From 9c72843aa16a96a346b7fc3ccdf346c8cd8ffb73 Mon Sep 17 00:00:00 2001 From: Dean Troyer Date: Wed, 30 May 2018 16:16:32 -0700 Subject: [PATCH] StarlingX open source release updates Signed-off-by: Dean Troyer --- LICENSE | 202 ++ README.rst | 5 + bash/centos/build_srpm.data | 3 + .../0001-Further-parallelize-bash-build.patch | 25 + ...te-package-versioning-for-TIS-format.patch | 27 + bash/centos/meta_patches/PATCH_ORDER | 3 + .../meta_patches/spec-TiS-bash-history.patch | 40 + bash/centos/srpm_path | 1 + ...h-history-exit-child-on-parent-death.patch | 105 + bash/files/bash-history-syslog.patch | 335 +++ cgcs-users/centos/build_srpm.data | 5 + cgcs-users/centos/cgcs-users.spec | 86 + cgcs-users/cgcs-users-1.0/LICENSE | 346 +++ cgcs-users/cgcs-users-1.0/admin.cmds | 11 + cgcs-users/cgcs-users-1.0/admin.xtns | 6 + .../ibsh-0.3e-cgcs-copyright.patch | 26 + .../cgcs-users-1.0/ibsh-0.3e-cgcs.patch | 87 + cgcs-users/cgcs-users-1.0/ibsh-0.3e.patch | 860 +++++++ cgcs-users/cgcs-users-1.0/operator.cmds | 7 + cgcs-users/cgcs-users-1.0/operator.xtns | 4 + cgcs-users/cgcs-users-1.0/secadmin.cmds | 12 + cgcs-users/cgcs-users-1.0/secadmin.xtns | 6 + cluster-resource-agents/PKG-INFO | 16 + .../centos/build_srpm.data | 1 + ...te-package-versioning-for-TIS-format.patch | 28 + ...isable-creation-of-the-debug-package.patch | 27 + ...activity-bug-in-heartbeat-LVM-script.patch | 32 + ...vent-inactive-controller-reboot-loop.patch | 33 + .../centos/meta_patches/PATCH_ORDER | 12 + .../centos/meta_patches/ipaddr2-if-down.patch | 32 + ...c-add-create-var-run-resource-agents.patch | 32 + .../spec-add-ipaddr2-ignore-lo-state.patch | 32 + .../spec-avoid-dir-collisions.patch | 56 + .../spec-include-TiS-patches.patch | 50 + .../spec-include-tis-logtag-patch.patch | 32 + .../spec-lvm-cleanup-refs-on-stop.patch | 32 + ...mon-of-shutdown-before-shutting-down.patch | 33 + ...activity-bug-in-heartbeat-LVM-script.patch | 58 + ...vent-inactive-controller-reboot-loop.patch | 27 + .../centos/patches/copyright.patch | 51 + .../create-var-run-resource-agents.patch | 28 + .../centos/patches/filesystem_rmon.patch | 204 ++ .../patches/ipaddr2_check_if_state.patch | 58 + .../centos/patches/ipaddr2_if_down.patch | 58 + .../patches/ipaddr2_ignore_lo_if_state.patch | 43 + .../patches/lvm_cleanup_refs_on_stop.patch | 121 + .../centos/patches/lvm_vg_activation.patch | 160 ++ .../centos/patches/new_ocf_return_codes.patch | 62 + ...mon-of-shutdown-before-shutting-down.patch | 54 + .../ocf-shellfuncs_change_logtag.patch | 28 + .../centos/patches/pgsql.patch | 87 + .../centos/patches/umount-in-namespace.patch | 27 + cluster-resource-agents/centos/srpm_path | 1 + .../cluster-resource-agents/copyright.patch | 38 + .../exportfs_accept_ipv6.patch | 15 + .../filesystem_rmon.patch | 193 ++ .../ipaddr2_add_if_type.patch | 37 + .../ipaddr2_check_if_state.patch | 48 + .../lvm_vg_activation.patch | 155 ++ .../new_ocf_return_codes.patch | 52 + .../ocf-shellfuncs_change_logtag.patch | 18 + .../cluster-resource-agents/pgsql.patch | 77 + .../umount-in-namespace.patch | 17 + dpkg/.gitignore | 6 + dpkg/README | 4 + dpkg/centos/build_srpm.data | 2 + dpkg/centos/dpkg.spec | 43 + drbd-tools/centos/build_srpm.data | 4 + drbd-tools/centos/drbd.spec | 407 ++++ drbd-tools/centos/files/drbd.service | 17 + .../0001-skip_wait_con_int_on_simplex.patch | 18 + ...0002-drbd-conditional-crm-dependency.patch | 26 + .../patches/0003-drbd_report_condition.patch | 387 ++++ .../patches/0004-drbdadm-ipaddr-change.patch | 132 ++ ...05-drbd_reconnect_standby_standalone.patch | 34 + ...avoid-kernel-userspace-version-check.patch | 55 + ...to-attempt-connect-in-certain-states.patch | 40 + ...ncrease-short-cmd-timeout-to-15-secs.patch | 25 + drbd/PKG-INFO | 16 + drbd/centos/build_srpm.data | 4 + drbd/centos/drbd-kernel.spec | 159 ++ drbd/centos/files/filelist-redhat | 11 + ...001-remove_bind_before_connect_error.patch | 12 + haproxy/PKG-INFO | 15 + haproxy/centos/build_srpm.data | 2 + ...te-package-versioning-for-TIS-format.patch | 27 + haproxy/centos/meta_patches/PATCH_ORDER | 7 + .../meta_patches/haproxy-service-file.patch | 26 + .../haproxy-spec-add-init-script.patch | 47 + .../meta_add_support_for_tpm.patch | 42 + .../meta_remove_bad_logrotate.patch | 40 + .../spec-add-haproxy-env-var-patch.patch | 32 + .../spec-include-TiS-config.patch | 58 + haproxy/centos/srpm_path | 1 + haproxy/haproxy/503.http | 9 + haproxy/haproxy/haproxy-env-var.patch | 245 ++ haproxy/haproxy/haproxy-tpm-support.patch | 319 +++ haproxy/haproxy/haproxy.cfg | 80 + haproxy/haproxy/haproxy.sh | 120 + integrity/PKG-INFO | 12 + integrity/centos/build_srpm.data | 5 + integrity/centos/files/COPYING | 344 +++ integrity/centos/files/README | 231 ++ integrity/centos/files/ima.conf | 1 + integrity/centos/files/ima.policy | 4 + integrity/centos/files/integrity.conf | 1 + integrity/centos/files/modules-load.conf | 3 + integrity/centos/integrity-kmod.spec | 138 ++ .../0001-integrity-kcompat-support.patch | 1283 +++++++++++ .../0002-integrity-expose-module-params.patch | 156 ++ .../0003-integrity-restrict-by-iversion.patch | 54 + ...ntegrity-disable-set-xattr-on-imasig.patch | 121 + .../Changes-for-CentOS-7.4-support.patch | 28 + .../patches/integrity-kmod.spec.patchlist | 3 + intel-e1000e/centos/build_srpm.data | 5 + intel-e1000e/centos/e1000e-kmod.spec | 125 + intel-e1000e/centos/files/GPL-v2.0.txt | 339 +++ intel-e1000e/files/modules-load.conf | 1 + intel-i40e/PKG-INFO | 13 + intel-i40e/centos/build_srpm.data | 5 + intel-i40e/centos/files/GPL-v2.0.txt | 339 +++ intel-i40e/centos/i40e-kmod.spec | 127 ++ ...e-Enable-getting-link-status-from-VF.patch | 126 + intel-i40e/files/modules-load.conf | 1 + intel-i40evf/PKG-INFO | 13 + intel-i40evf/centos/build_srpm.data | 5 + intel-i40evf/centos/files/GPL-v2.0.txt | 339 +++ intel-i40evf/centos/i40evf-kmod.spec | 125 + intel-i40evf/files/modules-load.conf | 1 + intel-ixgbe/centos/build_srpm.data | 5 + intel-ixgbe/centos/files/GPL-v2.0.txt | 339 +++ intel-ixgbe/centos/ixgbe-kmod.spec | 124 + intel-ixgbe/files/modules-load.conf | 1 + intel-ixgbevf/centos/build_srpm.data | 5 + intel-ixgbevf/centos/files/GPL-v2.0.txt | 339 +++ intel-ixgbevf/centos/ixgbevf-kmod.spec | 124 + .../files/0001-i40evf-Fix-compile-issue.patch | 27 + intel-ixgbevf/files/modules-load.conf | 1 + iptables/PKG-INFO | 16 + iptables/centos/build_srpm.data | 2 + ...te-package-versioning-for-TIS-format.patch | 27 + .../0002-default-service-enabled.patch | 24 + iptables/centos/meta_patches/PATCH_ORDER | 3 + .../spec-include-custom-rules.patch | 50 + iptables/centos/srpm_path | 1 + iptables/iptables/ip6tables.rules | 8 + iptables/iptables/iptables.rules | 8 + iscsi-initiator-utils/PKG-INFO | 17 + iscsi-initiator-utils/centos/build_srpm.data | 2 + .../0001-spec-include-TiS-changes.patch | 88 + ...te-package-versioning-for-TIS-format.patch | 27 + ...003-Add-iscsi-shutdown.service-patch.patch | 26 + .../centos/meta_patches/PATCH_ORDER | 3 + ...t-error-timeouts-for-iSCSI-initiator.patch | 48 + ...gainst-network.service-to-iscsi-shut.patch | 25 + iscsi-initiator-utils/centos/srpm_path | 1 + .../files/iscsi-cache.volatiles | 3 + ldapscripts/PKG-INFO | 14 + ldapscripts/centos/build_srpm.data | 3 + ldapscripts/centos/ldapscripts.spec | 73 + ...p-user-setup-noninteractive-mode-fix.patch | 15 + ...-user-setup-support-input-validation.patch | 87 + .../files/ldap-user-setup-support.patch | 354 +++ ldapscripts/files/ldapaddgroup.template.cgcs | 5 + ldapscripts/files/ldapaddsudo.template.cgcs | 10 + ldapscripts/files/ldapadduser.template.cgcs | 16 + ldapscripts/files/ldapmodsudo.template.cgcs | 4 + ldapscripts/files/ldapmoduser.template.cgcs | 4 + ldapscripts/files/ldapscripts.conf.cgcs | 152 ++ ldapscripts/files/ldapscripts.passwd | 1 + ldapscripts/files/log_timestamp.patch | 15 + ldapscripts/files/sudo-delete-support.patch | 352 +++ ldapscripts/files/sudo-support.patch | 289 +++ libfdt/.gitignore | 6 + libfdt/PKG-INFO | 13 + libfdt/README | 6 + libfdt/centos/build_srpm.data | 2 + libfdt/centos/libfdt.spec | 51 + mariadb/centos/README | 6 + mariadb/centos/build_srpm.data | 4 + mariadb/centos/files/LICENSE.clustercheck | 27 + mariadb/centos/files/README.mysql-cnf | 13 + mariadb/centos/files/README.mysql-docs | 4 + mariadb/centos/files/README.mysql-license | 9 + mariadb/centos/files/clustercheck.sh | 89 + mariadb/centos/files/mariadb-admincrash.patch | 32 + mariadb/centos/files/mariadb-basedir.patch | 24 + mariadb/centos/files/mariadb-errno.patch | 26 + .../files/mariadb-example-config-files.patch | 72 + .../centos/files/mariadb-file-contents.patch | 49 + mariadb/centos/files/mariadb-galera.cnf.patch | 21 + .../files/mariadb-install-db-sharedir.patch | 49 + .../centos/files/mariadb-install-test.patch | 62 + mariadb/centos/files/mariadb-logrotate.patch | 80 + mariadb/centos/files/mariadb-notestdb.patch | 24 + mariadb/centos/files/mariadb-ownsetup.patch | 41 + .../mariadb-revert-stdouterr-closing.patch | 34 + mariadb/centos/files/mariadb-scripts.patch | 47 + mariadb/centos/files/mariadb-server-galera.te | 23 + mariadb/centos/files/mariadb-ssl-cypher.patch | 30 + mariadb/centos/files/mariadb-strmov.patch | 40 + mariadb/centos/files/my.cnf.in | 18 + mariadb/centos/files/mysql-check-socket.sh | 39 + mariadb/centos/files/mysql-check-upgrade.sh | 39 + mariadb/centos/files/mysql-embedded-check.c | 26 + mariadb/centos/files/mysql-prepare-db-dir.sh | 137 ++ mariadb/centos/files/mysql-scripts-common.sh | 58 + mariadb/centos/files/mysql-wait-ready.sh | 45 + mariadb/centos/files/mysql-wait-stop.sh | 36 + mariadb/centos/files/mysql.init.in | 186 ++ mariadb/centos/files/mysql.service.in | 70 + mariadb/centos/files/mysql.tmpfiles.d.in | 3 + mariadb/centos/files/mysql@.service.in | 77 + mariadb/centos/files/mysql_config_multilib.sh | 26 + .../centos/files/rh-skipped-tests-arm.list | 8 + .../centos/files/rh-skipped-tests-base.list | 9 + .../files/rh-skipped-tests-ppc-s390.list | 0 mariadb/centos/mariadb.spec | 2032 +++++++++++++++++ mariadb/centos/mariadb.spec.unmodified | 1998 ++++++++++++++++ mwa-gplv2.map | 23 + net-tools/centos/build_srpm.data | 2 + ...te-package-versioning-for-TIS-format.patch | 27 + net-tools/centos/meta_patches/PATCH_ORDER | 2 + .../spec-to-include-TiS-patches.patch | 39 + net-tools/centos/srpm_path | 1 + .../net-tools-hostname-ipv6-shortname.patch | 31 + ...t-tools-ifconfig-no-ifstate-on-flush.patch | 29 + netpbm/centos/build_srpm.data | 2 + ...te-package-versioning-for-TIS-format.patch | 25 + .../0001-remove-ghostscript.patch | 29 + netpbm/centos/meta_patches/PATCH_ORDER | 2 + netpbm/centos/patches/remove-pstopnm.patch | 25 + netpbm/centos/srpm_path | 1 + qat17/PKG-INFO | 13 + qat17/centos/build_srpm.data | 6 + qat17/centos/qat17.spec | 134 ++ ...0001-Install-config-file-for-each-VF.patch | 118 + ...he-return-code-on-firmware-load-fail.patch | 42 + qat17/files/qat | 1 + qat17/files/qat_service | 320 +++ rpm/centos/build_srpm.data | 5 + rpm/centos/rpm.spec | 1362 +++++++++++ rpm/patches/0001-sign-files-only.patch | 206 ++ tpmdd/PKG-INFO | 13 + tpmdd/centos/build_srpm.data | 5 + tpmdd/centos/files/COPYING | 344 +++ tpmdd/centos/files/README | 184 ++ tpmdd/centos/files/modules-load.conf | 3 + tpmdd/centos/tpm-kmod.spec | 145 ++ .../0001-disable-arm64-acpi-command.patch | 40 + .../patches/0002-tpmdd-kcompat-support.patch | 543 +++++ ...tpm-replace-msleep-with-usleep_range.patch | 200 ++ ...ce-tpm-polling-delay-in-tpm_tis_core.patch | 59 + ...pm-use-tpm_msleep-value-as-max-delay.patch | 37 + ...tat-to-specify-variable-polling-time.patch | 123 + ...rstcount-to-improve-send-performance.patch | 97 + tpmdd/patches/tpm-kmod.spec.patchlist | 7 + 257 files changed, 23461 insertions(+) create mode 100644 LICENSE create mode 100644 README.rst create mode 100644 bash/centos/build_srpm.data create mode 100644 bash/centos/meta_patches/0001-Further-parallelize-bash-build.patch create mode 100644 bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 bash/centos/meta_patches/PATCH_ORDER create mode 100644 bash/centos/meta_patches/spec-TiS-bash-history.patch create mode 100644 bash/centos/srpm_path create mode 100644 bash/files/bash-history-exit-child-on-parent-death.patch create mode 100644 bash/files/bash-history-syslog.patch create mode 100644 cgcs-users/centos/build_srpm.data create mode 100644 cgcs-users/centos/cgcs-users.spec create mode 100644 cgcs-users/cgcs-users-1.0/LICENSE create mode 100644 cgcs-users/cgcs-users-1.0/admin.cmds create mode 100644 cgcs-users/cgcs-users-1.0/admin.xtns create mode 100644 cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs-copyright.patch create mode 100644 cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs.patch create mode 100644 cgcs-users/cgcs-users-1.0/ibsh-0.3e.patch create mode 100644 cgcs-users/cgcs-users-1.0/operator.cmds create mode 100644 cgcs-users/cgcs-users-1.0/operator.xtns create mode 100644 cgcs-users/cgcs-users-1.0/secadmin.cmds create mode 100644 cgcs-users/cgcs-users-1.0/secadmin.xtns create mode 100644 cluster-resource-agents/PKG-INFO create mode 100644 cluster-resource-agents/centos/build_srpm.data create mode 100644 cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch create mode 100644 cluster-resource-agents/centos/meta_patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch create mode 100644 cluster-resource-agents/centos/meta_patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch create mode 100644 cluster-resource-agents/centos/meta_patches/PATCH_ORDER create mode 100644 cluster-resource-agents/centos/meta_patches/ipaddr2-if-down.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-add-create-var-run-resource-agents.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-add-ipaddr2-ignore-lo-state.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-include-tis-logtag-patch.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-lvm-cleanup-refs-on-stop.patch create mode 100644 cluster-resource-agents/centos/meta_patches/spec-notify-rmon-of-shutdown-before-shutting-down.patch create mode 100644 cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch create mode 100644 cluster-resource-agents/centos/patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch create mode 100644 cluster-resource-agents/centos/patches/copyright.patch create mode 100644 cluster-resource-agents/centos/patches/create-var-run-resource-agents.patch create mode 100644 cluster-resource-agents/centos/patches/filesystem_rmon.patch create mode 100644 cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch create mode 100644 cluster-resource-agents/centos/patches/ipaddr2_if_down.patch create mode 100644 cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch create mode 100644 cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch create mode 100644 cluster-resource-agents/centos/patches/lvm_vg_activation.patch create mode 100644 cluster-resource-agents/centos/patches/new_ocf_return_codes.patch create mode 100644 cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch create mode 100644 cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch create mode 100644 cluster-resource-agents/centos/patches/pgsql.patch create mode 100644 cluster-resource-agents/centos/patches/umount-in-namespace.patch create mode 100644 cluster-resource-agents/centos/srpm_path create mode 100644 cluster-resource-agents/cluster-resource-agents/copyright.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/exportfs_accept_ipv6.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/filesystem_rmon.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/ipaddr2_add_if_type.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/ipaddr2_check_if_state.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/lvm_vg_activation.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/new_ocf_return_codes.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/ocf-shellfuncs_change_logtag.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/pgsql.patch create mode 100644 cluster-resource-agents/cluster-resource-agents/umount-in-namespace.patch create mode 100644 dpkg/.gitignore create mode 100644 dpkg/README create mode 100644 dpkg/centos/build_srpm.data create mode 100644 dpkg/centos/dpkg.spec create mode 100644 drbd-tools/centos/build_srpm.data create mode 100644 drbd-tools/centos/drbd.spec create mode 100644 drbd-tools/centos/files/drbd.service create mode 100644 drbd-tools/centos/patches/0001-skip_wait_con_int_on_simplex.patch create mode 100644 drbd-tools/centos/patches/0002-drbd-conditional-crm-dependency.patch create mode 100644 drbd-tools/centos/patches/0003-drbd_report_condition.patch create mode 100644 drbd-tools/centos/patches/0004-drbdadm-ipaddr-change.patch create mode 100644 drbd-tools/centos/patches/0005-drbd_reconnect_standby_standalone.patch create mode 100644 drbd-tools/centos/patches/0006-avoid-kernel-userspace-version-check.patch create mode 100644 drbd-tools/centos/patches/0007-Update-OCF-to-attempt-connect-in-certain-states.patch create mode 100644 drbd-tools/centos/patches/0008-Increase-short-cmd-timeout-to-15-secs.patch create mode 100644 drbd/PKG-INFO create mode 100644 drbd/centos/build_srpm.data create mode 100644 drbd/centos/drbd-kernel.spec create mode 100644 drbd/centos/files/filelist-redhat create mode 100644 drbd/centos/patches/0001-remove_bind_before_connect_error.patch create mode 100644 haproxy/PKG-INFO create mode 100644 haproxy/centos/build_srpm.data create mode 100644 haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 haproxy/centos/meta_patches/PATCH_ORDER create mode 100644 haproxy/centos/meta_patches/haproxy-service-file.patch create mode 100644 haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch create mode 100644 haproxy/centos/meta_patches/meta_add_support_for_tpm.patch create mode 100644 haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch create mode 100644 haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch create mode 100644 haproxy/centos/meta_patches/spec-include-TiS-config.patch create mode 100644 haproxy/centos/srpm_path create mode 100644 haproxy/haproxy/503.http create mode 100644 haproxy/haproxy/haproxy-env-var.patch create mode 100644 haproxy/haproxy/haproxy-tpm-support.patch create mode 100755 haproxy/haproxy/haproxy.cfg create mode 100755 haproxy/haproxy/haproxy.sh create mode 100644 integrity/PKG-INFO create mode 100644 integrity/centos/build_srpm.data create mode 100644 integrity/centos/files/COPYING create mode 100644 integrity/centos/files/README create mode 100644 integrity/centos/files/ima.conf create mode 100644 integrity/centos/files/ima.policy create mode 100644 integrity/centos/files/integrity.conf create mode 100644 integrity/centos/files/modules-load.conf create mode 100644 integrity/centos/integrity-kmod.spec create mode 100644 integrity/patches/0001-integrity-kcompat-support.patch create mode 100644 integrity/patches/0002-integrity-expose-module-params.patch create mode 100644 integrity/patches/0003-integrity-restrict-by-iversion.patch create mode 100644 integrity/patches/0004-integrity-disable-set-xattr-on-imasig.patch create mode 100644 integrity/patches/Changes-for-CentOS-7.4-support.patch create mode 100644 integrity/patches/integrity-kmod.spec.patchlist create mode 100644 intel-e1000e/centos/build_srpm.data create mode 100644 intel-e1000e/centos/e1000e-kmod.spec create mode 100644 intel-e1000e/centos/files/GPL-v2.0.txt create mode 100644 intel-e1000e/files/modules-load.conf create mode 100644 intel-i40e/PKG-INFO create mode 100644 intel-i40e/centos/build_srpm.data create mode 100644 intel-i40e/centos/files/GPL-v2.0.txt create mode 100644 intel-i40e/centos/i40e-kmod.spec create mode 100644 intel-i40e/files/0001-i40e-Enable-getting-link-status-from-VF.patch create mode 100644 intel-i40e/files/modules-load.conf create mode 100644 intel-i40evf/PKG-INFO create mode 100644 intel-i40evf/centos/build_srpm.data create mode 100644 intel-i40evf/centos/files/GPL-v2.0.txt create mode 100644 intel-i40evf/centos/i40evf-kmod.spec create mode 100644 intel-i40evf/files/modules-load.conf create mode 100644 intel-ixgbe/centos/build_srpm.data create mode 100644 intel-ixgbe/centos/files/GPL-v2.0.txt create mode 100644 intel-ixgbe/centos/ixgbe-kmod.spec create mode 100644 intel-ixgbe/files/modules-load.conf create mode 100644 intel-ixgbevf/centos/build_srpm.data create mode 100644 intel-ixgbevf/centos/files/GPL-v2.0.txt create mode 100644 intel-ixgbevf/centos/ixgbevf-kmod.spec create mode 100644 intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch create mode 100644 intel-ixgbevf/files/modules-load.conf create mode 100644 iptables/PKG-INFO create mode 100644 iptables/centos/build_srpm.data create mode 100644 iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 iptables/centos/meta_patches/0002-default-service-enabled.patch create mode 100644 iptables/centos/meta_patches/PATCH_ORDER create mode 100644 iptables/centos/meta_patches/spec-include-custom-rules.patch create mode 100644 iptables/centos/srpm_path create mode 100644 iptables/iptables/ip6tables.rules create mode 100644 iptables/iptables/iptables.rules create mode 100644 iscsi-initiator-utils/PKG-INFO create mode 100644 iscsi-initiator-utils/centos/build_srpm.data create mode 100644 iscsi-initiator-utils/centos/meta_patches/0001-spec-include-TiS-changes.patch create mode 100644 iscsi-initiator-utils/centos/meta_patches/0002-Update-package-versioning-for-TIS-format.patch create mode 100644 iscsi-initiator-utils/centos/meta_patches/0003-Add-iscsi-shutdown.service-patch.patch create mode 100644 iscsi-initiator-utils/centos/meta_patches/PATCH_ORDER create mode 100644 iscsi-initiator-utils/centos/patches/0001-increase-default-error-timeouts-for-iSCSI-initiator.patch create mode 100644 iscsi-initiator-utils/centos/patches/0002-Add-dependency-against-network.service-to-iscsi-shut.patch create mode 100644 iscsi-initiator-utils/centos/srpm_path create mode 100644 iscsi-initiator-utils/files/iscsi-cache.volatiles create mode 100644 ldapscripts/PKG-INFO create mode 100644 ldapscripts/centos/build_srpm.data create mode 100644 ldapscripts/centos/ldapscripts.spec create mode 100644 ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch create mode 100644 ldapscripts/files/ldap-user-setup-support-input-validation.patch create mode 100644 ldapscripts/files/ldap-user-setup-support.patch create mode 100755 ldapscripts/files/ldapaddgroup.template.cgcs create mode 100755 ldapscripts/files/ldapaddsudo.template.cgcs create mode 100755 ldapscripts/files/ldapadduser.template.cgcs create mode 100755 ldapscripts/files/ldapmodsudo.template.cgcs create mode 100755 ldapscripts/files/ldapmoduser.template.cgcs create mode 100755 ldapscripts/files/ldapscripts.conf.cgcs create mode 100644 ldapscripts/files/ldapscripts.passwd create mode 100644 ldapscripts/files/log_timestamp.patch create mode 100644 ldapscripts/files/sudo-delete-support.patch create mode 100644 ldapscripts/files/sudo-support.patch create mode 100644 libfdt/.gitignore create mode 100644 libfdt/PKG-INFO create mode 100644 libfdt/README create mode 100644 libfdt/centos/build_srpm.data