summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorScott Little <scott.little@windriver.com>2018-08-01 14:21:55 -0400
committerScott Little <scott.little@windriver.com>2018-08-01 14:21:57 -0400
commit8ea05fd14ae3d4bbc85ae969b69ce73449f12d87 (patch)
tree1b6848273052ab57bb90a400408b4feed51583ce
parentbf8146a073e0a769165bd8796b6854062a383b5a (diff)
Relocate haproxy to stx-integ/base/haproxy
Move content from stx-gplv2 into stx-integ Packages will be relocated to stx-integ: base/ bash cgcs-users cluster-resource-agents dpkg haproxy libfdt netpbm rpm database/ mariadb filesystem/ iscsi-initiator-utils filesystem/drbd/ drbd-tools kernel/kernel-modules/ drbd integrity intel-e1000e intel-i40e intel-i40evf intel-ixgbe intel-ixgbevf qat17 tpmdd ldap/ ldapscripts networking/ iptables net-tools Change-Id: Id89339f3ed454f14998a1ef39e353ecedad05470 Story: 2002801 Task: 22687 Signed-off-by: Scott Little <scott.little@windriver.com>
Notes
Notes (review): Code-Review+2: Don Penney <don.penney@windriver.com> Code-Review+2: Saul Wold <sgw@linux.intel.com> Workflow+1: Scott Little <scott.little@windriver.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 02 Aug 2018 19:06:18 +0000 Reviewed-on: https://review.openstack.org/587962 Project: openstack/stx-gplv2 Branch: refs/heads/master
-rw-r--r--centos_pkg_dirs1
-rw-r--r--haproxy/PKG-INFO15
-rw-r--r--haproxy/centos/build_srpm.data2
-rw-r--r--haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch27
-rw-r--r--haproxy/centos/meta_patches/PATCH_ORDER7
-rw-r--r--haproxy/centos/meta_patches/haproxy-service-file.patch26
-rw-r--r--haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch47
-rw-r--r--haproxy/centos/meta_patches/meta_add_support_for_tpm.patch42
-rw-r--r--haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch40
-rw-r--r--haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch32
-rw-r--r--haproxy/centos/meta_patches/spec-include-TiS-config.patch58
-rw-r--r--haproxy/centos/srpm_path1
-rw-r--r--haproxy/haproxy/503.http9
-rw-r--r--haproxy/haproxy/haproxy-env-var.patch245
-rw-r--r--haproxy/haproxy/haproxy-tpm-support.patch319
-rwxr-xr-xhaproxy/haproxy/haproxy.cfg80
-rwxr-xr-xhaproxy/haproxy/haproxy.sh120
17 files changed, 0 insertions, 1071 deletions
diff --git a/centos_pkg_dirs b/centos_pkg_dirs
index ec24ea2..0418dfb 100644
--- a/centos_pkg_dirs
+++ b/centos_pkg_dirs
@@ -1,4 +1,3 @@
1haproxy
2iptables 1iptables
3iscsi-initiator-utils 2iscsi-initiator-utils
4ldapscripts 3ldapscripts
diff --git a/haproxy/PKG-INFO b/haproxy/PKG-INFO
deleted file mode 100644
index 2f1d821..0000000
--- a/haproxy/PKG-INFO
+++ /dev/null
@@ -1,15 +0,0 @@
1Metadata-Version: 1.1
2Name: haproxy
3Version: 1.5.18
4Summary: Abstract asynchronous event notification library
5Home-page:
6Author:
7Author-email:
8License: GPLv2+
9
10Description:
11HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
12availability environments.
13
14
15Platform: UNKNOWN
diff --git a/haproxy/centos/build_srpm.data b/haproxy/centos/build_srpm.data
deleted file mode 100644
index b768bf6..0000000
--- a/haproxy/centos/build_srpm.data
+++ /dev/null
@@ -1,2 +0,0 @@
1COPY_LIST="haproxy/*"
2TIS_PATCH_VER=7
diff --git a/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
deleted file mode 100644
index 2e71baa..0000000
--- a/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch
5
6Conflicts:
7 SPECS/haproxy.spec
8---
9 SPECS/haproxy.spec | 2 +-
10 1 file changed, 1 insertion(+), 1 deletion(-)
11
12diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
13index c1547ef..097aa79 100644
14--- a/SPECS/haproxy.spec
15+++ b/SPECS/haproxy.spec
16@@ -8,7 +8,7 @@
17
18 Name: haproxy
19 Version: 1.5.18
20-Release: 6%{?dist}
21+Release: 6.el7%{?_tis_dist}.%{tis_patch_ver}
22 Summary: TCP/HTTP proxy and load balancer for high availability environments
23
24 Group: System Environment/Daemons
25--
261.9.1
27
diff --git a/haproxy/centos/meta_patches/PATCH_ORDER b/haproxy/centos/meta_patches/PATCH_ORDER
deleted file mode 100644
index 87bd6af..0000000
--- a/haproxy/centos/meta_patches/PATCH_ORDER
+++ /dev/null
@@ -1,7 +0,0 @@
1spec-include-TiS-config.patch
2haproxy-spec-add-init-script.patch
3spec-add-haproxy-env-var-patch.patch
4meta_remove_bad_logrotate.patch
5haproxy-service-file.patch
6meta_add_support_for_tpm.patch
70001-Update-package-versioning-for-TIS-format.patch
diff --git a/haproxy/centos/meta_patches/haproxy-service-file.patch b/haproxy/centos/meta_patches/haproxy-service-file.patch
deleted file mode 100644
index 179b7d5..0000000
--- a/haproxy/centos/meta_patches/haproxy-service-file.patch
+++ /dev/null
