From 8ea05fd14ae3d4bbc85ae969b69ce73449f12d87 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Wed, 1 Aug 2018 14:21:55 -0400 Subject: [PATCH] Relocate haproxy to stx-integ/base/haproxy Move content from stx-gplv2 into stx-integ Packages will be relocated to stx-integ: base/ bash cgcs-users cluster-resource-agents dpkg haproxy libfdt netpbm rpm database/ mariadb filesystem/ iscsi-initiator-utils filesystem/drbd/ drbd-tools kernel/kernel-modules/ drbd integrity intel-e1000e intel-i40e intel-i40evf intel-ixgbe intel-ixgbevf qat17 tpmdd ldap/ ldapscripts networking/ iptables net-tools Change-Id: Id89339f3ed454f14998a1ef39e353ecedad05470 Story: 2002801 Task: 22687 Signed-off-by: Scott Little --- centos_pkg_dirs | 1 - haproxy/PKG-INFO | 15 - haproxy/centos/build_srpm.data | 2 - ...te-package-versioning-for-TIS-format.patch | 27 -- haproxy/centos/meta_patches/PATCH_ORDER | 7 - .../meta_patches/haproxy-service-file.patch | 26 -- .../haproxy-spec-add-init-script.patch | 47 --- .../meta_add_support_for_tpm.patch | 42 --- .../meta_remove_bad_logrotate.patch | 40 --- .../spec-add-haproxy-env-var-patch.patch | 32 -- .../spec-include-TiS-config.patch | 58 ---- haproxy/centos/srpm_path | 1 - haproxy/haproxy/503.http | 9 - haproxy/haproxy/haproxy-env-var.patch | 245 -------------- haproxy/haproxy/haproxy-tpm-support.patch | 319 ------------------ haproxy/haproxy/haproxy.cfg | 80 ----- haproxy/haproxy/haproxy.sh | 120 ------- 17 files changed, 1071 deletions(-) delete mode 100644 haproxy/PKG-INFO delete mode 100644 haproxy/centos/build_srpm.data delete mode 100644 haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch delete mode 100644 haproxy/centos/meta_patches/PATCH_ORDER delete mode 100644 haproxy/centos/meta_patches/haproxy-service-file.patch delete mode 100644 haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch delete mode 100644 haproxy/centos/meta_patches/meta_add_support_for_tpm.patch delete mode 100644 haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch delete mode 100644 haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch delete mode 100644 haproxy/centos/meta_patches/spec-include-TiS-config.patch delete mode 100644 haproxy/centos/srpm_path delete mode 100644 haproxy/haproxy/503.http delete mode 100644 haproxy/haproxy/haproxy-env-var.patch delete mode 100644 haproxy/haproxy/haproxy-tpm-support.patch delete mode 100755 haproxy/haproxy/haproxy.cfg delete mode 100755 haproxy/haproxy/haproxy.sh diff --git a/centos_pkg_dirs b/centos_pkg_dirs index ec24ea2..0418dfb 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -1,4 +1,3 @@ -haproxy iptables iscsi-initiator-utils ldapscripts diff --git a/haproxy/PKG-INFO b/haproxy/PKG-INFO deleted file mode 100644 index 2f1d821..0000000 --- a/haproxy/PKG-INFO +++ /dev/null @@ -1,15 +0,0 @@ -Metadata-Version: 1.1 -Name: haproxy -Version: 1.5.18 -Summary: Abstract asynchronous event notification library -Home-page: -Author: -Author-email: -License: GPLv2+ - -Description: -HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high -availability environments. - - -Platform: UNKNOWN diff --git a/haproxy/centos/build_srpm.data b/haproxy/centos/build_srpm.data deleted file mode 100644 index b768bf6..0000000 --- a/haproxy/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -COPY_LIST="haproxy/*" -TIS_PATCH_VER=7 diff --git a/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch deleted file mode 100644 index 2e71baa..0000000 --- a/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch - -Conflicts: - SPECS/haproxy.spec ---- - SPECS/haproxy.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index c1547ef..097aa79 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -8,7 +8,7 @@ - - Name: haproxy - Version: 1.5.18 --Release: 6%{?dist} -+Release: 6.el7%{?_tis_dist}.