File

@ -1,4 +1,4 @@
From d5890a17f5b07a9d17665c2b4138bb244ab6c680 Mon Sep 17 00:00:00 2001
From 328f19996b93b5be5cd856e600111d0dc87c8616 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
@ -8,18 +8,18 @@ Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index be95b1b..91dad61 100644
index ce64be4..8c05c28 100644
--- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec
@@ -13,7 +13,7 @@
@@ -14,7 +14,7 @@
Name: centos-release
Version: %{base_release_version}
-Release: %{centos_rel}%{?dist}
+Release: %{centos_rel}.el7.centos%{?_tis_dist}.%{tis_patch_ver}
-Release: %{centos_rel}.1%{?dist}
+Release: %{centos_rel}.1.el7.centos%{?_tis_dist}.%{tis_patch_ver}
Summary: %{product_family} release file
Group: System Environment/Base
License: GPLv2
--
1.9.1
2.7.4

View File

@ -1,4 +1,4 @@
From 4905ace48eb3feae48a02d2bd61e3778f8062532 Mon Sep 17 00:00:00 2001
From e18f905977fa94fa20a2d9a9cc565dc8d7fe8dac Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:58:59 -0400
Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
@ -8,10 +8,10 @@ Subject: [PATCH 1/2] WRS: centos-release-include-TiS-changes.patch
1 file changed, 8 insertions(+)
diff --git a/SPECS/centos-release.spec b/SPECS/centos-release.spec
index af82c8b..be95b1b 100644
index 67f1550..ce64be4 100644
--- a/SPECS/centos-release.spec
+++ b/SPECS/centos-release.spec
@@ -25,6 +25,8 @@ Provides: system-release(releasever) = %{base_release_version}
@@ -27,6 +27,8 @@ Provides: system-release(releasever) = %{base_release_version}
Source0: centos-release-%{base_release_version}-%{centos_rel}.tar.gz
Source1: 85-display-manager.preset
Source2: 90-default.preset
@ -20,9 +20,9 @@ index af82c8b..be95b1b 100644
%description
%{product_family} release files
@@ -118,6 +120,12 @@ mkdir -p %{buildroot}%{_prefix}/lib/systemd/system-preset/
install -m 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/systemd/system-preset/
install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
@@ -123,6 +125,12 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/systemd/system-preset/
%posttrans
/usr/bin/uname -m | grep -q 'x86_64' && echo 'centos' >/etc/yum/vars/contentdir || echo 'altarch' > /etc/yum/vars/contentdir
+# Overwrite default issue files with cgcs related files.
+install -m 0644 %{SOURCE3} %{buildroot}/etc/issue
@ -34,5 +34,5 @@ index af82c8b..be95b1b 100644
%clean
rm -rf %{buildroot}
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/centos-release-7-4.1708.el7.centos.src.rpm
mirror:Source/centos-release-7-5.1804.1.el7.centos.src.rpm

View File

@ -1,8 +1,7 @@
From 2bc73669b8de70bf32d2f786b158738506e480ff Mon Sep 17 00:00:00 2001
From 85cd40238fb1f76483848007bd1e5663bb3f21ff Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:11:59 -0400
Subject: [PATCH 08/10] WRS:
0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/resource-agents.spec
@ -11,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 6be3418..28a8129 100644
index 21fa049..fd8bc97 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -48,7 +48,7 @@
Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 3.9.5
-Release: 105%{?dist}
+Release: 105.el7%{?_tis_dist}.%{tis_patch_ver}
-Release: 124%{?dist}
+Release: 124.el7%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2+, LGPLv2+ and ASL 2.0
URL: https://github.com/ClusterLabs/resource-agents
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
--
1.9.1
2.7.4

View File

@ -1,33 +0,0 @@
From c4165b39531872b7b56d497c4ebd86b5d1d79800 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Wed, 25 Oct 2017 16:18:02 -0400
Subject: [PATCH]
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop
---
SPECS/resource-agents.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 19580ef..2536cb7 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -252,6 +252,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
Patch1117: lvm_cleanup_refs_on_stop.patch
Patch1118: ipaddr2_if_down.patch
Patch1119: ipaddr2_ignore_lo_if_state.patch
+Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version}
@@ -561,6 +562,7 @@ exit 1
%patch1117 -p1
%patch1118 -p1
%patch1119 -p1
+%patch1120 -p1
%build
if [ ! -f configure ]; then
--
1.9.1

View File

@ -8,7 +8,6 @@ spec-lvm-cleanup-refs-on-stop.patch
0001-Update-package-versioning-for-TIS-format.patch
ipaddr2-if-down.patch
spec-add-ipaddr2-ignore-lo-state.patch
Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
Disable-creation-of-the-debug-package.patch
metapatch-for-arp_bg.patch
ipaddr2-avoid-failing-svc-if-down-meta.patch

View File

@ -1,4 +1,4 @@
From 6dc3b747b2688498a69d3ca8f826f30aecfc9f5b Mon Sep 17 00:00:00 2001
From 00b88829aad297c6732617a706501b466bb9be7a Mon Sep 17 00:00:00 2001
From: Al Bailey <Al.Bailey@windriver.com>
Date: Mon, 28 May 2018 14:12:45 -0500
Subject: [PATCH] metapatch for arp_bg
@ -8,25 +8,25 @@ Subject: [PATCH] metapatch for arp_bg
1 file changed, 2 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 2536cb7..5b38434 100644
index c70d20b..520d9c3 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -253,6 +253,7 @@ Patch1117: lvm_cleanup_refs_on_stop.patch
@@ -282,6 +282,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch
Patch1117: lvm_cleanup_refs_on_stop.patch
Patch1118: ipaddr2_if_down.patch
Patch1119: ipaddr2_ignore_lo_if_state.patch
Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch
+Patch1121: Re-enable-background-execution-of-arp-commands.patch
+Patch1120: Re-enable-background-execution-of-arp-commands.patch
Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version}
@@ -563,6 +564,7 @@ exit 1
@@ -618,6 +619,7 @@ exit 1
%patch1117 -p1
%patch1118 -p1
%patch1119 -p1
%patch1120 -p1
+%patch1121 -p1
+%patch1120 -p1
%build
if [ ! -f configure ]; then
--
1.8.3.1
2.7.4

View File

@ -1,6 +1,6 @@
From 98591b479bd64c2835ab1e8884118c57dd499b9c Mon Sep 17 00:00:00 2001
From 7c181a1afdc85456333f9cbf9c5827ceb0554a91 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Tue, 21 Jun 2016 14:29:36 -0400
Date: Fri, 24 Aug 2018 03:51:37 +0800
Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script
There is currently an issue in the lvm2 package where if you create an LVM thin
@ -19,17 +19,20 @@ group is not active.
This commit changes the code to directly query lvm about the volume group
activity rather than relying on side effects.
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
heartbeat/LVM | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index 1c23c05..d91a3bc 100755
index 893ece8..1efb207 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -350,19 +350,16 @@ LVM_status() {
ocf_exit_reason "LVM Volume $1 is not available"
return $OCF_ERR_GENERIC
@@ -338,19 +338,16 @@ LVM_status() {
fi
fi
fi
-
- if [ -d /dev/$1 ]; then
@ -54,5 +57,5 @@ index 1c23c05..d91a3bc 100755
1) # exclusive with tagging.
# If vg is running, make sure the correct tag is present. Otherwise we
--
1.9.1
2.7.4

View File

@ -1,27 +0,0 @@
From b9fdbdf20d62655c9b529f744f8efb9fb66c5851 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Wed, 25 Oct 2017 16:13:20 -0400
Subject: [PATCH] Modify error code of
bz1454699-LVM-status-check-for-missing-VG.patch to prevent controler-1 reboot
loop
---
heartbeat/LVM | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index 5347765..e4cd0ea 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -348,7 +348,7 @@ LVM_status() {
fi
if ! echo "$output" | grep -q "Found.*\"$1\""; then
ocf_exit_reason "LVM Volume $1 is not available"
- return $OCF_ERR_GENERIC
+ return $OCF_NOT_RUNNING
fi
# Ask lvm whether the volume group is active. This maps to
--
1.9.1

View File

@ -1 +1,2 @@
mirror:Source/resource-agents-3.9.5-105.el7.src.rpm
mirror:Source/resource-agents-3.9.5-124.el7.src.rpm

View File

@ -1,38 +0,0 @@
---
heartbeat/Filesystem | 3 ++-
heartbeat/LVM | 1 +
heartbeat/pgsql | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -2,7 +2,8 @@
#
# Support: linux-ha@lists.linux-ha.org
# License: GNU General Public License (GPL)
-#
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
+#
# Filesystem
# Description: Manages a Filesystem on a shared storage medium.
# Original Author: Eric Z. Ayers (eric.ayers@compgen.com)
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -10,6 +10,7 @@
# Support: linux-ha@lists.linux-ha.org
# License: GNU General Public License (GPL)
# Copyright: (C) 2002 - 2005 International Business Machines, Inc.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This code significantly inspired by the LVM resource
# in FailSafe by Lars Marowsky-Bree
--- a/heartbeat/pgsql
+++ b/heartbeat/pgsql
@@ -9,6 +9,7 @@
#
# Copyright: 2006-2012 Serge Dubrouski <sergeyfd@gmail.com>
# and other Linux-HA contributors
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
# License: GNU General Public License (GPL)
#
###############################################################################

View File

@ -1,15 +0,0 @@
Index: resource-agents-3.9.5/heartbeat/exportfs
===================================================================
--- resource-agents-3.9.5/heartbeat/exportfs 2013-02-07 07:17:42.000000000 -0500
+++ resource-agents-3.9.5/heartbeat/exportfs 2015-12-18 12:40:18.382930869 -0500
@@ -184,7 +184,9 @@
is_exported() {
local dir=$1
- local spec=$2
+ # Because clientspec contains square brackets when using IPv6, and the exports entry does not,
+ # it is necessary to remove the square brackets to compare them with each other.
+ local spec=$(echo $2|sed -r 's/(\[|\])//g')
exportfs |
sed -e '$! N; s/\n[[:space:]]\+/ /; t; s/[[:space:]]\+\([^[:space:]]\+\)\(\n\|$\)/ \1\2/g; P;D;' |
grep -q -x -F "$dir $spec"

View File

@ -1,193 +0,0 @@
---
heartbeat/Filesystem | 59 ++++++++++++++++++++++++++++++++++++++++++++++++---
heartbeat/LVM | 59 +++++++++++++++++++++++++++++++++++++++++++++++----
2 files changed, 111 insertions(+), 7 deletions(-)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -19,6 +19,7 @@
# OCF_RESKEY_run_fsck
# OCF_RESKEY_fast_stop
# OCF_RESKEY_force_clones
+# OCF_RESKEY_rmon_rsc_name
#
#OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0
# Or a -U or -L option for mount, or an NFS mount specification
@@ -30,6 +31,7 @@
#OCF_RESKEY_fast_stop : fast stop: yes(default)/no
#OCF_RESKEY_force_clones : allow running the resource as clone. e.g. local xfs mounts
# for each brick in a glusterfs setup
+#OCF_RESKEY_rmon_rsc_name: resource name to use when notifing RMON
#
#
# This assumes you want to manage a filesystem on a shared (SCSI) bus,
@@ -1053,20 +1055,65 @@ if [ "$OP" != "monitor" ]; then
ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT"
fi
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
+
+rmon_notify() {
+ local RSC_STATE=$1 TIMEOUT=$2
+
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
+ then
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_directory"
+ return
+ fi
+
+ if [[ -x $RMON_NOTIFY ]]
+ then
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+ --resource-state $RSC_STATE \
+ --resource-type mount \
+ --device $OCF_RESKEY_device \
+ --mount-point $OCF_RESKEY_directory \
+ --timeout $TIMEOUT \
+ >/dev/null 2>&1
+ else
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+--resource-state $RSC_STATE --resource-type mount \
+--device $OCF_RESKEY_device --mount-point $OCF_RESKEY_directory \
+--timeout $TIMEOUT"
+ fi
+}
+
# These operations do not require the clone checking + OCFS2
# initialization.
case $OP in
status) Filesystem_status
- exit $?
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc
;;
monitor) Filesystem_monitor
- exit $?
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc
;;
validate-all) Filesystem_validate_all
exit $?
;;
stop) Filesystem_stop
- exit $?
+ rc=$?
+ rmon_notify "disabled" 300
+ exit $rc
;;
esac
@@ -1114,6 +1161,12 @@ fi
case $OP in
start) Filesystem_start
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ fi
+ exit $rc
;;
notify) Filesystem_notify
;;
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -22,6 +22,7 @@
#
# OCF parameters are as below:
# OCF_RESKEY_volgrpname
+# OCF_RESKEY_rmon_rsc_name
#
#######################################################################
# Initialization:
@@ -311,6 +312,35 @@ then
exit $OCF_ERR_CONFIGURED
fi
+RMON_NOTIFY="/usr/local/bin/rmon_resource_notify"
+
+rmon_notify() {
+ local RSC_STATE=$1 TIMEOUT=$2
+
+ if [ -z "OCF_RESKEY_rmon_rsc_name" ]
+ then
+ ocf_log err "No RMON resource name given for $OCF_RESKEY_volgrpname"
+ return
+ fi
+
+ if [[ -x $RMON_NOTIFY ]]
+ then
+ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+ --resource-state $RSC_STATE \
+ --resource-type lvg \
+ --volume-group $OCF_RESKEY_volgrpname \
+ --timeout $TIMEOUT \
+ >/dev/null 2>&1
+ else
+ ocf_log err "$RMON_NOTIFY not available, failed to execute: \
+$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \
+--resource-state $RSC_STATE --resource-type lvg \
+--volume-group $OCF_RESKEY_volgrpname \
+--timeout $TIMEOUT"
+ fi
+}
+
+
# Get the LVM version number, for this to work we assume(thanks to panjiam):
#
# LVM1 outputs like this
@@ -345,16 +375,37 @@ OP_METHOD=$1
case "$1" in
start) LVM_start $VOLUME
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ fi
+ exit $rc;;
stop) LVM_stop $VOLUME
- exit $?;;
+ rc=$?
+ rmon_notify "disabled" 300
+ exit $rc;;
status) LVM_status $VOLUME $1
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc;;
monitor) LVM_monitor $VOLUME
- exit $?;;
+ rc=$?
+ if [ $rc -eq $OCF_SUCCESS ]
+ then
+ rmon_notify "enabled" 300
+ else
+ rmon_notify "disabled" 300
+ fi
+ exit $rc;;
validate-all) LVM_validate_all
;;