@@ -1,26 +0,0 @@
1From c4d74c67ee001af849e7a30e824cc0f8e38ef948 Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 5/7] WRS: haproxy-service-file.patch
5
6---
7 SOURCES/haproxy.service | 3 ++-
8 1 file changed, 2 insertions(+), 1 deletion(-)
9
10diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service
11index 2d4c954..c2f1086 100644
12--- a/SOURCES/haproxy.service
13+++ b/SOURCES/haproxy.service
14@@ -4,7 +4,8 @@ After=syslog.target network.target
15
16 [Service]
17 EnvironmentFile=/etc/sysconfig/haproxy
18-ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS
19+ExecStart=/etc/init.d/haproxy start
20+ExecStop=/etc/init.d/haproxy stop
21 ExecReload=/bin/kill -USR2 $MAINPID
22 KillMode=mixed
23
24--
251.9.1
26
diff --git a/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch b/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch
deleted file mode 100644
index d38a4fc..0000000
--- a/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch
+++ /dev/null
@@ -1,47 +0,0 @@
1From 959767df3285a81f1c5650018ed846fe90a68c9d Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 2/7] WRS: haproxy-spec-add-init-script.patch
5
6---
7 SPECS/haproxy.spec | 5 +++++
8 1 file changed, 5 insertions(+)
9
10diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
11index 42ddeb0..cbd9161 100644
12--- a/SPECS/haproxy.spec
13+++ b/SPECS/haproxy.spec
14@@ -21,6 +21,7 @@ Source2: %{name}.cfg
15 Source3: %{name}.logrotate
16 Source4: %{name}.sysconfig
17 Source5: halog.1
18+Source10: %{name}.sh
19
20 # WRS
21 Source6: 503.http
22@@ -81,11 +82,14 @@ popd
23 %{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628"
24 %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
25
26+mkdir -p /etc/init.d
27+
28 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
29 %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
30 %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
31 %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
32 %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
33+%{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name}
34 %{__install} -d -m 0755 %{buildroot}%{haproxy_home}
35 %{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
36 %{__install} -d -m 0755 %{buildroot}%{_bindir}
37@@ -149,6 +153,7 @@ fi
38 %{_bindir}/halog
39 %{_bindir}/iprange
40 %{_mandir}/man1/*
41+/etc/init.d/%{name}
42 %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home}
43
44 # WRS
45--
461.9.1
47
diff --git a/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch b/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch
deleted file mode 100644
index a87dd87..0000000
--- a/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch
+++ /dev/null
@@ -1,42 +0,0 @@
1From a5329bf1468f55c8d6b983e5999c12139dc7479d Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 6/7] WRS: meta_add_support_for_tpm.patch
5
6---
7 SPECS/haproxy.spec | 5 +++++
8 1 file changed, 5 insertions(+)
9
10diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
11index 3d112e0..c1547ef 100644
12--- a/SPECS/haproxy.spec
13+++ b/SPECS/haproxy.spec
14@@ -30,6 +30,7 @@ Patch1: iprange-return-type.patch
15 Patch2: haproxy-tcp-user-timeout.patch
16 Patch3: haproxy-systemd-wrapper-exit-code.patch
17 Patch4: haproxy-env-var.patch
18+Patch5: haproxy-tpm-support.patch
19
20 BuildRequires: pcre-devel
21 BuildRequires: zlib-devel
22@@ -41,6 +42,9 @@ Requires(post): systemd
23 Requires(preun): systemd
24 Requires(postun): systemd
25
26+Requires: tpm2-openssl-engine
27+
28+
29 %description
30 HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
31 availability environments. Indeed, it can:
32@@ -62,6 +66,7 @@ availability environments. Indeed, it can:
33 %patch2 -p1
34 %patch3 -p1
35 %patch4 -p1
36+%patch5 -p1
37
38 %build
39 regparm_opts=
40--
411.9.1
42
diff --git a/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch b/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch
deleted file mode 100644
index f99a423..0000000
--- a/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch
+++ /dev/null
@@ -1,40 +0,0 @@
1From 3eac39ba534b92dbcb3a898442b09be7acc389bb Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 4/7] WRS: meta_remove_bad_logrotate.patch
5
6---
7 SPECS/haproxy.spec | 3 ---
8 1 file changed, 3 deletions(-)
9
10diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
11index af94d46..3d112e0 100644
12--- a/SPECS/haproxy.spec
13+++ b/SPECS/haproxy.spec
14@@ -18,7 +18,6 @@ URL: http://www.haproxy.org/
15 Source0: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
16 Source1: %{name}.service
17 Source2: %{name}.cfg