create mode 100644 libfdt/centos/libfdt.spec create mode 100644 mariadb/centos/README create mode 100644 mariadb/centos/build_srpm.data create mode 100644 mariadb/centos/files/LICENSE.clustercheck create mode 100644 mariadb/centos/files/README.mysql-cnf create mode 100644 mariadb/centos/files/README.mysql-docs create mode 100644 mariadb/centos/files/README.mysql-license create mode 100644 mariadb/centos/files/clustercheck.sh create mode 100644 mariadb/centos/files/mariadb-admincrash.patch create mode 100644 mariadb/centos/files/mariadb-basedir.patch create mode 100644 mariadb/centos/files/mariadb-errno.patch create mode 100644 mariadb/centos/files/mariadb-example-config-files.patch create mode 100644 mariadb/centos/files/mariadb-file-contents.patch create mode 100644 mariadb/centos/files/mariadb-galera.cnf.patch create mode 100644 mariadb/centos/files/mariadb-install-db-sharedir.patch create mode 100644 mariadb/centos/files/mariadb-install-test.patch create mode 100644 mariadb/centos/files/mariadb-logrotate.patch create mode 100644 mariadb/centos/files/mariadb-notestdb.patch create mode 100644 mariadb/centos/files/mariadb-ownsetup.patch create mode 100644 mariadb/centos/files/mariadb-revert-stdouterr-closing.patch create mode 100644 mariadb/centos/files/mariadb-scripts.patch create mode 100644 mariadb/centos/files/mariadb-server-galera.te create mode 100644 mariadb/centos/files/mariadb-ssl-cypher.patch create mode 100644 mariadb/centos/files/mariadb-strmov.patch create mode 100644 mariadb/centos/files/my.cnf.in create mode 100644 mariadb/centos/files/mysql-check-socket.sh create mode 100644 mariadb/centos/files/mysql-check-upgrade.sh create mode 100644 mariadb/centos/files/mysql-embedded-check.c create mode 100644 mariadb/centos/files/mysql-prepare-db-dir.sh create mode 100644 mariadb/centos/files/mysql-scripts-common.sh create mode 100644 mariadb/centos/files/mysql-wait-ready.sh create mode 100644 mariadb/centos/files/mysql-wait-stop.sh create mode 100644 mariadb/centos/files/mysql.init.in create mode 100644 mariadb/centos/files/mysql.service.in create mode 100644 mariadb/centos/files/mysql.tmpfiles.d.in create mode 100644 mariadb/centos/files/mysql@.service.in create mode 100644 mariadb/centos/files/mysql_config_multilib.sh create mode 100644 mariadb/centos/files/rh-skipped-tests-arm.list create mode 100644 mariadb/centos/files/rh-skipped-tests-base.list create mode 100644 mariadb/centos/files/rh-skipped-tests-ppc-s390.list create mode 100644 mariadb/centos/mariadb.spec create mode 100644 mariadb/centos/mariadb.spec.unmodified create mode 100644 mwa-gplv2.map create mode 100644 net-tools/centos/build_srpm.data create mode 100644 net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 net-tools/centos/meta_patches/PATCH_ORDER create mode 100644 net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch create mode 100644 net-tools/centos/srpm_path create mode 100644 net-tools/files/net-tools-hostname-ipv6-shortname.patch create mode 100644 net-tools/files/net-tools-ifconfig-no-ifstate-on-flush.patch create mode 100644 netpbm/centos/build_srpm.data create mode 100644 netpbm/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch create mode 100644 netpbm/centos/meta_patches/0001-remove-ghostscript.patch create mode 100644 netpbm/centos/meta_patches/PATCH_ORDER create mode 100644 netpbm/centos/patches/remove-pstopnm.patch create mode 100644 netpbm/centos/srpm_path create mode 100644 qat17/PKG-INFO create mode 100644 qat17/centos/build_srpm.data create mode 100644 qat17/centos/qat17.spec create mode 100644 qat17/files/0001-Install-config-file-for-each-VF.patch create mode 100644 qat17/files/Get-and-report-the-return-code-on-firmware-load-fail.patch create mode 100644 qat17/files/qat create mode 100755 qat17/files/qat_service create mode 100644 rpm/centos/build_srpm.data create mode 100644 rpm/centos/rpm.spec create mode 100644 rpm/patches/0001-sign-files-only.patch create mode 100644 tpmdd/PKG-INFO create mode 100644 tpmdd/centos/build_srpm.data create mode 100644 tpmdd/centos/files/COPYING create mode 100644 tpmdd/centos/files/README create mode 100644 tpmdd/centos/files/modules-load.conf create mode 100644 tpmdd/centos/tpm-kmod.spec create mode 100644 tpmdd/patches/0001-disable-arm64-acpi-command.patch create mode 100644 tpmdd/patches/0002-tpmdd-kcompat-support.patch create mode 100644 tpmdd/patches/UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch create mode 100644 tpmdd/patches/UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch create mode 100644 tpmdd/patches/UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch create mode 100644 tpmdd/patches/UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch create mode 100644 tpmdd/patches/UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch create mode 100644 tpmdd/patches/tpm-kmod.spec.patchlist diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..2f6f546 --- /dev/null +++ b/README.rst @@ -0,0 +1,5 @@ +========= +stx-gplv2 +========= + +StarlingX GPL v2 Licensed Packages diff --git a/bash/centos/build_srpm.data b/bash/centos/build_srpm.data new file mode 100644 index 0000000..641edbb --- /dev/null +++ b/bash/centos/build_srpm.data @@ -0,0 +1,3 @@ +COPY_LIST="files/*" +TIS_PATCH_VER=3 +BUILD_IS_SLOW=3 diff --git a/bash/centos/meta_patches/0001-Further-parallelize-bash-build.patch b/bash/centos/meta_patches/0001-Further-parallelize-bash-build.patch new file mode 100644 index 0000000..e12fd26 --- /dev/null +++ b/bash/centos/meta_patches/0001-Further-parallelize-bash-build.patch @@ -0,0 +1,25 @@ +From dbe4403d95cb18d9857bc53420d293e5be1f3fd6 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:05:36 -0400 +Subject: [PATCH 3/3] WRS: 0001-Further-parallelize-bash-build.patch + +--- + SPECS/bash.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/bash.spec b/SPECS/bash.spec +index 115d540..5e688c1 100644 +--- a/SPECS/bash.spec ++++ b/SPECS/bash.spec +@@ -341,7 +341,7 @@ autoconf + # Recycles pids is neccessary. When bash's last fork's pid was X + # and new fork's pid is also X, bash has to wait for this same pid. + # Without Recycles pids bash will not wait. +-make "CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS -DDEFAULT_PATH_VALUE='\"/usr/local/bin:/usr/bin\"' `getconf LFS_CFLAGS`" ++make -j"%(nprocs)" "CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS -DDEFAULT_PATH_VALUE='\"/usr/local/bin:/usr/bin\"' `getconf LFS_CFLAGS`" + + %install + rm -rf $RPM_BUILD_ROOT +-- +1.9.1 + diff --git a/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..cab1a4f --- /dev/null +++ b/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From e1f17182a8d105770a2805c9950b776b4437f7ff Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:05:36 -0400 +Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/bash.spec +--- + SPECS/bash.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/bash.spec b/SPECS/bash.spec +index 5f14bad..115d540 100644 +--- a/SPECS/bash.spec ++++ b/SPECS/bash.spec +@@ -6,7 +6,7 @@ + Version: %{baseversion}%{patchleveltag} + Name: bash + Summary: The GNU Bourne Again shell +-Release: 29%{?dist} ++Release: 29.el7_4%{?_tis_dist}.%{tis_patch_ver} + Group: System Environment/Shells + License: GPLv3+ + Url: http://www.gnu.org/software/bash +-- +1.9.1 + diff --git a/bash/centos/meta_patches/PATCH_ORDER b/bash/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..8ca1e48 --- /dev/null +++ b/bash/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,3 @@ +spec-TiS-bash-history.patch +0001-Update-package-versioning-for-TIS-format.patch +0001-Further-parallelize-bash-build.patch diff --git a/bash/centos/meta_patches/spec-TiS-bash-history.patch b/bash/centos/meta_patches/spec-TiS-bash-history.patch new file mode 100644 index 0000000..a0bfe75 --- /dev/null +++ b/bash/centos/meta_patches/spec-TiS-bash-history.patch @@ -0,0 +1,40 @@ +From e8d5b56c303237d0a0ab00ea5f4fbdea3208caa5 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:05:36 -0400 +Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch + +Conflicts: + SPECS/bash.spec +--- + SPECS/bash.spec | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/SPECS/bash.spec b/SPECS/bash.spec +index 9a6d496..5f14bad 100644 +--- a/SPECS/bash.spec ++++ b/SPECS/bash.spec +@@ -192,6 +192,10 @@ Patch151: bash-cve-2016-9401.patch + #1473245 + Patch152: bash-4.3-pipefd-leak.patch + ++# Patches from WindRiver ++Patch500: bash-history-syslog.patch ++Patch501: bash-history-exit-child-on-parent-death.patch ++ + BuildRequires: texinfo bison + BuildRequires: ncurses-devel + BuildRequires: autoconf, gettext +@@ -323,6 +327,10 @@ This package contains documentation files for %{name}. + %patch151 -p1 -b .cve-2016-9401 + %patch152 -p1 -b .pipefd-leak + ++# WindRiver patches ++%patch500 -p1 -b .history-syslog ++%patch501 -p1 -b .history-exit-child-on-parent-death ++ + echo %{version} > _distribution + echo %{release} > _patchlevel + +-- +1.9.1 + diff --git a/bash/centos/srpm_path b/bash/centos/srpm_path new file mode 100644 index 0000000..ecb7155 --- /dev/null +++ b/bash/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/bash-4.2.46-29.el7_4.src.rpm diff --git a/bash/files/bash-history-exit-child-on-parent-death.patch b/bash/files/bash-history-exit-child-on-parent-death.patch new file mode 100644 index 0000000..1ed2d8b --- /dev/null +++ b/bash/files/bash-history-exit-child-on-parent-death.patch @@ -0,0 +1,105 @@ +From e3e273f70ea4f8b33f89478020a421bdc203666e Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Fri, 26 Aug 2016 16:04:48 -0400 +Subject: [PATCH 2/2] WRS: Patch501: + bash-history-exit-child-on-parent-death.patch + +--- + shell.c | 16 +- + sig.c | 13 + + sig.h | 2 + + 3 files changed, 30 insertions(+), 1 deletion(-) + + +diff --git a/shell.c b/shell.c +index 7eca4e3..dcba61a 100644 +--- a/shell.c ++++ b/shell.c +@@ -75,6 +75,7 @@ + #if defined (SYSLOG_HISTORY) + # include + # include ++# include + # include "error.h" + #endif + +@@ -338,6 +339,7 @@ static void shell_reinitialize __P((void)); + static void show_shell_usage __P((FILE *, int)); + + #if defined (SYSLOG_HISTORY) ++int logger_terminated = 0; + static pid_t make_consumer_process __P(()); + #endif + +@@ -1687,6 +1689,16 @@ make_consumer_process () + + default_tty_job_signals (); + ++ /* handle parent process deaths */ ++ set_signal_handler(SIGTERM, sigterm_logger_sighandler); ++ prctl(PR_SET_PDEATHSIG, SIGTERM); ++ ++ if (getppid() == 1) ++ { ++ /* parent has already died */ ++ exit (0); ++ } ++ + close(cmdline_hist_sock[0]); + + ret = getsockopt(cmdline_hist_sock[1], SOL_SOCKET, SO_RCVBUF, &rcvbuf_size, &optlen); +@@ -1718,7 +1730,9 @@ make_consumer_process () + /*syslog this bash command line*/ + syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", + getpid(), current_user.uid, buffer); +- } while (1); ++ } while (!logger_terminated); ++ ++ exit(0); + + } + else +diff --git a/sig.c b/sig.c +index d38246d..5ad0c2d 100644 +--- a/sig.c ++++ b/sig.c +@@ -561,6 +561,19 @@ termsig_handler (sig) + kill (getpid (), sig); + } + ++sighandler ++sigterm_logger_sighandler (sig) ++ int sig; ++{ ++#if defined (MUST_REINSTALL_SIGHANDLERS) ++ signal (sig, sigterm_logger_sighandler); ++#endif ++ ++ logger_terminated = 1; ++ ++ SIGRETURN (0); ++} ++ + /* What we really do when SIGINT occurs. */ + sighandler + sigint_sighandler (sig) +diff --git a/sig.h b/sig.h +index 540aa3e..8f47c56 100644 +--- a/sig.h ++++ b/sig.h +@@ -115,11 +115,13 @@ extern volatile int sigwinch_received; + + extern int interrupt_immediately; + extern int terminate_immediately; ++extern int logger_terminated; + + /* Functions from sig.c. */ + extern sighandler termsig_sighandler __P((int)); + extern void termsig_handler __P((int)); + extern sighandler sigint_sighandler __P((int)); ++extern sighandler sigterm_logger_sighandler __P((int)); + extern void initialize_signals __P((int)); + extern void initialize_terminating_signals __P((void)); + extern void reset_terminating_signals __P((void)); +-- +1.9.1 \ No newline at end of file diff --git a/bash/files/bash-history-syslog.patch b/bash/files/bash-history-syslog.patch new file mode 100644 index 0000000..475ff61 --- /dev/null +++ b/bash/files/bash-history-syslog.patch @@ -0,0 +1,335 @@ +From 33e9b03f81e871594b1f8ab1740c09cd5593c27c Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Fri, 26 Aug 2016 16:04:44 -0400 +Subject: [PATCH 1/2] WRS: Patch500: bash-history-syslog.patch + +--- + bashhist.c | 78 +- + config-top.h | 2 +- + shell.c | 111 +++ + 3 files changed, 173 insertions(+), 18 deletions(-) + +diff --git a/bashhist.c b/bashhist.c +index 7240a5b..5116f8d 100644 +--- a/bashhist.c ++++ b/bashhist.c +@@ -38,10 +38,6 @@ + + #include "bashintl.h" + +-#if defined (SYSLOG_HISTORY) +-# include +-#endif +- + #include "shell.h" + #include "flags.h" + #include "input.h" +@@ -54,6 +50,10 @@ + #include + #include + ++#if defined (SYSLOG_HISTORY) ++#include ++#endif ++ + #if defined (READLINE) + # include "bashline.h" + extern int rl_done, rl_dispatching; /* should really include readline.h */ +@@ -68,6 +68,12 @@ static int check_history_control __P((char *)); + static void hc_erasedups __P((char *)); + static void really_add_history __P((char *)); + ++ ++#if defined (SYSLOG_HISTORY) ++static void send_cmdline_mq __P((const char *)); ++int cmdline_hist_sock[2]; ++#endif ++ + static struct ignorevar histignore = + { + "HISTIGNORE", +@@ -700,22 +706,11 @@ check_add_history (line, force) + } + + #if defined (SYSLOG_HISTORY) +-#define SYSLOG_MAXLEN 600 +- + void + bash_syslog_history (line) + const char *line; + { +- char trunc[SYSLOG_MAXLEN]; +- +- if (strlen(line) < SYSLOG_MAXLEN) +- syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", getpid(), current_user.uid, line); +- else +- { +- strncpy (trunc, line, SYSLOG_MAXLEN); +- trunc[SYSLOG_MAXLEN - 1] = '\0'; +- syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY (TRUNCATED): PID=%d UID=%d %s", getpid(), current_user.uid, trunc); +- } ++ send_cmdline_mq (line); + } + #endif + +@@ -769,6 +764,10 @@ bash_add_history (line) + sprintf (new_line, "%s%s%s", current->line, chars_to_add, line); + offset = where_history (); + old = replace_history_entry (offset, new_line, current->data); ++ ++#if defined (SYSLOG_HISTORY) ++ bash_syslog_history (new_line); ++#endif + free (new_line); + + if (old) +@@ -779,11 +778,13 @@ bash_add_history (line) + } + + if (add_it) ++ { + really_add_history (line); + + #if defined (SYSLOG_HISTORY) +- bash_syslog_history (line); ++ bash_syslog_history (line); + #endif ++ } + + using_history (); + } +@@ -906,4 +907,47 @@ history_should_ignore (line) + + return match; + } ++ ++#if defined (SYSLOG_HISTORY) ++ ++#define MQ_SEND_MAX_ATTEMPT 2 ++ ++static void ++send_cmdline_mq (line) ++ const char *line; ++{ ++ int ret = 0; ++ int attempt = 0; ++ int fail = 0; ++ size_t len_snd; ++ int sndbuf_size; ++ ++ do { ++ if (attempt >= MQ_SEND_MAX_ATTEMPT) ++ { ++ fail = 1; ++ break; ++ } ++ ++ len_snd = strlen(line)+1; ++ ret = send (cmdline_hist_sock[0], line, len_snd, MSG_DONTWAIT); ++ if (ret == EMSGSIZE) ++ { ++ socklen_t optlen = sizeof(sndbuf_size); ++ ret = getsockopt(cmdline_hist_sock[0], SOL_SOCKET, SO_SNDBUF, ++ &sndbuf_size, &optlen); ++ if (ret == 0) { ++ len_snd = sndbuf_size - 1; ++ continue; ++ } ++ } ++ ++ attempt ++; ++ } while (ret < 0 && (errno == EAGAIN || errno == EINTR)); ++ ++ return; ++} ++ ++#endif /*SYSLOG_HISTORY*/ ++ + #endif /* HISTORY */ +diff --git a/config-top.h b/config-top.h +index 01e934e..c22c883 100644 +--- a/config-top.h ++++ b/config-top.h +@@ -103,7 +103,7 @@ + + /* Define if you want each line saved to the history list in bashhist.c: + bash_add_history() to be sent to syslog(). */ +-/* #define SYSLOG_HISTORY */ ++#define SYSLOG_HISTORY + #if defined (SYSLOG_HISTORY) + # define SYSLOG_FACILITY LOG_USER + # define SYSLOG_LEVEL LOG_INFO +diff --git a/shell.c b/shell.c +index 6f9afcd..7eca4e3 100644 +--- a/shell.c ++++ b/shell.c +@@ -72,6 +72,12 @@ + # include + #endif + ++#if defined (SYSLOG_HISTORY) ++# include ++# include ++# include "error.h" ++#endif ++ + #if defined (READLINE) + # include "bashline.h" + #endif +@@ -106,6 +112,9 @@ extern int array_needs_making; + extern int gnu_error_format; + extern char *primary_prompt, *secondary_prompt; + extern char *this_command_name; ++#if defined (SYSLOG_HISTORY) ++extern int cmdline_hist_sock[2]; ++#endif + + /* Non-zero means that this shell has already been run; i.e. you should + call shell_reinitialize () if you need to start afresh. */ +@@ -223,6 +232,7 @@ int dump_po_strings; /* Dump strings in $"..." in po format */ + int wordexp_only = 0; /* Do word expansion only */ + int protected_mode = 0; /* No command substitution with --wordexp */ + ++ + #if defined (STRICT_POSIX) + int posixly_correct = 1; /* Non-zero means posix.2 superset. */ + #else +@@ -327,6 +337,10 @@ static void shell_reinitialize __P((void)); + + static void show_shell_usage __P((FILE *, int)); + ++#if defined (SYSLOG_HISTORY) ++static pid_t make_consumer_process __P(()); ++#endif ++ + #ifdef __CYGWIN__ + static void + _cygwin32_check_tmp () +@@ -369,6 +383,11 @@ main (argc, argv, env) + env = environ; + #endif /* __OPENNT */ + ++ ++#if defined (SYSLOG_HISTORY) ++ pid_t con_pid; ++#endif ++ + USE_VAR(argc); + USE_VAR(argv); + USE_VAR(env); +@@ -747,6 +766,11 @@ main (argc, argv, env) + /* Initialize terminal state for interactive shells after the + .bash_profile and .bashrc are interpreted. */ + get_tty_state (); ++ ++#if defined (SYSLOG_HISTORY) ++ /*fork a child for bash history logging consumption*/ ++ con_pid = make_consumer_process (); ++#endif + } + + #if !defined (ONESHOT) +@@ -757,6 +781,13 @@ main (argc, argv, env) + + /* Read commands until exit condition. */ + reader_loop (); ++ ++#if defined (SYSLOG_HISTORY) ++ if (interactive_shell && con_pid > 0) { ++ kill(con_pid, SIGKILL); ++ } ++#endif ++ + exit_shell (last_command_exit_value); + } + +@@ -1619,6 +1650,86 @@ set_shell_name (argv0) + shell_name = PROGRAM; + } + ++ ++#if defined (SYSLOG_HISTORY) ++#define SYSLOG_MAXLEN 1200 ++ ++/* Fork child process for bash history logging, handling errors. ++ Returns the pid of the newly made child in parent process context ++ and will not return in child process context. */ ++static pid_t ++make_consumer_process () ++{ ++ pid_t pid; ++ ++ if (socketpair(AF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0, cmdline_hist_sock) == -1) ++ { ++ return -1; ++ } ++ ++ ++ pid = fork (); ++ if (pid < 0) ++ { ++ return -1; ++ } ++ ++ if (pid == 0) ++ { ++ int ret; ++ char *buffer; ++ int rcvbuf_size; ++ socklen_t optlen = sizeof(rcvbuf_size); ++ ++#if defined (BUFFERED_INPUT) ++ unset_bash_input (0); ++#endif /* BUFFERED_INPUT */ ++ ++ default_tty_job_signals (); ++ ++ close(cmdline_hist_sock[0]); ++ ++ ret = getsockopt(cmdline_hist_sock[1], SOL_SOCKET, SO_RCVBUF, &rcvbuf_size, &optlen); ++ if (ret < 0) ++ { ++ rcvbuf_size = SYSLOG_MAXLEN; ++ } ++ ++ buffer = (char *) malloc(rcvbuf_size); ++ if (buffer == NULL) ++ { ++ return -1; ++ } ++ ++ do { ++ ret = recv(cmdline_hist_sock[1], buffer, rcvbuf_size, 0); ++ ++ if (ret == -1 && errno == EINTR) ++ { ++ continue; ++ } ++ else if (ret < 0) ++ { ++ break; ++ } ++ ++ buffer[ret] = '\0'; ++ ++ /*syslog this bash command line*/ ++ syslog (SYSLOG_FACILITY|SYSLOG_LEVEL, "HISTORY: PID=%d UID=%d %s", ++ getpid(), current_user.uid, buffer); ++ } while (1); ++ ++ } ++ else ++ { ++ /* In the parent. */ ++ close(cmdline_hist_sock[1]); ++ } ++ return (pid); ++} ++#endif /*SYSLOG_HISTORY*/ ++ + static void + init_interactive () + { +-- +1.9.1 + diff --git a/cgcs-users/centos/build_srpm.data b/cgcs-users/centos/build_srpm.data new file mode 100644 index 0000000..10d7f66 --- /dev/null +++ b/cgcs-users/centos/build_srpm.data @@ -0,0 +1,5 @@ +TAR_NAME=cgcs-users +VERSION=1.0 +COPY_LIST="${CGCS_BASE}/downloads/ibsh-0.3e.tar.gz \ + ${PKG_BASE}/${TAR_NAME}-${VERSION}/*" +TIS_PATCH_VER=2 diff --git a/cgcs-users/centos/cgcs-users.spec b/cgcs-users/centos/cgcs-users.spec new file mode 100644 index 0000000..e7df3f6 --- /dev/null +++ b/cgcs-users/centos/cgcs-users.spec @@ -0,0 +1,86 @@ +%define _bindir /bin + +Summary: ibsh Iron Bar Shell +Name: cgcs-users +Version: 1.0 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +License: GPLv2+ +Packager: Wind River +Source0: ibsh-0.3e.tar.gz +Source1: admin.cmds +Source2: admin.xtns +Source3: operator.cmds +Source4: operator.xtns +Source5: secadmin.cmds +Source6: secadmin.xtns +Source7: LICENSE +Patch1: ibsh-0.3e.patch +Patch2: ibsh-0.3e-cgcs.patch +Patch3: ibsh-0.3e-cgcs-copyright.patch + +%description +CGCS add default users types + +%package -n cgcs-users-devel +Summary: ibsh Iron Bar Shell - Development files +Group: devel + +%description -n cgcs-users-devel +This package contains symbolic links, header files, and related items +necessary for software development. + +%prep +%setup -q + +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +make %{?_smp_mflags} ibsh + +%install +rm -rf ${RPM_BUILD_ROOT} +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds +mkdir -p ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/xtns +cp globals.cmds ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/ +cp globals.xtns ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/ +cp ${RPM_SOURCE_DIR}/admin.cmds ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/ +cp ${RPM_SOURCE_DIR}/admin.xtns ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/xtns/ +cp ${RPM_SOURCE_DIR}/operator.cmds ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/ +cp ${RPM_SOURCE_DIR}/operator.xtns ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/xtns/ +cp ${RPM_SOURCE_DIR}/secadmin.cmds ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/ +cp ${RPM_SOURCE_DIR}/secadmin.xtns ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/xtns/ +install -d 755 ${RPM_BUILD_ROOT}%{_bindir} +install -m 755 ibsh ${RPM_BUILD_ROOT}%{_bindir}/ibsh + +%clean +rm -rf ${RPM_SOURCE_DIR} + +%post +chown root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh +chgrp root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh +chown root:root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/globals.