View File

@ -1,37 +0,0 @@
---
heartbeat/IPaddr2 | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -13,6 +13,7 @@
# Copyright (c) 2003 Tuomo Soini
# Copyright (c) 2004-2006 SUSE LINUX AG, Lars Marowsky-Brée
# All Rights Reserved.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
@@ -50,6 +51,7 @@
# OCF_RESKEY_nic
# OCF_RESKEY_cidr_netmask
# OCF_RESKEY_iflabel
+# OCF_RESKEY_if_type
# OCF_RESKEY_mac
# OCF_RESKEY_clusterip_hash
# OCF_RESKEY_arp_interval
@@ -314,7 +316,13 @@ ip_init() {
BASEIP="$OCF_RESKEY_ip"
BRDCAST="$OCF_RESKEY_broadcast"
- NIC="$OCF_RESKEY_nic"
+ IFTYPE="$OCF_RESKEY_if_type"
+ if [ -n "${IFTYPE}" ]
+ then
+ NIC=`grep ${IFTYPE}= /etc/platform/platform.conf | cut -f2 -d '='`
+ else
+ NIC="$OCF_RESKEY_nic"
+ fi
# Note: We had a version out there for a while which used
# netmask instead of cidr_netmask. Don't remove this aliasing code!
if

View File

@ -1,48 +0,0 @@
---
heartbeat/IPaddr2 | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -661,7 +661,12 @@ ip_start() {
local ip_status=`ip_served`
if [ "$ip_status" = "ok" ]; then
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
fi
if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then
@@ -714,7 +719,12 @@ ip_start() {
fi
;;
esac
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
}
ip_stop() {
@@ -788,7 +798,12 @@ ip_monitor() {
local ip_status=`ip_served`
case $ip_status in
ok)
- return $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ return $OCF_SUCCESS
+ else
+ return $OCF_NOT_RUNNING
+ fi
;;
partial|no|partial2)
exit $OCF_NOT_RUNNING

View File

@ -1,155 +0,0 @@
commit 69217b67c0d018f129c7cbf526aebf0b236be701
Author: Chris Friesen <chris.friesen@windriver.com>
Date: Thu Sep 17 15:26:16 2015 -0400
CGCS-2553/CGTS-2534: tweak LVM success criteria
It turns out that activating an LVM LV which has a snapshot (or activating
the snapshot) will take an amount of time that is proportional to the
delta between the snapshot and the original volume.
Because of this it's possible that running "vgchange" could take a long
time, since it also activates the LVs.
If this happens, rather than timeout the whole script we want to log which
LVs/snapshots havn't yet been activated, and then just continue on.
Accordingly, we want to set the internal timeout in the "start" operation
to something less than the timeout for the "start" action.
There will be corresponding changes in cinder to properly handle this case.
diff --git a/heartbeat/LVM b/heartbeat/LVM
index bd1a47a..24b0244 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -186,6 +186,81 @@ LVM_monitor() {
}
#
+# Activate one volume explicitly.
+#
+activate_volume() {
+ ocf_run lvchange $1 /dev/${2}/$3
+ if [ $? -eq 0 ] ; then
+ ocf_log info "Succesfully activated $LV."
+ else
+ ocf_log err "Problem activating $LV."
+ fi
+}
+
+#
+# Kick off parallel activation of all volumes
+#
+activate_all_volumes() {
+ VG=$1
+ shift
+ lvchange_args="$*"
+
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $VG |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" == "a" ]; then
+ ocf_log info "$LV is already active."
+ continue
+ fi
+
+ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]}
+ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then
+ # If this is a snapshot, don't activate it.
+ continue
+ fi
+
+ ( activate_volume "$*" $VG $LV ) &
+ done <<< "$VOLS"
+}
+
+#
+# Scan for inactive volumes and log any that are found.
+#
+log_inactive_volumes() {
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $1 |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" != "a" ]; then
+ ocf_log err "Volume $LV is not active after expiry of timeout."
+ fi
+ done <<< "$VOLS"
+}
+
+#
# Enable LVM volume
#
LVM_start() {
@@ -218,7 +293,47 @@ LVM_start() {
vgchange_options="$vgchange_options --monitor y"
fi
- ocf_run vgchange $vgchange_options $1 || return $OCF_ERR_GENERIC
+ # Kick off activation of all volumes. If it doesn't complete within
+ # the timeout period, then we'll log the not-yet-activated volumes and
+ # continue on.
+ (ocf_run vgchange $vgchange_options $1) & PID=$!
+
+ # Check every second for up to TIMEOUT seconds whether the vgchange has
+ # completed.
+ TIMEOUT=300
+ TIMED_OUT=true
+ SECONDS=0;
+ PARALLEL_ACTIVATE_DELAY=10
+ PARALLEL_ACTIVATE_DONE=false
+ while [ $SECONDS -lt $TIMEOUT ] ; do
+ kill -0 $PID &> /dev/null
+ if [ $? -eq 1 ] ; then
+ # process with pid of $PID doesn't exist, vgchange command completed
+ TIMED_OUT=false
+ break
+ fi
+ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \
+ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \
+ [ "$1" == "cinder-volumes" ] ; then
+ # This will kick off parallel activation of all LVs in the VG.
+ # The delay is to ensure the VG is activated first.
+ PARALLEL_ACTIVATE_DONE=true
+ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options
+ activate_all_volumes $1 $vgchange_options
+ fi
+ sleep 1
+ done
+
+ if [ "$TIMED_OUT" = true ] ; then
+ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1"
+ log_inactive_volumes $1
+ else
+ # Child process completed, get its status.
+ wait $PID
+ if [ $? -ne 0 ] ; then
+ return $OCF_ERR_GENERIC
+ fi
+ fi
if LVM_status $1; then
: OK Volume $1 activated just fine!

View File

@ -1,52 +0,0 @@
---
heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
--- a/heartbeat/ocf-returncodes
+++ b/heartbeat/ocf-returncodes
@@ -5,6 +5,7 @@
# Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof
# All Rights Reserved.
#
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7
#
OCF_RUNNING_MASTER=8
OCF_FAILED_MASTER=9
+
+# Non-standard values particular to Wind River deployments.
+#
+# OCF does not include the concept of data sync states for master/slave
+# resources.
+#
+# OCF_DATA_INCONSISTENT:
+# The resource's data is not useable.
+#
+# OCF_DATA_OUTDATED:
+# The resource's data is consistent, but a peer with more recent data
+# has been seen.
+#
+# OCF_DATA_CONSISTENT:
+# The resource's data is consistent, but it is unsure that this is the
+# most recent data.
+#
+# OCF_SYNC:
+# The resource is syncing data.
+#
+# OCF_STANDALONE:
+# The resource is operating as standalone. No peer is available or
+# syncing is not possible (i.e. split brain fencing).
+#
+OCF_DATA_INCONSISTENT=32
+OCF_DATA_OUTDATED=33
+OCF_DATA_CONSISTENT=34
+OCF_DATA_SYNC=35
+OCF_DATA_STANDALONE=36
+OCF_RUNNING_MASTER_DATA_INCONSISTENT=37
+OCF_RUNNING_MASTER_DATA_OUTDATED=38
+OCF_RUNNING_MASTER_DATA_CONSISTENT=39
+OCF_RUNNING_MASTER_DATA_SYNC=40
+OCF_RUNNING_MASTER_DATA_STANDALONE=41

View File

@ -1,18 +0,0 @@
---
heartbeat/ocf-shellfuncs.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/heartbeat/ocf-shellfuncs.in
+++ b/heartbeat/ocf-shellfuncs.in
@@ -174,9 +174,9 @@ hadate() {
set_logtag() {
if [ -z "$HA_LOGTAG" ]; then
if [ -n "$OCF_RESOURCE_INSTANCE" ]; then
- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
else
- HA_LOGTAG="$__SCRIPT_NAME[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]"
fi
fi
}

View File

@ -1,77 +0,0 @@
Index: resource-agents-3.9.5/heartbeat/pgsql
===================================================================
--- resource-agents-3.9.5.orig/heartbeat/pgsql
+++ resource-agents-3.9.5/heartbeat/pgsql
@@ -38,6 +38,7 @@ get_pgsql_param() {
OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl
OCF_RESKEY_psql_default=/usr/bin/psql
OCF_RESKEY_pgdata_default=/var/lib/pgsql/data
+OCF_RESKEY_pgconf_default=/etc/postgresql
OCF_RESKEY_pgdba_default=postgres
OCF_RESKEY_pghost_default=""
OCF_RESKEY_pgport_default=5432
@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_defaul
: ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}}
: ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}}
: ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}}
+: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}}
: ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}}
: ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}}
: ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}}
-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf}
+: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf}
: ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}}
: ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}}
: ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}}
@@ -166,6 +168,14 @@ Path to PostgreSQL data directory.
<content type="string" default="${OCF_RESKEY_pgdata_default}" />
</parameter>
+<parameter name="pgconf" unique="0" required="0">
+<longdesc lang="en">
+Path to PostgreSQL config directory.
+</longdesc>
+<shortdesc lang="en">pgconf</shortdesc>
+<content type="string" default="${OCF_RESKEY_pgconf_default}" />
+</parameter>
+
<parameter name="pgdba" unique="0" required="0">
<longdesc lang="en">
User that owns PostgreSQL.
@@ -220,7 +230,7 @@ SQL script that will be used for monitor
Path to the PostgreSQL configuration file for the instance.
</longdesc>
<shortdesc lang="en">Configuration file</shortdesc>
-<content type="string" default="${OCF_RESKEY_pgdata}/postgresql.conf" />
+<content type="string" default="${OCF_RESKEY_pgconf}/postgresql.conf" />
</parameter>
<parameter name="pgdb" unique="0" required="0">
@@ -475,6 +485,12 @@ pgsql_real_start() {
local postgres_options
local rc
+ # WRS: Create an unversioned symlink under /var/run so SM can easily
+ # find the PID file.
+ if [ ! -h $PIDFILE_SYMLINK ]; then
+ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK
+ fi
+
if pgsql_status; then
ocf_log info "PostgreSQL is already running. PID=`cat $PIDFILE`"
if is_replication; then
@@ -1717,12 +1733,12 @@ then
exit $OCF_ERR_GENERIC
fi
-
PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid
+PIDFILE_SYMLINK=/var/run/postmaster.pid
BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label
RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1`
PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status"
-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf
+RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf
NODENAME=`uname -n | tr '[A-Z]' '[a-z]'`
if is_replication; then

View File

@ -1,17 +0,0 @@
---
heartbeat/Filesystem | 4 ++++
1 file changed, 4 insertions(+)
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -727,6 +727,10 @@ signal_processes() {
}
try_umount() {
local SUB=$1
+
+ # We need to ensure we umount in namespaces, too
+ /usr/sbin/umount-in-namespace $SUB
+
$UMOUNT $umount_force $SUB
list_mounts | grep -q " $SUB " >/dev/null 2>&1 || {
ocf_log info "unmounted $SUB successfully"

View File

@ -1,63 +0,0 @@
Index: 4.2.5-P1-r3/dhclient-exit-hooks
===================================================================
--- 4.2.5-P1-r3.orig/dhclient-exit-hooks
+++ 4.2.5-P1-r3/dhclient-exit-hooks
@@ -4,7 +4,7 @@
#
# This file is sourced by /sbin/dhclient-script.
#
-# dhcp option 121 is defined in RFC3442. The following is the link.
+# dhcp option 121 is defined in RFC3442. The following is the link.
# http://www.ietf.org/rfc/rfc3442.txt
#
# The code for this option is 121, and its minimum length is 5 bytes.
@@ -52,7 +52,7 @@ function add_routes() {
while [ $# -ne 0 ]; do
mask=$1
shift
-
+
# Parse the arguments into a CIDR net/mask string
if [ $mask -eq 32 ]; then
destination="-host $1.$2.$3.$4"
@@ -66,22 +66,31 @@ while [ $# -ne 0 ]; do
elif [ $mask -gt 8 ]; then
destination="-net $1.$2.0.0/$mask"
shift; shift
+ elif [ $mask -gt 0 ]; then
+ destination="-net $1.0.0.0/$mask"
+ shift
else
- destination="-net $1.0.0.0/$mask"
- shift
+ destination="default"
fi
-
+
# Read the gateway
gateway="$1.$2.$3.$4"
shift; shift; shift; shift
- # Add route into routing table
- route add $destination gw $gateway
-
- # Print it out if the route is added successfully
- if [ $? = 0 ]; then
- echo "Added route \"$destination gw $gateway\""
+ if [ $gateway != "0.0.0.0" ]; then
+ # Add route into routing table
+ route add $destination gw $gateway
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination gw $gateway\""
+ fi
+ else
+ # Add onlink route into routing table
+ route add $destination $interface
+ if [ $? = 0 ]; then
+ echo "Added route \"$destination on $interface\""
+ fi
fi
+
done
}