18-Source3: %{name}.logrotate
19 Source4: %{name}.sysconfig
20 Source5: halog.1
21 Source10: %{name}.sh
22@@ -88,7 +87,6 @@ mkdir -p /etc/init.d
23
24 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
25 %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
26-%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
27 %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
28 %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
29 %{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name}
30@@ -147,7 +145,6 @@ fi
31 %dir %{haproxy_datadir}
32 %{haproxy_datadir}/*
33 %config(noreplace) %{haproxy_confdir}/%{name}.cfg
34-%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
35 %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
36 %{_unitdir}/%{name}.service
37 %{_sbindir}/%{name}
38--
391.9.1
40
diff --git a/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch b/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch
deleted file mode 100644
index 95eb17e..0000000
--- a/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1From 2e37207c026047e2ce1bc9a5278faddfea81c011 Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 3/7] WRS: spec-add-haproxy-env-var-patch.patch
5
6---
7 SPECS/haproxy.spec | 2 ++
8 1 file changed, 2 insertions(+)
9
10diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
11index cbd9161..af94d46 100644
12--- a/SPECS/haproxy.spec
13+++ b/SPECS/haproxy.spec
14@@ -30,6 +30,7 @@ Patch0: halog-unused-variables.patch
15 Patch1: iprange-return-type.patch
16 Patch2: haproxy-tcp-user-timeout.patch
17 Patch3: haproxy-systemd-wrapper-exit-code.patch
18+Patch4: haproxy-env-var.patch
19
20 BuildRequires: pcre-devel
21 BuildRequires: zlib-devel
22@@ -61,6 +62,7 @@ availability environments. Indeed, it can:
23 %patch1 -p0
24 %patch2 -p1
25 %patch3 -p1
26+%patch4 -p1
27
28 %build
29 regparm_opts=
30--
311.9.1
32
diff --git a/haproxy/centos/meta_patches/spec-include-TiS-config.patch b/haproxy/centos/meta_patches/spec-include-TiS-config.patch
deleted file mode 100644
index 3cff884..0000000
--- a/haproxy/centos/meta_patches/spec-include-TiS-config.patch
+++ /dev/null
@@ -1,58 +0,0 @@
1From 419d06285552bc31dce214d37edb925b4a82c68b Mon Sep 17 00:00:00 2001
2From: Scott Little <scott.little@windriver.com>
3Date: Mon, 2 Oct 2017 16:12:36 -0400
4Subject: [PATCH 1/7] WRS: spec-include-TiS-config.patch
5
6---
7 SPECS/haproxy.spec | 14 +++++++++++++-
8 1 file changed, 13 insertions(+), 1 deletion(-)
9
10diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
11index b4dde9e..42ddeb0 100644
12--- a/SPECS/haproxy.spec
13+++ b/SPECS/haproxy.spec
14@@ -22,6 +22,9 @@ Source3: %{name}.logrotate
15 Source4: %{name}.sysconfig
16 Source5: halog.1
17
18+# WRS
19+Source6: 503.http
20+
21 Patch0: halog-unused-variables.patch
22 Patch1: iprange-return-type.patch
23 Patch2: haproxy-tcp-user-timeout.patch
24@@ -79,7 +82,7 @@ popd
25 %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
26
27 %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
28-%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
29+%{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
30 %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
31 %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
32 %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
33@@ -106,6 +109,11 @@ do
34 %{__rm} -f $textfile.old
35 done
36
37+# WRS
38+%{__install} -d 755 %{buildroot}/etc/haproxy/errors/
39+%{__install} -m 755 %{SOURCE6} %{buildroot}/etc/haproxy/errors/503.http
40+
41+
42 %pre
43 getent group %{haproxy_group} >/dev/null || groupadd -f -g 188 -r %{haproxy_group}
44 if ! getent passwd %{haproxy_user} >/dev/null ; then
45@@ -143,6 +151,10 @@ fi
46 %{_mandir}/man1/*
47 %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home}
48
49+# WRS
50+%dir /etc/haproxy/errors/
51+/etc/haproxy/errors/*
52+
53 %changelog
54 * Mon May 01 2017 Ryan O'Hara <rohara@redhat.com> - 1.5.18-6
55 - Use KillMode=mixed in systemd service file (#1444709)
56--
571.9.1
58
diff --git a/haproxy/centos/srpm_path b/haproxy/centos/srpm_path
deleted file mode 100644
index fb995db..0000000
--- a/haproxy/centos/srpm_path
+++ /dev/null
@@ -1 +0,0 @@
1mirror:Source/haproxy-1.5.18-6.el7.src.rpm
diff --git a/haproxy/haproxy/503.http b/haproxy/haproxy/503.http
deleted file mode 100644
index 367d425..0000000
--- a/haproxy/haproxy/503.http
+++ /dev/null
@@ -1,9 +0,0 @@
1HTTP/1.0 503 Service Unavailable
2Cache-Control: no-cache
3Connection: close
4Content-Type: text/html
5
6<html><body><h1>503 Service Unavailable</h1>
7No server is available to handle this request.