%{tis_patch_ver} - Summary: TCP/HTTP proxy and load balancer for high availability environments - - Group: System Environment/Daemons --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/PATCH_ORDER b/haproxy/centos/meta_patches/PATCH_ORDER deleted file mode 100644 index 87bd6af..0000000 --- a/haproxy/centos/meta_patches/PATCH_ORDER +++ /dev/null @@ -1,7 +0,0 @@ -spec-include-TiS-config.patch -haproxy-spec-add-init-script.patch -spec-add-haproxy-env-var-patch.patch -meta_remove_bad_logrotate.patch -haproxy-service-file.patch -meta_add_support_for_tpm.patch -0001-Update-package-versioning-for-TIS-format.patch diff --git a/haproxy/centos/meta_patches/haproxy-service-file.patch b/haproxy/centos/meta_patches/haproxy-service-file.patch deleted file mode 100644 index 179b7d5..0000000 --- a/haproxy/centos/meta_patches/haproxy-service-file.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c4d74c67ee001af849e7a30e824cc0f8e38ef948 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 5/7] WRS: haproxy-service-file.patch - ---- - SOURCES/haproxy.service | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service -index 2d4c954..c2f1086 100644 ---- a/SOURCES/haproxy.service -+++ b/SOURCES/haproxy.service -@@ -4,7 +4,8 @@ After=syslog.target network.target - - [Service] - EnvironmentFile=/etc/sysconfig/haproxy --ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS -+ExecStart=/etc/init.d/haproxy start -+ExecStop=/etc/init.d/haproxy stop - ExecReload=/bin/kill -USR2 $MAINPID - KillMode=mixed - --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch b/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch deleted file mode 100644 index d38a4fc..0000000 --- a/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 959767df3285a81f1c5650018ed846fe90a68c9d Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 2/7] WRS: haproxy-spec-add-init-script.patch - ---- - SPECS/haproxy.spec | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index 42ddeb0..cbd9161 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -21,6 +21,7 @@ Source2: %{name}.cfg - Source3: %{name}.logrotate - Source4: %{name}.sysconfig - Source5: halog.1 -+Source10: %{name}.sh - - # WRS - Source6: 503.http -@@ -81,11 +82,14 @@ popd - %{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628" - %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} - -+mkdir -p /etc/init.d -+ - %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service - %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg - %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} - %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 -+%{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name} - %{__install} -d -m 0755 %{buildroot}%{haproxy_home} - %{__install} -d -m 0755 %{buildroot}%{haproxy_datadir} - %{__install} -d -m 0755 %{buildroot}%{_bindir} -@@ -149,6 +153,7 @@ fi - %{_bindir}/halog - %{_bindir}/iprange - %{_mandir}/man1/* -+/etc/init.d/%{name} - %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} - - # WRS --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch b/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch deleted file mode 100644 index a87dd87..0000000 --- a/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a5329bf1468f55c8d6b983e5999c12139dc7479d Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 6/7] WRS: meta_add_support_for_tpm.patch - ---- - SPECS/haproxy.spec | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index 3d112e0..c1547ef 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -30,6 +30,7 @@ Patch1: iprange-return-type.patch - Patch2: haproxy-tcp-user-timeout.patch - Patch3: haproxy-systemd-wrapper-exit-code.patch - Patch4: haproxy-env-var.patch -+Patch5: haproxy-tpm-support.patch - - BuildRequires: pcre-devel - BuildRequires: zlib-devel -@@ -41,6 +42,9 @@ Requires(post): systemd - Requires(preun): systemd - Requires(postun): systemd - -+Requires: tpm2-openssl-engine -+ -+ - %description - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high - availability environments. Indeed, it can: -@@ -62,6 +66,7 @@ availability environments. Indeed, it can: - %patch2 -p1 - %patch3 -p1 - %patch4 -p1 -+%patch5 -p1 - - %build - regparm_opts= --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch b/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch deleted file mode 100644 index f99a423..0000000 --- a/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 3eac39ba534b92dbcb3a898442b09be7acc389bb Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 