View File

@ -1,7 +1,7 @@
From 80ec3fbb502373b48c54dc075d75b1d13894093e Mon Sep 17 00:00:00 2001
From 1eeae27ddc87dc61928b96baa63fe2ff767e35b0 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH 5/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/dhcp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index edc4113..29dfbcf 100644
index 42409f6..70c7a6d 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -18,7 +18,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.5
-Release: 58%{?dist}
+Release: 58.el7.centos%{?_tis_dist}.%{tis_patch_ver}
-Release: 68%{?dist}.1
+Release: 68.el7.centos.1%{?_tis_dist}.%{tis_patch_ver}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
--
1.9.1
2.7.4

View File

@ -1,14 +1,14 @@
From 68081498cde44d9b5320e795229865e46a1552ac Mon Sep 17 00:00:00 2001
From 7e7a9f1bce5884da1e57d5bdc4f5215b7231924e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH 1/7] WRS: spec-include-TiS-patches.patch
Subject: [PATCH] WRS: spec-include-TiS-patches.patch
---
SPECS/dhcp.spec | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 9647a5a..78ee924 100644
index 14da097..904e3ad 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -39,6 +39,10 @@ Source8: dhcrelay.service
@ -22,9 +22,9 @@ index 9647a5a..78ee924 100644
Patch0: dhcp-4.2.0-errwarn-message.patch
Patch1: dhcp-4.2.4-dhclient-options.patch
@@ -99,6 +103,14 @@ Patch62: dhcp-max-fd-value.patch
Patch63: dhcp-4.2.5-rh1355827.patch
Patch64: dhcp-4.2.5-centos-branding.patch
@@ -111,6 +115,14 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch71: dhcp-4.2.5-centos-branding.patch
+# WRS
+Patch101: support-disable-nsupdate.patch
@ -37,9 +37,9 @@ index 9647a5a..78ee924 100644
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -409,6 +421,14 @@ rm -rf includes/isc-dhcp
%patch63 -p1
%patch64 -p1
@@ -439,6 +451,14 @@ rm -rf includes/isc-dhcp
%patch70 -p1 -b .reference_overflow
%patch71 -p1
+# WRS
+%patch101 -p1
@ -52,7 +52,7 @@ index 9647a5a..78ee924 100644
# Update paths in all man pages
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
client/dhclient-script.8 client/dhclient.8 ; do
@@ -552,6 +572,10 @@ EOF
@@ -582,6 +602,10 @@ EOF
# Don't package libtool *.la files
find ${RPM_BUILD_ROOT}/%{_libdir} -name '*.la' -exec '/bin/rm' '-f' '{}' ';';
@ -63,7 +63,7 @@ index 9647a5a..78ee924 100644
%pre
# /usr/share/doc/setup/uidgid
%global gid_uid 177
@@ -667,6 +691,10 @@ done
@@ -697,6 +721,10 @@ done
%attr(0644,root,root) %{_mandir}/man8/dhclient.8.gz
%attr(0644,root,root) %{_mandir}/man8/dhclient-script.8.gz
@ -75,5 +75,5 @@ index 9647a5a..78ee924 100644
%doc LICENSE README RELNOTES doc/References.txt
%attr(0644,root,root) %{_mandir}/man5/dhcp-options.5.gz
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/dhcp-4.2.5-58.el7.centos.src.rpm
mirror:Source/dhcp-4.2.5-68.el7.centos.1.src.rpm

View File

@ -8,18 +8,18 @@ Subject: [PATCH] update package patching
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index b3f178f..a583cf2 100644
index 5cf440a..dd74293 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.76
-Release: 2%{?extraversion}%{?dist}.2
+Release: 2.el7_4.2%{?_tis_dist}.%{tis_patch_ver}
-Release: 5%{?extraversion}%{?dist}
+Release: 5.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
--
1.8.3.1
2.7.4

View File

@ -3,14 +3,12 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 2/5] WRS: dnsmasq-spec-add-init-script.patch
Conflicts:
SPECS/dnsmasq.spec
---
SPECS/dnsmasq.spec | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index 63ff820..f8aace1 100644
index 7f370d1..0641503 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -21,6 +21,7 @@ License: GPLv2 or GPLv3
@ -21,7 +19,7 @@ index 63ff820..f8aace1 100644
# upstream git: git://thekelleys.org.uk/dnsmasq.git
# https://bugzilla.redhat.com/show_bug.cgi?id=1367772
@@ -140,22 +141,26 @@ mkdir -p %{buildroot}%{_unitdir}
@@ -168,22 +169,26 @@ mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
rm -rf %{buildroot}%{_initrddir}
@ -58,7 +56,7 @@ index 63ff820..f8aace1 100644
%files
%defattr(-,root,root,-)
@@ -167,6 +172,7 @@ rm -rf $RPM_BUILD_ROOT
@@ -195,6 +200,7 @@ rm -rf $RPM_BUILD_ROOT
%{_unitdir}/%{name}.service
%{_sbindir}/dnsmasq
%{_mandir}/man8/dnsmasq*
@ -67,5 +65,5 @@ index 63ff820..f8aace1 100644
%files utils
%{_bindir}/dhcp_*
--
1.9.1
2.7.4

View File

@ -3,25 +3,23 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 3/5] WRS: patch-tftp-to-close-sockets-immediately.patch
Conflicts:
SPECS/dnsmasq.spec
---
SPECS/dnsmasq.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index f8aace1..a3a9e08 100644
index 0641503..5cf440a 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -42,6 +42,7 @@ Patch8: dnsmasq-2.76-coverity.patch
@@ -58,6 +58,7 @@ Patch19: dnsmasq-2.76-misc-cleanups.patch
# WRS patches
Patch30: dnsmasq-update-ipv6-leases-from-config.patch
+Patch31: close-tftp-sockets-immediately.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -88,6 +89,7 @@ query/remove a DHCP server's leases.
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -116,6 +117,7 @@ query/remove a DHCP server's leases.
# WRS patches
%patch30 -p1
@ -30,5 +28,5 @@ index f8aace1..a3a9e08 100644
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
--
1.9.1
2.7.4

View File

@ -3,29 +3,28 @@ From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 1/5] WRS: spec-include-TiS-patch.patch
Conflicts:
SPECS/dnsmasq.spec
---
SPECS/dnsmasq.spec | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
SPECS/dnsmasq.spec | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index 8a6450a..63ff820 100644
index b312ef3..7f370d1 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -39,6 +39,9 @@ Patch6: dnsmasq-2.76-label-warning.patch
Patch7: dnsmasq-2.76-label-man.patch
Patch8: dnsmasq-2.76-coverity.patch
@@ -55,6 +55,10 @@ Patch17: dnsmasq-2.76-gita3303e196.patch
Patch18: dnsmasq-2.76-underflow.patch
Patch19: dnsmasq-2.76-misc-cleanups.patch
+# WRS patches
+Patch30: dnsmasq-update-ipv6-leases-from-config.patch
+
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -82,6 +85,9 @@ query/remove a DHCP server's leases.
%patch7 -p1
%patch8 -p1 -b .coverity
@@ -109,6 +113,9 @@ query/remove a DHCP server's leases.
%patch18 -p1 -b .underflow
%patch19 -p1 -b .misc
+# WRS patches
+%patch30 -p1
@ -33,7 +32,7 @@ index 8a6450a..63ff820 100644
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -154,8 +160,8 @@ rm -rf $RPM_BUILD_ROOT
@@ -181,8 +188,8 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface
@ -45,5 +44,5 @@ index 8a6450a..63ff820 100644
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/dnsmasq-2.76-2.el7_4.2.src.rpm
mirror:Source/dnsmasq-2.76-5.el7.src.rpm

View File

@ -1,7 +1,7 @@
From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001
From 55d52d8bc9f649b4871336aaffd87fb7d931eac8 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:12:36 -0400
Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/haproxy.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
index c1547ef..097aa79 100644
index 0d6e19a..3bc75e1 100644
--- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec
@@ -8,7 +8,7 @@
Name: haproxy
Version: 1.5.18
-Release: 6%{?dist}
+Release: 6.el7%{?_tis_dist}.%{tis_patch_ver}
-Release: 7%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: TCP/HTTP proxy and load balancer for high availability environments
Group: System Environment/Daemons
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/haproxy-1.5.18-6.el7.src.rpm
mirror:Source/haproxy-1.5.18-7.el7.src.rpm

View File

@ -10,7 +10,6 @@ run-ifdown-on-all-interfaces.patch
spec-sysconfig-affirmative-check-for-link-carrier.patch
spec-sysconfig-unsafe-usage-of-linkdelay-variable.patch
fix-build-failures-due-to-unwanted-sgid.patch
add_build_require_on_systemd.patch
ipv6-static-route-support.patch
spec-ifup-eth-stop-waiting-if-link-is-up.patch
spec-run-dhclient-as-daemon-for-ipv6.patch

View File

@ -1,24 +0,0 @@
From 075dd032f651d469e639eb1f25f3d5b7f5ff5485 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 13/13] WRS: add_build_require_on_systemd.patch
---
SPECS/initscripts.spec | 1 +
1 file changed, 1 insertion(+)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index 09674a7..cdc282e 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -41,6 +41,7 @@ Requires(pre): /usr/sbin/groupadd
Requires(post): /sbin/chkconfig, coreutils
Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig
+BuildRequires: systemd-devel
Provides: /sbin/service
Patch4: support-interface-scriptlets.patch
--
1.9.1

View File

@ -1,25 +1,17 @@
From 8351b22a5a517ebe779d4bf4904694bd1bd85890 Mon Sep 17 00:00:00 2001
From 2c096cfd84fea55fd1f2df466d5635c06daab2a2 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 12/13] WRS: fix-build-failures-due-to-unwanted-sgid.patch
Subject: [PATCH] WRS: fix-build-failures-due-to-unwanted-sgid.patch
---
SPECS/initscripts.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
SPECS/initscripts.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index f2d0271..09674a7 100644
index 938e9bb..e60c826 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -197,6 +197,7 @@ rm -rf $RPM_BUILD_ROOT
%dir /etc/rwtab.d
%dir /etc/statetab.d
/usr/lib/systemd/rhel-*
+%dir %attr(0755,root,root) /usr/lib/systemd/system/*wants
/usr/lib/systemd/system/*
/etc/inittab
/etc/rc[0-9].d
@@ -237,7 +238,7 @@ rm -rf $RPM_BUILD_ROOT
@@ -239,7 +239,7 @@ rm -rf $RPM_BUILD_ROOT
%ghost %attr(0664,root,utmp) /var/run/utmp
%ghost %attr(0644,root,root) /etc/sysconfig/kvm
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
@ -29,5 +21,5 @@ index f2d0271..09674a7 100644
%dir /usr/libexec/initscripts
%dir /usr/libexec/initscripts/legacy-actions
--
1.9.1
2.7.4

View File

@ -1,7 +1,7 @@
From 9caa7a0860a8adcf38047fb39b6e1577099104d6 Mon Sep 17 00:00:00 2001
From 29d8980d8c67a302a27a3084f58657414578a2b9 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 14:49:27 -0400
Subject: [PATCH 01/13] WRS: spec-include-TiS-changes.patch
Subject: [PATCH] WRS: spec-include-TiS-changes.patch
Conflicts:
SPECS/initscripts.spec
@ -10,7 +10,7 @@ Conflicts:
1 file changed, 15 insertions(+)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index 6b81095..7f93a30 100644
index e96290a..665b576 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -7,6 +7,10 @@ Group: System Environment/Base
@ -24,8 +24,8 @@ index 6b81095..7f93a30 100644
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Obsoletes: initscripts-legacy <= 9.39
Requires: /bin/awk, sed, coreutils
@@ -35,6 +39,10 @@ Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig
@@ -36,6 +40,10 @@ Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig systemd
Provides: /sbin/service
+Patch4: support-interface-scriptlets.patch
@ -35,7 +35,7 @@ index 6b81095..7f93a30 100644
%description
The initscripts package contains basic system scripts used
during a boot of the system. It also contains scripts which
@@ -54,6 +62,10 @@ Currently, this consists of various memory checking code.
@@ -55,6 +63,10 @@ Currently, this consists of various memory checking code.
%prep
%setup -q
@ -46,7 +46,7 @@ index 6b81095..7f93a30 100644
%build
make
@@ -74,6 +86,9 @@ rm -f \
@@ -75,6 +87,9 @@ rm -f \
touch $RPM_BUILD_ROOT/etc/crypttab
chmod 600 $RPM_BUILD_ROOT/etc/crypttab
@ -57,5 +57,5 @@ index 6b81095..7f93a30 100644
/usr/sbin/groupadd -g 22 -r -f utmp
--
1.9.1
2.7.4