* +chown root:root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/admin.cmds +chown root:root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/operator.cmds +chown root:root ${RPM_BUILD_ROOT}/%{_sysconfdir}/ibsh/cmds/secadmin.cmds + + +%files +%defattr(-,root,root,-) +%dir %{_sysconfdir}/ibsh +%dir %{_sysconfdir}/ibsh/cmds +%dir %{_sysconfdir}/ibsh/xtns +%{_sysconfdir}/ibsh/globals.cmds +%{_sysconfdir}/ibsh/globals.xtns +%{_sysconfdir}/ibsh/cmds/secadmin.cmds +%{_sysconfdir}/ibsh/cmds/operator.cmds +%{_sysconfdir}/ibsh/cmds/admin.cmds +%{_sysconfdir}/ibsh/xtns/operator.xtns +%{_sysconfdir}/ibsh/xtns/admin.xtns +%{_sysconfdir}/ibsh/xtns/secadmin.xtns +%{_bindir}/ibsh + +%files -n cgcs-users-devel +%defattr(-,root,root,-) + diff --git a/cgcs-users/cgcs-users-1.0/LICENSE b/cgcs-users/cgcs-users-1.0/LICENSE new file mode 100644 index 0000000..a6a2331 --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/LICENSE @@ -0,0 +1,346 @@ +GNU GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This + General Public License applies to most of the Free Software + Foundation's software and to any other program whose authors commit to + using it. (Some other Free Software Foundation software is covered by + the GNU Library General Public License instead.) You can apply it to + your programs, too. + + When we speak of free software, we are referring to freedom, not + price. Our General Public Licenses are designed to make sure that you + have the freedom to distribute copies of free software (and charge for + this service if you wish), that you receive source code or can get it + if you want it, that you can change the software or use pieces of it + in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid + anyone to deny you these rights or to ask you to surrender the rights. + These restrictions translate to certain responsibilities for you if you + distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether + gratis or for a fee, you must give the recipients all the rights that + you have. You must make sure that they, too, receive or can get the + source code. And you must show them these terms so they know their + rights. + + We protect your rights with two steps: (1) copyright the software, and + (2) offer you this license which gives you legal permission to copy, + distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain + that everyone understands that there is no warranty for this free + software. If the software is modified by someone else and passed on, we + want its recipients to know that what they have is not the original, so + that any problems introduced by others will not reflect on the original + authors' reputations. + + Finally, any free program is threatened constantly by software + patents. We wish to avoid the danger that redistributors of a free + program will individually obtain patent licenses, in effect making the + program proprietary. To prevent this, we have made it clear that any + patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and + modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains + a notice placed by the copyright holder saying it may be distributed + under the terms of this General Public License. The "Program", below, + refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: + that is to say, a work containing the Program or a portion of it, + either verbatim or with modifications and/or translated into another + language. (Hereinafter, translation is included without limitation in + the term "modification".) Each licensee is addressed as "you". + + Activities other than copying, distribution and modification are not + covered by this License; +they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). + Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an appropriate + copyright notice and disclaimer of warranty; keep intact all the + notices that refer to this License and to the absence of any warranty; + and give any other recipients of the Program a copy of this License + along with the Program. + + You may charge a fee for the physical act of transferring a copy, and + you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion + of it, thus forming a work based on the Program, and copy and + distribute such modifications or work under the terms of Section 1 + above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the Program, + and can be reasonably considered independent and separate works in + themselves, then this License, and its terms, do not apply to those + sections when you distribute them as separate works. But when you + distribute the same sections as part of a whole which is a work based + on the Program, the distribution of the whole must be on the terms of + this License, whose permissions for other licensees extend to the + entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest + your rights to work written entirely by you; rather, the intent is to + exercise the right to control the distribution of derivative or + collective works based on the Program. + + In addition, mere aggregation of another work not based on the Program + with the Program (or with a work based on the Program) on a volume of + a storage or distribution medium does not bring the other work under + the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, + under Section 2) in object code or executable form under the terms of + Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + + The source code for a work means the preferred form of the work for + making modifications to it. For an executable work, complete source + code means all the source code for all modules it contains, plus any + associated interface definition files, plus the scripts used to + control compilation and installation of the executable. However, as a + special exception, the source code distributed need not include + anything that is normally distributed (in either source or binary + form) with the major components (compiler, kernel, and so on) of the + operating system on which the executable runs, unless that component + itself accompanies the executable. + + If distribution of executable or object code is made by offering + access to copy from a designated place, then offering equivalent + access to copy the source code from the same place counts as + distribution of the source code, even though third parties are not + compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program + except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense or distribute the Program is + void, and will automatically terminate your rights under this License. + However, parties who have received copies, or rights, from you under + this License will not have their licenses terminated so long as such + parties remain in full compliance. + + 5. You are not required to accept this License, since you have not + signed it. However, nothing else grants you permission to modify or + distribute the Program or its derivative works. These actions are + prohibited by law if you do not accept this License. Therefore, by + modifying or distributing the Program (or any work based on the + Program), you indicate your acceptance of this License to do so, and + all its terms and conditions for copying, distributing or modifying + the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the + Program), the recipient automatically receives a license from the + original licensor to copy, distribute or modify the Program subject to + these terms and conditions. You may not impose any further + restrictions on the recipients' exercise of the rights granted herein. + You are not responsible for enforcing compliance by third parties to + this License. + + 7. If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot + distribute so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you + may not distribute the Program at all. For example, if a patent + license would not permit royalty-free redistribution of the Program by + all those who receive copies directly or indirectly through you, then + the only way you could satisfy both it and this License would be to + refrain entirely from distribution of the Program. + + If any portion of this section is held invalid or unenforceable under + any particular circumstance, the balance of the section is intended to + apply and the section as a whole is intended to apply in other + circumstances. + + It is not the purpose of this section to induce you to infringe any + patents or other property right claims or to contest validity of any + such claims; +this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; +it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions + of the General Public License from time to time. Such new versions will + be similar in spirit to the present version, but may differ in detail to + address new problems or concerns. + + Each version is given a distinguishing version number. If the Program + specifies a version number of this License which applies to it and "any + later version", you have the option of following the terms and conditions + either of that version or of any later version published by the Free + Software Foundation. If the Program does not specify a version number of + this License, you may choose any version ever published by the Free Software + Foundation. + + 10. If you wish to incorporate parts of the Program into other free + programs whose distribution conditions are different, write to the author + to ask for permission. For software which is copyrighted by the Free + Software Foundation, write to the Free Software Foundation; +we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED + TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest + possible use to the public, the best way to achieve this is to make it + free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest + to attach them to the start of each source file to most effectively + convey the exclusion of warranty; +and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + +Copyright (C) + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + +Gnomovision version 69, Copyright (C) year name of author +Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. +This is free software, and you are welcome to redistribute it +under certain conditions; +type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in the program +`Gnomovision' (which makes passes at compilers) written by James Hacker. + +, 1 April 1989 +Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/cgcs-users/cgcs-users-1.0/admin.cmds b/cgcs-users/cgcs-users-1.0/admin.cmds new file mode 100644 index 0000000..1f891ea --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/admin.cmds @@ -0,0 +1,11 @@ +# Add any commands the user may execute. Even shell commands. +# You have to allow logout and/or exit, so the user can logout! +# cd and pwd should also be allowed. Note: other shell builtin +# commands are not yet implemented! +nova +system +neutron +cinder +glance +ceilometer +heat diff --git a/cgcs-users/cgcs-users-1.0/admin.xtns b/cgcs-users/cgcs-users-1.0/admin.xtns new file mode 100644 index 0000000..5828add --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/admin.xtns @@ -0,0 +1,6 @@ +# Add any extension the user may use. +.doc +.txt +.tgz +.tar + diff --git a/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs-copyright.patch b/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs-copyright.patch new file mode 100644 index 0000000..1becb73 --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs-copyright.patch @@ -0,0 +1,26 @@ +diff --git a/config.c b/config.c +index c1087a5..add7c53 100644 +--- a/config.c ++++ b/config.c +@@ -6,6 +6,8 @@ + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + ++ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. ++ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 +diff --git a/main.c b/main.c +index cf3ae9e..6cda04e 100644 +--- a/main.c ++++ b/main.c +@@ -6,6 +6,8 @@ + This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell + Copyright (C) 2005 Attila Nagyidai + ++ Copyright(c) 2013-2017 Wind River Systems, Inc. All rights reserved. ++ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 diff --git a/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs.patch b/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs.patch new file mode 100644 index 0000000..3296ccc --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/ibsh-0.3e-cgcs.patch @@ -0,0 +1,87 @@ +Index: cgcs-users-1.0-r0/main.c +=================================================================== +--- cgcs-users-1.0-r0.orig/main.c ++++ cgcs-users-1.0-r0/main.c +@@ -37,6 +37,7 @@ + + /* Header files */ + #include "ibsh.h" ++#include "stdlib.h" + + /* Main: */ + /* Handle arguments, read config files, start command processing. */ +@@ -57,13 +58,28 @@ + /* use our builtin code, otherwise use execve. After execve, check if the user didnt */ + /* use the last command to create some illegal content. If yes, erase that. Give the */ + /* notice only afterwards. */ ++ ++void ALRMhandler(int sig) { ++ OPENLOG; ++ syslog(LOG_INFO, "CLI timeout, user %s has logged out.", loggedin.uname); ++ CLOSELOG; ++ exit(0); ++} ++ + int main(int argc, char **argv) + { + char temp[STRING_SIZE], *buf; + struct stat info; + uid_t ruid, euid; + gid_t rgid, egid; ++ unsigned int tout_cli = 0; + ++ const char* tout = getenv("TMOUT"); ++ if (tout) ++ tout_cli = atoi(tout); ++ else ++ //default to 5 mins ++ tout_cli = 300; + + /* setuid protection */ + ruid = getuid(); +@@ -107,6 +123,7 @@ int main(int argc, char **argv) + signal( SIGQUIT, SIG_IGN ); + signal( SIGTERM, SIG_IGN ); + signal( SIGTSTP, SIG_IGN ); ++ signal( SIGALRM, ALRMhandler ); + LoadConfig(); + + /* Command mode */ +@@ -144,6 +161,7 @@ int main(int argc, char **argv) + /* will be allowed to run, unless it is mentioned in the */ + /* config files. Files that are created with an extension */ + /* that is listed in the other config file, must be deleted! */ ++ alarm(tout_cli); + for ( ; ; ) { + /* Where is he ? */ + getcwd(real_path, STRING_SIZE); +@@ -153,12 +171,14 @@ int main(int argc, char **argv) + } + /* We don't want the user to know where he actually is. */ + /* This is the prompt! */ +- printf("[%s]%% ", jail_path); ++ //printf("[%s]%% ", jail_path); ++ printf("[%s]%% ", loggedin.uname); + /* scanf("%s", user_command); */ + myscanf(user_command, real_path); ++ alarm(tout_cli); + /* Command interpretation and execution. */ + if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) { +- printf("Sorry, can't let you do that!\n"); ++ //printf("Sorry, can't let you do that!\n"); + log_attempt(loggedin.uname); /* v0.2a */ + continue; + } +Index: cgcs-users-1.0-r0/config.c +=================================================================== +--- cgcs-users-1.0-r0.orig/config.c ++++ cgcs-users-1.0-r0/config.c +@@ -166,7 +166,7 @@ int LoadConfig( void ) + // Delete '\n' + tmp2[i][strlen(tmp2[i]) - 1] = '\0'; + strncpy(extensions[i],tmp2[i],strlen(tmp2[i])); +- printf("EXTENSIONS %s\n",extensions[i]); ++ //printf("EXTENSIONS %s\n",extensions[i]); + i++; + } + } diff --git a/cgcs-users/cgcs-users-1.0/ibsh-0.3e.patch b/cgcs-users/cgcs-users-1.0/ibsh-0.3e.patch new file mode 100644 index 0000000..23fe072 --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/ibsh-0.3e.patch @@ -0,0 +1,860 @@ +Index: cgcs-users-1.0-r0/AUTHORS.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/AUTHORS.orig +@@ -0,0 +1,15 @@ ++AUTHORS OF PROJECT IBSH ++ ++Attila Nagyidai ++ * Original program author, project admin, developer. ++ ++Shy ++ * Developer, debugger, tester, and many more. ++ ++Witzy ++ * Developer, debugger, tester, and many more. ++ ++http://www.ibsh.net ++irc: ++irc.freenode.net #ibsh ++irc.geek-power.org #ibsh +Index: cgcs-users-1.0-r0/BUGS.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/BUGS.orig +@@ -0,0 +1,19 @@ ++** Open BUGS ** ++None, so far. ++ ++** Fixed BUGS ** ++- Input length checking on all inputs, string copies, etc. is fixed. ++- The myscanf function will no longer accept more then 80 chars at once, ++so ibsh hopefully wont crash on a too long input. ++- Added signal.h in the header file, the lack of it caused compilation ++problems on some systems. ++- Fixed the infinite loop in DelBadFiles. This function is temporarily ++taken out of the project ++- Removed the involvment of /bin/sh from system. Added path checking. ++- In jail root, not only ../ is not allowed, but .. too. ++- Fixed a bug, that happened on bsd, when the user pressed ^D. ++- Fixed a bug with opendir ++- Fixed a format string vulnerability in logprintbadfile(). Thanks to ++Kim Streich for the report. ++ ++2005.05.23 +Index: cgcs-users-1.0-r0/ChangeLog.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/ChangeLog.orig +@@ -0,0 +1,34 @@ ++0.3e - a buffer overflow and a string bug, both found by RazoR (Nikolay Alexandrov), fixed. ++0.3d - a format string vulnerability, found by Kim Streich, is fixed. ++0.3b-0.3c - bugfixes. ++0.3a - The admin has the opportunity, to create separate cmds file for each user. ++ This way the sysadmin has complete control over sensitive applications, which ++ should only be allowed to a selected few. ++ - The admin has the opportunity, to create separate xtns file for each user. ++ - The extensions policy has been changed. Now both globals.xtns and the user ++ extension files will list the extensions, that are _allowed_ ! In earlier versions, ++ the forbidden extensions were listed, that is allow everything, except to deny a few. ++ From this version on, it's deny everything, except allow the ones, listed in these files. ++ - While the code for the search of illegal/dangerous material stored in user space is ++ back, it will not erase any files any more. Instead, it will remove all ++ rights from that file, so it can not be executed, or read. Files, with the +x bit set, ++ will be chmodded to -x. This is another "defense line" to stop the user to execute ++ programs, stored in user space. ++ - The access to all linux binaries, and source code files, stored in user space, if any, ++ will be blocked. ++ - Absolute path for restricted users can not be longer then 255 characters. All files, ++ that are longer (with full path), will be renamed. ++ - Minor bug fixes. ++ ++0.2a - Major bug fixes. ++ - User activities are logged with syslog. ++ - hhsytem revised, hardened. /bin/sh isnt involved anymore into program starting. ++ If the home directory is in the PATH, it's ignored. ++ - erasing illegal content is temporarily suspended and removed. ++ ++0.1b - Major bug fixes. ++ - The config files are accidentally missing from this release! ++ ++0.1a - The first version of the program. ++ ++2005.05.23. +Index: cgcs-users-1.0-r0/CONTRIBUTORS.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/CONTRIBUTORS.orig +@@ -0,0 +1,7 @@ ++CONTRIBUTORS TO PROJECT IBSH ++ ++Kim Streich ++ * bug finder, debugger, tester. ++ ++RazoR (Nikolay Alexandrov) ++ * bug finder, debugger, tester. +Index: cgcs-users-1.0-r0/COPYING.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/COPYING.orig +@@ -0,0 +1,340 @@ ++ GNU GENERAL PUBLIC LICENSE ++ Version 2, June 1991 ++ ++ Copyright (C) 1989, 1991 Free Software Foundation, Inc. ++ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ Everyone is permitted to copy and distribute verbatim copies ++ of this license document, but changing it is not allowed. ++ ++ Preamble ++ ++ The licenses for most software are designed to take away your ++freedom to share and change it. By contrast, the GNU General Public ++License is intended to guarantee your freedom to share and change free ++software--to make sure the software is free for all its users. This ++General Public License applies to most of the Free Software ++Foundation's software and to any other program whose authors commit to ++using it. (Some other Free Software Foundation software is covered by ++the GNU Library General Public License instead.) You can apply it to ++your programs, too. ++ ++ When we speak of free software, we are referring to freedom, not ++price. Our General Public Licenses are designed to make sure that you ++have the freedom to distribute copies of free software (and charge for ++this service if you wish), that you receive source code or can get it ++if you want it, that you can change the software or use pieces of it ++in new free programs; and that you know you can do these things. ++ ++ To protect your rights, we need to make restrictions that forbid ++anyone to deny you these rights or to ask you to surrender the rights. ++These restrictions translate to certain responsibilities for you if you ++distribute copies of the software, or if you modify it. ++ ++ For example, if you distribute copies of such a program, whether ++gratis or for a fee, you must give the recipients all the rights that ++you have. You must make sure that they, too, receive or can get the ++source code. And you must show them these terms so they know their ++rights. ++ ++ We protect your rights with two steps: (1) copyright the software, and ++(2) offer you this license which gives you legal permission to copy, ++distribute and/or modify the software. ++ ++ Also, for each author's protection and ours, we want to make certain ++that everyone understands that there is no warranty for this free ++software. If the software is modified by someone else and passed on, we ++want its recipients to know that what they have is not the original, so ++that any problems introduced by others will not reflect on the original ++authors' reputations. ++ ++ Finally, any free program is threatened constantly by software ++patents. We wish to avoid the danger that redistributors of a free ++program will individually obtain patent licenses, in effect making the ++program proprietary. To prevent this, we have made it clear that any ++patent must be licensed for everyone's free use or not licensed at all. ++ ++ The precise terms and conditions for copying, distribution and ++modification follow. ++ ++ GNU GENERAL PUBLIC LICENSE ++ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ++ ++ 0. This License applies to any program or other work which contains ++a notice placed by the copyright holder saying it may be distributed ++under the terms of this General Public License. The "Program", below, ++refers to any such program or work, and a "work based on the Program" ++means either the Program or any derivative work under copyright law: ++that is to say, a work containing the Program or a portion of it, ++either verbatim or with modifications and/or translated into another ++language. (Hereinafter, translation is included without limitation in ++the term "modification".) Each licensee is addressed as "you". ++ ++Activities other than copying, distribution and modification are not ++covered by this License; they are outside its scope. The act of ++running the Program is not restricted, and the output from the Program ++is covered only if its contents constitute a work based on the ++Program (independent of having been made by running the Program). ++Whether that is true depends on what the Program does. ++ ++ 1. You may copy and distribute verbatim copies of the Program's ++source code as you receive it, in any medium, provided that you ++conspicuously and appropriately publish on each copy an appropriate ++copyright notice and disclaimer of warranty; keep intact all the ++notices that refer to this License and to the absence of any warranty; ++and give any other recipients of the Program a copy of this License ++along with the Program. ++ ++You may charge a fee for the physical act of transferring a copy, and ++you may at your option offer warranty protection in exchange for a fee. ++ ++ 2. You may modify your copy or copies of the Program or any portion ++of it, thus forming a work based on the Program, and copy and ++distribute such modifications or work under the terms