8</body></html>
9
diff --git a/haproxy/haproxy/haproxy-env-var.patch b/haproxy/haproxy/haproxy-env-var.patch
deleted file mode 100644
index 93d1749..0000000
--- a/haproxy/haproxy/haproxy-env-var.patch
+++ /dev/null
@@ -1,245 +0,0 @@
1Index: haproxy-1.5.11/src/cfgparse.c
2===================================================================
3--- haproxy-1.5.11.orig/src/cfgparse.c
4+++ haproxy-1.5.11/src/cfgparse.c
5@@ -5789,12 +5789,19 @@ out:
6 */
7 int readcfgfile(const char *file)
8 {
9- char thisline[LINESIZE];
10+ char *thisline;
11+ int linesize = LINESIZE;
12 FILE *f;
13 int linenum = 0;
14 int err_code = 0;
15 struct cfg_section *cs = NULL;
16 struct cfg_section *ics;
17+ int readbytes = 0;
18+
19+ if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) {
20+ Alert("parsing [%s] : out of memory.\n", file);
21+ return -1;
22+ }
23
24 /* Register internal sections */
25 if (!cfg_register_section("listen", cfg_parse_listen) ||
26@@ -5810,11 +5817,14 @@ int readcfgfile(const char *file)
27 if ((f=fopen(file,"r")) == NULL)
28 return -1;
29
30- while (fgets(thisline, sizeof(thisline), f) != NULL) {
31+next_line:
32+ while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) {
33 int arg, kwm = KWM_STD;
34 char *end;
35 char *args[MAX_LINE_ARGS + 1];
36 char *line = thisline;
37+ int dquote = 0; /* double quote */
38+ int squote = 0; /* simple quote */
39
40 linenum++;
41
42@@ -5824,11 +5834,25 @@ int readcfgfile(const char *file)
43 /* Check if we reached the limit and the last char is not \n.
44 * Watch out for the last line without the terminating '\n'!
45 */
46- Alert("parsing [%s:%d]: line too long, limit: %d.\n",
47- file, linenum, (int)sizeof(thisline)-1);
48- err_code |= ERR_ALERT | ERR_FATAL;
49+ char *newline;
50+ int newlinesize = linesize * 2;
51+
52+ newline = realloc(thisline, sizeof(*thisline) * newlinesize);
53+ if (newline == NULL) {
54+ Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
55+ file, linenum);
56+ err_code |= ERR_ALERT | ERR_FATAL;
57+ continue;
58+ }
59+
60+ readbytes = linesize - 1;
61+ linesize = newlinesize;
62+ thisline = newline;
63+ continue;
64 }
65
66+ readbytes = 0;
67+
68 /* skip leading spaces */
69 while (isspace((unsigned char)*line))
70 line++;
71@@ -5837,10 +5861,26 @@ int readcfgfile(const char *file)
72 args[arg] = line;
73
74 while (*line && arg < MAX_LINE_ARGS) {
75- /* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
76- * C equivalent value. Other combinations left unchanged (eg: \1).
77- */
78- if (*line == '\\') {
79+ if (*line == '"' && !squote) { /* double quote outside single quotes */
80+ if (dquote)
81+ dquote = 0;
82+ else
83+ dquote = 1;
84+ memmove(line, line + 1, end - line);
85+ end--;
86+ }
87+ else if (*line == '\'' && !dquote) { /* single quote outside double quotes */
88+ if (squote)
89+ squote = 0;
90+ else
91+ squote = 1;
92+ memmove(line, line + 1, end - line);
93+ end--;
94+ }
95+ else if (*line == '\\' && !squote) {
96+ /* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
97+ * C equivalent value. Other combinations left unchanged (eg: \1).
98+ */
99 int skip = 0;
100 if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') {
101 *line = line[1];
102@@ -5872,6 +5912,15 @@ int readcfgfile(const char *file)
103 Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]);
104 err_code |= ERR_ALERT | ERR_FATAL;
105 }
106+ } else if (line[1] == '"') {
107+ *line = '"';
108+ skip = 1;
109+ } else if (line[1] == '\'') {
110+ *line = '\'';
111+ skip = 1;
112+ } else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */
113+ *line = '$';
114+ skip = 1;
115 }
116 if (skip) {
117 memmove(line + 1, line + 1 + skip, end - (line + skip));
118@@ -5879,23 +5928,117 @@ int readcfgfile(const char *file)
119 }
120 line++;
121 }
122- else if (*line == '#' || *line == '\n' || *line == '\r') {
123+ else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') {
124 /* end of string, end of loop */
125 *line = 0;
126 break;
127 }
128- else if (isspace((unsigned char)*line)) {
129+ else if (!squote && !dquote && isspace((unsigned char)*line)) {
130 /* a non-escaped space is an argument separator */
131 *line++ = '\0';
132 while (isspace((unsigned char)*line))
133 line++;
134 args[++arg] = line;
135 }
136+ else if (dquote && *line == '$') {
137+ /* environment variables are evaluated inside double quotes */
138+ char *var_beg;
139+ char *var_end;
140+ char save_char;
141+ char *value;
142+ int val_len;
143+ int newlinesize;
144+ int braces = 0;
145+
146+ var_beg = line + 1;
147+ var_end = var_beg;
148+
149+ if (*var_beg == '{') {
150+ var_beg++;
151+ var_end++;
152+ braces = 1;
153+ }
154+
155+ if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') {