4/7] WRS: meta_remove_bad_logrotate.patch - ---- - SPECS/haproxy.spec | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index af94d46..3d112e0 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -18,7 +18,6 @@ URL: http://www.haproxy.org/ - Source0: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz - Source1: %{name}.service - Source2: %{name}.cfg --Source3: %{name}.logrotate - Source4: %{name}.sysconfig - Source5: halog.1 - Source10: %{name}.sh -@@ -88,7 +87,6 @@ mkdir -p /etc/init.d - - %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service - %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg --%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} - %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 - %{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name} -@@ -147,7 +145,6 @@ fi - %dir %{haproxy_datadir} - %{haproxy_datadir}/* - %config(noreplace) %{haproxy_confdir}/%{name}.cfg --%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} - %config(noreplace) %{_sysconfdir}/sysconfig/%{name} - %{_unitdir}/%{name}.service - %{_sbindir}/%{name} --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch b/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch deleted file mode 100644 index 95eb17e..0000000 --- a/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2e37207c026047e2ce1bc9a5278faddfea81c011 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 3/7] WRS: spec-add-haproxy-env-var-patch.patch - ---- - SPECS/haproxy.spec | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index cbd9161..af94d46 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -30,6 +30,7 @@ Patch0: halog-unused-variables.patch - Patch1: iprange-return-type.patch - Patch2: haproxy-tcp-user-timeout.patch - Patch3: haproxy-systemd-wrapper-exit-code.patch -+Patch4: haproxy-env-var.patch - - BuildRequires: pcre-devel - BuildRequires: zlib-devel -@@ -61,6 +62,7 @@ availability environments. Indeed, it can: - %patch1 -p0 - %patch2 -p1 - %patch3 -p1 -+%patch4 -p1 - - %build - regparm_opts= --- -1.9.1 - diff --git a/haproxy/centos/meta_patches/spec-include-TiS-config.patch b/haproxy/centos/meta_patches/spec-include-TiS-config.patch deleted file mode 100644 index 3cff884..0000000 --- a/haproxy/centos/meta_patches/spec-include-TiS-config.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 419d06285552bc31dce214d37edb925b4a82c68b Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH 1/7] WRS: spec-include-TiS-config.patch - ---- - SPECS/haproxy.spec | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index b4dde9e..42ddeb0 100644 ---- a/SPECS/haproxy.spec -+++ b/SPECS/haproxy.spec -@@ -22,6 +22,9 @@ Source3: %{name}.logrotate - Source4: %{name}.sysconfig - Source5: halog.1 - -+# WRS -+Source6: 503.http -+ - Patch0: halog-unused-variables.patch - Patch1: iprange-return-type.patch - Patch2: haproxy-tcp-user-timeout.patch -@@ -79,7 +82,7 @@ popd - %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} - - %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service --%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg -+%{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg - %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} - %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} - %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 -@@ -106,6 +109,11 @@ do - %{__rm} -f $textfile.old - done - -+# WRS -+%{__install} -d 755 %{buildroot}/etc/haproxy/errors/ -+%{__install} -m 755 %{SOURCE6} %{buildroot}/etc/haproxy/errors/503.http -+ -+ - %pre - getent group %{haproxy_group} >/dev/null || groupadd -f -g 188 -r %{haproxy_group} - if ! getent passwd %{haproxy_user} >/dev/null ; then -@@ -143,6 +151,10 @@ fi - %{_mandir}/man1/* - %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} - -+# WRS -+%dir /etc/haproxy/errors/ -+/etc/haproxy/errors/* -+ - %changelog - * Mon May 01 2017 Ryan O'Hara - 1.5.18-6 - - Use KillMode=mixed in systemd service file (#1444709) --- -1.9.1 - diff --git a/haproxy/centos/srpm_path b/haproxy/centos/srpm_path deleted file mode 100644 index fb995db..0000000 --- a/haproxy/centos/srpm_path +++ /dev/null @@ -1 +0,0 @@ -mirror:Source/haproxy-1.5.18-6.el7.src.rpm diff --git a/haproxy/haproxy/503.http b/haproxy/haproxy/503.http deleted file mode 100644 index 367d425..0000000 --- a/haproxy/haproxy/503.http +++ /dev/null @@ -1,9 +0,0 @@ -HTTP/1.0 503 Service Unavailable -Cache-Control: no-cache -Connection: close -Content-Type: text/html - -