of Section 1 ++above, provided that you also meet all of these conditions: ++ ++ a) You must cause the modified files to carry prominent notices ++ stating that you changed the files and the date of any change. ++ ++ b) You must cause any work that you distribute or publish, that in ++ whole or in part contains or is derived from the Program or any ++ part thereof, to be licensed as a whole at no charge to all third ++ parties under the terms of this License. ++ ++ c) If the modified program normally reads commands interactively ++ when run, you must cause it, when started running for such ++ interactive use in the most ordinary way, to print or display an ++ announcement including an appropriate copyright notice and a ++ notice that there is no warranty (or else, saying that you provide ++ a warranty) and that users may redistribute the program under ++ these conditions, and telling the user how to view a copy of this ++ License. (Exception: if the Program itself is interactive but ++ does not normally print such an announcement, your work based on ++ the Program is not required to print an announcement.) ++ ++These requirements apply to the modified work as a whole. If ++identifiable sections of that work are not derived from the Program, ++and can be reasonably considered independent and separate works in ++themselves, then this License, and its terms, do not apply to those ++sections when you distribute them as separate works. But when you ++distribute the same sections as part of a whole which is a work based ++on the Program, the distribution of the whole must be on the terms of ++this License, whose permissions for other licensees extend to the ++entire whole, and thus to each and every part regardless of who wrote it. ++ ++Thus, it is not the intent of this section to claim rights or contest ++your rights to work written entirely by you; rather, the intent is to ++exercise the right to control the distribution of derivative or ++collective works based on the Program. ++ ++In addition, mere aggregation of another work not based on the Program ++with the Program (or with a work based on the Program) on a volume of ++a storage or distribution medium does not bring the other work under ++the scope of this License. ++ ++ 3. You may copy and distribute the Program (or a work based on it, ++under Section 2) in object code or executable form under the terms of ++Sections 1 and 2 above provided that you also do one of the following: ++ ++ a) Accompany it with the complete corresponding machine-readable ++ source code, which must be distributed under the terms of Sections ++ 1 and 2 above on a medium customarily used for software interchange; or, ++ ++ b) Accompany it with a written offer, valid for at least three ++ years, to give any third party, for a charge no more than your ++ cost of physically performing source distribution, a complete ++ machine-readable copy of the corresponding source code, to be ++ distributed under the terms of Sections 1 and 2 above on a medium ++ customarily used for software interchange; or, ++ ++ c) Accompany it with the information you received as to the offer ++ to distribute corresponding source code. (This alternative is ++ allowed only for noncommercial distribution and only if you ++ received the program in object code or executable form with such ++ an offer, in accord with Subsection b above.) ++ ++The source code for a work means the preferred form of the work for ++making modifications to it. For an executable work, complete source ++code means all the source code for all modules it contains, plus any ++associated interface definition files, plus the scripts used to ++control compilation and installation of the executable. However, as a ++special exception, the source code distributed need not include ++anything that is normally distributed (in either source or binary ++form) with the major components (compiler, kernel, and so on) of the ++operating system on which the executable runs, unless that component ++itself accompanies the executable. ++ ++If distribution of executable or object code is made by offering ++access to copy from a designated place, then offering equivalent ++access to copy the source code from the same place counts as ++distribution of the source code, even though third parties are not ++compelled to copy the source along with the object code. ++ ++ 4. You may not copy, modify, sublicense, or distribute the Program ++except as expressly provided under this License. Any attempt ++otherwise to copy, modify, sublicense or distribute the Program is ++void, and will automatically terminate your rights under this License. ++However, parties who have received copies, or rights, from you under ++this License will not have their licenses terminated so long as such ++parties remain in full compliance. ++ ++ 5. You are not required to accept this License, since you have not ++signed it. However, nothing else grants you permission to modify or ++distribute the Program or its derivative works. These actions are ++prohibited by law if you do not accept this License. Therefore, by ++modifying or distributing the Program (or any work based on the ++Program), you indicate your acceptance of this License to do so, and ++all its terms and conditions for copying, distributing or modifying ++the Program or works based on it. ++ ++ 6. Each time you redistribute the Program (or any work based on the ++Program), the recipient automatically receives a license from the ++original licensor to copy, distribute or modify the Program subject to ++these terms and conditions. You may not impose any further ++restrictions on the recipients' exercise of the rights granted herein. ++You are not responsible for enforcing compliance by third parties to ++this License. ++ ++ 7. If, as a consequence of a court judgment or allegation of patent ++infringement or for any other reason (not limited to patent issues), ++conditions are imposed on you (whether by court order, agreement or ++otherwise) that contradict the conditions of this License, they do not ++excuse you from the conditions of this License. If you cannot ++distribute so as to satisfy simultaneously your obligations under this ++License and any other pertinent obligations, then as a consequence you ++may not distribute the Program at all. For example, if a patent ++license would not permit royalty-free redistribution of the Program by ++all those who receive copies directly or indirectly through you, then ++the only way you could satisfy both it and this License would be to ++refrain entirely from distribution of the Program. ++ ++If any portion of this section is held invalid or unenforceable under ++any particular circumstance, the balance of the section is intended to ++apply and the section as a whole is intended to apply in other ++circumstances. ++ ++It is not the purpose of this section to induce you to infringe any ++patents or other property right claims or to contest validity of any ++such claims; this section has the sole purpose of protecting the ++integrity of the free software distribution system, which is ++implemented by public license practices. Many people have made ++generous contributions to the wide range of software distributed ++through that system in reliance on consistent application of that ++system; it is up to the author/donor to decide if he or she is willing ++to distribute software through any other system and a licensee cannot ++impose that choice. ++ ++This section is intended to make thoroughly clear what is believed to ++be a consequence of the rest of this License. ++ ++ 8. If the distribution and/or use of the Program is restricted in ++certain countries either by patents or by copyrighted interfaces, the ++original copyright holder who places the Program under this License ++may add an explicit geographical distribution limitation excluding ++those countries, so that distribution is permitted only in or among ++countries not thus excluded. In such case, this License incorporates ++the limitation as if written in the body of this License. ++ ++ 9. The Free Software Foundation may publish revised and/or new versions ++of the General Public License from time to time. Such new versions will ++be similar in spirit to the present version, but may differ in detail to ++address new problems or concerns. ++ ++Each version is given a distinguishing version number. If the Program ++specifies a version number of this License which applies to it and "any ++later version", you have the option of following the terms and conditions ++either of that version or of any later version published by the Free ++Software Foundation. If the Program does not specify a version number of ++this License, you may choose any version ever published by the Free Software ++Foundation. ++ ++ 10. If you wish to incorporate parts of the Program into other free ++programs whose distribution conditions are different, write to the author ++to ask for permission. For software which is copyrighted by the Free ++Software Foundation, write to the Free Software Foundation; we sometimes ++make exceptions for this. Our decision will be guided by the two goals ++of preserving the free status of all derivatives of our free software and ++of promoting the sharing and reuse of software generally. ++ ++ NO WARRANTY ++ ++ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY ++FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN ++OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES ++PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED ++OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ++MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS ++TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE ++PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, ++REPAIR OR CORRECTION. ++ ++ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING ++WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR ++REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, ++INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING ++OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED ++TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY ++YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER ++PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE ++POSSIBILITY OF SUCH DAMAGES. ++ ++ END OF TERMS AND CONDITIONS ++ ++ How to Apply These Terms to Your New Programs ++ ++ If you develop a new program, and you want it to be of the greatest ++possible use to the public, the best way to achieve this is to make it ++free software which everyone can redistribute and change under these terms. ++ ++ To do so, attach the following notices to the program. It is safest ++to attach them to the start of each source file to most effectively ++convey the exclusion of warranty; and each file should have at least ++the "copyright" line and a pointer to where the full notice is found. ++ ++ ++ Copyright (C) ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ ++ ++Also add information on how to contact you by electronic and paper mail. ++ ++If the program is interactive, make it output a short notice like this ++when it starts in an interactive mode: ++ ++ Gnomovision version 69, Copyright (C) year name of author ++ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. ++ This is free software, and you are welcome to redistribute it ++ under certain conditions; type `show c' for details. ++ ++The hypothetical commands `show w' and `show c' should show the appropriate ++parts of the General Public License. Of course, the commands you use may ++be called something other than `show w' and `show c'; they could even be ++mouse-clicks or menu items--whatever suits your program. ++ ++You should also get your employer (if you work as a programmer) or your ++school, if any, to sign a "copyright disclaimer" for the program, if ++necessary. Here is a sample; alter the names: ++ ++ Yoyodyne, Inc., hereby disclaims all copyright interest in the program ++ `Gnomovision' (which makes passes at compilers) written by James Hacker. ++ ++ , 1 April 1989 ++ Ty Coon, President of Vice ++ ++This General Public License does not permit incorporating your program into ++proprietary programs. If your program is a subroutine library, you may ++consider it more useful to permit linking proprietary applications with the ++library. If this is what you want to do, use the GNU Library General ++Public License instead of this License. +Index: cgcs-users-1.0-r0/COPYRIGHT.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/COPYRIGHT.orig +@@ -0,0 +1,17 @@ ++This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++Copyright (C) 2005 Attila Nagyidai ++ ++This program is free software; you can redistribute it and/or ++modify it under the terms of the GNU General Public License ++as published by the Free Software Foundation; either version 2 ++of the License, or (at your option) any later version. ++ ++This program is distributed in the hope that it will be useful, ++but WITHOUT ANY WARRANTY; without even the implied warranty of ++MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++GNU General Public License for more details. ++ ++You should have received a copy of the GNU General Public License ++along with this program; if not, write to the Free Software ++Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ +Index: cgcs-users-1.0-r0/INSTALL.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/INSTALL.orig +@@ -0,0 +1,23 @@ ++Installing ibsh is really easy, so no need for the usual sections ++in this document. There is no configure script either, so if ++something wrong, make will fail. ++ ++# make ibsh ++# make ibsh_install ++ ++Optionally: ++ ++# make clean ++ ++ ++To uninstall ibsh: ++ ++# make ibsh_uninstall ++ ++ ++Of course you will have to enable this shell by: ++# echo /bin/ibsh >> /etc/shells ++or however you like it. ++And make sure the permissions read 0755 ! ++ ++2005.03.24. +Index: cgcs-users-1.0-r0/main.c.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/main.c.orig +@@ -0,0 +1,233 @@ ++/* ++ Created: 03.19.05 11:34:57 by Attila Nagyidai ++ ++ $Id: C\040Console.c,v 1.1.2.1 2003/08/13 00:38:46 neum Exp $ ++ ++ This file is part of IBSH (Iron Bars Shell) , a restricted Unix shell ++ Copyright (C) 2005 Attila Nagyidai ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version 2 ++ of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ ++ Author: Attila Nagyidai ++ Email: na@ent.hu ++ ++ Co-Author: Shy ++ Email: shy@cpan.org ++ ++ Co-Author: Witzy ++ Email: stazzz@altern.org ++ ++ URL: http://ibsh.sourceforge.net ++ IRC: irc.freenode.net #ibsh ++ RSS, Statistics, etc: http://sourceforge.net/projects/ibsh/ ++ ++*/ ++ ++/* Header files */ ++#include "ibsh.h" ++ ++/* Main: */ ++/* Handle arguments, read config files, start command processing. */ ++/* IBSH doesnt use any command line arguments, but my text editor */ ++/* uses this code in all new c files to create. And i didnt have the */ ++/* heart to remove it. ;p */ ++/* Technical Description: */ ++/* Get the passwd entry for the user. The uid is easily aquired, since */ ++/* it is the real user id. After that, grab the passwd file entry upon */ ++/* the id, and copy the information to the loggedin struct. */ ++/* Add some signal handlers too. */ ++/* The infinite loop: */ ++/* Get the current directory, the full path. Compute the jailpath from that, */ ++/* that is the directories below the users homedir, which is the jail root. */ ++/* The jail ceiling if you like. Print some prompt to the user with the jailpath, */ ++/* and read stdin for incoming commands. Filter out the bad commands, typos, the */ ++/* not allowed commands. It the command is ok, execute it. If it is a shell builtin, */ ++/* use our builtin code, otherwise use execve. After execve, check if the user didnt */ ++/* use the last command to create some illegal content. If yes, erase that. Give the */ ++/* notice only afterwards. */ ++int main(int argc, char **argv) ++{ ++ char temp[STRING_SIZE], *buf; ++ struct stat info; ++ uid_t ruid, euid; ++ gid_t rgid, egid; ++ ++ ++ /* setuid protection */ ++ ruid = getuid(); ++ euid = geteuid(); ++ rgid = getgid(); ++ egid = getegid(); ++ if ( (ruid!=euid) || (ruid==0) || (euid==0) || (rgid!=egid) || (rgid==0) || (egid==0) ) { ++ OPENLOG; ++ syslog(LOG_ERR, "setuid/setgid violation!"); ++ CLOSELOG; ++ printf("ibsh: setuid/setgid violation!! exiting...\n"); ++#ifdef DEBUG ++ printf("ruid: %d;euid: %d;rgid: %d;egid: %d\n", ruid,euid,rgid,egid); ++#endif ++ exit(0); ++ } ++ ++ /* To Do: The code of your application goes here */ ++ /* First part: */ ++ /* Get essential information about the user who got this shell: */ ++ /* first the username, then the user id. Upon this, retrieve the */ ++ /* user's record in the passwd file. */ ++ bzero(&loggedin, sizeof(loggedin)); ++ loggedin.uid = getuid(); ++ loggedin.record = getpwuid(loggedin.uid); ++ if ( loggedin.record == NULL ) { ++ loggedin.record = getpwnam(loggedin.uname); ++ if ( loggedin.record == NULL ) { ++ openlog(loggedin.uname, LOG_PID, LOG_AUTH); ++ syslog(LOG_ERR, "Can not obtain user information"); ++ printf("Can not obtain user information\n"); ++ closelog(); ++ exit(0); ++ } ++ } ++ strncpy(loggedin.uname, loggedin.record->pw_name, PAM_SIZE); ++ strncpy(loggedin.udir, loggedin.record->pw_dir, STRING_SIZE); ++ ++ /* Second part: */ ++ /* Handle some signal catching. Read the configuration files. */ ++ signal( SIGINT, SIG_IGN ); ++ signal( SIGQUIT, SIG_IGN ); ++ signal( SIGTERM, SIG_IGN ); ++ signal( SIGTSTP, SIG_IGN ); ++ LoadConfig(); ++ ++ /* Command mode */ ++ if(argc == 3) { ++ if ( argv[1][1] == 'c' ) { ++ if ( CommandOK(argv[2], loggedin.udir, "/", filtered_command) == 1) { ++ exitcode = hhsystem(filtered_command); ++ OPENLOG; ++ syslog(LOG_INFO, "command %s ordered, command %s has been executed.", ++ argv[2], filtered_command); ++ printf("command %s ordered, command %s has been executed.\n", ++ argv[2], filtered_command); ++ CLOSELOG; ++ exit(exitcode); ++ } ++ printf("CommandOK failed (%s/%s)\n", loggedin.udir, filtered_command); ++ exit(0); ++ } ++ else { ++ printf("Invalid are (%s)\n", argv[1]); ++ exit(0); ++ } ++ } ++ ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged in.", loggedin.uname); ++ CLOSELOG; ++ ++ ++#ifdef INCLUDE_DELETE_BAD_FILES ++ DelBadFiles(loggedin.udir); ++#endif ++ if ( chdir (loggedin.udir) < 0 ) ++ return -1; ++ ++ ++ /* Third part: */ ++ /* Start reading and processing the user issued commands. */ ++ /* Split the command by the spaces, filter out anything, */ ++ /* that would allow the user to access files outside the */ ++ /* jail. Filter out multiples and pipes as well. No program */ ++ /* will be allowed to run, unless it is mentioned in the */ ++ /* config files. Files that are created with an extension */ ++ /* that is listed in the other config file, must be deleted! */ ++ for ( ; ; ) { ++ /* Where is he ? */ ++ if ( getcwd(real_path, STRING_SIZE) == NULL ) ++ return -1; ++ GetPositionInJail(real_path, loggedin.udir, jail_path); ++ if ( (strlen(jail_path)) == 0 ) { ++ strncpy(jail_path, "/", 2); ++ } ++ /* We don't want the user to know where he actually is. */ ++ /* This is the prompt! */ ++ printf("[%s]%% ", jail_path); ++ /* scanf("%s", user_command); */ ++ myscanf(user_command, real_path); ++ /* Command interpretation and execution. */ ++ if ( (CommandOK(user_command, loggedin.udir, jail_path, filtered_command)) == 0 ) { ++ printf("Sorry, can't let you do that!\n"); ++ log_attempt(loggedin.uname); /* v0.2a */ ++ continue; ++ } ++ /* If the user issued command starts with a shell builtin. */ ++ bzero(temp, strlen(temp)); ++ if ( (buf = strstr(filtered_command, "cd")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ LTrim3(filtered_command, temp); ++ if ( (strcmp(temp, real_path)) != 0 ) { ++ if ( (strcmp(temp, "..")) == 0 ) { ++ PathMinusOne(jail_path, temp, 1,sizeof(temp)); ++ } ++ if ( (strcmp(temp, "/")) == 0 ) { ++ strncpy(temp, loggedin.udir, LINE_SIZE); ++ } ++ exitcode = chdir(temp); ++ if ( exitcode == -1 ) { ++ printf("ibsh: cd: %s: No such file or directory\n", temp); ++ } ++ } ++ continue; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "pwd")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ printf("%s\n", jail_path); ++ continue; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "logout")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); ++ CLOSELOG; ++ break; ++ } ++ } ++ else if ( (buf = strstr(filtered_command, "exit")) != NULL ) { ++ if ( (strcmp(buf, filtered_command)) == 0 ) { ++ OPENLOG; ++ syslog(LOG_INFO, "user %s has logged out.", loggedin.uname); ++ printf("user %s has logged out\n", loggedin.uname); ++ CLOSELOG; ++ break; ++ } ++ } ++ else { ++ exitcode = hhsystem(filtered_command); ++ if ( exitcode < 0 ) { ++ printf("%s\n", strerror(errno)); ++ } ++ } ++ if ( getcwd(real_path, STRING_SIZE) == NULL ) ++ return -1; ++#ifdef INCLUDE_BAD_FILES ++ DelBadFiles(loggedin.udir); ++#endif ++ if ( chdir (real_path) < 0 ) ++ return 1; ++ } ++ return 0; ++} ++ +Index: cgcs-users-1.0-r0/Makefile.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/Makefile.orig +@@ -0,0 +1,56 @@ ++# This is the makefile for ibsh 0.3e ++CC = gcc -g -O3 ++OBJECTS = main.o command.o jail.o execute.o config.o misc.o antixploit.o delbadfiles.o ++ ++all ibsh: ${OBJECTS} ibsh.h ++ ${CC} -o ibsh ${OBJECTS} ++ ++main.o: main.c ibsh.h ++ ${CC} -c main.c ++ ++command.o: command.c ibsh.h ++ ${CC} -c command.c ++ ++jail.o: jail.c ibsh.h ++ ${CC} -c jail.c ++ ++execute.o: execute.c ibsh.h ++ ${CC} -c execute.c ++ ++config.o: config.c ibsh.h ++ ${CC} -c config.c ++ ++misc.o: misc.c ibsh.h ++ ${CC} -c misc.c ++ ++antixploit.o: antixploit.c ibsh.h ++ ${CC} -c antixploit.c ++ ++delbadfiles.o: delbadfiles.c ibsh.h ++ ${CC} -c delbadfiles.c ++ ++ibsh_install: ++ cp ./ibsh /bin/ ++ mkdir /etc/ibsh ++ mkdir /etc/ibsh/cmds ++ mkdir /etc/ibsh/xtns ++ cp ./globals.cmds /etc/ibsh/ ++ cp ./globals.xtns /etc/ibsh/ ++ ++ibsh_uninstall: ++ rm -rf /etc/ibsh/globals.cmds ++ rm -rf /etc/ibsh/globals.xtns ++ rm -rf /etc/ibsh/cmds/*.* ++ rm -rf /etc/ibsh/xtns/*.* ++ rmdir /etc/ibsh/cmds ++ rmdir /etc/ibsh/xtns ++ rmdir /etc/ibsh ++ rm -rf /bin/ibsh ++ ++clean: ++ rm -rf ibsh ++ rm -rf *.o ++ ++ ++# 13:49 2005.04.06. ++ +Index: cgcs-users-1.0-r0/README.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/README.orig +@@ -0,0 +1,29 @@ ++ Iron Bars SHell - a restricted interactive shell. ++ ++Overview ++ ++ For long i have been in the search of a decent restricted shell, but in vain. ++ The few i found, were really easy to hack, and there were quite a few docs ++ around on the web about hacking restricted shells with a menu interface. ++ For my definitions, a restricted shell must not only prevent the user to ++ escape her jail, but also not to access any files outside the jail. ++ The system administrator must have total control over the restricted shell. ++ These are the major features incorporated and realized by ibsh. ++ ++ ++Features ++ ++ Please read the changelog. ++ ++ ++Installation ++ ++ Read the INSTALL file. ++ ++ ++Contact ++ See Authors file. ++ ++ ++Attila Nagyidai ++2005.05.23. +Index: cgcs-users-1.0-r0/Release.