156+ Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg);
157+ err_code |= ERR_ALERT | ERR_FATAL;
158+ goto next_line; /* skip current line */
159+ }
160+
161+ while (isalnum((int)(unsigned char)*var_end) || *var_end == '_')
162+ var_end++;
163+
164+ save_char = *var_end;
165+ *var_end = '\0';
166+ value = getenv(var_beg);
167+ *var_end = save_char;
168+ val_len = value ? strlen(value) : 0;
169+
170+ if (braces) {
171+ if (*var_end == '}') {
172+ var_end++;
173+ braces = 0;
174+ } else {
175+ Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum);
176+ err_code |= ERR_ALERT | ERR_FATAL;
177+ goto next_line; /* skip current line */
178+ }
179+ }
180+
181+ newlinesize = (end - thisline) - (var_end - line) + val_len + 1;
182+
183+ /* if not enough space in thisline */
184+ if (newlinesize > linesize) {
185+ char *newline;
186+
187+ newline = realloc(thisline, newlinesize * sizeof(*thisline));
188+ if (newline == NULL) {
189+ Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum);
190+ err_code |= ERR_ALERT | ERR_FATAL;
191+ goto next_line; /* slip current line */
192+ }
193+ /* recompute pointers if realloc returns a new pointer */
194+ if (newline != thisline) {
195+ int i;
196+ int diff;
197+
198+ for (i = 0; i <= arg; i++) {
199+ diff = args[i] - thisline;
200+ args[i] = newline + diff;
201+ }
202+
203+ diff = var_end - thisline;
204+ var_end = newline + diff;
205+ diff = end - thisline;
206+ end = newline + diff;
207+ diff = line - thisline;
208+ line = newline + diff;
209+ thisline = newline;
210+ }
211+ linesize = newlinesize;
212+ }
213+
214+ /* insert value inside the line */
215+ memmove(line + val_len, var_end, end - var_end + 1);
216+ memcpy(line, value, val_len);
217+ end += val_len - (var_end - line);
218+ line += val_len;
219+ }
220 else {
221 line++;
222 }
223 }
224
225+ if (dquote) {
226+ Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum);
227+ err_code |= ERR_ALERT | ERR_FATAL;
228+ }
229+
230+ if (squote) {
231+ Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum);
232+ err_code |= ERR_ALERT | ERR_FATAL;
233+ }
234+
235 /* empty line */
236 if (!**args)
237 continue;
238@@ -5966,6 +6109,7 @@ int readcfgfile(const char *file)
239 break;
240 }
241 cursection = NULL;
242+ free(thisline);
243 fclose(f);
244 return err_code;
245 }
diff --git a/haproxy/haproxy/haproxy-tpm-support.patch b/haproxy/haproxy/haproxy-tpm-support.patch
deleted file mode 100644
index eb4545d..0000000
--- a/haproxy/haproxy/haproxy-tpm-support.patch
+++ /dev/null
@@ -1,319 +0,0 @@
1From a2a25214f6f4913b774bdd6c0b80d3ea424d3a1b Mon Sep 17 00:00:00 2001
2From: Kam Nasim <kam.nasim@windriver.com>
3Date: Wed, 22 Mar 2017 12:07:24 -0400
4Subject: [PATCH] haproxy tpm support
5
6---
7 include/types/global.h | 13 +++++
8 src/cfgparse.c | 28 ++++++++++
9 src/haproxy.c | 26 ++++++++-
10 src/ssl_sock.c | 147 +++++++++++++++++++++++++++++++++++++++++++------
11 4 files changed, 197 insertions(+), 17 deletions(-)
12
13diff --git a/include/types/global.h b/include/types/global.h
14index f1525ae..2e9c077 100644
15--- a/include/types/global.h
16+++ b/include/types/global.h
17@@ -30,6 +30,10 @@
18 #include <types/proxy.h>
19 #include <types/task.h>
20
21+#ifdef USE_OPENSSL
22+#include <openssl/engine.h>
23+#endif
24+
25 #ifndef UNIX_MAX_PATH
26 #define UNIX_MAX_PATH 108
27 #endif
28@@ -71,6 +75,14 @@ enum {
29 SSL_SERVER_VERIFY_REQUIRED = 1,
30 };
31
32+// WRS: Define a new TPM configuration structure
33+struct tpm_conf {
34+ char *tpm_object;
35+ char *tpm_engine;
36+ EVP_PKEY *tpm_key;
37+ ENGINE *tpm_engine_ref;
38+};
39+
40 /* FIXME : this will have to be redefined correctly */
41 struct global {
42 #ifdef USE_OPENSSL
43@@ -87,6 +99,7 @@ struct global {
44 char *connect_default_ciphers;
45 int listen_default_ssloptions;
46 int connect_default_ssloptions;
47+ struct tpm_conf tpm; // tpm configuration
48 #endif
49 unsigned int ssl_server_verify; /* default verify mode on servers side */
50 struct freq_ctr conn_per_sec;
51diff --git a/src/cfgparse.c b/src/cfgparse.c
52index 6a7f80c..3bc6e79 100644
53--- a/src/cfgparse.c
54+++ b/src/cfgparse.c
55@@ -1541,6 +1541,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
56 goto out;
57 #endif
58 }
59+ else if (!strcmp(args[0], "tpm-object")) {
60+ if (global.tpm.tpm_object) {
61+ free(global.tpm.tpm_object);
62+ }
63+#ifdef USE_OPENSSL
64+ if (*(args[1]) && (access(args[1], F_OK) != -1)) {
65+ global.tpm.tpm_object = strdup(args[1]);
66+ }
67+#else
68+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
69+ err_code |= ERR_ALERT | ERR_FATAL;
70+ goto out;
71+#endif
72+ }
73+ else if (!strcmp(args[0], "tpm-engine")) {
74+ if (global.tpm.tpm_engine) {
75+ free(global.tpm.tpm_engine);
76+ }
77+#ifdef USE_OPENSSL