View File

@ -1,4 +1,4 @@
From 974b70a23b6a6c579fc4d43efd42e42f26c27310 Mon Sep 17 00:00:00 2001
From cd3e0b0fea9588c987db119cb6d7840ace399368 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 08:27:42 -0500
Subject: [PATCH] sysconfig: affirmative check for link carrier
@ -25,18 +25,18 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index 798f28a..affa8ba 100644
index d08f618..13cf4de 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -463,7 +463,7 @@ check_link_down ()
@@ -473,7 +473,7 @@ check_link_down ()
delay=20
[ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do
- [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1
+ [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
usleep 500000
sleep 0.5
timeout=$((timeout+1))
done
--
1.9.1
2.7.4

View File

@ -1,4 +1,4 @@
From d3d109136f6e01ec1d8291ff89f3e00ff64cab31 Mon Sep 17 00:00:00 2001
From 9b12287d8dade60c012969db3ae56b36d1e50966 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 11:37:38 -0500
Subject: [PATCH] sysconfig: unsafe usage of linkdelay variable
@ -16,10 +16,10 @@ Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index affa8ba..a9821f6 100644
index 13cf4de..4bcc48f 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -461,7 +461,7 @@ check_link_down ()
@@ -471,7 +471,7 @@ check_link_down ()
fi
timeout=0
delay=20
@ -27,7 +27,7 @@ index affa8ba..a9821f6 100644
+ [[ $LINKDELAY =~ ^[0-9]+$ ]] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do
[ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
usleep 500000
sleep 0.5
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/initscripts-9.49.39-1.el7.src.rpm
mirror:Source/initscripts-9.49.41-1.el7.src.rpm

View File

@ -1,6 +1,6 @@
Metadata-Version: 1.1
Name: lighttpd
Version: 1.4.39
Version: 1.4.50
Summary: Lightning fast webserver with light system requirements
Home-page:
Author:

View File

@ -1,9 +1,2 @@
COPY_LIST="lighttpd-1.4.35/index.html.lighttpd \
lighttpd-1.4.35/lighttpd.conf \
lighttpd-1.4.35/lighttpd.init \
lighttpd-1.4.35/lighttpd-inc.conf \
lighttpd-1.4.35/lighttpd.logrotate \
lighttpd-1.4.35/lighttpd-csr.conf \
lighttpd-1.4.35/check-content-length.patch \
lighttpd-1.4.35/lighttpd-tpm-support.patch"
COPY_LIST="files/*"
TIS_PATCH_VER=6

View File

@ -1,7 +1,7 @@
From 4bea2840e8b22d904be29d24d501c25201e13c57 Mon Sep 17 00:00:00 2001
From 1c4a8d83d96eab943d1cb7b4f0d9b7175e6858f1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH 3/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/lighttpd.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index 71737ac..b795a3f 100644
index 2f7b261..2553b27 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -45,7 +45,7 @@
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
Version: 1.4.45
Version: 1.4.50
-Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
--
1.8.3.1
2.7.4

View File

@ -1,7 +1,7 @@
From 653e25505b1df7e7b3fd89e08729d6d9f9698d39 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Tue, 28 Mar 2017 17:33:34 -0400
Subject: [PATCH] dding support for TPM 2.0
Subject: [PATCH] Adding support for TPM 2.0
---
SPECS/lighttpd.spec | 2 ++

View File

@ -1,7 +1,7 @@
From c684477fa2b47bb3c00b0e501e817d088408bead Mon Sep 17 00:00:00 2001
From 730a5321581e70790da4e94085698fd299072be5 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH 4/4] WRS: spec-check-content-length.patch
Subject: [PATCH] WRS: spec-check-content-length.patch
Conflicts:
SPECS/lighttpd.spec
@ -10,13 +10,13 @@ Conflicts:
1 file changed, 8 insertions(+)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index b795a3f..9fd062a 100644
index 2553b27..c27f78f 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -78,6 +78,10 @@ Patch3: lighttpd-1.4.39-socket.patch
#Patch6: changeset_r779c133c16f9af168b004dce7a2a64f16c1cb3a4.diff
@@ -79,6 +79,10 @@ Patch3: lighttpd-1.4.39-socket.patch
#Patch7: lighttpd-1.4.42-bignum.patch
#Patch8: lighttpd-1.4.43-mysql.patch
#Patch9: lighttpd-1.4.48-autoconf.patch
+
+# WRS Patches
+Patch100: check-content-length.patch
@ -24,10 +24,10 @@ index b795a3f..9fd062a 100644
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
# For the target poweredby.png image (skip requirement + provide image on EL5)
%if %{with systemlogos}
@@ -179,6 +183,10 @@ Authentication module for lighttpd that uses GSSAPI
#%patch6 -p1 -b .http_proxy
@@ -182,6 +186,10 @@ Authentication module for lighttpd that uses GSSAPI
#%patch7 -p0 -b .bignum
#%patch8 -p0 -b .mysql
#%patch9 -p0 -b .autoconf
+
+# WRS Patches
+%patch100 -p1 -b .content_length
@ -36,5 +36,5 @@ index b795a3f..9fd062a 100644
#install -p -m 0644 %{SOURCE101} mod_geoip.txt
--
1.8.3.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/lighttpd-1.4.45-1.el7.src.rpm
mirror:Source/lighttpd-1.4.50-1.el7.src.rpm

View File

@ -1,24 +1,27 @@
From b9410d967faf627d72fc5496a4c2e7aab879b7aa Mon Sep 17 00:00:00 2001
From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
From: Giao Le <giao.le@windriver.com>
Date: Wed, 19 Oct 2016 15:06:17 -0400
Subject: [PATCH 1/1] check
Date: Mon, 27 Aug 2018 19:41:36 +0800
Subject: [PATCH] check-length
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
src/request.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
src/request.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 46 insertions(+), 1 deletion(-)
diff --git a/src/request.c b/src/request.c
index a2de944..857076c 100644
index 213a87e..8c97f45 100644
--- a/src/request.c
+++ b/src/request.c
@@ -12,6 +12,39 @@
#include <stdio.h>
#include <ctype.h>
@@ -8,10 +8,39 @@
#include "sock_addr.h"
#include <sys/stat.h>
-
+#include <sys/statvfs.h>
+#include <string.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
+#include <limits.h>
+
+static size_t get_tempdirs_free_space(server *srv)
+{
@ -47,19 +50,10 @@ index a2de944..857076c 100644
+ return (valid) ? total : SSIZE_MAX;
+}
+
+
static int request_check_hostname(buffer *host) {
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
size_t i;
@@ -409,6 +442,7 @@ static int request_uri_is_valid_char(unsigned char c) {
return 1;
}
+
int http_request_parse(server *srv, connection *con) {
char *uri = NULL, *proto = NULL, *method = NULL, con_length_set;
int is_key = 1, key_len = 0, is_ws_after_key = 0, in_folding;
@@ -1294,6 +1328,21 @@ int http_request_parse(server *srv, connection *con) {
@@ -1287,6 +1316,22 @@ int http_request_parse(server *srv, connection *con) {
return 0;
}
@ -78,9 +72,10 @@ index a2de944..857076c 100644
+ return 0;
+ }
+ }
+
break;
default:
break;
--
1.8.3.1
2.7.4

View File

@ -0,0 +1,289 @@
From c58d174a1d2872272bfa9d83c642591f04effcb1 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 29 Mar 2017 21:56:41 -0400
Subject: [PATCH] lighttpd tpm support
---
src/base.h | 24 ++++++++++++
src/configfile.c | 6 ++-
src/mod_openssl.c | 113 +++++++++++++++++++++++++++++++++++++++++++++---------
src/server.c | 17 +++++++-
4 files changed, 139 insertions(+), 21 deletions(-)
diff --git a/src/base.h b/src/base.h
index 2fe60b6..bddcd01 100644
--- a/src/base.h
+++ b/src/base.h
@@ -15,6 +15,21 @@
#include "sock_addr.h"
#include "etag.h"
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+# define USE_OPENSSL
+# include <openssl/opensslconf.h>
+# ifndef USE_OPENSSL_KERBEROS
+# ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+# endif
+# endif
+# include <openssl/ssl.h>
+# include <openssl/engine.h>
+# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define OPENSSL_NO_TLSEXT
+# endif
+#endif
+
struct fdevents; /* declaration */
struct stat_cache; /* declaration */
@@ -360,6 +375,13 @@ typedef struct {
unsigned short high_precision_timestamps;
time_t loadts;
double loadavg[3];
+#ifdef USE_OPENSSL
+ // TPM engine and object configuration
+ buffer *tpm_object;
+ buffer *tpm_engine;
+ ENGINE *tpm_engine_ref;
+ EVP_PKEY *tpm_key;
+#endif
buffer *syslog_facility;
} server_config;
@@ -400,6 +422,8 @@ struct server {
int con_written;
int con_closed;
+ int tpm_is_init; // has TPM been initialized already
+
int max_fds; /* max possible fds */
int cur_fds; /* currently used fds */
int want_fds; /* waiting fds */
diff --git a/src/configfile.c b/src/configfile.c
index c3b0f16..dca2a29 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -276,8 +276,10 @@ static int config_insert(server *srv) {
{ "server.syslog-facility", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
{ "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */
{ "server.http-parseopts", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_SERVER }, /* 82 */
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 83 */
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 84 */
- { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
+ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
/* all T_CONFIG_SCOPE_SERVER options */
@@ -318,6 +320,8 @@ static int config_insert(server *srv) {
cv[80].destination = srv->srvconf.syslog_facility;
http_parseopts = array_init();
cv[82].destination = http_parseopts;
+ cv[83].destination = srv->srvconf.tpm_object;
+ cv[84].destination = srv->srvconf.tpm_engine;
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index 75e0873..4cb0335 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -422,6 +422,29 @@ error:
return NULL;
}
+static EVP_PKEY*
+evp_pkey_load_tpm_object_file(server *srv) {
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
+ return NULL;
+
+ if (srv->srvconf.tpm_key) {
+ // if a TPM key was previously loaded
+ // then return that as there is no need to
+ // reload this key into TPM
+ return srv->srvconf.tpm_key;
+ }
+
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
+ srv->srvconf.tpm_object->ptr,
+ NULL, NULL);
+ if (!pkey) {
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ return NULL;
+ }
+ srv->srvconf.tpm_key = pkey;
+ return pkey;
+}
static EVP_PKEY *
evp_pkey_load_pem_file (server *srv, const char *file)
@@ -476,15 +499,23 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
if (NULL == s->ssl_pemfile_x509) return -1;
- s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr);
- if (NULL == s->ssl_pemfile_pkey) return -1;
-
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key,"
- " reason:", ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+
+ // if TPM mode is enabled then load the TPM key otherwise load
+ // the regular SSL private key
+ if (srv->tpm_is_init) {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
+ }
+ else {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
+
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
+
}
return 0;
@@ -651,6 +682,43 @@ network_init_ssl (server *srv, void *p_d)
force_assert(NULL != local_send_buffer);
}
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * if TPM mode is configured, and we have not previously
+ * initialized the engine then do so now
+ */
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
+ (!srv->tpm_is_init)) {
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
+ // load the dynamic TPM engine
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)");
+ return -1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
+ srv->srvconf.tpm_engine->ptr, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ if (ENGINE_init(engine) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_finish(engine);
+ return -1;
+ }
+ srv->tpm_is_init = 1;
+ // stow away for ENGINE cleanup
+ srv->srvconf.tpm_engine_ref = engine;
+ }
+ else { // no TPM engine found
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "TPM engine option not set when TPM mode expected");
+ return -1;
+ }
+ }
+
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
@@ -911,29 +979,36 @@ network_init_ssl (server *srv, void *p_d)
}
}
- if (1 != SSL_CTX_use_certificate_chain_file(s->ssl_ctx,
- s->ssl_pemfile->ptr)) {
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile);
return -1;
}
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile);
return -1;
}
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public "
- "key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+ /*
+ * Only check private key against loaded
+ * certificate, in non TPM mode, since
+ * if this is a TPM key then it is wrapped
+ * and will not match the public key
+ */
+ if (!srv->tpm_is_init) {
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
}
+
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
| SSL_MODE_ENABLE_PARTIAL_WRITE
diff --git a/src/server.c b/src/server.c
index f6409bb..2ace3f8 100644
--- a/src/server.c
+++ b/src/server.c
@@ -246,6 +246,11 @@ static server *server_init(void) {
CLEAN(srvconf.pid_file);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -347,6 +352,14 @@ static void server_free(server *srv) {
CLEAN(srvconf.xattr_name);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+ // don't free the tpm_key as that will be freed
+ // below as ssl_pemfile_pkey
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -776,7 +789,9 @@ static int log_error_open(server *srv) {
if (-1 == (errfd = fdevent_open_devnull())) {
log_error_write(srv, __FILE__, __LINE__, "ss",
"opening /dev/null failed:", strerror(errno));
- return -1;
+ /* In version 1.4.45 it will also failed here but not check return value of openDevNull(STDERR_FILENO)
+ need further check with upstrean to see if there is a potential bug */
+ //return -1;
}
}
else {
--
2.7.4