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/Release.orig +@@ -0,0 +1,17 @@ ++This release introduces minor bugfixes, and important new and renewed features. ++Erasing evil files in the home directory of the user is incorporated again, with ++many improvements. First of all: no file will be erased! Only the access to them ++will be blocked. The extension policy has changed, now ibsh blocks those extensions, ++that are NOT listed. This goes in sync with the usual method of operation of ibsh. ++The execute permission of files in the user space, will be removed. ++New customizing features were added: each user now can have her own commands and ++extensions file, created and maintained by the system administrator. Some users ++(employees) may require access to special programs. User configuration files allow ++this access only those, who need it, not for everybody. ++Ibsh now scans not only the extensions of files, but the content too! Whatever the permission ++for a certain file exists, if that contains source code, or is a linux binary, access ++will be blocked. ++The absolute path for the users is now limited to 255 characters. Longer, already ++existing filenames will be renamed. ++ ++06/04/2005 +Index: cgcs-users-1.0-r0/TODO.orig +=================================================================== +--- /dev/null ++++ cgcs-users-1.0-r0/TODO.orig +@@ -0,0 +1,10 @@ ++TODO ++ ++ - tab completion. ++ - shell variables. ++ - some changes to the prompt, maybe variable prompt. ++ - history ++ - to be able to use corporate, or other large/complicated programs in a safe ++ working environment, yet be able to share files/work with others. ++ ++2005.05.23. diff --git a/cgcs-users/cgcs-users-1.0/operator.cmds b/cgcs-users/cgcs-users-1.0/operator.cmds new file mode 100644 index 0000000..6a0198e --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/operator.cmds @@ -0,0 +1,7 @@ +# Add any commands the user may execute. Even shell commands. +# You have to allow logout and/or exit, so the user can logout! +# cd and pwd should also be allowed. Note: other shell builtin +# commands are not yet implemented! +touch +vi + diff --git a/cgcs-users/cgcs-users-1.0/operator.xtns b/cgcs-users/cgcs-users-1.0/operator.xtns new file mode 100644 index 0000000..ececf5d --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/operator.xtns @@ -0,0 +1,4 @@ +# Add any extension the user may use. +.doc +.txt + diff --git a/cgcs-users/cgcs-users-1.0/secadmin.cmds b/cgcs-users/cgcs-users-1.0/secadmin.cmds new file mode 100644 index 0000000..ae2bfa8 --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/secadmin.cmds @@ -0,0 +1,12 @@ +# Add any commands the user may execute. Even shell commands. +# You have to allow logout and/or exit, so the user can logout! +# cd and pwd should also be allowed. Note: other shell builtin +# commands are not yet implemented! +# +touch +tar +scp +sftp +ssh +vi + diff --git a/cgcs-users/cgcs-users-1.0/secadmin.xtns b/cgcs-users/cgcs-users-1.0/secadmin.xtns new file mode 100644 index 0000000..5828add --- /dev/null +++ b/cgcs-users/cgcs-users-1.0/secadmin.xtns @@ -0,0 +1,6 @@ +# Add any extension the user may use. +.doc +.txt +.tgz +.tar + diff --git a/cluster-resource-agents/PKG-INFO b/cluster-resource-agents/PKG-INFO new file mode 100644 index 0000000..89eb481 --- /dev/null +++ b/cluster-resource-agents/PKG-INFO @@ -0,0 +1,16 @@ +Metadata-Version: 1.1 +Name: resource-agents +Version: 3.9.5 +Summary: Open Source HA Reusable Cluster Resource Scripts +Home-page: +Author: +Author-email: +License: GPLv2+ and LGPLv2+ + +Description: +A set of scripts to interface with several services to operate in a +High Availability environment for both Pacemaker and rgmanager +service managers. + + +Platform: UNKNOWN diff --git a/cluster-resource-agents/centos/build_srpm.data b/cluster-resource-agents/centos/build_srpm.data new file mode 100644 index 0000000..b30e56f --- /dev/null +++ b/cluster-resource-agents/centos/build_srpm.data @@ -0,0 +1 @@ +TIS_PATCH_VER=12 diff --git a/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..32c0eb0 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,28 @@ +From 2bc73669b8de70bf32d2f786b158738506e480ff Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 08/10] WRS: + 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/resource-agents.spec +--- + SPECS/resource-agents.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 6be3418..28a8129 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -48,7 +48,7 @@ + Name: resource-agents + Summary: Open Source HA Reusable Cluster Resource Scripts + Version: 3.9.5 +-Release: 105%{?dist} ++Release: 105.el7%{?_tis_dist}.%{tis_patch_ver} + License: GPLv2+, LGPLv2+ and ASL 2.0 + URL: https://github.com/ClusterLabs/resource-agents + %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch b/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch new file mode 100644 index 0000000..e49d52a --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch @@ -0,0 +1,27 @@ +From d48b31c66589b0c5a9831dcf4123a80fa8ccd89a Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Tue, 6 Mar 2018 12:19:53 -0600 +Subject: [PATCH 1/1] Disable creation of the debug package as it causes a seg + fault in dwz + +--- + SPECS/resource-agents.spec | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 2536cb7..e5fbbeb 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -35,6 +35,9 @@ + } || %{?__transaction_systemd_inhibit:1}%{?!__transaction_systemd_inhibit:0}%{nil \ + } || %(test -f /usr/lib/os-release; test $? -ne 0; echo $?)) + ++# Disable debug package, it currently triggers a segfault in dwz tool ++%define debug_package %{nil} ++ + %global upstream_prefix ClusterLabs-resource-agents + %global upstream_version 5434e96 + +-- +1.8.3.1 + diff --git a/cluster-resource-agents/centos/meta_patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch b/cluster-resource-agents/centos/meta_patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch new file mode 100644 index 0000000..4ee0be5 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch @@ -0,0 +1,32 @@ +From 231334d30e9ad3f32dc915f973c71ac18d9c8191 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 05/10] WRS: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 28b6e50..832d588 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -247,6 +247,7 @@ Patch1111: pgsql.patch + + Patch1113: create-var-run-resource-agents.patch + Patch1114: notify-rmon-of-shutdown-before-shutting-down.patch ++Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -551,6 +552,7 @@ exit 1 + + %patch1113 -p1 + %patch1114 -p1 ++%patch1115 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch b/cluster-resource-agents/centos/meta_patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch new file mode 100644 index 0000000..a4b2be4 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch @@ -0,0 +1,33 @@ +From c4165b39531872b7b56d497c4ebd86b5d1d79800 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Wed, 25 Oct 2017 16:18:02 -0400 +Subject: [PATCH] + Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 19580ef..2536cb7 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -252,6 +252,7 @@ Patch1116: ocf-shellfuncs_change_logtag.patch + Patch1117: lvm_cleanup_refs_on_stop.patch + Patch1118: ipaddr2_if_down.patch + Patch1119: ipaddr2_ignore_lo_if_state.patch ++Patch1120: Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -561,6 +562,7 @@ exit 1 + %patch1117 -p1 + %patch1118 -p1 + %patch1119 -p1 ++%patch1120 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/PATCH_ORDER b/cluster-resource-agents/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..e1f284d --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,12 @@ +spec-include-TiS-patches.patch +spec-avoid-dir-collisions.patch +spec-add-create-var-run-resource-agents.patch +spec-notify-rmon-of-shutdown-before-shutting-down.patch +Fix-VG-activity-bug-in-heartbeat-LVM-script.patch +spec-include-tis-logtag-patch.patch +spec-lvm-cleanup-refs-on-stop.patch +0001-Update-package-versioning-for-TIS-format.patch +ipaddr2-if-down.patch +spec-add-ipaddr2-ignore-lo-state.patch +Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch +Disable-creation-of-the-debug-package.patch diff --git a/cluster-resource-agents/centos/meta_patches/ipaddr2-if-down.patch b/cluster-resource-agents/centos/meta_patches/ipaddr2-if-down.patch new file mode 100644 index 0000000..c822a26 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/ipaddr2-if-down.patch @@ -0,0 +1,32 @@ +From 1c5dc7640e843a553df5663305a739fc0c7aa9e1 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 09/10] WRS: ipaddr2-if-down.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 28a8129..71d6cc4 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -250,6 +250,7 @@ Patch1114: notify-rmon-of-shutdown-before-shutting-down.patch + Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch + Patch1116: ocf-shellfuncs_change_logtag.patch + Patch1117: lvm_cleanup_refs_on_stop.patch ++Patch1118: ipaddr2_if_down.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -557,6 +558,7 @@ exit 1 + %patch1115 -p1 + %patch1116 -p1 + %patch1117 -p1 ++%patch1118 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-add-create-var-run-resource-agents.patch b/cluster-resource-agents/centos/meta_patches/spec-add-create-var-run-resource-agents.patch new file mode 100644 index 0000000..c377de6 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-add-create-var-run-resource-agents.patch @@ -0,0 +1,32 @@ +From bc7c08fdf1a415af73757a4fc86e5c35fe9ab3f8 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 03/10] WRS: spec-add-create-var-run-resource-agents.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 52c3c93..ba7af5b 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -245,6 +245,7 @@ Patch1109: umount-in-namespace.patch + Patch1110: lvm_vg_activation.patch + Patch1111: pgsql.patch + ++Patch1113: create-var-run-resource-agents.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -547,6 +548,7 @@ exit 1 + %patch1110 -p1 + %patch1111 -p1 + ++%patch1113 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-add-ipaddr2-ignore-lo-state.patch b/cluster-resource-agents/centos/meta_patches/spec-add-ipaddr2-ignore-lo-state.patch new file mode 100644 index 0000000..24f1627 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-add-ipaddr2-ignore-lo-state.patch @@ -0,0 +1,32 @@ +From 389034e186f6dfabdfa4bb75671a3f21d448bcbb Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 10/10] WRS: spec-add-ipaddr2-ignore-lo-state.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 71d6cc4..460fc8f 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -251,6 +251,7 @@ Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch + Patch1116: ocf-shellfuncs_change_logtag.patch + Patch1117: lvm_cleanup_refs_on_stop.patch + Patch1118: ipaddr2_if_down.patch ++Patch1119: ipaddr2_ignore_lo_if_state.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -559,6 +560,7 @@ exit 1 + %patch1116 -p1 + %patch1117 -p1 + %patch1118 -p1 ++%patch1119 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch b/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch new file mode 100644 index 0000000..2e72626 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch @@ -0,0 +1,56 @@ +From 72fdb47d6d79b950fc900c88d77605911cdcb4b1 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:58 -0400 +Subject: [PATCH 02/10] WRS: spec-avoid-dir-collisions.patch + +--- + SPECS/resource-agents.spec | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 453398a..52c3c93 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -642,14 +642,15 @@ rm -rf %{buildroot} + %endif + + %if %{with linuxha} +-%dir /usr/lib/ocf +-%dir /usr/lib/ocf/resource.d +-%dir /usr/lib/ocf/lib ++#%dir /usr/lib/ocf ++#%dir /usr/lib/ocf/resource.d ++#%dir /usr/lib/ocf/lib + +-/usr/lib/ocf/lib/heartbeat ++/usr/lib/ocf/lib/heartbeat/* + +-/usr/lib/ocf/resource.d/heartbeat +-/usr/lib/ocf/resource.d/openstack ++/usr/lib/ocf/resource.d/heartbeat/* ++/usr/lib/ocf/resource.d/heartbeat/.ocf-* ++/usr/lib/ocf/resource.d/openstack/* + %if %{with rgmanager} + /usr/lib/ocf/resource.d/redhat + %endif +@@ -669,7 +670,7 @@ rm -rf %{buildroot} + + %{_includedir}/heartbeat + +-%dir %attr (1755, root, root) %{_var}/run/resource-agents ++#%dir %attr (1755, root, root) %{_var}/run/resource-agents + + %{_mandir}/man7/*.7* + +@@ -780,7 +781,7 @@ rm -rf %{buildroot} + %exclude %{_mandir}/man8/ldirectord.8.gz + + # For compatability with pre-existing agents +-%dir %{_sysconfdir}/ha.d ++#%dir %{_sysconfdir}/ha.d + %{_sysconfdir}/ha.d/shellfuncs + + %{_libexecdir}/heartbeat +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch b/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch new file mode 100644 index 0000000..20b994b --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch @@ -0,0 +1,50 @@ +From 8d7740777cbbcdfa00f3e12b7e292aca2b696137 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:58 -0400 +Subject: [PATCH 01/10] WRS: spec-include-TiS-patches.patch + +--- + SPECS/resource-agents.spec | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index db6b69c..453398a 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -236,6 +236,16 @@ Patch175: bz1449681-2-saphana-saphanatopology-update-0.152.21.patch + Patch176: bz1342376-2-rabbitmq-cluster-backup-and-restore-users-policies.patch + Patch177: bz1342376-3-rabbitmq-cluster-backup-and-restore-users-policies.patch + ++# WRS ++Patch1105: filesystem_rmon.patch ++Patch1106: new_ocf_return_codes.patch ++Patch1107: ipaddr2_check_if_state.patch ++Patch1108: copyright.patch ++Patch1109: umount-in-namespace.patch ++Patch1110: lvm_vg_activation.patch ++Patch1111: pgsql.patch ++ ++ + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} + +@@ -528,6 +538,16 @@ exit 1 + %patch176 -p1 + %patch177 -p1 + ++# WRS ++%patch1105 -p1 ++%patch1106 -p1 ++%patch1107 -p1 ++%patch1108 -p1 ++%patch1109 -p1 ++%patch1110 -p1 ++%patch1111 -p1 ++ ++ + %build + if [ ! -f configure ]; then + ./autogen.sh +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-include-tis-logtag-patch.patch b/cluster-resource-agents/centos/meta_patches/spec-include-tis-logtag-patch.patch new file mode 100644 index 0000000..ac0cd4d --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-include-tis-logtag-patch.patch @@ -0,0 +1,32 @@ +From 80e779cf7c6f667ccca0d91c13229520649e2920 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 06/10] WRS: spec-include-tis-logtag-patch.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index 832d588..e3a7ce1 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -248,6 +248,7 @@ Patch1111: pgsql.patch + Patch1113: create-var-run-resource-agents.patch + Patch1114: notify-rmon-of-shutdown-before-shutting-down.patch + Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch ++Patch1116: ocf-shellfuncs_change_logtag.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -553,6 +554,7 @@ exit 1 + %patch1113 -p1 + %patch1114 -p1 + %patch1115 -p1 ++%patch1116 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-lvm-cleanup-refs-on-stop.patch b/cluster-resource-agents/centos/meta_patches/spec-lvm-cleanup-refs-on-stop.patch new file mode 100644 index 0000000..9d1dd4a --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-lvm-cleanup-refs-on-stop.patch @@ -0,0 +1,32 @@ +From 273da7710af8e7fbaf39eb1d31872089b77f0b0b Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 07/10] WRS: spec-lvm-cleanup-refs-on-stop.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index e3a7ce1..6be3418 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -249,6 +249,7 @@ Patch1113: create-var-run-resource-agents.patch + Patch1114: notify-rmon-of-shutdown-before-shutting-down.patch + Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch + Patch1116: ocf-shellfuncs_change_logtag.patch ++Patch1117: lvm_cleanup_refs_on_stop.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -555,6 +556,7 @@ exit 1 + %patch1114 -p1 + %patch1115 -p1 + %patch1116 -p1 ++%patch1117 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/meta_patches/spec-notify-rmon-of-shutdown-before-shutting-down.patch b/cluster-resource-agents/centos/meta_patches/spec-notify-rmon-of-shutdown-before-shutting-down.patch new file mode 100644 index 0000000..b39d789 --- /dev/null +++ b/cluster-resource-agents/centos/meta_patches/spec-notify-rmon-of-shutdown-before-shutting-down.patch @@ -0,0 +1,33 @@ +From 057decd3b529f9bea96cf4071ae206c4dddc871c Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:11:59 -0400 +Subject: [PATCH 04/10] WRS: + spec-notify-rmon-of-shutdown-before-shutting-down.patch + +--- + SPECS/resource-agents.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec +index ba7af5b..28b6e50 100644 +--- a/SPECS/resource-agents.spec ++++ b/SPECS/resource-agents.spec +@@ -246,6 +246,7 @@ Patch1110: lvm_vg_activation.patch + Patch1111: pgsql.patch + + Patch1113: create-var-run-resource-agents.patch ++Patch1114: notify-rmon-of-shutdown-before-shutting-down.patch + + Obsoletes: heartbeat-resources <= %{version} + Provides: heartbeat-resources = %{version} +@@ -549,6 +550,7 @@ exit 1 + %patch1111 -p1 + + %patch1113 -p1 ++%patch1114 -p1 + + %build + if [ ! -f configure ]; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch b/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch new file mode 100644 index 0000000..7d7c41d --- /dev/null +++ b/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch @@ -0,0 +1,58 @@ +From 98591b479bd64c2835ab1e8884118c57dd499b9c Mon Sep 17 00:00:00 2001 +From: Chris Friesen +Date: Tue, 21 Jun 2016 14:29:36 -0400 +Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script + +There is currently an issue in the lvm2 package where if you create an LVM thin +pool, then create a thin volume in the pool, then the udev rule doesn't think +there should be a /dev// symlink for the thin pool, but "vgmknodes" and +"vgscan --mknodes" both think that there should be such a symlink. This is a +bug, but it's in the field in CentOS 7 at least and likely elsewhere. + +The end result of this is that on such a system running either "vgscan +--mknodes" or "vgmknodes" and then running "vgchange -an " will +leave the /dev/ directory with a dangling symlink in it. + +This breaks the LVM_status() function in this OCF script, since the +/dev/ directory exists and is not empty even though the volume +group is not active. + +This commit changes the code to directly query lvm about the volume group +activity rather than relying on side effects. +--- + heartbeat/LVM | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index 1c23c05..d91a3bc 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -350,19 +350,16 @@ LVM_status() { + ocf_exit_reason "LVM Volume $1 is not available" + return $OCF_ERR_GENERIC + fi +- +- if [ -d /dev/$1 ]; then +- test "`cd /dev/$1 && ls`" != "" +- rc=$? +- if [ $rc -ne 0 ]; then +- ocf_exit_reason "VG $1 with no logical volumes is not supported by this RA!" +- fi +- fi + +- if [ $rc -ne 0 ]; then ++ # Ask lvm whether the volume group is active. This maps to ++ # the question "Are there any logical volumes that are active in ++ # the specified volume group?". ++ lvs --noheadings -o selected -S lv_active=active,vg_name=${1}|grep -q 1 ++ if [ $? -ne 0 ]; then + ocf_log $loglevel "LVM Volume $1 is not available (stopped)" + rc=$OCF_NOT_RUNNING + else ++ rc=0 + case $(get_vg_mode) in + 1) # exclusive with tagging. + # If vg is running, make sure the correct tag is present. Otherwise we +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch b/cluster-resource-agents/centos/patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch new file mode 100644 index 0000000..1ceffe5 --- /dev/null +++ b/cluster-resource-agents/centos/patches/Modify-error-code-of-bz1454699-fix-to-prevent-inactive-controller-reboot-loop.patch @@ -0,0 +1,27 @@ +From b9fdbdf20d62655c9b529f744f8efb9fb66c5851 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Wed, 25 Oct 2017 16:13:20 -0400 +Subject: [PATCH] Modify error code of + bz1454699-LVM-status-check-for-missing-VG.patch to prevent controler-1 reboot + loop + +--- + heartbeat/LVM | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index 5347765..e4cd0ea 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -348,7 +348,7 @@ LVM_status() { + fi + if ! echo "$output" | grep -q "Found.*\"$1\""; then + ocf_exit_reason "LVM Volume $1 is not available" +- return $OCF_ERR_GENERIC ++ return $OCF_NOT_RUNNING + fi + + # Ask lvm whether the volume group is active. This maps to +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/copyright.patch b/cluster-resource-agents/centos/patches/copyright.patch new file mode 100644 index 0000000..d4b2784 --- /dev/null +++ b/cluster-resource-agents/centos/patches/copyright.patch @@ -0,0 +1,51 @@ +From 81bcbfb829001ccf61b515edb3d53ac8f15df334 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Fri, 26 Aug 2016 15:06:10 -0400 +Subject: [PATCH 04/12] WRS: Patch108: copyright.patch + +--- + heartbeat/Filesystem | 2 ++ + heartbeat/LVM | 1 + + heartbeat/pgsql | 1 + + 3 files changed, 4 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 27f03d2..af821b2 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -2,6 +2,8 @@ + # + # Support: linux-ha@lists.linux-ha.org + # License: GNU General Public License (GPL) ++# ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # Filesystem + # Description: Manages a Filesystem on a shared storage medium. +diff --git a/heartbeat/LVM b/heartbeat/LVM +index e435e7b..c11fed7 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -10,6 +10,7 @@ + # Support: linux-ha@lists.linux-ha.org + # License: GNU General Public License (GPL) + # Copyright: (C) 2002 - 2005 International Business Machines, Inc. ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # This code significantly inspired by the LVM resource + # in FailSafe by Lars Marowsky-Bree +diff --git a/heartbeat/pgsql b/heartbeat/pgsql +index 794f85e..b176b1d 100755 +--- a/heartbeat/pgsql ++++ b/heartbeat/pgsql +@@ -9,6 +9,7 @@ + # + # Copyright: 2006-2012 Serge Dubrouski + # and other Linux-HA contributors ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # License: GNU General Public License (GPL) + # + ############################################################################### +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/create-var-run-resource-agents.patch b/cluster-resource-agents/centos/patches/create-var-run-resource-agents.patch new file mode 100644 index 0000000..1ac8ed0 --- /dev/null +++ b/cluster-resource-agents/centos/patches/create-var-run-resource-agents.patch @@ -0,0 +1,28 @@ +From 142af55450aa91fe2d7fc3586388efebae64af97 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Tue, 3 May 2016 21:53:21 -0400 +Subject: [PATCH 1/1] Create /var/run/resource-agents, if needed + +--- + heartbeat/ocf-shellfuncs.in | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in +index fd916e7..56f01e6 100644 +--- a/heartbeat/ocf-shellfuncs.in ++++ b/heartbeat/ocf-shellfuncs.in +@@ -165,6 +165,11 @@ __ocf_set_defaults() { + ha_log "ERROR: Need to tell us our resource instance name." + exit $OCF_ERR_ARGS + fi ++ ++ # TODO: Find a better way to ensure this dir exists ++ if [ ! -d "$HA_RSCTMP" ]; then ++ mkdir -p $HA_RSCTMP ++ fi + } + + hadate() { +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/filesystem_rmon.patch b/cluster-resource-agents/centos/patches/filesystem_rmon.patch new file mode 100644 index 0000000..64c00e7 --- /dev/null +++ b/cluster-resource-agents/centos/patches/filesystem_rmon.patch @@ -0,0 +1,204 @@ +From ec5790e7d930bd3436d67319c5214a7bf64fa164 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:12:25 -0400 +Subject: [PATCH 01/13] WRS: Patch1105: filesystem_rmon.patch + +--- + heartbeat/Filesystem | 59 +++++++++++++++++++++++++++++++++++++++++++++++++--- + heartbeat/LVM | 58 +++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 110 insertions(+), 7 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index d834096..8cd9c6b 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -19,6 +19,7 @@ + # OCF_RESKEY_run_fsck + # OCF_RESKEY_fast_stop + # OCF_RESKEY_force_clones ++# OCF_RESKEY_rmon_rsc_name + # + #OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0 + # Or a -U or -L option for mount, or an NFS mount specification +@@ -30,6 +31,7 @@ + #OCF_RESKEY_fast_stop : fast stop: yes(default)/no + #OCF_RESKEY_force_clones : allow running the resource as clone. e.g. local xfs mounts + # for each brick in a glusterfs setup ++#OCF_RESKEY_rmon_rsc_name: resource name to use when notifing RMON + # + # + # This assumes you want to manage a filesystem on a shared (SCSI) bus, +@@ -1137,20 +1139,65 @@ if [ "$OP" != "monitor" ]; then + ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT" + fi + ++RMON_NOTIFY="/usr/local/bin/rmon_resource_notify" ++ ++rmon_notify() { ++ local RSC_STATE=$1 TIMEOUT=$2 ++ ++ if [ -z "OCF_RESKEY_rmon_rsc_name" ] ++ then ++ ocf_log err "No RMON resource name given for $OCF_RESKEY_directory" ++ return ++ fi ++ ++ if [[ -x $RMON_NOTIFY ]] ++ then ++ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++ --resource-state $RSC_STATE \ ++ --resource-type mount \ ++ --device $OCF_RESKEY_device \ ++ --mount-point $OCF_RESKEY_directory \ ++ --timeout $TIMEOUT \ ++ >/dev/null 2>&1 ++ else ++ ocf_log err "$RMON_NOTIFY not available, failed to execute: \ ++$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++--resource-state $RSC_STATE --resource-type mount \ ++--device $OCF_RESKEY_device --mount-point $OCF_RESKEY_directory \ ++--timeout $TIMEOUT" ++ fi ++} ++ + # These operations do not require the clone checking + OCFS2 + # initialization. + case $OP in + status) Filesystem_status +- exit $? ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc + ;; + monitor) Filesystem_monitor +- exit $? ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc + ;; + validate-all) Filesystem_validate_all + exit $? + ;; + stop) Filesystem_stop +- exit $? ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc + ;; + esac + +@@ -1199,6 +1246,12 @@ fi + + case $OP in + start) Filesystem_start ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc + ;; + notify) Filesystem_notify + ;; +diff --git a/heartbeat/LVM b/heartbeat/LVM +index eae7a91..733d113 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -22,6 +22,7 @@ + # + # OCF parameters are as below: + # OCF_RESKEY_volgrpname ++# OCF_RESKEY_rmon_rsc_name + # + ####################################################################### + # Initialization: +@@ -711,6 +712,34 @@ then + exit $OCF_ERR_CONFIGURED + fi + ++RMON_NOTIFY="/usr/local/bin/rmon_resource_notify" ++ ++rmon_notify() { ++ local RSC_STATE=$1 TIMEOUT=$2 ++ ++ if [ -z "OCF_RESKEY_rmon_rsc_name" ] ++ then ++ ocf_log err "No RMON resource name given for $OCF_RESKEY_volgrpname" ++ return ++ fi ++ ++ if [[ -x $RMON_NOTIFY ]] ++ then ++ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++ --resource-state $RSC_STATE \ ++ --resource-type lvg \ ++ --volume-group $OCF_RESKEY_volgrpname \ ++ --timeout $TIMEOUT \ ++ >/dev/null 2>&1 ++ else ++ ocf_log err "$RMON_NOTIFY not available, failed to execute: \ ++$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++--resource-state $RSC_STATE --resource-type lvg \ ++--volume-group $OCF_RESKEY_volgrpname \ ++--timeout $TIMEOUT" ++ fi ++} ++ + # Get the LVM version number, for this to work we assume(thanks to panjiam): + # + # LVM1 outputs like this +@@ -752,16 +781,37 @@ case "$1" in + start) + LVM_validate_all + LVM_start $VOLUME +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc;; + + stop) LVM_stop $VOLUME +- exit $?;; ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc;; + + status) LVM_status $VOLUME $1 +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; + + monitor) LVM_status $VOLUME +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; + + validate-all) LVM_validate_all + ;; +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch b/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch new file mode 100644 index 0000000..b3dbc4e --- /dev/null +++ b/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch @@ -0,0 +1,58 @@ +From fb5a76d9050c60b601a5dbbad65ed3dbff041af1 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:12:36 -0400 +Subject: [PATCH 03/13] WRS: Patch1107: ipaddr2_check_if_state.patch + +--- + heartbeat/IPaddr2 | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index aef6dc7..67a7ca3 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -880,7 +880,12 @@ ip_start() { + local ip_status=`ip_served` + + if [ "$ip_status" = "ok" ]; then +- exit $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi + + if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then +@@ -939,7 +944,12 @@ ip_start() { + fi + ;; + esac +- exit $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + } + + ip_stop() { +@@ -1015,7 +1025,12 @@ ip_monitor() { + case $ip_status in + ok) + $ARP_SEND_FUN refresh +- return $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ return $OCF_SUCCESS ++ else ++ return $OCF_NOT_RUNNING ++ fi + ;; + partial|no|partial2) + exit $OCF_NOT_RUNNING +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch b/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch new file mode 100644 index 0000000..4cf424f --- /dev/null +++ b/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch @@ -0,0 +1,58 @@ +From 573f0835621c5e64c6270260f607624aea29d21a Mon Sep 17 00:00:00 2001 +From: Bin Qian +Date: Sat, 21 Jan 2017 02:36:39 -0500 +Subject: [PATCH 1/1] ipaddr2_if_down + +--- + heartbeat/IPaddr2 | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 67a7ca3..2cd822d 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -884,7 +884,12 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- exit $OCF_ERR_GENERIC ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN..." ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi + fi + +@@ -948,7 +953,12 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- exit $OCF_ERR_GENERIC ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN" ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi + } + +@@ -1029,7 +1039,12 @@ ip_monitor() { + then + return $OCF_SUCCESS + else +- return $OCF_NOT_RUNNING ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN" ++ return $OCF_SUCCESS ++ else ++ return $OCF_NOT_RUNNING ++ fi + fi + ;; + partial|no|partial2) +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch b/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch new file mode 100644 index 0000000..4bb8f44 --- /dev/null +++ b/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch @@ -0,0 +1,43 @@ +From 81bb87debd2a683bad2173d6cb16327c776fe3b3 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:13:46 -0400 +Subject: [PATCH 13/13] WRS: Patch1119: ipaddr2_ignore_lo_if_state.patch + +--- + heartbeat/IPaddr2 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 2cd822d..59620d2 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -880,7 +880,7 @@ ip_start() { + local ip_status=`ip_served` + + if [ "$ip_status" = "ok" ]; then +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + exit $OCF_SUCCESS + else +@@ -949,7 +949,7 @@ ip_start() { + fi + ;; + esac +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + exit $OCF_SUCCESS + else +@@ -1035,7 +1035,7 @@ ip_monitor() { + case $ip_status in + ok) + $ARP_SEND_FUN refresh +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + return $OCF_SUCCESS + else +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch b/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch new file mode 100644 index 0000000..ade8cc5 --- /dev/null +++ b/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch @@ -0,0 +1,121 @@ +CGTS-5173: LVM ocf cleanup refs on stop + +In LVM ocf script, LVM_stop() fails if any of the created logical volume +dm block devices are being held by any process with the following error + +err ERROR: Logical volume cinder-volumes/volume-96a8becd-a1c1-4508-8b25-9bcbcfeff2fa +contains a filesystem in use. Can't deactivate volume group "cinder-volumes" +with 1 open logical volume(s) + +So here we want to have defensive code to scan through any process that +holds what dm block devices and causes LVM_stop() to fail. There are +2 cases: + +* dm block devices are mounted and processes are accessing files located +in this mount point. We first need to kill all the processes which are +opening files and then umount the dm block devices. + +* processes just hold/open dm block devices directly. We need to kill +these processes. + +--- + heartbeat/LVM | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 76 insertions(+) + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index 69f284c..e56f7d8 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -616,6 +616,81 @@ EOF + } + + # ++# Kill provided process that holds lv ++# ++log_and_kill_process_hold_lv() { ++ p_info=$(ps -lfLp ${1} | tail -1) ++ ocf_log warn "lv ${2} is being held by this process (will be forced killed):" ++ ocf_log warn ${p_info} ++ kill -s KILL ${1} ++} ++ ++# ++# Scan for processes that hold any lvs and kill them ++# ++scan_and_kill_processes_hold_lv() { ++ vg_name=${1} ++ ++ # Get list of logical volumes which are busy ++ lv_paths=$(lvdisplay -c ${vg_name} | awk -F ":" '{print $1}') ++ for lv_path in ${lv_paths}; do ++ open_num=$(lvdisplay ${lv_path} | grep "# open" | awk '{print $3}') ++ if [ ${open_num} -gt 0 ]; then ++ lv_name=$(lvdisplay ${lv_path} | grep "LV Name" | awk '{print $3}') ++ lv_block=$(lvdisplay ${lv_path} | grep "Block device" | awk '{print $3}') ++ ++ lv_list="${lv_list} ++${lv_name}|${lv_block}" ++ lv_block_list="${lv_block_list} ${lv_block}" ++ fi ++ done ++ ++ # Exit if there is no busy logical volume ++ [ -z "${lv_list}" ] && exit 0 ++ ++ # Checking to see if any of these busy logical volumes are caused by mount ++ mountinfo=$(cat /proc/1/mountinfo) ++ while read -r line; do ++ mount_majorminor=$(echo ${line} | awk '{print $3}') ++ mount_point=$(echo ${line} | awk '{print $5}') ++ ++ for lv in ${lv_block_list}; do ++ if [ "${lv}" == "${mount_majorminor}" ]; then ++ lv_name=$(echo "${lv_list}" | grep ${lv} | awk -F "|" '{print $1}') ++ ocf_log warn "lv ${lv_name} is busy mounted at ${mount_point} (will be forced unmounted)" ++ processes_holding_mount_point=$(fuser -m ${mount_point} 2>/dev/null) ++ if [ -n "${processes_holding_mount_point}" ]; then ++ for p in ${processes_holding_mount_point}; do ++ log_and_kill_process_hold_lv "${p}" "${lv_name}" ++ done ++ fi ++ umount ${mount_point} ++ [ $? -ne 0 ] && ocf_log warn "Cannot umount ${mount_point}" ++ fi ++ done ++ done <<< "${mountinfo}" ++ ++ # Now checking to see if any process holding these logical volumes ++ all_processes=$(ps -e | awk '{print $1}') ++ for p in ${all_processes}; do ++ [ ! -d /proc/${p}/fd ] && continue ++ opened_file_list=$(ls -l /proc/${p}/fd | awk -F "->" '{print $2}') ++ ++ for f in ${opened_file_list}; do ++ [ ! -b "${f}" ] && continue ++ f_majorminor=$(printf "%d:%d" $(stat -c '0x%t 0x%T' ${f})) ++ ++ for lv in ${lv_block_list}; do ++ if [ "${lv}" == "${f_majorminor}" ]; then ++ lv_name=$(echo "${lv_list}" | grep ${lv} | awk -F "|" '{print $1}') ++ log_and_kill_process_hold_lv "${p}" "${lv_name}" ++ fi ++ done ++ done ++ done ++} ++ ++# + # Disable the LVM volume + # + LVM_stop() { +@@ -647,6 +722,7 @@ LVM_stop() { + break + fi + ++ scan_and_kill_processes_hold_lv $vg + res=$OCF_ERR_GENERIC + ocf_log warn "$vg still Active" + ocf_log info "Retry deactivating volume group $vg" +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/lvm_vg_activation.patch b/cluster-resource-agents/centos/patches/lvm_vg_activation.patch new file mode 100644 index 0000000..2646637 --- /dev/null +++ b/cluster-resource-agents/centos/patches/lvm_vg_activation.patch @@ -0,0 +1,160 @@ +From 3304fb0e1f1eeb2bfe52611541c5dd12bdc908e0 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:12:54 -0400 +Subject: [PATCH 06/13] WRS: Patch1110: lvm_vg_activation.patch + +--- + heartbeat/LVM | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 116 insertions(+), 14 deletions(-) + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index 5de88b6..3a52e56 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -449,6 +449,81 @@ retry_exclusive_start() + } + + # ++# Activate one volume explicitly. ++# ++activate_volume() { ++ ocf_run lvchange $1 /dev/${2}/$3 ++ if [ $? -eq 0 ] ; then ++ ocf_log info "Succesfully activated $LV." ++ else ++ ocf_log err "Problem activating $LV." ++ fi ++} ++ ++# ++# Kick off parallel activation of all volumes ++# ++activate_all_volumes() { ++ VG=$1 ++ shift ++ lvchange_args="$*" ++ ++ # Get the list of volumes, without the first line which is column headings. ++ VOLS=`lvs $VG |tail -n +2` ++ ++ while read -r LINE; do ++ # Convert the line into an array. ++ LINE_ARRAY=($LINE) ++ ++ # First array element is the volume/snapshot name. ++ LV=${LINE_ARRAY[0]} ++ ++ # Third array element is the attributes. ++ ATTR=${LINE_ARRAY[2]} ++ ++ # Fifth character in the attributes is "a" if it's active. ++ ACTIVE=${ATTR:4:1} ++ if [ "$ACTIVE" == "a" ]; then ++ ocf_log info "$LV is already active." ++ continue ++ fi ++ ++ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]} ++ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then ++ # If this is a snapshot, don't activate it. ++ continue ++ fi ++ ++ ( activate_volume "$*" $VG $LV ) & ++ done <<< "$VOLS" ++} ++ ++# ++# Scan for inactive volumes and log any that are found. ++# ++log_inactive_volumes() { ++ # Get the list of volumes, without the first line which is column headings. ++ VOLS=`lvs $1 |tail -n +2` ++ ++ while read -r LINE; do ++ # Convert the line into an array. ++ LINE_ARRAY=($LINE) ++ ++ # First array element is the volume/snapshot name. ++ LV=${LINE_ARRAY[0]} ++ ++ # Third array element is the attributes. ++ ATTR=${LINE_ARRAY[2]} ++ ++ # Fifth character in the attributes is "a" if it's active. ++ ACTIVE=${ATTR:4:1} ++ if [ "$ACTIVE" != "a" ]; then ++ ocf_log err "Volume $LV is not active after expiry of timeout." ++ fi ++ done <<< "$VOLS" ++} ++ ++# + # Enable LVM volume + # + LVM_start() { +@@ -489,20 +564,47 @@ EOF + : ;; + esac + +- if ! ocf_run vgchange $vgchange_options $vg; then +- if [ $clvmd -eq 0 ]; then +- return $OCF_ERR_GENERIC +- fi +- +- # Failure to exclusively activate cluster vg.: +- # This could be caused by a remotely active LV, Attempt +- # to disable volume group cluster wide and try again. +- # Allow for some settling +- sleep 5 +- if ! retry_exclusive_start; then +- return $OCF_ERR_GENERIC +- fi +- fi ++ # Kick off activation of all volumes. If it doesn't complete within ++ # the timeout period, then we'll log the not-yet-activated volumes and ++ # continue on. ++ (ocf_run vgchange $vgchange_options $1) & PID=$! ++ ++ # Check every second for up to TIMEOUT seconds whether the vgchange has ++ # completed. ++ TIMEOUT=300 ++ TIMED_OUT=true ++ SECONDS=0; ++ PARALLEL_ACTIVATE_DELAY=10 ++ PARALLEL_ACTIVATE_DONE=false ++ while [ $SECONDS -lt $TIMEOUT ] ; do ++ kill -0 $PID &> /dev/null ++ if [ $? -eq 1 ] ; then ++ # process with pid of $PID doesn't exist, vgchange command completed ++ TIMED_OUT=false ++ break ++ fi ++ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \ ++ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \ ++ [ "$1" == "cinder-volumes" ] ; then ++ # This will kick off parallel activation of all LVs in the VG. ++ # The delay is to ensure the VG is activated first. ++ PARALLEL_ACTIVATE_DONE=true ++ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options ++ activate_all_volumes $1 $vgchange_options ++ fi ++ sleep 1 ++ done ++ ++ if [ "$TIMED_OUT" = true ] ; then ++ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1" ++ log_inactive_volumes $1 ++ else ++ # Child process completed, get its status. ++ wait $PID ++ if [ $? -ne 0 ] ; then ++ return $OCF_ERR_GENERIC ++ fi ++ fi + + if LVM_status $vg; then + : OK Volume $vg activated just fine! +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/new_ocf_return_codes.patch b/cluster-resource-agents/centos/patches/new_ocf_return_codes.patch new file mode 100644 index 0000000..dc07829 --- /dev/null +++ b/cluster-resource-agents/centos/patches/new_ocf_return_codes.patch @@ -0,0 +1,62 @@ +From 111343419dd381d81303354dad48cca5095ab080 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Fri, 26 Aug 2016 15:06:02 -0400 +Subject: [PATCH 02/12] WRS: Patch106: new_ocf_return_codes.patch + +--- + heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +diff --git a/heartbeat/ocf-returncodes b/heartbeat/ocf-returncodes +index dd5f017..9200889 100644 +--- a/heartbeat/ocf-returncodes ++++ b/heartbeat/ocf-returncodes +@@ -4,6 +4,7 @@ + # + # Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof + # All Rights Reserved. ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # + # This library is free software; you can redistribute it and/or +@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7 + # + OCF_RUNNING_MASTER=8 + OCF_FAILED_MASTER=9 ++ ++# Non-standard values particular to Wind River deployments. ++# ++# OCF does not include the concept of data sync states for master/slave ++# resources. ++# ++# OCF_DATA_INCONSISTENT: ++# The resource's data is not useable. ++# ++# OCF_DATA_OUTDATED: ++# The resource's data is consistent, but a peer with more recent data ++# has been seen. ++# ++# OCF_DATA_CONSISTENT: ++# The resource's data is consistent, but it is unsure that this is the ++# most recent data. ++# ++# OCF_SYNC: ++# The resource is syncing data. ++# ++# OCF_STANDALONE: ++# The resource is operating as standalone. No peer is available or ++# syncing is not possible (i.e. split brain fencing). ++# ++OCF_DATA_INCONSISTENT=32 ++OCF_DATA_OUTDATED=33 ++OCF_DATA_CONSISTENT=34 ++OCF_DATA_SYNC=35 ++OCF_DATA_STANDALONE=36 ++OCF_RUNNING_MASTER_DATA_INCONSISTENT=37 ++OCF_RUNNING_MASTER_DATA_OUTDATED=38 ++OCF_RUNNING_MASTER_DATA_CONSISTENT=39 ++OCF_RUNNING_MASTER_DATA_SYNC=40 ++OCF_RUNNING_MASTER_DATA_STANDALONE=41 +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch b/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch new file mode 100644 index 0000000..081a7ca --- /dev/null +++ b/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch @@ -0,0 +1,54 @@ +From bf3f5ed67ee862cbd4fd3f4f8c2c3760ebd88900 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Fri, 17 Jun 2016 00:31:20 -0400 +Subject: [PATCH 1/1] Notify rmon of shutdown before shutting down LVM and + Filesystem + +--- + heartbeat/Filesystem | 9 +++++---- + heartbeat/LVM | 9 +++++---- + 2 files changed, 10 insertions(+), 8 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 05e4097..d5f3417 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -1200,10 +1200,11 @@ case $OP in + validate-all) Filesystem_validate_all + exit $? + ;; +- stop) Filesystem_stop +- rc=$? +- rmon_notify "disabled" 300 +- exit $rc ++ stop) ++ rmon_notify "disabled" 300 ++ Filesystem_stop ++ rc=$? ++ exit $rc + ;; + esac + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index 3a52e56..69f284c 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -891,10 +891,11 @@ case "$1" in + fi + exit $rc;; + +- stop) LVM_stop $VOLUME +- rc=$? +- rmon_notify "disabled" 300 +- exit $rc;; ++ stop) ++ rmon_notify "disabled" 300 ++ LVM_stop $VOLUME ++ rc=$? ++ exit $rc;; + + status) LVM_status $VOLUME $1 + rc=$? +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch b/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch new file mode 100644 index 0000000..229e69e --- /dev/null +++ b/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch @@ -0,0 +1,28 @@ +From 3b5735f43d0ca1a3ca29b9fec50959340c21c995 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Thu, 25 Aug 2016 13:07:16 -0400 +Subject: [PATCH 1/1] Set OCF_ prefix in logs for syslog destination sorting + +--- + heartbeat/ocf-shellfuncs.