78+ if (*(args[1]) && (access(args[1], F_OK) != -1)) {
79+ global.tpm.tpm_engine = strdup(args[1]);
80+ }
81+#else
82+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
83+ err_code |= ERR_ALERT | ERR_FATAL;
84+ goto out;
85+#endif
86+ }
87 else {
88 struct cfg_kw_list *kwl;
89 int index;
90diff --git a/src/haproxy.c b/src/haproxy.c
91index 862697d..2a1a0dc 100644
92--- a/src/haproxy.c
93+++ b/src/haproxy.c
94@@ -959,6 +959,24 @@ static void deinit_stick_rules(struct list *rules)
95 }
96 }
97
98+static void deinit_tpm_engine()
99+{
100+ /*
101+ * if the tpm engine is present then
102+ * deinit it, this is needed to
103+ * flush the TPM key handle from TPM memory
104+ */
105+ if (global.tpm.tpm_engine_ref) {
106+ ENGINE_finish(global.tpm.tpm_engine_ref);
107+ }
108+
109+ if (global.tpm.tpm_key) {
110+ EVP_PKEY_free(global.tpm.tpm_key);
111+ }
112+ free(global.tpm.tpm_engine); global.tpm.tpm_engine = NULL;
113+ free(global.tpm.tpm_object); global.tpm.tpm_object = NULL;
114+}
115+
116 void deinit(void)
117 {
118 struct proxy *p = proxy, *p0;
119@@ -1218,7 +1236,13 @@ void deinit(void)
120
121 free(uap);
122 }
123-
124+
125+ /* if HAProxy was in TPM mode then deinit
126+ * that configuration as well.
127+ */
128+ if (global.tpm.tpm_object && global.tpm.tpm_object != '\0')
129+ deinit_tpm_engine();
130+
131 userlist_free(userlist);
132
133 protocol_unbind_all();
134diff --git a/src/ssl_sock.c b/src/ssl_sock.c
135index ead4c7b..4e16026 100644
136--- a/src/ssl_sock.c
137+++ b/src/ssl_sock.c
138@@ -50,6 +50,7 @@
139 #ifndef OPENSSL_NO_DH
140 #include <openssl/dh.h>
141 #endif
142+#include <openssl/engine.h>
143
144 #include <common/buffer.h>
145 #include <common/compat.h>
146@@ -1115,6 +1116,80 @@ end:
147 return ret;
148 }
149
150+/*
151+ * initialize the TPM engine and load the
152+ * TPM object as private key within the Engine.
153+ * Only do this for the first bind since TPM can
154+ * only load 3-4 contexes before it runs out of memory
155+ */
156+static int ssl_sock_load_tpm_key(SSL_CTX *ctx, char **err) {
157+ if (!global.tpm.tpm_object || global.tpm.tpm_object[0] == '\0') {
158+ /* not in TPM mode */
159+ return -1;
160+ }
161+ if (!global.tpm.tpm_key) {
162+ Warning ("Could not find tpm_key; initializing engine\n");
163+ /* no key present; load the dynamic TPM engine */
164+ if (global.tpm.tpm_engine && global.tpm.tpm_engine[0]) {
165+ ENGINE_load_dynamic();
166+ ENGINE *engine = ENGINE_by_id("dynamic");
167+ if (!engine) {
168+ memprintf(err, "%s Unable to load the dynamic engine "
169+ "(needed for loading custom TPM engine)\n",
170+ err && *err ? *err : "");
171+ return 1;
172+ }
173+
174+ ENGINE_ctrl_cmd_string(engine, "SO_PATH", global.tpm.tpm_engine, 0);
175+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
176+ /* stow away for ENGINE cleanup */
177+ global.tpm.tpm_engine_ref = engine;
178+
179+ if (ENGINE_init(engine) != 1) {
180+ const char *error_str = ERR_error_string(ERR_get_error(), NULL);
181+ memprintf(err, "%s Unable to init the TPM engine (%s). Err: %s\n",
182+ err && *err ? *err : "",
183+ global.tpm.tpm_engine, error_str);
184+ goto tpm_err;
185+ }
186+ EVP_PKEY *pkey = ENGINE_load_private_key(engine,
187+ global.tpm.tpm_object,
188+ NULL, NULL);
189+ if (!pkey) {
190+ const char *error_str = ERR_error_string(ERR_get_error(), NULL);
191+ memprintf(err, "%s Unable to load TPM object (%s). Err: %s\n",
192+ err && *err ? *err : "",
193+ global.tpm.tpm_object, error_str);
194+ goto tpm_err;
195+ }
196+ global.tpm.tpm_key = pkey;
197+ }
198+ else { /* no TPM engine found */
199+ memprintf(err, "%s TPM engine option not set when TPM mode expected\n",
200+ err && *err ? *err : "");
201+ goto tpm_err;
202+ }
203+ }
204+
205+ if (SSL_CTX_use_PrivateKey(ctx, global.tpm.tpm_key) <= 0){
206+ const char *error_str = ERR_error_string(ERR_get_error(),
207+ NULL);
208+ memprintf(err, "%s Invalid private key provided from TPM engine(%s). Err: %s\n",
209+ err && *err ? *err : "",
210+ global.tpm.tpm_object, error_str);
211+ goto tpm_err;
212+ }
213+
214+ return 0;
215+
216+tpm_err:
217+ ENGINE_finish(global.tpm.tpm_engine_ref);
218+ global.tpm.tpm_engine_ref = NULL;
219+ EVP_PKEY_free(global.tpm.tpm_key);
220+ global.tpm.tpm_key = NULL;
221+ return 1;
222+}
223+
224 static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
225 {
226 int ret;
227@@ -1127,26 +1202,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf
228 return 1;
229 }
230
231- if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
232- memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
233- err && *err ? *err : "", path);
234- SSL_CTX_free(ctx);
235- return 1;
236+ /* NOTE (knasim-wrs): US93721: TPM support
237+ * This SSL context applies to SSL frontends only.