View File

@ -1,255 +0,0 @@
From 3cf42638ea162be04cbfc8b8eedbef6292336640 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 29 Mar 2017 21:56:41 -0400
Subject: [PATCH] lighttpd tpm support
---
src/base.h | 10 ++++-
src/configfile.c | 4 ++
src/network.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++---------
src/server.c | 12 +++++-
4 files changed, 118 insertions(+), 19 deletions(-)
diff --git a/src/base.h b/src/base.h
index 134fc41..5fab1fd 100644
--- a/src/base.h
+++ b/src/base.h
@@ -37,6 +37,7 @@
# endif
# endif
# include <openssl/ssl.h>
+# include <openssl/engine.h>
# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
# define OPENSSL_NO_TLSEXT
# endif
@@ -567,6 +568,13 @@ typedef struct {
unsigned short high_precision_timestamps;
time_t loadts;
double loadavg[3];
+#ifdef USE_OPENSSL
+ // TPM engine and object configuration
+ buffer *tpm_object;
+ buffer *tpm_engine;
+ ENGINE *tpm_engine_ref;
+ EVP_PKEY *tpm_key;
+#endif
} server_config;
typedef struct server_socket {
@@ -610,7 +618,7 @@ typedef struct server {
int con_closed;
int ssl_is_init;
-
+ int tpm_is_init; // has TPM been initialized already
int max_fds; /* max possible fds */
int cur_fds; /* currently used fds */
int want_fds; /* waiting fds */
diff --git a/src/configfile.c b/src/configfile.c
index bba6925..da818ed 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -145,6 +145,8 @@ static int config_insert(server *srv) {
{ "server.stream-response-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 77 */
{ "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */
{ "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 81 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@@ -184,6 +186,8 @@ static int config_insert(server *srv) {
cv[73].destination = &(srv->srvconf.http_host_strict);
cv[74].destination = &(srv->srvconf.http_host_normalize);
cv[78].destination = &(srv->srvconf.max_request_field_size);
+ cv[80].destination = srv->srvconf.tpm_object;
+ cv[81].destination = srv->srvconf.tpm_engine;
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
diff --git a/src/network.c b/src/network.c
index 4295fe9..6460e72 100644
--- a/src/network.c
+++ b/src/network.c
@@ -613,6 +613,29 @@ error:
return NULL;
}
+static EVP_PKEY* evp_pkey_load_tpm_object_file(server *srv) {
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
+ return NULL;
+
+ if (srv->srvconf.tpm_key) {
+ // if a TPM key was previously loaded
+ // then return that as there is no need to
+ // reload this key into TPM
+ return srv->srvconf.tpm_key;
+ }
+
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
+ srv->srvconf.tpm_object->ptr,
+ NULL, NULL);
+ if (!pkey) {
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ return NULL;
+ }
+ srv->srvconf.tpm_key = pkey;
+ return pkey;
+}
+
static EVP_PKEY* evp_pkey_load_pem_file(server *srv, const char *file) {
BIO *in;
EVP_PKEY *x = NULL;
@@ -658,15 +681,23 @@ static int network_openssl_load_pemfile(server *srv, size_t ndx) {
#endif
if (NULL == (s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
- if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
- }
+ // if TPM mode is enabled then load the TPM key otherwise load
+ // the regular SSL private key
+ if (srv->tpm_is_init) {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv))) return -1;
+ }
+ else {
+ if (NULL == (s->ssl_pemfile_pkey = evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr))) return -1;
+
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
+ }
return 0;
}
@@ -791,6 +822,44 @@ int network_init(server *srv) {
}
}
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * if TPM mode is configured, and we have not previously
+ * initialized the engine then do so now
+ */
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
+ (!srv->tpm_is_init)) {
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
+ // load the dynamic TPM engine
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)");
+ return -1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
+ srv->srvconf.tpm_engine->ptr, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ if (ENGINE_init(engine) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_finish(engine);
+ return -1;
+ }
+ srv->tpm_is_init = 1;
+ // stow away for ENGINE cleanup
+ srv->srvconf.tpm_engine_ref = engine;
+ }
+ else { // no TPM engine found
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "TPM engine option not set when TPM mode expected");
+ return -1;
+ }
+ }
+ ///
+
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
@@ -975,24 +1044,32 @@ int network_init(server *srv) {
SSL_CTX_set_verify_depth(s->ssl_ctx, s->ssl_verifyclient_depth);
}
- if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
return -1;
}
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL), s->ssl_pemfile);
return -1;
}
-
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
- log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
- "Private key does not match the certificate public key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile);
- return -1;
+
+ /*
+ * Only check private key against loaded
+ * certificate, in non TPM mode, since
+ * if this is a TPM key then it is wrapped
+ * and will not match the public key
+ */
+ if (!srv->tpm_is_init) {
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "sssb", "SSL:",
+ "Private key does not match the certificate public key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile);
+ return -1;
+ }
}
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
diff --git a/src/server.c b/src/server.c
index f27b003..5adfa15 100644
--- a/src/server.c
+++ b/src/server.c
@@ -226,7 +226,10 @@ static server *server_init(void) {
CLEAN(srvconf.bindhost);
CLEAN(srvconf.event_handler);
CLEAN(srvconf.pid_file);
-
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+#endif
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -316,6 +319,13 @@ static void server_free(server *srv) {
CLEAN(srvconf.modules_dir);
CLEAN(srvconf.network_backend);
CLEAN(srvconf.xattr_name);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+ // don't free the tpm_key as that will be freed
+ // below as ssl_pemfile_pkey
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
+#endif
CLEAN(tmp_chunk_len);
#undef CLEAN
--
1.8.3.1

View File

@ -1,117 +0,0 @@
--- lighttpd-1.4.35/src/configfile-glue.c.orig 2014-03-06 15:08:00.000000000 +0100
+++ lighttpd-1.4.35/src/configfile-glue.c 2015-11-26 11:39:23.000000000 +0100
@@ -8,6 +8,10 @@
#include <string.h>
#include <stdlib.h>
+#include <stdint.h>
+#ifndef __WIN32
+#include <arpa/inet.h>
+#endif
/**
* like all glue code this file contains functions which
@@ -336,12 +340,22 @@ static cond_result_t config_check_cond_n
if ((dc->cond == CONFIG_COND_EQ ||
dc->cond == CONFIG_COND_NE) &&
- (con->dst_addr.plain.sa_family == AF_INET) &&
(NULL != (nm_slash = strchr(dc->string->ptr, '/')))) {
int nm_bits;
- long nm;
char *err;
struct in_addr val_inp;
+ struct in6_addr val_inp6;
+ int val_af;
+ uint8_t *a, *b;
+ int result_match, result_nomatch;
+
+ if (dc->cond == CONFIG_COND_EQ) {
+ result_match = COND_RESULT_TRUE;
+ result_nomatch = COND_RESULT_FALSE;
+ } else {
+ result_match = COND_RESULT_FALSE;
+ result_nomatch = COND_RESULT_TRUE;
+ }
if (*(nm_slash+1) == '\0') {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: no number after / ", dc->string);
@@ -356,10 +370,16 @@ static cond_result_t config_check_cond_n
return COND_RESULT_FALSE;
}
+ if (nm_bits < 0) {
+ log_error_write(srv, __FILE__, __LINE__, "sbs", "ERROR: negative netmask:", dc->string, err);
+
+ return COND_RESULT_FALSE;
+ }
/* take IP convert to the native */
buffer_copy_string_len(srv->cond_check_buf, dc->string->ptr, nm_slash - dc->string->ptr);
#ifdef __WIN32
+ val_af = AF_INET;
if (INADDR_NONE == (val_inp.s_addr = inet_addr(srv->cond_check_buf->ptr))) {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
@@ -367,21 +387,54 @@ static cond_result_t config_check_cond_n
}
#else
- if (0 == inet_aton(srv->cond_check_buf->ptr, &val_inp)) {
+ if (1 == inet_pton(AF_INET, srv->cond_check_buf->ptr, &val_inp)) {
+ val_af = AF_INET;
+ } else if (1 == inet_pton(AF_INET6, srv->cond_check_buf->ptr, &val_inp6)) {
+ val_af = AF_INET6;
+ } else {
log_error_write(srv, __FILE__, __LINE__, "sb", "ERROR: ip addr is invalid:", srv->cond_check_buf);
return COND_RESULT_FALSE;
}
#endif
- /* build netmask */
- nm = htonl(~((1 << (32 - nm_bits)) - 1));
+ if (val_af == AF_INET) {
+ if (nm_bits > 32) {
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv4 netmask too large:", nm_bits);
- if ((val_inp.s_addr & nm) == (con->dst_addr.ipv4.sin_addr.s_addr & nm)) {
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_TRUE : COND_RESULT_FALSE;
+ return COND_RESULT_FALSE;
+ }
+ a = (uint8_t *)&val_inp;
+ if (con->dst_addr.plain.sa_family == AF_INET) {
+ b = (uint8_t *)&con->dst_addr.ipv4.sin_addr.s_addr;
+ } else if (IN6_IS_ADDR_V4MAPPED(&con->dst_addr.ipv6.sin6_addr)) {
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[12];
+ } else {
+ return result_nomatch;
+ }
} else {
- return (dc->cond == CONFIG_COND_EQ) ? COND_RESULT_FALSE : COND_RESULT_TRUE;
+ if (nm_bits > 128) {
+ log_error_write(srv, __FILE__, __LINE__, "sd", "ERROR: ipv6 netmask too large:", nm_bits);
+
+ return COND_RESULT_FALSE;
+ }
+ a = (uint8_t *)&val_inp6;
+ if (con->dst_addr.plain.sa_family == AF_INET) {
+ return result_nomatch;
+ } else {
+ b = (uint8_t *)&con->dst_addr.ipv6.sin6_addr.s6_addr[0];
+ }
+ }
+ while (nm_bits) {
+ if (nm_bits >= 8) {
+ if (*a++ != *b++) return result_nomatch;
+ nm_bits -= 8;
+ } else {
+ if (*a >> (8 - nm_bits) != *b >> (8 - nm_bits)) return result_nomatch;
+ nm_bits = 0;
+ }
}
+ return result_match;
} else {
l = con->dst_addr_buf;
}

View File

@ -1,7 +1,7 @@
From 2b9054a9278f5b7a6af660eb5842b9ec32d50e74 Mon Sep 17 00:00:00 2001
From c25a30b4a0c7347234c2af4afab099b5735bbf71 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:59 -0400
Subject: [PATCH 8/9] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/net-snmp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 0ac1eef..8d109b8 100644
index 9b313cb..b015436 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -14,7 +14,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.2
-Release: 28%{?dist}.1
+Release: 28.el7%{?_tis_dist}.%{tis_patch_ver}
-Release: 33%{?dist}.2
+Release: 33.el7_5.2%{?_tis_dist}.%{tis_patch_ver}
Epoch: 1
License: BSD
--
1.9.1
2.7.4

View File

@ -1,14 +1,14 @@
From d984ab4a020a20082190e8029f45f06031f320da Mon Sep 17 00:00:00 2001
From 5dc19ad10a3f91803116a88c303134e9ff361bd5 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:59 -0400
Subject: [PATCH 6/9] WRS: run-snmpd-as-non-root-user.patch
Subject: [PATCH] WRS: run-snmpd-as-non-root-user.patch
Conflicts:
SPECS/net-snmp.spec
---
SOURCES/snmpd.service | 2 +-
SPECS/net-snmp.spec | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
SPECS/net-snmp.spec | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/SOURCES/snmpd.service b/SOURCES/snmpd.service
index 84b6ca3..ad689c8 100644
@ -24,19 +24,10 @@ index 84b6ca3..ad689c8 100644
ExecStart=/etc/init.d/snmpd start
ExecStop=/etc/init.d/snmpd stop
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index a433f40..0ac1eef 100644
index 3e36cb5..9b313cb 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -14,7 +14,7 @@
Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp
Version: 5.7.2
-Release: 28%{?dist}
+Release: 28%{?dist}.1
Epoch: 1
License: BSD
@@ -413,7 +413,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
@@ -428,7 +428,7 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
# WRS
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
@ -46,5 +37,5 @@ index a433f40..0ac1eef 100644
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
install -m 755 %SOURCE13 ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d/snmpd
--
1.9.1
2.7.4