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in +index 56f01e6..cfe5b21 100644 +--- a/heartbeat/ocf-shellfuncs.in ++++ b/heartbeat/ocf-shellfuncs.in +@@ -179,9 +179,9 @@ hadate() { + set_logtag() { + if [ -z "$HA_LOGTAG" ]; then + if [ -n "$OCF_RESOURCE_INSTANCE" ]; then +- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]" ++ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]" + else +- HA_LOGTAG="$__SCRIPT_NAME[$$]" ++ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]" + fi + fi + } +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/pgsql.patch b/cluster-resource-agents/centos/patches/pgsql.patch new file mode 100644 index 0000000..a496d0f --- /dev/null +++ b/cluster-resource-agents/centos/patches/pgsql.patch @@ -0,0 +1,87 @@ +From 386e3919b703c5a3d06edfc5b078ab67604139ab Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:12:59 -0400 +Subject: [PATCH 07/13] WRS: Patch1111: pgsql.patch + +--- + heartbeat/pgsql | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/pgsql b/heartbeat/pgsql +index 768608e..28cc046 100755 +--- a/heartbeat/pgsql ++++ b/heartbeat/pgsql +@@ -38,6 +38,7 @@ get_pgsql_param() { + OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl + OCF_RESKEY_psql_default=/usr/bin/psql + OCF_RESKEY_pgdata_default=/var/lib/pgsql/data ++OCF_RESKEY_pgconf_default=/etc/postgresql + OCF_RESKEY_pgdba_default=postgres + OCF_RESKEY_pghost_default="" + OCF_RESKEY_pgport_default=5432 +@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_default=30 + : ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}} + : ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}} + : ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}} ++: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}} + : ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}} + : ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}} + : ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}} +-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf} ++: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf} + : ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}} + : ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}} + : ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}} +@@ -166,6 +168,14 @@ Path to PostgreSQL data directory. + + + ++ ++ ++Path to PostgreSQL config directory. ++ ++pgconf ++ ++ ++ + + + User that owns PostgreSQL. +@@ -220,7 +230,7 @@ SQL script that will be used for monitor operations. + Path to the PostgreSQL configuration file for the instance. + + Configuration file +- ++ + + + +@@ -549,6 +559,12 @@ pgsql_real_start() { + ocf_log debug "PostgreSQL still hasn't started yet. Waiting..." + done + ++ # WRS: Create an unversioned symlink under /var/run so SM can easily ++ # find the PID file. ++ if [ ! -h $PIDFILE_SYMLINK ]; then ++ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK ++ fi ++ + ocf_log info "PostgreSQL is started." + return $rc + } +@@ -1756,10 +1772,11 @@ fi + + + PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid ++PIDFILE_SYMLINK=/var/run/postmaster.pid + BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label + RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1` + PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status" +-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf ++RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf + NODENAME=$(ocf_local_nodename | tr '[A-Z]' '[a-z]') + + if is_replication; then +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/patches/umount-in-namespace.patch b/cluster-resource-agents/centos/patches/umount-in-namespace.patch new file mode 100644 index 0000000..f848a61 --- /dev/null +++ b/cluster-resource-agents/centos/patches/umount-in-namespace.patch @@ -0,0 +1,27 @@ +From eb45b8271ce64a046d41c93b1cffd641245ce55f Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 15:12:48 -0400 +Subject: [PATCH 05/13] WRS: Patch1109: umount-in-namespace.patch + +--- + heartbeat/Filesystem | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index f536298..05e4097 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -804,6 +804,10 @@ signal_processes() { + } + try_umount() { + local SUB=$1 ++ ++ # We need to ensure we umount in namespaces, too ++ /usr/sbin/umount-in-namespace $SUB ++ + $UMOUNT $umount_force $SUB + list_mounts | grep -q " $SUB " >/dev/null 2>&1 || { + ocf_log info "unmounted $SUB successfully" +-- +1.9.1 + diff --git a/cluster-resource-agents/centos/srpm_path b/cluster-resource-agents/centos/srpm_path new file mode 100644 index 0000000..83167c2 --- /dev/null +++ b/cluster-resource-agents/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/resource-agents-3.9.5-105.el7.src.rpm diff --git a/cluster-resource-agents/cluster-resource-agents/copyright.patch b/cluster-resource-agents/cluster-resource-agents/copyright.patch new file mode 100644 index 0000000..460cc23 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/copyright.patch @@ -0,0 +1,38 @@ +--- + heartbeat/Filesystem | 3 ++- + heartbeat/LVM | 1 + + heartbeat/pgsql | 1 + + 3 files changed, 4 insertions(+), 1 deletion(-) + +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -2,7 +2,8 @@ + # + # Support: linux-ha@lists.linux-ha.org + # License: GNU General Public License (GPL) +-# ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. ++# + # Filesystem + # Description: Manages a Filesystem on a shared storage medium. + # Original Author: Eric Z. Ayers (eric.ayers@compgen.com) +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -10,6 +10,7 @@ + # Support: linux-ha@lists.linux-ha.org + # License: GNU General Public License (GPL) + # Copyright: (C) 2002 - 2005 International Business Machines, Inc. ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # This code significantly inspired by the LVM resource + # in FailSafe by Lars Marowsky-Bree +--- a/heartbeat/pgsql ++++ b/heartbeat/pgsql +@@ -9,6 +9,7 @@ + # + # Copyright: 2006-2012 Serge Dubrouski + # and other Linux-HA contributors ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # License: GNU General Public License (GPL) + # + ############################################################################### diff --git a/cluster-resource-agents/cluster-resource-agents/exportfs_accept_ipv6.patch b/cluster-resource-agents/cluster-resource-agents/exportfs_accept_ipv6.patch new file mode 100644 index 0000000..5a992e1 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/exportfs_accept_ipv6.patch @@ -0,0 +1,15 @@ +Index: resource-agents-3.9.5/heartbeat/exportfs +=================================================================== +--- resource-agents-3.9.5/heartbeat/exportfs 2013-02-07 07:17:42.000000000 -0500 ++++ resource-agents-3.9.5/heartbeat/exportfs 2015-12-18 12:40:18.382930869 -0500 +@@ -184,7 +184,9 @@ + + is_exported() { + local dir=$1 +- local spec=$2 ++ # Because clientspec contains square brackets when using IPv6, and the exports entry does not, ++ # it is necessary to remove the square brackets to compare them with each other. ++ local spec=$(echo $2|sed -r 's/(\[|\])//g') + exportfs | + sed -e '$! N; s/\n[[:space:]]\+/ /; t; s/[[:space:]]\+\([^[:space:]]\+\)\(\n\|$\)/ \1\2/g; P;D;' | + grep -q -x -F "$dir $spec" diff --git a/cluster-resource-agents/cluster-resource-agents/filesystem_rmon.patch b/cluster-resource-agents/cluster-resource-agents/filesystem_rmon.patch new file mode 100644 index 0000000..f74abd3 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/filesystem_rmon.patch @@ -0,0 +1,193 @@ +--- + heartbeat/Filesystem | 59 ++++++++++++++++++++++++++++++++++++++++++++++++--- + heartbeat/LVM | 59 +++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 111 insertions(+), 7 deletions(-) + +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -19,6 +19,7 @@ + # OCF_RESKEY_run_fsck + # OCF_RESKEY_fast_stop + # OCF_RESKEY_force_clones ++# OCF_RESKEY_rmon_rsc_name + # + #OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0 + # Or a -U or -L option for mount, or an NFS mount specification +@@ -30,6 +31,7 @@ + #OCF_RESKEY_fast_stop : fast stop: yes(default)/no + #OCF_RESKEY_force_clones : allow running the resource as clone. e.g. local xfs mounts + # for each brick in a glusterfs setup ++#OCF_RESKEY_rmon_rsc_name: resource name to use when notifing RMON + # + # + # This assumes you want to manage a filesystem on a shared (SCSI) bus, +@@ -1053,20 +1055,65 @@ if [ "$OP" != "monitor" ]; then + ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT" + fi + ++RMON_NOTIFY="/usr/local/bin/rmon_resource_notify" ++ ++rmon_notify() { ++ local RSC_STATE=$1 TIMEOUT=$2 ++ ++ if [ -z "OCF_RESKEY_rmon_rsc_name" ] ++ then ++ ocf_log err "No RMON resource name given for $OCF_RESKEY_directory" ++ return ++ fi ++ ++ if [[ -x $RMON_NOTIFY ]] ++ then ++ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++ --resource-state $RSC_STATE \ ++ --resource-type mount \ ++ --device $OCF_RESKEY_device \ ++ --mount-point $OCF_RESKEY_directory \ ++ --timeout $TIMEOUT \ ++ >/dev/null 2>&1 ++ else ++ ocf_log err "$RMON_NOTIFY not available, failed to execute: \ ++$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++--resource-state $RSC_STATE --resource-type mount \ ++--device $OCF_RESKEY_device --mount-point $OCF_RESKEY_directory \ ++--timeout $TIMEOUT" ++ fi ++} ++ + # These operations do not require the clone checking + OCFS2 + # initialization. + case $OP in + status) Filesystem_status +- exit $? ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc + ;; + monitor) Filesystem_monitor +- exit $? ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc + ;; + validate-all) Filesystem_validate_all + exit $? + ;; + stop) Filesystem_stop +- exit $? ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc + ;; + esac + +@@ -1114,6 +1161,12 @@ fi + + case $OP in + start) Filesystem_start ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc + ;; + notify) Filesystem_notify + ;; +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -22,6 +22,7 @@ + # + # OCF parameters are as below: + # OCF_RESKEY_volgrpname ++# OCF_RESKEY_rmon_rsc_name + # + ####################################################################### + # Initialization: +@@ -311,6 +312,35 @@ then + exit $OCF_ERR_CONFIGURED + fi + ++RMON_NOTIFY="/usr/local/bin/rmon_resource_notify" ++ ++rmon_notify() { ++ local RSC_STATE=$1 TIMEOUT=$2 ++ ++ if [ -z "OCF_RESKEY_rmon_rsc_name" ] ++ then ++ ocf_log err "No RMON resource name given for $OCF_RESKEY_volgrpname" ++ return ++ fi ++ ++ if [[ -x $RMON_NOTIFY ]] ++ then ++ $RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++ --resource-state $RSC_STATE \ ++ --resource-type lvg \ ++ --volume-group $OCF_RESKEY_volgrpname \ ++ --timeout $TIMEOUT \ ++ >/dev/null 2>&1 ++ else ++ ocf_log err "$RMON_NOTIFY not available, failed to execute: \ ++$RMON_NOTIFY --resource-name $OCF_RESKEY_rmon_rsc_name \ ++--resource-state $RSC_STATE --resource-type lvg \ ++--volume-group $OCF_RESKEY_volgrpname \ ++--timeout $TIMEOUT" ++ fi ++} ++ ++ + # Get the LVM version number, for this to work we assume(thanks to panjiam): + # + # LVM1 outputs like this +@@ -345,16 +375,37 @@ OP_METHOD=$1 + case "$1" in + + start) LVM_start $VOLUME +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc;; + + stop) LVM_stop $VOLUME +- exit $?;; ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc;; + + status) LVM_status $VOLUME $1 +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; + + monitor) LVM_monitor $VOLUME +- exit $?;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; + + validate-all) LVM_validate_all + ;; diff --git a/cluster-resource-agents/cluster-resource-agents/ipaddr2_add_if_type.patch b/cluster-resource-agents/cluster-resource-agents/ipaddr2_add_if_type.patch new file mode 100644 index 0000000..127c4bf --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/ipaddr2_add_if_type.patch @@ -0,0 +1,37 @@ +--- + heartbeat/IPaddr2 | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -13,6 +13,7 @@ + # Copyright (c) 2003 Tuomo Soini + # Copyright (c) 2004-2006 SUSE LINUX AG, Lars Marowsky-Brée + # All Rights Reserved. ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # This program is free software; you can redistribute it and/or modify + # it under the terms of version 2 of the GNU General Public License as +@@ -50,6 +51,7 @@ + # OCF_RESKEY_nic + # OCF_RESKEY_cidr_netmask + # OCF_RESKEY_iflabel ++# OCF_RESKEY_if_type + # OCF_RESKEY_mac + # OCF_RESKEY_clusterip_hash + # OCF_RESKEY_arp_interval +@@ -314,7 +316,13 @@ ip_init() { + + BASEIP="$OCF_RESKEY_ip" + BRDCAST="$OCF_RESKEY_broadcast" +- NIC="$OCF_RESKEY_nic" ++ IFTYPE="$OCF_RESKEY_if_type" ++ if [ -n "${IFTYPE}" ] ++ then ++ NIC=`grep ${IFTYPE}= /etc/platform/platform.conf | cut -f2 -d '='` ++ else ++ NIC="$OCF_RESKEY_nic" ++ fi + # Note: We had a version out there for a while which used + # netmask instead of cidr_netmask. Don't remove this aliasing code! + if diff --git a/cluster-resource-agents/cluster-resource-agents/ipaddr2_check_if_state.patch b/cluster-resource-agents/cluster-resource-agents/ipaddr2_check_if_state.patch new file mode 100644 index 0000000..19e5f18 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/ipaddr2_check_if_state.patch @@ -0,0 +1,48 @@ +--- + heartbeat/IPaddr2 | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -661,7 +661,12 @@ ip_start() { + local ip_status=`ip_served` + + if [ "$ip_status" = "ok" ]; then +- exit $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi + + if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then +@@ -714,7 +719,12 @@ ip_start() { + fi + ;; + esac +- exit $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + } + + ip_stop() { +@@ -788,7 +798,12 @@ ip_monitor() { + local ip_status=`ip_served` + case $ip_status in + ok) +- return $OCF_SUCCESS ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ return $OCF_SUCCESS ++ else ++ return $OCF_NOT_RUNNING ++ fi + ;; + partial|no|partial2) + exit $OCF_NOT_RUNNING diff --git a/cluster-resource-agents/cluster-resource-agents/lvm_vg_activation.patch b/cluster-resource-agents/cluster-resource-agents/lvm_vg_activation.patch new file mode 100644 index 0000000..a8b308e --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/lvm_vg_activation.patch @@ -0,0 +1,155 @@ +commit 69217b67c0d018f129c7cbf526aebf0b236be701 +Author: Chris Friesen +Date: Thu Sep 17 15:26:16 2015 -0400 + + CGCS-2553/CGTS-2534: tweak LVM success criteria + + It turns out that activating an LVM LV which has a snapshot (or activating + the snapshot) will take an amount of time that is proportional to the + delta between the snapshot and the original volume. + + Because of this it's possible that running "vgchange" could take a long + time, since it also activates the LVs. + + If this happens, rather than timeout the whole script we want to log which + LVs/snapshots havn't yet been activated, and then just continue on. + Accordingly, we want to set the internal timeout in the "start" operation + to something less than the timeout for the "start" action. + + There will be corresponding changes in cinder to properly handle this case. + +diff --git a/heartbeat/LVM b/heartbeat/LVM +index bd1a47a..24b0244 100755 +--- a/heartbeat/LVM ++++ b/heartbeat/LVM +@@ -186,6 +186,81 @@ LVM_monitor() { + } + + # ++# Activate one volume explicitly. ++# ++activate_volume() { ++ ocf_run lvchange $1 /dev/${2}/$3 ++ if [ $? -eq 0 ] ; then ++ ocf_log info "Succesfully activated $LV." ++ else ++ ocf_log err "Problem activating $LV." ++ fi ++} ++ ++# ++# Kick off parallel activation of all volumes ++# ++activate_all_volumes() { ++ VG=$1 ++ shift ++ lvchange_args="$*" ++ ++ # Get the list of volumes, without the first line which is column headings. ++ VOLS=`lvs $VG |tail -n +2` ++ ++ while read -r LINE; do ++ # Convert the line into an array. ++ LINE_ARRAY=($LINE) ++ ++ # First array element is the volume/snapshot name. ++ LV=${LINE_ARRAY[0]} ++ ++ # Third array element is the attributes. ++ ATTR=${LINE_ARRAY[2]} ++ ++ # Fifth character in the attributes is "a" if it's active. ++ ACTIVE=${ATTR:4:1} ++ if [ "$ACTIVE" == "a" ]; then ++ ocf_log info "$LV is already active." ++ continue ++ fi ++ ++ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]} ++ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then ++ # If this is a snapshot, don't activate it. ++ continue ++ fi ++ ++ ( activate_volume "$*" $VG $LV ) & ++ done <<< "$VOLS" ++} ++ ++# ++# Scan for inactive volumes and log any that are found. ++# ++log_inactive_volumes() { ++ # Get the list of volumes, without the first line which is column headings. ++ VOLS=`lvs $1 |tail -n +2` ++ ++ while read -r LINE; do ++ # Convert the line into an array. ++ LINE_ARRAY=($LINE) ++ ++ # First array element is the volume/snapshot name. ++ LV=${LINE_ARRAY[0]} ++ ++ # Third array element is the attributes. ++ ATTR=${LINE_ARRAY[2]} ++ ++ # Fifth character in the attributes is "a" if it's active. ++ ACTIVE=${ATTR:4:1} ++ if [ "$ACTIVE" != "a" ]; then ++ ocf_log err "Volume $LV is not active after expiry of timeout." ++ fi ++ done <<< "$VOLS" ++} ++ ++# + # Enable LVM volume + # + LVM_start() { +@@ -218,7 +293,47 @@ LVM_start() { + vgchange_options="$vgchange_options --monitor y" + fi + +- ocf_run vgchange $vgchange_options $1 || return $OCF_ERR_GENERIC ++ # Kick off activation of all volumes. If it doesn't complete within ++ # the timeout period, then we'll log the not-yet-activated volumes and ++ # continue on. ++ (ocf_run vgchange $vgchange_options $1) & PID=$! ++ ++ # Check every second for up to TIMEOUT seconds whether the vgchange has ++ # completed. ++ TIMEOUT=300 ++ TIMED_OUT=true ++ SECONDS=0; ++ PARALLEL_ACTIVATE_DELAY=10 ++ PARALLEL_ACTIVATE_DONE=false ++ while [ $SECONDS -lt $TIMEOUT ] ; do ++ kill -0 $PID &> /dev/null ++ if [ $? -eq 1 ] ; then ++ # process with pid of $PID doesn't exist, vgchange command completed ++ TIMED_OUT=false ++ break ++ fi ++ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \ ++ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \ ++ [ "$1" == "cinder-volumes" ] ; then ++ # This will kick off parallel activation of all LVs in the VG. ++ # The delay is to ensure the VG is activated first. ++ PARALLEL_ACTIVATE_DONE=true ++ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options ++ activate_all_volumes $1 $vgchange_options ++ fi ++ sleep 1 ++ done ++ ++ if [ "$TIMED_OUT" = true ] ; then ++ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1" ++ log_inactive_volumes $1 ++ else ++ # Child process completed, get its status. ++ wait $PID ++ if [ $? -ne 0 ] ; then ++ return $OCF_ERR_GENERIC ++ fi ++ fi + + if LVM_status $1; then + : OK Volume $1 activated just fine! diff --git a/cluster-resource-agents/cluster-resource-agents/new_ocf_return_codes.patch b/cluster-resource-agents/cluster-resource-agents/new_ocf_return_codes.patch new file mode 100644 index 0000000..18ded3b --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/new_ocf_return_codes.patch @@ -0,0 +1,52 @@ +--- + heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++ + 1 file changed, 35 insertions(+) + +--- a/heartbeat/ocf-returncodes ++++ b/heartbeat/ocf-returncodes +@@ -5,6 +5,7 @@ + # Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof + # All Rights Reserved. + # ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # This library is free software; you can redistribute it and/or + # modify it under the terms of the GNU Lesser General Public +@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7 + # + OCF_RUNNING_MASTER=8 + OCF_FAILED_MASTER=9 ++ ++# Non-standard values particular to Wind River deployments. ++# ++# OCF does not include the concept of data sync states for master/slave ++# resources. ++# ++# OCF_DATA_INCONSISTENT: ++# The resource's data is not useable. ++# ++# OCF_DATA_OUTDATED: ++# The resource's data is consistent, but a peer with more recent data ++# has been seen. ++# ++# OCF_DATA_CONSISTENT: ++# The resource's data is consistent, but it is unsure that this is the ++# most recent data. ++# ++# OCF_SYNC: ++# The resource is syncing data. ++# ++# OCF_STANDALONE: ++# The resource is operating as standalone. No peer is available or ++# syncing is not possible (i.e. split brain fencing). ++# ++OCF_DATA_INCONSISTENT=32 ++OCF_DATA_OUTDATED=33 ++OCF_DATA_CONSISTENT=34 ++OCF_DATA_SYNC=35 ++OCF_DATA_STANDALONE=36 ++OCF_RUNNING_MASTER_DATA_INCONSISTENT=37 ++OCF_RUNNING_MASTER_DATA_OUTDATED=38 ++OCF_RUNNING_MASTER_DATA_CONSISTENT=39 ++OCF_RUNNING_MASTER_DATA_SYNC=40 ++OCF_RUNNING_MASTER_DATA_STANDALONE=41 diff --git a/cluster-resource-agents/cluster-resource-agents/ocf-shellfuncs_change_logtag.patch b/cluster-resource-agents/cluster-resource-agents/ocf-shellfuncs_change_logtag.patch new file mode 100644 index 0000000..53b79c0 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/ocf-shellfuncs_change_logtag.patch @@ -0,0 +1,18 @@ +--- + heartbeat/ocf-shellfuncs.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/heartbeat/ocf-shellfuncs.in ++++ b/heartbeat/ocf-shellfuncs.in +@@ -174,9 +174,9 @@ hadate() { + set_logtag() { + if [ -z "$HA_LOGTAG" ]; then + if [ -n "$OCF_RESOURCE_INSTANCE" ]; then +- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]" ++ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]" + else +- HA_LOGTAG="$__SCRIPT_NAME[$$]" ++ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]" + fi + fi + } diff --git a/cluster-resource-agents/cluster-resource-agents/pgsql.patch b/cluster-resource-agents/cluster-resource-agents/pgsql.patch new file mode 100644 index 0000000..840c1a8 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/pgsql.patch @@ -0,0 +1,77 @@ +Index: resource-agents-3.9.5/heartbeat/pgsql +=================================================================== +--- resource-agents-3.9.5.orig/heartbeat/pgsql ++++ resource-agents-3.9.5/heartbeat/pgsql +@@ -38,6 +38,7 @@ get_pgsql_param() { + OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl + OCF_RESKEY_psql_default=/usr/bin/psql + OCF_RESKEY_pgdata_default=/var/lib/pgsql/data ++OCF_RESKEY_pgconf_default=/etc/postgresql + OCF_RESKEY_pgdba_default=postgres + OCF_RESKEY_pghost_default="" + OCF_RESKEY_pgport_default=5432 +@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_defaul + : ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}} + : ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}} + : ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}} ++: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}} + : ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}} + : ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}} + : ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}} +-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf} ++: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf} + : ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}} + : ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}} + : ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}} +@@ -166,6 +168,14 @@ Path to PostgreSQL data directory. + + + ++ ++ ++Path to PostgreSQL config directory. ++ ++pgconf ++ ++ ++ + + + User that owns PostgreSQL. +@@ -220,7 +230,7 @@ SQL script that will be used for monitor + Path to the PostgreSQL configuration file for the instance. + + Configuration file +- ++ + + + +@@ -475,6 +485,12 @@ pgsql_real_start() { + local postgres_options + local rc + ++ # WRS: Create an unversioned symlink under /var/run so SM can easily ++ # find the PID file. ++ if [ ! -h $PIDFILE_SYMLINK ]; then ++ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK ++ fi ++ + if pgsql_status; then + ocf_log info "PostgreSQL is already running. PID=`cat $PIDFILE`" + if is_replication; then +@@ -1717,12 +1733,12 @@ then + exit $OCF_ERR_GENERIC + fi + +- + PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid ++PIDFILE_SYMLINK=/var/run/postmaster.pid + BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label + RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1` + PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status" +-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf ++RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf + NODENAME=`uname -n | tr '[A-Z]' '[a-z]'` + + if is_replication; then diff --git a/cluster-resource-agents/cluster-resource-agents/umount-in-namespace.patch b/cluster-resource-agents/cluster-resource-agents/umount-in-namespace.patch new file mode 100644 index 0000000..12affb4 --- /dev/null +++ b/cluster-resource-agents/cluster-resource-agents/umount-in-namespace.patch @@ -0,0 +1,17 @@ +--- + heartbeat/Filesystem | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -727,6 +727,10 @@ signal_processes() { + } + try_umount() { + local SUB=$1 ++ ++ # We need to ensure we umount in namespaces, too ++ /usr/sbin/umount-in-namespace $SUB ++ + $UMOUNT $umount_force $SUB + list_mounts | grep -q " $SUB " >/dev/null 2>&1 || { + ocf_log info "unmounted $SUB successfully" diff --git a/dpkg/.gitignore b/dpkg/.gitignore new file mode 100644 index 0000000..95e75bd --- /dev/null +++ b/dpkg/.gitignore @@ -0,0 +1,6 @@ +!.distro +.distro/centos7/rpmbuild/RPMS +.distro/centos7/rpmbuild/SRPMS +.distro/centos7/rpmbuild/BUILD +.distro/centos7/rpmbuild/BUILDROOT +.distro/centos7/rpmbuild/SOURCES/dpkg*tar.gz diff --git a/dpkg/README b/dpkg/README new file mode 100644 index 0000000..27334c7 --- /dev/null +++ b/dpkg/README @@ -0,0 +1,4 @@ +Many Titanium Cloud init services are using start-stop-daemon. It's not available under +centos. Just pull it from dpkg but don't install everything. + +Source: http://ftp.de.debian.org/debian/pool/main/d/dpkg/ diff --git a/dpkg/centos/build_srpm.data b/dpkg/centos/build_srpm.data new file mode 100644 index 0000000..129d3fb --- /dev/null +++ b/dpkg/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="$CGCS_BASE/downloads/dpkg_1.18.24.tar.xz" +TIS_PATCH_VER=1 diff --git a/dpkg/centos/dpkg.spec b/dpkg/centos/dpkg.spec new file mode 100644 index 0000000..b893ebe --- /dev/null +++ b/dpkg/centos/dpkg.spec @@ -0,0 +1,43 @@ +Summary: dpkg +Name: dpkg +Version: 1.18.24 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +License: GPLv2 and GPLv2+ and LGPLv2+ and Public Domain and BSD +Group: base +Packager: Wind River +URL: unknown +Source0: %{name}_%{version}.tar.xz + +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: ncurses-static +BuildRequires: perl-version + +%description +dpkg + +%define local_bindir /usr/bin/ + +%prep +%setup + +%build +./configure --prefix=$RPM_BUILD_ROOT \ + --disable-dselect \ + --disable-update-alternatives \ + --without-liblzma +make -j"%(nproc)" + +%install +# Don't install everything, it's too dangerous +# make install + +install -d -m 755 %{buildroot}%{local_bindir} +install -p -D -m 700 utils/start-stop-daemon %{buildroot}%{local_bindir}/start-stop-daemon + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%{local_bindir}/* diff --git a/drbd-tools/centos/build_srpm.data b/drbd-tools/centos/build_srpm.data new file mode 100644 index 0000000..1e66849 --- /dev/null +++ b/drbd-tools/centos/build_srpm.data @@ -0,0 +1,4 @@ +COPY_LIST="$FILES_BASE/* \ + $DISTRO/patches/* \ + $CGCS_BASE/downloads/drbd-8.4.3.tar.gz" +TIS_PATCH_VER=6 diff --git a/drbd-tools/centos/drbd.spec b/drbd-tools/centos/drbd.spec new file mode 100644 index 0000000..b537a6b --- /dev/null +++ b/drbd-tools/centos/drbd.spec @@ -0,0 +1,407 @@ +# Define init script directory. %{_initddir} is available from Fedora +# 9 forward; CentOS knows 5 only %{_initrddir}. Neither are known to +# autoconf... +%{!?