503 Service Unavailable

-No server is available to handle this request. - - diff --git a/haproxy/haproxy/haproxy-env-var.patch b/haproxy/haproxy/haproxy-env-var.patch deleted file mode 100644 index 93d1749..0000000 --- a/haproxy/haproxy/haproxy-env-var.patch +++ /dev/null @@ -1,245 +0,0 @@ -Index: haproxy-1.5.11/src/cfgparse.c -=================================================================== ---- haproxy-1.5.11.orig/src/cfgparse.c -+++ haproxy-1.5.11/src/cfgparse.c -@@ -5789,12 +5789,19 @@ out: - */ - int readcfgfile(const char *file) - { -- char thisline[LINESIZE]; -+ char *thisline; -+ int linesize = LINESIZE; - FILE *f; - int linenum = 0; - int err_code = 0; - struct cfg_section *cs = NULL; - struct cfg_section *ics; -+ int readbytes = 0; -+ -+ if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) { -+ Alert("parsing [%s] : out of memory.\n", file); -+ return -1; -+ } - - /* Register internal sections */ - if (!cfg_register_section("listen", cfg_parse_listen) || -@@ -5810,11 +5817,14 @@ int readcfgfile(const char *file) - if ((f=fopen(file,"r")) == NULL) - return -1; - -- while (fgets(thisline, sizeof(thisline), f) != NULL) { -+next_line: -+ while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) { - int arg, kwm = KWM_STD; - char *end; - char *args[MAX_LINE_ARGS + 1]; - char *line = thisline; -+ int dquote = 0; /* double quote */ -+ int squote = 0; /* simple quote */ - - linenum++; - -@@ -5824,11 +5834,25 @@ int readcfgfile(const char *file) - /* Check if we reached the limit and the last char is not \n. - * Watch out for the last line without the terminating '\n'! - */ -- Alert("parsing [%s:%d]: line too long, limit: %d.\n", -- file, linenum, (int)sizeof(thisline)-1); -- err_code |= ERR_ALERT | ERR_FATAL; -+ char *newline; -+ int newlinesize = linesize * 2; -+ -+ newline = realloc(thisline, sizeof(*thisline) * newlinesize); -+ if (newline == NULL) { -+ Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n", -+ file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ continue; -+ } -+ -+ readbytes = linesize - 1; -+ linesize = newlinesize; -+ thisline = newline; -+ continue; - } - -+ readbytes = 0; -+ - /* skip leading spaces */ - while (isspace((unsigned char)*line)) - line++; -@@ -5837,10 +5861,26 @@ int readcfgfile(const char *file) - args[arg] = line; - - while (*line && arg < MAX_LINE_ARGS) { -- /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their -- * C equivalent value. Other combinations left unchanged (eg: \1). -- */ -- if (*line == '\\') { -+ if (*line == '"' && !squote) { /* double quote outside single quotes */ -+ if (dquote) -+ dquote = 0; -+ else -+ dquote = 1; -+ memmove(line, line + 1, end - line); -+ end--; -+ } -+ else if (*line == '\'' && !dquote) { /* single quote outside double quotes */ -+ if (squote) -+ squote = 0; -+ else -+ squote = 1; -+ memmove(line, line + 1, end - line); -+ end--; -+ } -+ else if (*line == '\\' && !squote) { -+ /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their -+ * C equivalent value. Other combinations left unchanged (eg: \1). -+ */ - int skip = 0; - if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') { - *line = line[1]; -@@ -5872,6 +5912,15 @@ int readcfgfile(const char *file) - Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - } -+ } else if (line[1] == '"') { -+ *line = '"'; -+ skip = 1; -+ } else if (line[1] == '\'') { -+ *line = '\''; -+ skip = 1; -+ } else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */ -+ *line = '$'; -+ skip = 1; - } - if (skip) { - memmove(line + 1, line + 1 + skip, end - (line + skip)); -@@ -5879,23 +5928,117 @@ int readcfgfile(const char *file) - } - line++; - } -- else if (*line == '#' || *line == '\n' || *line == '\r') { -+ else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') { - /* end