238+ * If the TPM option is set then the Private key
239+ * is stored in TPM.
240+ *
241+ * Launch the OpenSSL TPM engine and load the TPM
242+ * Private Key. The Public key will still be located
243+ * at the provided path and needs to be loaded as
244+ * per usual.
245+ */
246+ if (global.tpm.tpm_object) {
247+ ret = ssl_sock_load_tpm_key(ctx, err);
248+ if (ret > 0) {
249+ /* tpm configuration failed */
250+ SSL_CTX_free(ctx);
251+ return 1;
252+ }
253 }
254-
255- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount);
256- if (ret <= 0) {
257- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
258- err && *err ? *err : "", path);
259- if (ret < 0) /* serious error, must do that ourselves */
260+ else { /* non TPM mode */
261+ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
262+ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
263+ err && *err ? *err : "", path);
264 SSL_CTX_free(ctx);
265- return 1;
266+ return 1;
267+ }
268 }
269
270- if (SSL_CTX_check_private_key(ctx) <= 0) {
271- memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
272- err && *err ? *err : "", path);
273- return 1;
274+ ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount);
275+ if (ret <= 0) {
276+ memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
277+ err && *err ? *err : "", path);
278+ if (ret < 0) /* serious error, must do that ourselves */
279+ SSL_CTX_free(ctx);
280+ return 1;
281+ }
282+
283+ /*
284+ * only match the private key to the public key
285+ * for non TPM mode. This op would never work for
286+ * TPM since the private key has been wrapped, whereas
287+ * the public key is still the original one.
288+ */
289+ if (!global.tpm.tpm_object) {
290+ if (SSL_CTX_check_private_key(ctx) <= 0) {
291+ memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
292+ err && *err ? *err : "", path);
293+ return 1;
294+ }
295 }
296
297 /* we must not free the SSL_CTX anymore below, since it's already in
298@@ -1725,6 +1828,18 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
299 cfgerr++;
300 return cfgerr;
301 }
302+
303+ /* NOTE (knasim-wrs): US93721: TPM support
304+ * This SSL context applies to SSL backends only.
305+ * Since Titanium backends don't support SSL, there
306+ * is no need to offload these keys in TPM or reuse the
307+ * same TPM key for the frontend engine.
308+ *
309+ * If SSL backends are to be supported in the future,
310+ * over TPM, then create a new TPM Engine context and
311+ * load the backend key in TPM, in a similar fashion to
312+ * the frontend key.