View File

@ -1,14 +1,14 @@
From 05124f2495f4173848cac245c6579247a0e255d6 Mon Sep 17 00:00:00 2001
From 492d89dca4ca498b77847abc1f1313a800fec85e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:05:58 -0400
Subject: [PATCH 3/9] WRS: snmp-spec-add-init-script.patch
Subject: [PATCH] WRS: snmp-spec-add-init-script.patch
---
SPECS/net-snmp.spec | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 85955d0..df248ac 100644
index da7706b..035d2f8 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -41,6 +41,7 @@ Source11: snmptrapd.service
@ -19,7 +19,7 @@ index 85955d0..df248ac 100644
Patch1: net-snmp-5.7.2-pie.patch
Patch2: net-snmp-5.5-dir-fix.patch
@@ -414,6 +415,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
@@ -429,6 +430,9 @@ install -m 644 %SOURCE6 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
install -m 644 %SOURCE12 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmpd.conf
chmod 600 ${RPM_BUILD_ROOT}%{_sysconfdir}/snmp/snmptrapd.conf
@ -29,14 +29,14 @@ index 85955d0..df248ac 100644
install -d ${RPM_BUILD_ROOT}%{_initrddir}
install -m 755 %SOURCE2 ${RPM_BUILD_ROOT}%{_initrddir}/snmpd
install -m 755 %SOURCE3 ${RPM_BUILD_ROOT}%{_initrddir}/snmptrapd
@@ -553,6 +557,7 @@ rm -rf ${RPM_BUILD_ROOT}
@@ -568,6 +572,7 @@ rm -rf ${RPM_BUILD_ROOT}
%dir %{_localstatedir}/run/net-snmp
%{_prefix}/lib/tmpfiles.d/net-snmp.conf
%{_unitdir}/snmp*
+%{_sysconfdir}/rc.d/init.d/snmpd
%config(noreplace) %{_sysconfdir}/sysconfig/snmpd
%config(noreplace) %{_sysconfdir}/sysconfig/snmptrapd
%attr(0755,root,root) %{_bindir}/net-snmp-config*
--
1.9.1
2.7.4

View File

@ -1,8 +1,18 @@
From 0358f8ee4e56fbd3f4c54409b3dbe5c9fdff3a27 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Sun, 12 Aug 2018 22:07:24 +0800
Subject: [PATCH] spec-configure-without-HOST-RESOURCES-MIB
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/net-snmp.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec
index 12323a4..1e23fba 100644
index a1b3720..e6e5d8c 100644
--- a/SPECS/net-snmp.spec
+++ b/SPECS/net-snmp.spec
@@ -331,7 +331,7 @@ rm testing/fulltests/default/T200*
@@ -342,7 +342,7 @@ rm testing/fulltests/default/T200*
%endif
%build
@ -11,7 +21,7 @@ index 12323a4..1e23fba 100644
ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \
ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \
ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \
@@ -352,6 +352,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
@@ -363,6 +363,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib"
--with-logfile="/var/log/snmpd.log" \
--with-persistent-directory="/var/lib/net-snmp" \
--with-mib-modules="$MIBS" \
@ -19,3 +29,6 @@ index 12323a4..1e23fba 100644
%if %{netsnmp_tcp_wrappers}
--with-libwrap=yes \
%endif
--
2.7.4

View File

@ -1 +1 @@
mirror:Source/net-snmp-5.7.2-28.el7.src.rpm
mirror:Source/net-snmp-5.7.2-33.el7_5.2.src.rpm

View File

@ -1,4 +1,4 @@
From 55b381fed1b1bae9bd0bdfabd07246f40805252e Mon Sep 17 00:00:00 2001
From bb0bf50256fd7d85d7f6f9eeb64d621a5698cfcc Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 27 Sep 2016 21:23:24 -0400
Subject: [PATCH] Update package versioning for TIS format
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
index c10c448..74c13eb 100644
index 02dd5f8..a4579f5 100644
--- a/SPECS/netpbm.spec
+++ b/SPECS/netpbm.spec
@@ -1,7 +1,7 @@
Summary: A library for handling different graphics file formats
Name: netpbm
Version: 10.61.02
-Release: 9%{?dist}
+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver}
Version: 10.79.00
-Release: 7%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
# See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain
Group: System Environment/Libraries
--
1.8.3.1
2.7.4

View File

@ -1,16 +1,26 @@
From 4d8601d4eda671c7da04f7eb438e20407f33b09b Mon Sep 17 00:00:00 2001
From: zhipengl <zhipengs.liu@intel.com>
Date: Wed, 22 Aug 2018 01:02:40 +0800
Subject: 0001-remove-ghostscript.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/netpbm.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec
index c0a2d27..c10c448 100644
index 82eafb8..02dd5f8 100644
--- a/SPECS/netpbm.spec
+++ b/SPECS/netpbm.spec
@@ -40,6 +40,7 @@ Patch28: netpbm-compare-same-images.patch
Patch29: netpbm-manual-pages.patch
Patch30: netpbm-pnmtops-hangs.patch
Patch31: netpbm-pgmtexture-fault.patch
+Patch32: remove-pstopnm.patch
@@ -31,6 +31,7 @@ Patch15: netpbm-pamtojpeg2k.patch
Patch16: netpbm-manfix.patch
Patch17: netpbm-manual-pages.patch
Patch18: netpbm-ppmfadeusage.patch
+Patch19: remove-pstopnm.patch
BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
@@ -66,7 +67,6 @@ to have the netpbm package installed.
@@ -57,7 +58,6 @@ to have the netpbm package installed.
%package progs
Summary: Tools for manipulating graphics files in netpbm supported formats
Group: Applications/Multimedia
@ -18,12 +28,14 @@ index c0a2d27..c10c448 100644
Requires: netpbm = %{version}-%{release}
%description progs
@@ -102,6 +102,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch16 -p1 -b .manfix
%patch17 -p1 -b .manual-pages
%patch18 -p1 -b .ppmfadeusage
+%patch19 -p1
@@ -120,6 +120,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch29 -p1 -b .manual-pages
%patch30 -p1 -b .pnmtops-hangs
%patch31 -p1 -b .pgmtexture-fault
+%patch32 -p1
sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
rm -rf converter/other/jpeg2000/libjasper/
sed -i -e 's/SUBDIRS += libjasper//' converter/other/jpeg2000/Makefile
--
2.7.4

View File

@ -1,25 +1,37 @@
diff --git a/netpbm-10.61.02/converter/other/Makefile b/netpbm-10.61.02/converter/other/Makefile
index 746db87..02c66b4 100644
--- a/netpbm-10.61.02/converter/other/Makefile
+++ b/netpbm-10.61.02/converter/other/Makefile
From ba7b88e20f58d1d549bf7eec2e7fc2fa2a229362 Mon Sep 17 00:00:00 2001
From: zhipengl <zhipengs.liu@intel.com>
Date: Wed, 22 Aug 2018 00:50:54 +0800
Subject: remove-pstopnm.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
converter/other/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/converter/other/Makefile b/converter/other/Makefile
index b01f66a..6e9c84f 100644
--- a/converter/other/Makefile
+++ b/converter/other/Makefile
@@ -7,6 +7,7 @@ VPATH=.:$(SRCDIR)/$(SUBDIR)
include $(BUILDDIR)/config.mk
+USE_GHOSTSCRIPT=N
TEST_PKGCONFIG_LIBXML2 = if pkg-config libxml-2.0; then echo exists; fi
TEST_PKGCONFIG_LIBXML2 = if $(PKG_CONFIG) libxml-2.0; then echo exists; fi
ifneq ($(shell $(TEST_PKGCONFIG_LIBXML2)),)
@@ -134,10 +135,12 @@ BINARIES = \
rasttopnm \
srftopam \
@@ -126,9 +127,11 @@ PORTBINARIES = avstopam bmptopnm fitstopnm \
rasttopnm rlatopam sgitopnm sirtopnm srftopam sunicontopnm \
winicontopam xwdtopnm yuy2topam zeisstopnm
+ifneq ($(USE_GHOSTSCRIPT),N)
ifneq ($(DONT_HAVE_PROCESS_MGMT),Y)
PORTBINARIES += pstopnm
BINARIES += pnmtops
PORTBINARIES += pstopnm pnmtops
endif
+endif
ifeq ($(HAVE_PNGLIB),Y)
BINARIES += pnmtopng pngtopam pamrgbatopng
PORTBINARIES += pamtopng pnmtopng pngtopam
--
2.7.4

View File

@ -1 +1 @@
mirror:Source/netpbm-10.61.02-9.el7.src.rpm
mirror:Source/netpbm-10.79.00-7.el7.src.rpm

View File

@ -1,7 +1,7 @@
From af36b0f028b07a6487e57040bb6c980ff6a4a41c Mon Sep 17 00:00:00 2001
From 30615fcee3c857e0bb2900a64e14b807adff5495 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:29:01 -0400
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/ntp.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
index f717899..454020c 100644
index 73ab0f7..bf9c32b 100644
--- a/SPECS/ntp.spec
+++ b/SPECS/ntp.spec
@@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities
Name: ntp
Version: 4.2.6p5
-Release: 25%{?dist}.2
+Release: 25.el7.centos.2%{?_tis_dist}.%{tis_patch_ver}
-Release: 28%{?dist}
+Release: 28.el7.centos%{?_tis_dist}.%{tis_patch_ver}
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/ntp-4.2.6p5-25.el7.centos.2.src.rpm
mirror:Source/ntp-4.2.6p5-28.el7.centos.src.rpm

View File

@ -1,7 +1,7 @@
From 099d1c1f3376673e9a3c5747c87c8c756c883ce6 Mon Sep 17 00:00:00 2001
From 857b95ac924a980c60d894148d3c5d41aca8447d Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 22 Mar 2018 11:45:26 -0400
Subject: [PATCH 1/1] CGTS-9265: patch to harden server and client config
Subject: [PATCH] CGTS-9265: patch to harden server and client config
Replace the hardcoded sshd_config and ssh_config files with patches
to openssh.
@ -12,12 +12,12 @@ Signed-off-by: Andy Ning <andy.ning@windriver.com>
1 file changed, 6 insertions(+)
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 7ee5bd8..7c464a2 100644
index 442261e..c62e6c8 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -240,6 +240,9 @@ Patch955: openssh-7.4p1-sandbox-ibmca.patch
# Back to UseDNS=yes by default (#1478175)
Patch956: openssh-7.4p1-usedns-yes.patch
@@ -251,6 +251,9 @@ Patch959: openssh-7.4p1-authorized_keys_command.patch
# Fix for CVE-2017-15906 (#1517226)
Patch960: openssh-7.5p1-sftp-empty-files.patch
+# WRS: harden server and client config
+Patch1000: harden-server-and-client-config.patch
@ -25,7 +25,7 @@ index 7ee5bd8..7c464a2 100644
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -494,6 +497,9 @@ popd
@@ -511,6 +514,9 @@ popd
%patch100 -p1 -b .coverity
@ -36,5 +36,5 @@ index 7ee5bd8..7c464a2 100644
# Nothing here yet
%endif
--
1.8.3.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/openssh-7.4p1-12.el7_4.src.rpm
mirror:Source/openssh-7.4p1-16.el7.src.rpm

View File

@ -1,4 +1,4 @@
From df02d7127b6feba73728380493033f5b212faab7 Mon Sep 17 00:00:00 2001
From ebeb61340d3bc91c2489846a00878c557310634d Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 27 Sep 2016 10:49:05 -0400
Subject: [PATCH] Update package versioning for TIS format
@ -8,18 +8,18 @@ Subject: [PATCH] Update package versioning for TIS format
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/pam.spec b/SPECS/pam.spec
index a702aca..dabbeee 100644
index 0ee1747..e397385 100644
--- a/SPECS/pam.spec
+++ b/SPECS/pam.spec
@@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.1.8
-Release: 18%{?dist}
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver}
-Release: 22%{?dist}
+Release: 22.el7%{?_tis_dist}.%{tis_patch_ver}
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
--
1.8.3.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/pam-1.1.8-18.el7.src.rpm
mirror:Source/pam-1.1.8-22.el7.src.rpm

View File

@ -1,7 +1,7 @@
From 20f4e2f0f19c6d0e9c8ee1314481bc8e85dbd5bb Mon Sep 17 00:00:00 2001
From a6709dfc64368bac4970e3b99512a4e1b4b8e756 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:32:24 -0400
Subject: [PATCH 1/1] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/rsync.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/rsync.spec b/SPECS/rsync.spec
index 85b01f2..310b284 100644
index d5f6d55..d9cb5ed 100644
--- a/SPECS/rsync.spec
+++ b/SPECS/rsync.spec
@@ -8,7 +8,7 @@
Summary: A program for synchronizing files over a network
Name: rsync
Version: 3.0.9
-Release: 18%{?prerelease}%{?dist}
+Release: 18.el7%{?_tis_dist}.%{tis_patch_ver}
Version: 3.1.2
-Release: 4%{?prerelease}%{?dist}
+Release: 4.el7%{?_tis_dist}.%{tis_patch_ver}
Group: Applications/Internet
URL: http://rsync.samba.org/
--
1.9.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/rsync-3.0.9-18.el7.src.rpm
mirror:Source/rsync-3.1.2-4.el7.src.rpm

View File

@ -1,7 +1,7 @@
From 112dfdc394a779a860c79c067d47142dc1db2484 Mon Sep 17 00:00:00 2001
From b37781fdf5c5f4b373f124875c39ae10697c5898 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:45:32 -0400
Subject: [PATCH 3/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/sanlock.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/sanlock.spec b/SPECS/sanlock.spec
index b4996de..ebce8c1 100644
index 5bfb8e4..587fcb2 100644
--- a/SPECS/sanlock.spec
+++ b/SPECS/sanlock.spec
@@ -6,7 +6,7 @@
Name: sanlock
Version: 3.5.0
Version: 3.6.0
-Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A shared storage lock manager
Group: System Environment/Base
--
1.9.1
2.7.4