of string, end of loop */ - *line = 0; - break; - } -- else if (isspace((unsigned char)*line)) { -+ else if (!squote && !dquote && isspace((unsigned char)*line)) { - /* a non-escaped space is an argument separator */ - *line++ = '\0'; - while (isspace((unsigned char)*line)) - line++; - args[++arg] = line; - } -+ else if (dquote && *line == '$') { -+ /* environment variables are evaluated inside double quotes */ -+ char *var_beg; -+ char *var_end; -+ char save_char; -+ char *value; -+ int val_len; -+ int newlinesize; -+ int braces = 0; -+ -+ var_beg = line + 1; -+ var_end = var_beg; -+ -+ if (*var_beg == '{') { -+ var_beg++; -+ var_end++; -+ braces = 1; -+ } -+ -+ if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') { -+ Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* skip current line */ -+ } -+ -+ while (isalnum((int)(unsigned char)*var_end) || *var_end == '_') -+ var_end++; -+ -+ save_char = *var_end; -+ *var_end = '\0'; -+ value = getenv(var_beg); -+ *var_end = save_char; -+ val_len = value ? strlen(value) : 0; -+ -+ if (braces) { -+ if (*var_end == '}') { -+ var_end++; -+ braces = 0; -+ } else { -+ Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* skip current line */ -+ } -+ } -+ -+ newlinesize = (end - thisline) - (var_end - line) + val_len + 1; -+ -+ /* if not enough space in thisline */ -+ if (newlinesize > linesize) { -+ char *newline; -+ -+ newline = realloc(thisline, newlinesize * sizeof(*thisline)); -+ if (newline == NULL) { -+ Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* slip current line */ -+ } -+ /* recompute pointers if realloc returns a new pointer */ -+ if (newline != thisline) { -+ int i; -+ int diff; -+ -+ for (i = 0; i <= arg; i++) { -+ diff = args[i] - thisline; -+ args[i] = newline + diff; -+ } -+ -+ diff = var_end - thisline; -+ var_end = newline + diff; -+ diff = end - thisline; -+ end = newline + diff; -+ diff = line - thisline; -+ line = newline + diff; -+ thisline = newline; -+ } -+ linesize = newlinesize; -+ } -+ -+ /* insert value inside the line */ -+ memmove(line + val_len, var_end, end - var_end + 1); -+ memcpy(line, value, val_len); -+ end += val_len - (var_end - line); -+ line += val_len; -+ } - else { - line++; - } - } - -+ if (dquote) { -+ Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ } -+ -+ if (squote) { -+ Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ } -+ - /* empty line */ - if (!**args) - continue; -@@ -5966,6 +6109,7 @@ int readcfgfile(const char *file) - break; - } - cursection = NULL; -+ free(thisline); - fclose(f); - return err_code; - } diff --git a/haproxy/haproxy/haproxy-tpm-support.patch b/haproxy/haproxy/haproxy-tpm-support.patch deleted file mode 100644 index eb4545d..0000000 --- a/haproxy/haproxy/haproxy-tpm-support.patch +++ /dev/null @@ -1,319 +0,0 @@ -From a2a25214f6f4913b774bdd6c0b80d3ea424d3a1b Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Wed, 22 Mar 2017 12:07:24 -0400 -Subject: [PATCH] haproxy tpm support - ---- - include/types/global.h | 13 +++++ - src/cfgparse.c | 28 ++++++++++ - src/haproxy.c | 26 ++++++++- - src/ssl_sock.c | 147 +++++++++++++++++++++++++++++++++++++++++++------ - 4 files changed, 197 insertions(+), 17 deletions(-) - -diff --git a/include/types/global.h b/include/types/global.h -index f1525ae..2e9c077 100644 ---- a/include/types/global.h -+++ b/include/types/global.h -@@ -30,6 +30,10 @@ - #include - #include - -+#ifdef USE_OPENSSL -+#include -+#endif -+ - #ifndef UNIX_MAX_PATH - #define UNIX_MAX_PATH 108 - #endif -@@ -71,6 +75,14 @@ enum { - SSL_SERVER_VERIFY_REQUIRED = 1, - }; - -+// WRS: Define a new TPM configuration structure -+struct tpm_conf { -+ char *tpm_object; -+ char *tpm_engine; -+ EVP_PKEY *tpm_key; -+ ENGINE *tpm_engine_ref; -+}; -+ - /* FIXME : this will have to be redefined correctly */ - struct global { - #ifdef USE_OPENSSL -@@ -87,6 +99,7 @@ struct global { - char *connect_default_ciphers; - int listen_default_ssloptions; - int connect_default_ssloptions; -+ struct tpm_conf tpm; // tpm configuration - #endif - unsigned int ssl_server_verify; /* default verify mode on servers side */ - struct freq_ctr