313+ */
314 if (srv->ssl_ctx.client_crt) {
315 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
316 Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
317--
3181.8.3.1
319
diff --git a/haproxy/haproxy/haproxy.cfg b/haproxy/haproxy/haproxy.cfg
deleted file mode 100755
index f0f0f17..0000000
--- a/haproxy/haproxy/haproxy.cfg
+++ /dev/null
@@ -1,80 +0,0 @@
1# this config needs haproxy-1.1.28 or haproxy-1.2.1
2
3global
4 log 127.0.0.1 local0
5 log 127.0.0.1 local1 notice
6 #log loghost local0 info
7 maxconn 4096
8 chroot /usr/share/haproxy
9 uid 99
10 gid 99
11 daemon
12 #debug
13 #quiet
14
15defaults
16 log global
17 mode http
18 option httplog
19 option dontlognull
20 retries 3
21 option redispatch
22 maxconn 2000
23 timeout connect 5000
24 timeout client 50000
25 timeout server 50000
26
27listen appli1-rewrite 0.0.0.0:10001
28 cookie SERVERID rewrite
29 balance roundrobin
30 server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5
31 server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5
32 server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5
33 server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5
34
35listen appli2-insert 0.0.0.0:10002
36 option httpchk
37 balance roundrobin
38 cookie SERVERID insert indirect nocache
39 server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
40 server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
41 capture cookie vgnvisitor= len 32
42
43 option httpclose # disable keep-alive
44 rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
45
46listen appli3-relais 0.0.0.0:10003
47 dispatch 192.168.135.17:80
48
49listen appli4-backup 0.0.0.0:10004
50 option httpchk /index.html
51 option persist
52 balance roundrobin
53 server inst1 192.168.114.56:80 check inter 2000 fall 3
54 server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
55
56listen ssl-relay 0.0.0.0:8443
57 option ssl-hello-chk
58 balance source
59 server inst1 192.168.110.56:443 check inter 2000 fall 3
60 server inst2 192.168.110.57:443 check inter 2000 fall 3
61 server back1 192.168.120.58:443 backup
62
63listen appli5-backup 0.0.0.0:10005
64 option httpchk *
65 balance roundrobin
66 cookie SERVERID insert indirect nocache
67 server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
68 server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
69 server inst3 192.168.114.57:80 backup check inter 2000 fall 3
70 capture cookie ASPSESSION len 32
71 timeout server 20000
72
73 option httpclose # disable keep-alive
74 option checkcache # block response if set-cookie & cacheable
75
76 rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
77
78 errorloc 502 http://192.168.114.58/error502.html
79 errorfile 503 /etc/haproxy/errors/503.http
80
diff --git a/haproxy/haproxy/haproxy.sh b/haproxy/haproxy/haproxy.sh
deleted file mode 100755
index 560480e..0000000
--- a/haproxy/haproxy/haproxy.sh
+++ /dev/null
@@ -1,120 +0,0 @@
1#!/bin/sh
2
3### BEGIN INIT INFO
4# Provides: HA-Proxy
5# Required-Start: networking
6# Required-Stop: networking
7# Default-Start: 2 3 4 5
8# Default-Stop: 0 1 6
9# Short-Description: HA-Proxy TCP/HTTP reverse proxy
10# Description: HA-Proxy is a TCP/HTTP reverse proxy
11### END INIT INFO
12
13PATH=/sbin:/bin:/usr/sbin:/usr/bin
14DAEMON=/usr/sbin/haproxy
15NAME=haproxy
16DESC="HA-Proxy TCP/HTTP reverse proxy"
17PIDFILE="/var/run/$NAME.pid"
18TPM_DATA_DIR="/var/run/TPM_haproxy/"
19OPTS="-D -f /etc/haproxy/haproxy.cfg -p $PIDFILE"
20RETVAL=0
21
22# This is only needed till TPM In-Kernel
23# ResourceMgr comes in
24remove_TPM_transients () {
25 _HANDLES=`find $TPM_DATA_DIR -type f -name "hp*.bin" -printf "%f "`
26 for handle in $_HANDLES; do
27 handle_addr=`echo $handle | sed 's/hp\([0-9]*\)\.bin/\1/g'`
28 tss2_flushcontext -ha $handle_addr &> /dev/null
29 done
30 rm -f $TPM_DATA_DIR/*
31}
32
33start() {
34 if [ -e $PIDFILE ]; then
35 PIDDIR=/proc/$(cat $PIDFILE)
36 if [ -d $PIDDIR ]; then
37 echo "$DESC already running."
38 return
39 else
40 echo "Removing stale PID file $PIDFILE"
41 rm -f $PIDFILE
42 fi
43 fi
44
45 # TODO: This is a temporary workaround till
46 # we eventually add a resource manager for TPM
47 mkdir -p $TPM_DATA_DIR
48
49 echo -n "Starting $NAME: "
50
51 TPM_DATA_DIR=$TPM_DATA_DIR start-stop-daemon --start --pidfile $PIDFILE -x "$DAEMON" -- $OPTS
52 RETVAL=$?
53 if [ $RETVAL -eq 0 ]; then
54 echo "done."
55 else
56 remove_TPM_transients
57 echo "failed."
58 fi
59}
60
61stop() {
62 if [ ! -e $PIDFILE ]; then return; fi
63
64 echo -n "Stopping $DESC..."
65
66 start-stop-daemon --stop --quiet --retry 3 --oknodo --pidfile $PIDFILE -x "$DAEMON"
67 if [ -n "`pidof $DAEMON`" ] ; then
68 pkill -KILL -f $DAEMON
69 fi
70 echo "done."
71 rm -f $PIDFILE
72 rm -f /var/lock/subsys/$NAME
73 remove_TPM_transients
74}
75
76status()
77{
78 pid=`cat $PIDFILE 2>/dev/null`
79 if [ -n "$pid" ]; then
80 if ps -p $pid &>/dev/null ; then
81 echo "$DESC is running"
82 RETVAL=0
83 return
84 else
85 RETVAL=1
86 fi
87 fi
88 echo "$DESC is not running"
89 RETVAL=1
90}
91
92check() {
93 /usr/sbin/$NAME -c -q -V -f /etc/$NAME/$NAME.cfg
94}
95
96# See how we were called.
97case "$1" in
98 start)
99 start
100 ;;
101 stop)
102 stop
103 ;;
104 restart|force-reload|reload)
105 stop
106 start
107 ;;
108 status)
109 status
110 ;;
111 check)
112 check
113 ;;
114 *)
115 echo "Usage: $0 {start|stop|force-reload|restart|reload|status|check}"
116 RETVAL=1
117 ;;
118esac
119
120exit $RETVAL