View File

@ -1,2 +1,2 @@
mirror:Source/sanlock-3.5.0-1.el7.src.rpm
mirror:Source/sanlock-3.6.0-1.el7.src.rpm

View File

@ -1,14 +1,14 @@
From 412fc338e588c92ee0be3bf1b1af0040fac9f500 Mon Sep 17 00:00:00 2001
From 667cc2ccdd4451ce9d943064d714bcf1a8d1e4ed Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 26 Sep 2016 17:40:54 -0400
Subject: [PATCH] Update package versioning for TIS format
Subject: [PATCH 09/15] Update package versioning for TIS format
---
SPECS/setup.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 223bfd5..89a4d2f 100644
index 3ad2458..8f5fc46 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
@ -16,10 +16,10 @@ index 223bfd5..89a4d2f 100644
Name: setup
Version: 2.8.71
-Release: 9%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
URL: https://pagure.io/setup/
--
1.8.3.1
2.7.4

View File

@ -1,8 +1,7 @@
From 2f6906e33b91dc28c7b48ce5604501ce09cfaed6 Mon Sep 17 00:00:00 2001
Message-Id: <2f6906e33b91dc28c7b48ce5604501ce09cfaed6.1468352966.git.Jim.Somerville@windriver.com>
From 6d54fd5dff19e69d2d9c01e508fd4276e4eaef5b Mon Sep 17 00:00:00 2001
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Tue, 12 Jul 2016 15:43:47 -0400
Subject: [PATCH 1/1] security make exports and fstab only root accessible
Subject: [PATCH 07/15] security make exports and fstab only root accessible
Apply a chmod of 600 to the two files.
@ -12,17 +11,17 @@ Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
1 file changed, 1 insertion(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index d40113f..6c18614 100644
index db3ed17..a612d24 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -65,6 +65,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
@@ -69,6 +69,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
+chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
mkdir -p %{buildroot}/etc/profile.d
--
1.8.3.1
2.7.4

View File

@ -1,40 +1,43 @@
From 13bee9ed7d91fae3d66f91d4e4aa139ca3d05f66 Mon Sep 17 00:00:00 2001
From d8ab20a896750f9fcd257d3e64cb0ef34e35140a Mon Sep 17 00:00:00 2001
From: David Balme <david.balme@windriver.com>
Date: Thu, 13 Oct 2016 08:40:27 -0400
Subject: [PATCH 1/1] add TMOUT variable
Subject: [PATCH 10/15] add TMOUT variable
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
SPECS/setup.spec | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89a4d2f..1f5c96a 100644
index 8f5fc46..a6465dc 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -8,6 +8,7 @@ URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
@@ -8,6 +8,7 @@ URL: https://pagure.io/setup/
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
Source1: motd
Source2: prompt.sh
+Source3: custom.sh
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -70,6 +71,7 @@ touch %{buildroot}/etc/subgid
@@ -73,8 +74,9 @@ touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
chmod 0600 %{buildroot}/etc/{exports,fstab}
install -m 644 %{SOURCE1} %{buildroot}/etc/
install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
-install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
mkdir -p %{buildroot}/etc/profile.d
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
+install -m 644 %{SOURCE3} %{buildroot}/etc/profile.d/custom.sh
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -125,6 +127,7 @@ end
@@ -133,6 +135,7 @@ end
%config(noreplace) /etc/motd
%dir /etc/profile.d
/etc/profile.d/prompt.sh
+/etc/profile.d/custom.sh
%config(noreplace) /etc/profile.d/sh.local
%config(noreplace) /etc/profile.d/csh.local
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
--
1.8.3.1
2.7.4

View File

@ -1,26 +1,33 @@
commit f944ef677dc090e91b790ac54064d61d071edb5c
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon Sep 25 12:20:43 2017 -0400
From 1c1e025ff9cdf5a5041959434a79014e24015271 Mon Sep 17 00:00:00 2001
From: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon, 27 Aug 2018 17:55:18 +0800
Add ironic-uid-gid.patch to SPECS
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 2ec3541..55dd30b 100644
index 367a13b..974113e 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -28,6 +28,7 @@ Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch
+Patch13: add-ironic-uid-gid.patch
@@ -30,6 +30,7 @@ Patch11: snmpd-fm-user-group.patch
Patch12: remove-unused-default-groups.patch
Patch13: add-fm-user-to-snmpd-group.patch
Patch14: add-magnum-uid-gid.patch
+Patch15: add-ironic-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
%patch10 -p1
%patch11 -p1
@@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile.
%patch12 -p1
+%patch13 -p1
%patch13 -p1
%patch14 -p1
+%patch15 -p1
./shadowconvert.sh
--
2.7.4

View File

@ -1,32 +1,32 @@
From 11086bd4422e8f24a0b070eb16e53b08f4561c61 Mon Sep 17 00:00:00 2001
From 23dda8869b96f7df3db3fc885ca960b4889c82c0 Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Thu, 3 Aug 2017 16:18:34 -0400
Subject: [PATCH 1/1] meta add magnum uid and gid
Subject: [PATCH 12/15] meta add magnum uid and gid
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9ee24ca..2ec3541 100644
index 6a871f3..367a13b 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -27,6 +27,7 @@ Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
+Patch12: add-magnum-uid-gid.patch
@@ -29,6 +29,7 @@ Patch10: passwd-remove-unused-default-users-and-groups.patch
Patch11: snmpd-fm-user-group.patch
Patch12: remove-unused-default-groups.patch
Patch13: add-fm-user-to-snmpd-group.patch
+Patch14: add-magnum-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -46,6 +47,7 @@ setup files, such as passwd, group, and profile.
%patch9 -p1
%patch10 -p1
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
%patch11 -p1
+%patch12 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,32 +1,32 @@
From bb774f39b779de4e31007fc70bead641820ae74f Mon Sep 17 00:00:00 2001
From 07aca8a7f571059552dceb9a83d7b231e6ba01ff Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 8 Jan 2018 12:28:08 -0500
Subject: [PATCH 1/1] meta add murano uid and gid
Subject: [PATCH 14/15] meta add murano uid and gid
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 55dd30b..b652b3c 100644
index 974113e..7f636ea 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -29,6 +29,7 @@ Patch10: remove-unused-default-groups.patch
Patch11: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch
Patch13: add-ironic-uid-gid.patch
+Patch14: add-murano-uid-gid.patch
@@ -31,6 +31,7 @@ Patch12: remove-unused-default-groups.patch
Patch13: add-fm-user-to-snmpd-group.patch
Patch14: add-magnum-uid-gid.patch
Patch15: add-ironic-uid-gid.patch
+Patch16: add-murano-uid-gid.patch
%description
The setup package contains a set of important system configuration and
@@ -50,6 +51,7 @@ setup files, such as passwd, group, and profile.
%patch11 -p1
%patch12 -p1
@@ -54,6 +55,7 @@ setup files, such as passwd, group, and profile.
%patch13 -p1
+%patch14 -p1
%patch14 -p1
%patch15 -p1
+%patch16 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,32 +1,32 @@
From 8c24c1c8bc9b703714c52b9b45cd3ea90f4a6604 Mon Sep 17 00:00:00 2001
From 34c8b5f204877ae54d07248b9729353c8f8dfecf Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.Wang@windriver.com>
Date: Thu, 7 Jun 2018 16:39:08 -0400
Subject: [PATCH] spec add uid gid for telemetry services
Subject: [PATCH 15/15] spec add uid gid for telemetry services
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index b652b3c..76d4feb 100644
index 7f636ea..4f11a37 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -30,6 +30,7 @@ Patch11: add-fm-user-to-snmpd-group.patch
Patch12: add-magnum-uid-gid.patch
Patch13: add-ironic-uid-gid.patch
Patch14: add-murano-uid-gid.patch
+Patch15: add-uid-gid-for-telemetry-services.patch
@@ -32,6 +32,7 @@ Patch13: add-fm-user-to-snmpd-group.patch
Patch14: add-magnum-uid-gid.patch
Patch15: add-ironic-uid-gid.patch
Patch16: add-murano-uid-gid.patch
+Patch17: add-uid-gid-for-telemetry-services.patch
%description
The setup package contains a set of important system configuration and
@@ -52,6 +53,7 @@ setup files, such as passwd, group, and profile.
%patch12 -p1
%patch13 -p1
@@ -56,6 +57,7 @@ setup files, such as passwd, group, and profile.
%patch14 -p1
+%patch15 -p1
%patch15 -p1
%patch16 -p1
+%patch17 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,35 +1,43 @@
setup.spec: to include Titanium Cloud specific changes
From 236314295289b829e6216022a247017f7c0851c7 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 22:41:01 +0800
Subject: [PATCH 01/15] setup.spec: to include Titanium Cloud specific changes
To include files under cgcs/recipes-base/setup/files/*
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 9174b5a..efc52ca 100644
index 317132b..4ac1019 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -6,6 +6,7 @@ License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
URL: https://pagure.io/setup/
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
+Source1: motd
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -55,6 +56,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
@@ -59,6 +60,7 @@ chmod 0644 %{buildroot}/var/log/lastlog
touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
+install -m 644 %{SOURCE1} %{buildroot}/etc/
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -107,6 +109,7 @@ end
mkdir -p %{buildroot}/etc/profile.d
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
@@ -115,6 +117,7 @@ end
%attr(0600,root,root) %config(noreplace,missingok) /etc/securetty
%config(noreplace) /etc/csh.login
%config(noreplace) /etc/csh.cshrc
+%config(noreplace) /etc/motd
%dir /etc/profile.d
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%config(noreplace) /etc/profile.d/sh.local
%config(noreplace) /etc/profile.d/csh.local
--
1.8.3.1
2.7.4

View File

@ -1,22 +1,33 @@
From 3eb03183dc24b865dd3e84495a82899f39665690 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 23:17:05 +0800
Subject: [PATCH 11/15] spec-include-add-fm-user-to-snmpd-group
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index a6465dc..6a871f3 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -26,6 +26,7 @@ Patch6: updating-gids-and-uids-to-suppor
Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
Patch10: remove-unused-default-groups.patch
+Patch11: add-fm-user-to-snmpd-group.patch
@@ -28,6 +28,7 @@ Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch10: passwd-remove-unused-default-users-and-groups.patch
Patch11: snmpd-fm-user-group.patch
Patch12: remove-unused-default-groups.patch
+Patch13: add-fm-user-to-snmpd-group.patch
%description
The setup package contains a set of important system configuration and
@@ -44,6 +45,7 @@ setup files, such as passwd, group, and
%patch8 -p1
%patch9 -p1
@@ -48,6 +49,7 @@ setup files, such as passwd, group, and profile.
%patch10 -p1
+%patch11 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
./shadowconvert.sh
--
2.7.4