conn_per_sec; -diff --git a/src/cfgparse.c b/src/cfgparse.c -index 6a7f80c..3bc6e79 100644 ---- a/src/cfgparse.c -+++ b/src/cfgparse.c -@@ -1541,6 +1541,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) - goto out; - #endif - } -+ else if (!strcmp(args[0], "tpm-object")) { -+ if (global.tpm.tpm_object) { -+ free(global.tpm.tpm_object); -+ } -+#ifdef USE_OPENSSL -+ if (*(args[1]) && (access(args[1], F_OK) != -1)) { -+ global.tpm.tpm_object = strdup(args[1]); -+ } -+#else -+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto out; -+#endif -+ } -+ else if (!strcmp(args[0], "tpm-engine")) { -+ if (global.tpm.tpm_engine) { -+ free(global.tpm.tpm_engine); -+ } -+#ifdef USE_OPENSSL -+ if (*(args[1]) && (access(args[1], F_OK) != -1)) { -+ global.tpm.tpm_engine = strdup(args[1]); -+ } -+#else -+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto out; -+#endif -+ } - else { - struct cfg_kw_list *kwl; - int index; -diff --git a/src/haproxy.c b/src/haproxy.c -index 862697d..2a1a0dc 100644 ---- a/src/haproxy.c -+++ b/src/haproxy.c -@@ -959,6 +959,24 @@ static void deinit_stick_rules(struct list *rules) - } - } - -+static void deinit_tpm_engine() -+{ -+ /* -+ * if the tpm engine is present then -+ * deinit it, this is needed to -+ * flush the TPM key handle from TPM memory -+ */ -+ if (global.tpm.tpm_engine_ref) { -+ ENGINE_finish(global.tpm.tpm_engine_ref); -+ } -+ -+ if (global.tpm.tpm_key) { -+ EVP_PKEY_free(global.tpm.tpm_key); -+ } -+ free(global.tpm.tpm_engine); global.tpm.tpm_engine = NULL; -+ free(global.tpm.tpm_object); global.tpm.tpm_object = NULL; -+} -+ - void deinit(void) - { - struct proxy *p = proxy, *p0; -@@ -1218,7 +1236,13 @@ void deinit(void) - - free(uap); - } -- -+ -+ /* if HAProxy was in TPM mode then deinit -+ * that configuration as well. -+ */ -+ if (global.tpm.tpm_object && global.tpm.tpm_object != '\0') -+ deinit_tpm_engine(); -+ - userlist_free(userlist); - - protocol_unbind_all(); -diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index ead4c7b..4e16026 100644 ---- a/src/ssl_sock.c -+++ b/src/ssl_sock.c -@@ -50,6 +50,7 @@ - #ifndef OPENSSL_NO_DH - #include - #endif -+#include - - #include - #include -@@ -1115,6 +1116,80 @@ end: - return ret; - } - -+/* -+ * initialize the TPM engine and load the -+ * TPM object as private key within the Engine. -+ * Only do this for the first bind since TPM can -+ * only load 3-4 contexes before it runs out of memory -+ */ -+static int ssl_sock_load_tpm_key(SSL_CTX *ctx, char **err) { -+ if (!global.tpm.tpm_object || global.tpm.tpm_object[0] == '\0') { -+ /* not in TPM mode */ -+ return -1; -+ } -+ if (!global.tpm.tpm_key) { -+ Warning ("Could not find tpm_key; initializing engine\n"); -+ /* no key present; load the dynamic TPM engine */ -+ if (global.tpm.tpm_engine && global.tpm.tpm_engine[0]) { -+ ENGINE_load_dynamic(); -+ ENGINE *engine = ENGINE_by_id("dynamic"); -+ if (!engine) { -+ memprintf(err, "%s Unable to load the dynamic engine " -+ "(needed for loading custom TPM engine)\n", -+ err && *err ? *err : ""); -+ return 1; -+ } -+ -+ ENGINE_ctrl_cmd_string(engine, "SO_PATH", global.tpm.tpm_engine, 0); -+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0); -+ /* stow away for ENGINE cleanup */ -+ global.tpm.tpm_engine_ref = engine; -+ -+ if (ENGINE_init(engine) != 1) { -+ const char *error_str = ERR_error_string(ERR_get_error(), NULL); -+ memprintf(err, "%s Unable to init the TPM engine (%s). Err: %s\n", -+ err && *err ? *err : "", -+ global.tpm.tpm_engine, error_str); -+ goto tpm_err; -+ } -+ EVP_PKEY *pkey = ENGINE_load_private_key(engine, -+ global.tpm.tpm_object, -+ NULL, NULL); -+ if (!pkey) { -+ const char *error_str = ERR_error_string(ERR_get_error(), NULL); -+ memprintf(err, "%s Unable to load TPM object (%s). Err: %s\n", -+ err && *err ? *err : "", -+ global.tpm.tpm_object, error_str); -+ goto tpm_err; -+ } -+ global.tpm.tpm_key = pkey; -+ } -+ else { /* no TPM engine found */ -+ memprintf(err, "%s TPM engine option not set when TPM mode expected\n", -+ err && *err ? *err : ""); -+ goto tpm_err; -+ } -+ } -+ -+ if (SSL_CTX_use_PrivateKey(ctx, global.tpm.tpm_key) <= 0){ -+ const char *error_str = ERR_error_string(ERR_get_error(), -+ NULL); -+ memprintf(err, "%s Invalid private key provided from TPM engine(%s). Err: %s\n", -+ err && *err ? *err : "", -+ global.tpm.tpm_object, error_str); -+ goto tpm_err; -+ } -+ -+ return 0; -+ -+tpm_err: -+ ENGINE_finish(global.tpm.tpm_engine_ref); -+ global.tpm.tpm_engine_ref = NULL; -+ EVP_PKEY_free(global.tpm.tpm_key); -+ global.tpm.tpm_key = NULL; -+ return 1; -+} -+ - static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err) - { - int ret; -@@ -1127,26 +1202,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf - return 1; - } - -- if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { -- memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", -- err && *err ? *err : "", path); -- SSL_CTX_free(ctx); -- return 1; -+ /* NOTE (knasim-wrs): US93721: TPM support -+ * This SSL context applies to SSL frontends only. -+ * If the TPM option is set then the Private key -+ * is stored in TPM. -+ * -+ * Launch the OpenSSL TPM engine and load the TPM -+ * Private Key. The Public key will still be located -+ * at the provided path and needs to be loaded as -+ * per usual. -+ */ -+ if (global.tpm.tpm_object) { -+ ret = ssl_sock_load_tpm_key(ctx, err); -+ if (ret > 0) { -+ /* tpm configuration failed */ -+ SSL_CTX_free(ctx); -+ return 1; -+ } - } -- -- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount); -- if (ret <= 0) { -- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", -- err && *err ? *err : "", path); -- if (ret < 0) /* serious error, must do that ourselves */ -+ else { /* non TPM mode */ -+ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { -+ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", -+ err && *err ? *err : "", path); - SSL_CTX_free(ctx); -- return 1; -+ return 1; -+ } - } - -- if (SSL_CTX_check_private_key(ctx) <= 0) { -- memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", -- err && *err ? *err : "", path); -- return 1; -+ ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount); -+ if (ret <= 0) { -+ memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", -+ err && *err ? *err : "", path); -+ if (ret < 0) /* serious error, must do that ourselves */ -+ SSL_CTX_free(ctx); -+ return 1; -+ } -+ -+ /* -+ * only match the private key to the public key -+ * for non TPM mode. This op would never work for -+ * TPM since the private key has been wrapped, whereas -+ * the public key is still the original one. -+ */ -+ if (!global.tpm.tpm_object) { -+ if (SSL_CTX_check_private_key(ctx) <= 0) { -+ memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", -+ err && *err ? *err : "", path); -+ return 1; -+ } - } - - /* we must not free the SSL_CTX anymore below, since it's already in -@@ -1725,6 +1828,18 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) - cfgerr++; - return cfgerr; - } -+ -+ /* NOTE (knasim-wrs): US93721: TPM support -+ * This SSL context applies to SSL backends only. -+ * Since Titanium backends don't support SSL, there -+ * is no need to offload these keys in TPM or reuse the -+ * same TPM key for the frontend engine. -+ * -+ * If SSL backends are to be supported in the future, -+ * over TPM, then create a new TPM Engine context and -+ * load the backend key in TPM, in a similar fashion to -+ * the frontend key. -+ */ - if (srv->ssl_ctx.client_crt) { - if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) { - Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n", --- -1.8.3.1 - diff --git a/haproxy/haproxy/haproxy.cfg b/haproxy/haproxy/haproxy.cfg deleted file mode 100755 index f0f0f17..0000000 --- a/haproxy/haproxy/haproxy.cfg +++ /dev/null @@ -1,80 +0,0 @@ -# this config needs haproxy-1.1.28 or haproxy-1.2.1 - -global - log 127.0.0.1 local0 - log 127.0.0.1 local1 notice - #log loghost local0 info - maxconn 4096 - chroot /usr/share/haproxy - uid 99 - gid 99 - daemon - #debug - #quiet - -defaults - log global - mode http - option httplog - option dontlognull - retries 3 - option redispatch - maxconn 2000 - timeout connect 5000 - timeout client 50000 - timeout server 50000 - -listen appli1-rewrite 0.0.0.0:10001 - cookie SERVERID