View File

@ -1,41 +1,32 @@
From 35ebbf2ca7e5e412f55cdaa875845728d203b34d Mon Sep 17 00:00:00 2001
From f0882fad769c71cb70b44251c79f39e7e13dbc48 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Fri, 12 Aug 2016 17:35:28 -0400
Subject: [PATCH] meta patch for snmpd-user-group.patch
Subject: [PATCH 06/15] meta patch for snmpd-user-group.patch
---
SPECS/setup.spec | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 89ff683..d40113f 100644
index 10d151b..db3ed17 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
Summary: A set of system configuration and setup files
Name: setup
Version: 2.8.71
-Release: 7%{?dist}
+Release: 8%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
+Patch9: snmpd-fm-user-group.patch
@@ -25,6 +25,7 @@ Patch7: setup-2.8.71-shlocal.patch
Patch8: tis-uid-gid.patch
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch10: passwd-remove-unused-default-users-and-groups.patch
+Patch11: snmpd-fm-user-group.patch
%description
The setup package contains a set of important system configuration and
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
%patch6 -p1
%patch7 -p1
@@ -43,6 +44,7 @@ setup files, such as passwd, group, and profile.
%patch8 -p1
+%patch9 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
From f882ce44d7e8574e9affc5e6471265029f9724ca Mon Sep 17 00:00:00 2001
From 1285d1381237a94df55df913aa268cd5bb9c6b89 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 21 Jul 2016 11:47:55 -0400
Subject: [PATCH] spec: add patch to remove unused users and groups
Subject: [PATCH 05/15] spec: add patch to remove unused users and groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
@ -9,25 +9,25 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3debacf..89ff683 100644
index 18283cd..10d151b 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -22,6 +22,7 @@ Patch4: setup-2.8.71-filesystems.patch
Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
+Patch8: passwd-remove-unused-default-users-and-groups.patch
@@ -24,6 +24,7 @@ Patch6: setup-2.8.71-tapeid.patch
Patch7: setup-2.8.71-shlocal.patch
Patch8: tis-uid-gid.patch
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
+Patch10: passwd-remove-unused-default-users-and-groups.patch
%description
The setup package contains a set of important system configuration and
@@ -37,6 +38,7 @@ setup files, such as passwd, group, and profile.
%patch5 -p1
%patch6 -p1
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
%patch7 -p1
+%patch8 -p1
%patch8 -p1
%patch9 -p1
+%patch10 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,42 +1,33 @@
From e882a5dfad4ad41a256ea3867e1a4c4a08df9a98 Mon Sep 17 00:00:00 2001
From 22d06a6c5c7b44db10060bf95b623dc3c1943a9a Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:28:43 -0400
Subject: [PATCH] spec: add patch to remove unused groups
Subject: [PATCH 08/15] spec: add patch to remove unused groups
Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
---
SPECS/setup.spec | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 6c18614..223bfd5 100644
index a612d24..3ad2458 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -1,7 +1,7 @@
Summary: A set of system configuration and setup files
Name: setup
Version: 2.8.71
-Release: 8%{?dist}
+Release: 9%{?dist}
License: Public Domain
Group: System Environment/Base
URL: https://fedorahosted.org/setup/
@@ -24,6 +24,7 @@ Patch6: tis-uid-gid.patch
Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch8: passwd-remove-unused-default-users-and-groups.patch
Patch9: snmpd-fm-user-group.patch
+Patch10: remove-unused-default-groups.patch
@@ -26,6 +26,7 @@ Patch8: tis-uid-gid.patch
Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Patch10: passwd-remove-unused-default-users-and-groups.patch
Patch11: snmpd-fm-user-group.patch
+Patch12: remove-unused-default-groups.patch
%description
The setup package contains a set of important system configuration and
@@ -41,6 +42,7 @@ setup files, such as passwd, group, and profile.
%patch7 -p1
%patch8 -p1
@@ -45,6 +46,7 @@ setup files, such as passwd, group, and profile.
%patch9 -p1
+%patch10 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,42 +1,46 @@
setup.spec: add custom shell login prompt
From d298b3b8a8a27e23d1589b99a2f9419505563a92 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 7 Aug 2018 22:53:18 +0800
Subject: [PATCH 03/15] setup.spec: add custom shell login prompt
A user can be set to use "sh" (which points to bash) as login prompt.
This makes the login shell to enter "POSIX" mode which will only
read/executes file /etc/profle and files in /etc/profiled.d. So create
custom login prompt in /etc/profiles.d
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/setup.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 3f74b90..184670f 100644
index 72cbcba..aa6b36e 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -7,6 +7,7 @@ Group: System Environment/Base
URL: https://fedorahosted.org/setup/
Source0: https://fedorahosted.org/releases/s/e/%{name}/%{name}-%{version}.tar.bz2
URL: https://pagure.io/setup/
Source0: http://releases.pagure.org/%{name}/%{name}-%{version}.tar.bz2
Source1: motd
+Source2: prompt.sh
BuildArch: noarch
BuildRequires: bash tcsh perl
#require system release for saner dependency order
@@ -59,6 +60,7 @@ touch %{buildroot}/etc/fstab
@@ -63,6 +64,7 @@ touch %{buildroot}/etc/fstab
touch %{buildroot}/etc/subuid
touch %{buildroot}/etc/subgid
install -m 644 %{SOURCE1} %{buildroot}/etc/
+install -m 644 %{SOURCE2} %{buildroot}/etc/profile.d/prompt.sh
# remove unpackaged files from the buildroot
rm -f %{buildroot}/etc/Makefile
@@ -113,6 +115,7 @@ end
mkdir -p %{buildroot}/etc/profile.d
echo "#Add any required envvar overrides to this file, it is sourced from /etc/profile" >%{buildroot}/etc/profile.d/sh.local
echo "#Add any required envvar overrides to this file, is sourced from /etc/csh.login" >%{buildroot}/etc/profile.d/csh.local
@@ -121,6 +123,7 @@ end
%config(noreplace) /etc/csh.cshrc
%config(noreplace) /etc/motd
%dir /etc/profile.d
+/etc/profile.d/prompt.sh
%config(noreplace) /etc/profile.d/sh.local
%config(noreplace) /etc/profile.d/csh.local
%config(noreplace) %verify(not md5 size mtime) /etc/shells
%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/fstab
--
1.8.3.1
2.7.4

View File

@ -1,32 +1,33 @@
From b4a83aefe522dc1674c4979436398661f3ae4572 Mon Sep 17 00:00:00 2001
From 935277306d01c917b81fa33ebc7f27b0edd61f7f Mon Sep 17 00:00:00 2001
From: Bart Wensley <barton.wensley@windriver.com>
Date: Mon, 27 Jun 2016 12:28:36 -0400
Subject: [PATCH 1/1] updating-gids-and-uids-to-support-upgrade-from-wrl.patch
Subject: [PATCH 04/15]
updating-gids-and-uids-to-support-upgrade-from-wrl.patch
---
SPECS/setup.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/setup.spec b/SPECS/setup.spec
index 184670f..3debacf 100644
index aa6b36e..18283cd 100644
--- a/SPECS/setup.spec
+++ b/SPECS/setup.spec
@@ -21,6 +21,7 @@ Patch3: setup-2.8.71-uidgidchanges.patch
Patch4: setup-2.8.71-filesystems.patch
Patch5: setup-2.8.71-fullpath.patch
Patch6: tis-uid-gid.patch
+Patch7: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
@@ -23,6 +23,7 @@ Patch5: setup-2.8.71-fullpath.patch
Patch6: setup-2.8.71-tapeid.patch
Patch7: setup-2.8.71-shlocal.patch
Patch8: tis-uid-gid.patch
+Patch9: updating-gids-and-uids-to-support-upgrade-from-wrl.patch
%description
The setup package contains a set of important system configuration and
@@ -35,6 +36,7 @@ setup files, such as passwd, group, and profile.
%patch4 -p1
%patch5 -p1
@@ -39,6 +40,7 @@ setup files, such as passwd, group, and profile.
%patch6 -p1
+%patch7 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
./shadowconvert.sh
--
1.8.3.1
2.7.4

View File

@ -1,7 +1,15 @@
From 02610c6c7bf89593a9b1e98eb5ee0cfba5c48707 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Thu, 16 Aug 2018 00:13:14 +0800
Subject: [PATCH] add-fm-user-to-snmpd-group
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
group | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/group b/group
index a3bb69e..9b77aae 100644
--- a/group
+++ b/group
@@ -21,7 +21,7 @@ neutron:x:164:neutron
@ -13,3 +21,6 @@
heat:x:187:heat
nfv:x:172:nfv
fm:x:195:fm
--
2.7.4

View File

@ -1,11 +1,16 @@
commit 51c505c59a1512c011fcda01d0583a2ddc6f3337
Author: Shoaib Nasir <shoaib.nasir@windriver.com>
Date: Mon Sep 25 11:39:29 2017 -0400
From 15d0ef24f88290887f1e154352b53f373a04e783 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Thu, 16 Aug 2018 00:15:04 +0800
Subject: [PATCH] add-ironic-uid-gid
add ironic group and passwd
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
group | 1 +
passwd | 1 +
2 files changed, 2 insertions(+)
diff --git a/group b/group
index 7d0244f..9979b99 100644
index f6a75e5..d9050fa 100644
--- a/group
+++ b/group
@@ -27,3 +27,4 @@ nfv:x:172:nfv
@ -22,3 +27,6 @@ index fce82e7..fb49ea3 100644
fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
magnum:x:1870:1870:OpenStack Magnum Daemons:/var/lib/magnum:/sbin/nologin
+ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
--
2.7.4

View File

@ -1,4 +1,4 @@
From 737295c6ad990e8e248fef6b378198c3326b90ba Mon Sep 17 00:00:00 2001
From fed037afbe78b47d46dbbd5838468e57bfe19884 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Thu, 11 Aug 2016 18:24:25 -0400
Subject: [PATCH] passwd: remove unused default users and groups
@ -13,7 +13,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
2 files changed, 16 deletions(-)
diff --git a/group b/group
index c21e2de..87a03c1 100644
index 825edbb..0a0a1b0 100644
--- a/group
+++ b/group
@@ -1,11 +1,7 @@
@ -33,7 +33,7 @@ index c21e2de..87a03c1 100644
dialout::18:
floppy::19:
-games::20:
tape::30:
tape::33:
-video::39:
-ftp::50:
lock::54:
@ -62,5 +62,5 @@ index 548435f..46a3d52 100644
rabbitmq:x:121:121::/var/lib/rabbitmq:/bin/sh
nova:x:994:162::/var/lib/nova:/bin/false
--
1.8.3.1
2.7.4

View File

@ -1,4 +1,4 @@
From d79451c9a047313fb8da27007ea9d99435e05ff2 Mon Sep 17 00:00:00 2001
From dbc791c8f24ffac0d98e86213e4d592660f6087c Mon Sep 17 00:00:00 2001
From: Michel Thebeau <michel.thebeau@windriver.com>
Date: Fri, 19 Aug 2016 09:21:44 -0400
Subject: [PATCH] CGTS-4685: setup: remove unused default groups
@ -14,7 +14,7 @@ Signed-off-by: Michel Thebeau <michel.thebeau@windriver.com>
1 file changed, 2 deletions(-)
diff --git a/group b/group
index 8794dde..0b93beb 100644
index 42a8ed1..a3bb69e 100644
--- a/group
+++ b/group
@@ -2,12 +2,10 @@ root::0:
@ -29,7 +29,7 @@ index 8794dde..0b93beb 100644
-man::15:
dialout::18:
floppy::19:
tape::30:
tape::33:
--
1.8.3.1
2.7.4

View File

@ -1 +1 @@
mirror:Source/setup-2.8.71-7.el7.src.rpm
mirror:Source/setup-2.8.71-9.el7.src.rpm

View File

@ -1,7 +1,7 @@
From 39b08b2cc4eb6d47490593a599db95703b74b754 Mon Sep 17 00:00:00 2001
From 21db84dcb55f87c792a6d59cef0c68741a9d24b1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:50:44 -0400
Subject: [PATCH 1/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Subject: [PATCH 1/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/sudo.spec
@ -10,18 +10,18 @@ Conflicts:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index c3a1a52..7d1486b 100644
index c8d2f64..b6402bb 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
Version: 1.8.19p2
-Release: 11%{?dist}
+Release: 11.el7_4%{?_tis_dist}.%{tis_patch_ver}
-Release: 14%{?dist}
+Release: 14.el7_5%{?_tis_dist}.%{tis_patch_ver}
License: ISC
Group: Applications/System
URL: http://www.courtesan.com/sudo/
--
1.9.1
2.7.4

View File

@ -1,35 +1,35 @@
From abc3ec24a957002962bb4038946291b84bea3859 Mon Sep 17 00:00:00 2001
From 70046603b8d607445e2fbf5e7d934bcd43a77dc8 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:50:44 -0400
Subject: [PATCH 2/3] WRS: 0002-spec-include-TiS-changes.patch
Subject: [PATCH 2/4] WRS: 0002-spec-include-TiS-changes.patch
---
SPECS/sudo.spec | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
SPECS/sudo.spec | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 7d1486b..d731ba9 100644
index b6402bb..acbcb26 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -64,6 +64,8 @@ Patch17: sudo-1.8.19p2-get_process_ttyname.patch
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
@@ -78,6 +78,8 @@ Patch24: sudo-1.8.19p2-sssd-double-free.patch
# 1560657 - sudo blocks in poll() for /dev/ptmx with iolog enabled
Patch25: sudo-1.8.19p2-iolog-zombie.patch
+# WRS patches
+
%description
Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all) commands
@@ -106,6 +108,8 @@ plugins that use %{name}.
%patch17 -p1 -b .get_process_ttyname
%patch18 -p1 -b .CVE-2017-1000368
@@ -127,6 +129,8 @@ plugins that use %{name}.
%patch24 -p1 -b .double-free
%patch25 -p1 -b .iolog-zombie
+# WRS patches
+
%build
autoreconf -I m4 -fv --install
@@ -132,7 +136,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
@@ -153,7 +157,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
--with-ignore-dot \
--with-tty-tickets \
--with-ldap \
@ -38,7 +38,7 @@ index 7d1486b..d731ba9 100644
--with-selinux \
--with-passprompt="[sudo] password for %p: " \
--with-linux-audit \
@@ -158,6 +162,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
@@ -179,6 +183,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
@ -51,7 +51,7 @@ index 7d1486b..d731ba9 100644
# Remove execute permission on this script so we don't pull in perl deps
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
@@ -226,7 +236,8 @@ rm -rf $RPM_BUILD_ROOT
@@ -247,7 +257,8 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/visudo.8*
%dir %{_docdir}/sudo-%{version}
%{_docdir}/sudo-%{version}/*
@ -62,5 +62,5 @@ index 7d1486b..d731ba9 100644
# Make sure permissions are ok even if we're updating
%post
--
1.9.1
2.7.4

View File

@ -1,8 +1,18 @@
From b531e69617e54bd767ff58d1794e48b8150d74b9 Mon Sep 17 00:00:00 2001
From: slin14 <shuicheng.lin@intel.com>
Date: Tue, 14 Aug 2018 22:10:32 +0800
Subject: [PATCH 4/4] remove-make-check
Signed-off-by: slin14 <shuicheng.lin@intel.com>
---
SPECS/sudo.spec | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
index 4a34dba..fcb2e05 100644
index 8c3f395..17531f7 100644
--- a/SPECS/sudo.spec
+++ b/SPECS/sudo.spec
@@ -145,7 +145,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
@@ -166,7 +166,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
# --without-kerb4
make -j"%(nproc)"
@ -12,3 +22,6 @@ index 4a34dba..fcb2e05 100644
%install
rm -rf $RPM_BUILD_ROOT
--
2.7.4

Some files were not shown because too many files have changed in this diff Show More