rewrite - balance roundrobin - server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5 - server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5 - server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5 - server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5 - -listen appli2-insert 0.0.0.0:10002 - option httpchk - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - capture cookie vgnvisitor= len 32 - - option httpclose # disable keep-alive - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - -listen appli3-relais 0.0.0.0:10003 - dispatch 192.168.135.17:80 - -listen appli4-backup 0.0.0.0:10004 - option httpchk /index.html - option persist - balance roundrobin - server inst1 192.168.114.56:80 check inter 2000 fall 3 - server inst2 192.168.114.56:81 check inter 2000 fall 3 backup - -listen ssl-relay 0.0.0.0:8443 - option ssl-hello-chk - balance source - server inst1 192.168.110.56:443 check inter 2000 fall 3 - server inst2 192.168.110.57:443 check inter 2000 fall 3 - server back1 192.168.120.58:443 backup - -listen appli5-backup 0.0.0.0:10005 - option httpchk * - balance roundrobin - cookie SERVERID insert indirect nocache - server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 - server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 - server inst3 192.168.114.57:80 backup check inter 2000 fall 3 - capture cookie ASPSESSION len 32 - timeout server 20000 - - option httpclose # disable keep-alive - option checkcache # block response if set-cookie & cacheable - - rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address - - errorloc 502 http://192.168.114.58/error502.html - errorfile 503 /etc/haproxy/errors/503.http - diff --git a/haproxy/haproxy/haproxy.sh b/haproxy/haproxy/haproxy.sh deleted file mode 100755 index 560480e..0000000 --- a/haproxy/haproxy/haproxy.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: HA-Proxy -# Required-Start: networking -# Required-Stop: networking -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: HA-Proxy TCP/HTTP reverse proxy -# Description: HA-Proxy is a TCP/HTTP reverse proxy -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/haproxy -NAME=haproxy -DESC="HA-Proxy TCP/HTTP reverse proxy" -PIDFILE="/var/run/$NAME.pid" -TPM_DATA_DIR="/var/run/TPM_haproxy/" -OPTS="-D -f /etc/haproxy/haproxy.cfg -p $PIDFILE" -RETVAL=0 - -# This is only needed till TPM In-Kernel -# ResourceMgr comes in -remove_TPM_transients () { - _HANDLES=`find $TPM_DATA_DIR -type f -name "hp*.bin" -printf "%f "` - for handle in $_HANDLES; do - handle_addr=`echo $handle | sed 's/hp\([0-9]*\)\.bin/\1/g'` - tss2_flushcontext -ha $handle_addr &> /dev/null - done - rm -f $TPM_DATA_DIR/* -} - -start() { - if [ -e $PIDFILE ]; then - PIDDIR=/proc/$(cat $PIDFILE) - if [ -d $PIDDIR ]; then - echo "$DESC already running." - return - else - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi - fi - - # TODO: This is a temporary workaround till - # we eventually add a resource manager for TPM - mkdir -p $TPM_DATA_DIR - - echo -n "Starting $NAME: " - - TPM_DATA_DIR=$TPM_DATA_DIR start-stop-daemon --start --pidfile $PIDFILE -x "$DAEMON" -- $OPTS - RETVAL=$? - if [ $RETVAL -eq 0 ]; then - echo "done." - else - remove_TPM_transients - echo "failed." - fi -} - -stop() { - if [ ! -e $PIDFILE ]; then return; fi - - echo -n "Stopping $DESC..." - - start-stop-daemon --stop --quiet --retry 3 --oknodo --pidfile $PIDFILE -x "$DAEMON" - if [ -n "`pidof $DAEMON`" ] ; then - pkill -KILL -f $DAEMON - fi - echo "done." - rm -f $PIDFILE - rm -f /var/lock/subsys/$NAME - remove_TPM_transients -} - -status() -{ - pid=`cat $PIDFILE 2>/dev/null` - if [ -n "$pid" ]; then - if ps -p $pid &>/dev/null ; then - echo "$DESC is running" - RETVAL=0 - return - else - RETVAL=1 - fi - fi - echo "$DESC is not running" - RETVAL=1 -} - -check() { - /usr/sbin/$NAME -c -q -V -f /etc/$NAME/$NAME.cfg -} - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart|force-reload|reload) - stop - start - ;; - status) - status - ;; - check) - check - ;; - *) - echo "Usage: $0 {start|stop|force-reload|restart|reload|status|check}" - RETVAL=1 - ;; -esac - -exit $RETVAL