_initddir: %{expand: %%global _initddir %{_initrddir}}} + +# Compatibility macro wrappers for legacy RPM versions that do not +# support conditional builds +%{!?bcond_without: %{expand: %%global bcond_without() %%{expand:%%%%{!?_without_%%{1}:%%%%global with_%%{1} 1}}}} +%{!?bcond_with: %{expand: %%global bcond_with() %%{expand:%%%%{?_with_%%{1}:%%%%global with_%%{1} 1}}}} +%{!?with: %{expand: %%global with() %%{expand:%%%%{?with_%%{1}:1}%%%%{!?with_%%{1}:0}}}} +%{!?without: %{expand: %%global without() %%{expand:%%%%{?with_%%{1}:0}%%%%{!?with_%%{1}:1}}}} + +# Conditionals +# Invoke "rpmbuild --without " or "rpmbuild --with " +# to disable or enable specific features +%bcond_without udev +%bcond_without pacemaker +%bcond_with rgmanager +%bcond_without heartbeat +# conditionals may not contain "-" nor "_", hence "bashcompletion" +%bcond_without bashcompletion +# --with xen is ignored on any non-x86 architecture +%bcond_without xen +%bcond_without legacy_utils +#%ifnarch %{ix86} x86_64 +%global _without_xen --without-xen +#%endif + +Name: drbd +Summary: DRBD driver for Linux +Version: 8.4.3 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Source: http://oss.linbit.com/%{name}/8.3/%{name}-%{version}.tar.gz + +Source1: drbd.service + +# WRS +Patch0001: 0001-skip_wait_con_int_on_simplex.patch +Patch0002: 0002-drbd-conditional-crm-dependency.patch +Patch0003: 0003-drbd_report_condition.patch +Patch0004: 0004-drbdadm-ipaddr-change.patch +Patch0005: 0005-drbd_reconnect_standby_standalone.patch +Patch0006: 0006-avoid-kernel-userspace-version-check.patch +Patch0007: 0007-Update-OCF-to-attempt-connect-in-certain-states.patch +Patch0008: 0008-Increase-short-cmd-timeout-to-15-secs.patch + +License: GPLv2+ +ExclusiveOS: linux +Group: System Environment/Kernel +URL: http://www.drbd.org/ +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +BuildRequires: flex +Requires: %{name}-utils = %{version} +%if %{with udev} +Requires: %{name}-udev = %{version} +BuildRequires: udev +%endif +%if %{with pacemaker} +Requires: %{name}-pacemaker = %{version} +%endif +## %if %{with rgmanager} +## ## No. +## ## We don't want to annoy the majority of our userbase on pacemaker +## ## by pulling in the full rgmanager stack via drbd-rgmanager as well. +## Requires: %{name}-rgmanager = %{version} +## %endif +%if %{with heartbeat} +Requires: %{name}-heartbeat = %{version} +%endif +%if %{with bashcompletion} +Requires: %{name}-bash-completion = %{version} +%endif +BuildRequires: systemd-devel + +%description +DRBD mirrors a block device over the network to another machine. +Think of it as networked raid 1. It is a building block for +setting up high availability (HA) clusters. + +This is a virtual package, installing the full DRBD userland suite. + +# Just a few docs go into the "drbd" package. Everything else is part +# of one of the drbd-* packages. +%files +%defattr(-,root,root,-) +%doc COPYING +%doc ChangeLog +%doc README + +%package utils +Summary: Management utilities for DRBD +Group: System Environment/Kernel +# We used to have one monolithic userland package. +# Since all other packages require drbd-utils, +# it should be sufficient to add the conflict here. +Conflicts: drbd < 8.3.6 +# These exist in centos extras: +Conflicts: drbd82 drbd83 +Requires(post): chkconfig +Requires(preun): chkconfig + +%description utils +DRBD mirrors a block device over the network to another machine. +Think of it as networked raid 1. It is a building block for +setting up high availability (HA) clusters. + +This packages includes the DRBD administration tools. + +%files utils +%defattr(755,root,root,-) +/sbin/drbdsetup +/sbin/drbdadm +/sbin/drbdmeta +%if %{with legacy_utils} +%dir /lib/drbd/ +/lib/drbd/drbdsetup-83 +/lib/drbd/drbdadm-83 +%endif +%{_initddir}/%{name} +%attr(644,root,root) %{_unitdir}/%{name}.service +%{_sbindir}/drbd-overview +%dir %{_prefix}/lib/%{name} +%{_prefix}/lib/%{name}/outdate-peer.sh +%{_prefix}/lib/%{name}/snapshot-resync-target-lvm.sh +%{_prefix}/lib/%{name}/unsnapshot-resync-target-lvm.sh +%{_prefix}/lib/%{name}/notify-out-of-sync.sh +%{_prefix}/lib/%{name}/notify-split-brain.sh +%{_prefix}/lib/%{name}/notify-emergency-reboot.sh +%{_prefix}/lib/%{name}/notify-emergency-shutdown.sh +%{_prefix}/lib/%{name}/notify-io-error.sh +%{_prefix}/lib/%{name}/notify-pri-lost-after-sb.sh +%{_prefix}/lib/%{name}/notify-pri-lost.sh +%{_prefix}/lib/%{name}/notify-pri-on-incon-degr.sh +%{_prefix}/lib/%{name}/notify.sh + +%defattr(-,root,root,-) +%dir %{_var}/lib/%{name} +%config(noreplace) %attr(640, root, root) %{_sysconfdir}/drbd.conf +%dir %attr(740, root, root) %{_sysconfdir}/drbd.d +%config(noreplace) %{_sysconfdir}/drbd.d/global_common.conf +%{_mandir}/man8/drbd.8.* +%{_mandir}/man8/drbdsetup.8.* +%{_mandir}/man8/drbdadm.8.* +%{_mandir}/man5/drbd.conf.5.* +%{_mandir}/man8/drbdmeta.8.* +%doc scripts/drbd.conf.example +%doc COPYING +%doc ChangeLog +%doc README + +%if %{with udev} +%package udev +Summary: udev integration scripts for DRBD +Group: System Environment/Kernel +Requires: %{name}-utils = %{version}-%{release}, udev + +%description udev +This package contains udev helper scripts for DRBD, managing symlinks to +DRBD devices in /dev/drbd/by-res and /dev/drbd/by-disk. + +%files udev +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/udev/rules.d/65-drbd.rules* +%endif # with udev + +%if %{with pacemaker} +%package pacemaker +Summary: Pacemaker resource agent for DRBD +Group: System Environment/Base +Requires: %{name}-utils = %{version}-%{release} +License: GPLv2 + +%description pacemaker +This package contains the master/slave DRBD resource agent for the +Pacemaker High Availability cluster manager. + +%files pacemaker +%defattr(755,root,root,-) +%{_prefix}/lib/%{name}/crm-fence-peer.sh +%{_prefix}/lib/%{name}/crm-unfence-peer.sh +%{_prefix}/lib/%{name}/stonith_admin-fence-peer.sh +%{_prefix}/lib/ocf/resource.d/linbit/drbd +%endif # with pacemaker + +# Dependencies for drbd-rgmanager are particularly awful. On RHEL 5 +# and prior (and corresponding Fedora releases), %{_datadir}/cluster +# was owned by rgmanager version 2, so we have to depend on that. +# +# With Red Hat Cluster 3.0.1 (around Fedora 12), the DRBD resource +# agent was merged in, and it became part of the resource-agents 3 +# package (which of course is different from resource-agents on all +# other platforms -- go figure). So for resource-agents >= 3, we must +# generally conflict. +# +# Then for RHEL 6, Red Hat in all their glory decided to keep the +# packaging scheme, but kicked DRBD out of the resource-agents +# package. Thus, for RHEL 6 specifically, we must not conflict with +# resource-agents >=3, but instead require it. +# +# The saga continues: +# In RHEL 6.1 they have listed the drbd resource agent as valid agent, +# but do not include it in their resource-agents package. -> So we +# drop any dependency regarding rgmanager's version. +# +# All of this for exactly two (2) files. +%if %{with rgmanager} +%package rgmanager +Summary: Red Hat Cluster Suite agent for DRBD +Group: System Environment/Base +Requires: %{name}-utils = %{version}-%{release} + +%description rgmanager +This package contains the DRBD resource agent for the Red Hat Cluster Suite +resource manager. + +As of Red Hat Cluster Suite 3.0.1, the DRBD resource agent is included +in the Cluster distribution. + +%files rgmanager +%defattr(755,root,root,-) +%{_datadir}/cluster/drbd.sh +%{_prefix}/lib/%{name}/rhcs_fence + +%defattr(-,root,root,-) +%{_datadir}/cluster/drbd.metadata +%endif # with rgmanager + +%if %{with heartbeat} +%package heartbeat +Summary: Heartbeat resource agent for DRBD +Group: System Environment/Base +Requires: %{name}-utils = %{version}-%{release} +License: GPLv2 + +%description heartbeat +This package contains the DRBD resource agents for the Heartbeat cluster +resource manager (in v1 compatibility mode). + +%files heartbeat +%defattr(755,root,root,-) +%{_sysconfdir}/ha.d/resource.d/drbddisk +%{_sysconfdir}/ha.d/resource.d/drbdupper + +%defattr(-,root,root,-) +%{_mandir}/man8/drbddisk.8.* +%endif # with heartbeat + +%if %{with bashcompletion} +%package bash-completion +Summary: Programmable bash completion support for drbdadm +Group: System Environment/Base +Requires: %{name}-utils = %{version}-%{release} + +%description bash-completion +This package contains programmable bash completion support for the drbdadm +management utility. + +%files bash-completion +%defattr(-,root,root,-) +%config(noreplace) %{_sysconfdir}/bash_completion.d/drbdadm* +%endif # with bashcompletion + + +%prep +%setup -q +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 +%patch0004 -p1 +%patch0005 -p1 +%patch0006 -p1 +%patch0007 -p1 +%patch0008 -p1 + +%build +%configure \ + --with-utils \ + --without-km \ + %{?_without_udev} \ + %{?_without_xen} \ + %{?_without_pacemaker} \ + %{?_without_heartbeat} \ + %{?_with_rgmanager} \ + %{?_without_bashcompletion} \ + %{?_without_legacy_utils} \ + --with-initdir=%{_initddir} +make %{?_smp_mflags} + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +install -m 755 -d %{buildroot}%{_unitdir} +install -m 644 -p -D %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + +%clean +rm -rf %{buildroot} + +%post utils +chkconfig --add drbd +%if %{without udev} +for i in `seq 0 15` ; do + test -b /dev/drbd$i || mknod -m 0660 /dev/drbd$i b 147 $i; +done +%endif #without udev + +%preun utils +if [ $1 -eq 0 ]; then + %{_initrddir}/drbd stop >/dev/null 2>&1 + /sbin/chkconfig --del drbd +fi + + +%changelog +* Tue Feb 5 2013 Philipp Reisner - 8.4.3-1 +- New upstream release. + +* Thu Sep 6 2012 Philipp Reisner - 8.4.2-1 +- New upstream release. + +* Tue Feb 21 2012 Lars Ellenberg - 8.4.1-2 +- Build fix for RHEL 6 and ubuntu lucid + +* Tue Dec 20 2011 Philipp Reisner - 8.4.1-1 +- New upstream release. + +* Wed Jul 15 2011 Philipp Reisner - 8.4.0-1 +- New upstream release. + +* Fri Jan 28 2011 Philipp Reisner - 8.3.10-1 +- New upstream release. + +* Fri Oct 22 2010 Philipp Reisner - 8.3.9-1 +- New upstream release. + +* Wed Jun 2 2010 Philipp Reisner - 8.3.8-1 +- New upstream release. + +* Thu Jan 13 2010 Philipp Reisner - 8.3.7-1 +- New upstream release. + +* Thu Nov 8 2009 Philipp Reisner - 8.3.6-1 +- New upstream release. + +* Thu Oct 27 2009 Philipp Reisner - 8.3.5-1 +- New upstream release. + +* Wed Oct 21 2009 Florian Haas - 8.3.4-12 +- Packaging makeover. + +* Thu Oct 6 2009 Philipp Reisner - 8.3.4-1 +- New upstream release. + +* Thu Oct 5 2009 Philipp Reisner - 8.3.3-1 +- New upstream release. + +* Fri Jul 3 2009 Philipp Reisner - 8.3.2-1 +- New upstream release. + +* Fri Mar 27 2009 Philipp Reisner - 8.3.1-1 +- New upstream release. + +* Thu Dec 18 2008 Philipp Reisner - 8.3.0-1 +- New upstream release. + +* Thu Nov 12 2008 Philipp Reisner - 8.2.7-1 +- New upstream release. + +* Fri May 30 2008 Philipp Reisner - 8.2.6-1 +- New upstream release. + +* Tue Feb 12 2008 Philipp Reisner - 8.2.5-1 +- New upstream release. + +* Fri Jan 11 2008 Philipp Reisner - 8.2.4-1 +- New upstream release. + +* Wed Jan 9 2008 Philipp Reisner - 8.2.3-1 +- New upstream release. + +* Fri Nov 2 2007 Philipp Reisner - 8.2.1-1 +- New upstream release. + +* Fri Sep 28 2007 Philipp Reisner - 8.2.0-1 +- New upstream release. + +* Mon Sep 3 2007 Philipp Reisner - 8.0.6-1 +- New upstream release. + +* Fri Aug 3 2007 Philipp Reisner - 8.0.5-1 +- New upstream release. + +* Wed Jun 27 2007 Philipp Reisner - 8.0.4-1 +- New upstream release. + +* Mon May 7 2007 Philipp Reisner - 8.0.3-1 +- New upstream release. + +* Fri Apr 6 2007 Philipp Reisner - 8.0.2-1 +- New upstream release. + +* Mon Mar 3 2007 Philipp Reisner - 8.0.1-1 +- New upstream release. + +* Wed Jan 24 2007 Philipp Reisner - 8.0.0-1 +- New upstream release. + diff --git a/drbd-tools/centos/files/drbd.service b/drbd-tools/centos/files/drbd.service new file mode 100644 index 0000000..8f9290c --- /dev/null +++ b/drbd-tools/centos/files/drbd.service @@ -0,0 +1,17 @@ +[Unit] +Description=Control drbd resources. +After=network.target sshd.service + +[Service] +Type=forking +Restart=no +KillMode=process +RemainAfterExit=yes +ExecStart=/etc/rc.d/init.d/drbd start +ExecStop=/etc/rc.d/init.d/drbd stop +ExecReload=/etc/rc.d/init.d/drbd reload +TimeoutSec=5min + +[Install] +WantedBy=multi-user.target + diff --git a/drbd-tools/centos/patches/0001-skip_wait_con_int_on_simplex.patch b/drbd-tools/centos/patches/0001-skip_wait_con_int_on_simplex.patch new file mode 100644 index 0000000..397c6c9 --- /dev/null +++ b/drbd-tools/centos/patches/0001-skip_wait_con_int_on_simplex.patch @@ -0,0 +1,18 @@ +--- + scripts/drbd | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/scripts/drbd ++++ b/scripts/drbd +@@ -185,7 +185,10 @@ case "$1" in + done + + [ -d /var/lock/subsys ] && touch /var/lock/subsys/drbd # for RedHat +- $DRBDADM wait-con-int # User interruptible version of wait-connect all ++ ++ if [ ! -e /etc/platform/simplex ] ; then # Skip if simplex ++ $DRBDADM wait-con-int # User interruptible version of wait-connect all ++ fi + + $DRBDADM sh-b-pri all # Become primary if configured + log_end_msg 0 diff --git a/drbd-tools/centos/patches/0002-drbd-conditional-crm-dependency.patch b/drbd-tools/centos/patches/0002-drbd-conditional-crm-dependency.patch new file mode 100644 index 0000000..2ef12ec --- /dev/null +++ b/drbd-tools/centos/patches/0002-drbd-conditional-crm-dependency.patch @@ -0,0 +1,26 @@ +Index: drbd-8.3.11/scripts/drbd.ocf +=================================================================== +--- drbd-8.3.11.orig/scripts/drbd.ocf ++++ drbd-8.3.11/scripts/drbd.ocf +@@ -202,13 +202,17 @@ do_drbdadm() { + } + + set_master_score() { +- # Use quiet mode (-Q) to quench logging. Actual score updates +- # will get logged by attrd anyway +- do_cmd ${HA_SBIN_DIR}/crm_master -Q -l reboot -v $1 ++ if [ -x ${HA_SBIN_DIR}/crm_master ]; then ++ # Use quiet mode (-Q) to quench logging. Actual score updates ++ # will get logged by attrd anyway ++ do_cmd ${HA_SBIN_DIR}/crm_master -Q -l reboot -v $1 ++ fi + } + + remove_master_score() { +- do_cmd ${HA_SBIN_DIR}/crm_master -l reboot -D ++ if [ -x ${HA_SBIN_DIR}/crm_master ]; then ++ do_cmd ${HA_SBIN_DIR}/crm_master -l reboot -D ++ fi + } + + _sh_status_process() { diff --git a/drbd-tools/centos/patches/0003-drbd_report_condition.patch b/drbd-tools/centos/patches/0003-drbd_report_condition.patch new file mode 100644 index 0000000..7103dc9 --- /dev/null +++ b/drbd-tools/centos/patches/0003-drbd_report_condition.patch @@ -0,0 +1,387 @@ +--- + scripts/drbd | 1 + scripts/drbd.ocf | 259 ++++++++++++++++++++++--------------------------------- + 2 files changed, 109 insertions(+), 151 deletions(-) + +--- a/scripts/drbd.ocf ++++ b/scripts/drbd.ocf +@@ -5,6 +5,8 @@ + # + # Copyright (c) 2009 LINBIT HA-Solutions GmbH, + # Copyright (c) 2009 Florian Haas, Lars Ellenberg ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. ++# + # Based on the Heartbeat drbd OCF Resource Agent by Lars Marowsky-Bree + # (though it turned out to be an almost complete rewrite) + # +@@ -216,20 +218,6 @@ do_drbdadm() { + return $ret + } + +-set_master_score() { +- if [ -x ${HA_SBIN_DIR}/crm_master ]; then +- # Use quiet mode (-Q) to quench logging. Actual score updates +- # will get logged by attrd anyway +- do_cmd ${HA_SBIN_DIR}/crm_master -Q -l reboot -v $1 +- fi +-} +- +-remove_master_score() { +- if [ -x ${HA_SBIN_DIR}/crm_master ]; then +- do_cmd ${HA_SBIN_DIR}/crm_master -l reboot -D +- fi +-} +- + _sh_status_process() { + # _volume not present should not happen, + # but may help make this agent work even if it talks to drbd 8.3. +@@ -242,6 +230,7 @@ _sh_status_process() { + DRBD_DSTATE_LOCAL[$_volume]=${_disk:-Unconfigured} + DRBD_DSTATE_REMOTE[$_volume]=${_pdsk:-DUnknown} + } ++ + drbd_set_status_variables() { + # drbdsetup sh-status prints these values to stdout, + # and then prints _sh_status_process. +@@ -322,119 +311,9 @@ maybe_outdate_self() + ocf_log notice "outdating $DRBD_RESOURCE: according to OCF_RESKEY_CRM_meta_notify_master_uname, '$host' is still master" + do_drbdadm outdate $DRBD_RESOURCE + +- # on some pacemaker versions, -INFINITY may cause resource instance stop/start. +- # But in this case that is ok, it may even clear the replication link +- # problem. +- set_master_score -INFINITY +- + return 0 + } + +-drbd_update_master_score() { +- # NOTE +- # there may be constraint scores from rules on role=Master, +- # that in some ways can add to the node attribute based master score we +- # specify below. If you think you want to add personal preferences, +- # in case the scores given by this RA do not suffice, this is the +- # value space you can work with: +- # -INFINITY: Do not promote. Really. Won't work anyways. +- # Too bad, at least with current (Oktober 2009) Pacemaker, +- # negative master scores cause instance stop; restart cycle :( +- # missing, zero: Do not promote. +- # I think my data is not good enough. +- # Though, of course, you may try, and it might even work. +- # 5: please, do not promote, unless this is your only option. +- # 10: promotion is probably a bad idea, our local data is no good, +- # you'd probably run into severe performance problems, and risk +- # application crashes or blocking IO in case you lose the +- # replication connection. +- # 1000: Ok to be promoted, we have good data locally (though we don't +- # know about the peer, so possibly it has even better data?). +- # You sould use the crm-fence-peer.sh handler or similar +- # mechanism to avoid data divergence. +- # 10000: Please promote me/keep me Primary. +- # I'm confident that my data is as good as it gets. +- # +- # For multi volume, we need to compare who is "better" a bit more sophisticated. +- # The ${XXX[*]//UpToDate}, without being in double quotes, results in a single space, +- # if all are UpToDate. +- : == DEBUG == ${DRBD_ROLE_LOCAL[*]}/${DRBD_DSTATE_LOCAL[*]//UpToDate/ }/${DRBD_DSTATE_REMOTE[*]//UpToDate/ }/ == +- case ${DRBD_ROLE_LOCAL[*]}/${DRBD_DSTATE_LOCAL[*]//UpToDate/ }/${DRBD_DSTATE_REMOTE[*]//UpToDate/ }/ in +- *Primary*/\ /*/) +- # I am Primary, all local disks are UpToDate +- set_master_score 10000 +- ;; +- */\ /*DUnknown*/) +- # all local disks are UpToDate, +- # but I'm not Primary, +- # and I'm not sure about the peer's disk state(s). +- # We may need to outdate ourselves? +- # But if we outdate in a MONITOR, and are disconnected +- # secondary because of a hard primary crash, before CRM noticed +- # that there is no more master, we'd make us utterly useless! +- # Trust that the primary will also notice the disconnect, +- # and will place an appropriate fencing constraint via +- # its fence-peer handler callback. +- set_master_score 1000 +- ;; +- */\ /*/) +- # We know something about our peer, which means that either the +- # replication link is established, or it was not even +- # consistent last time we talked to each other. +- # Also all our local disks are UpToDate, which means even if we are +- # currently synchronizing, we do so as SyncSource. +- set_master_score 10000 +- ;; +- +- */*/\ /) +- # At least one of our local disks is not up to date. +- # But our peer is ALL OK. +- # We can expect to have access to useful +- # data, but must expect degraded performance. +- set_master_score 10 +- ;; +- */*Attaching*/*/|\ +- */*Negotiating*/*/) +- # some transitional state. +- # just don't do anything +- : ;; +- +- Unconfigured*|\ +- */*Diskless*/*/|\ +- */*Failed*/*/|\ +- */*Inconsistent*/*/|\ +- */*Outdated*/*/) +- # ALWAYS put the cluster in MAINTENANCE MODE +- # if you add a volume to a live replication group, +- # because the new volume will typically come up as Inconsistent +- # the first time, which would cause a monitor to revoke the +- # master score! +- # +- # At least some of our local disks are not really useable. +- # Our peer is not all good either (or some previous case block +- # would have matched). We have no access to useful data. +- # DRBD would refuse to be promoted, anyways. +- # +- # set_master_score -INFINITY +- # Too bad, at least with current (Oktober 2009) Pacemaker, +- # negative master scores cause instance stop; restart cycle :( +- # Hope that this will suffice. +- remove_master_score +- ;; +- *) +- # All local disks seem to be Consistent. +- # They _may_ be up to date, or not. +- # We hope that fencing mechanisms have put constraints in +- # place, so we won't be promoted with stale data. +- # But in case this was a cluster crash, +- # at least allow _someone_ to be promoted. +- set_master_score 5 +- ;; +- esac +- +- return $OCF_SUCCESS +-} +- + is_drbd_enabled() { + test -f /proc/drbd + } +@@ -488,7 +367,103 @@ drbd_status() { + return $rc + } + +-# I'm sorry, but there is no $OCF_DEGRADED_MASTER or similar yet. ++drbd_condition() { ++ local status ++ local rc ++ ++ status=$1 ++ rc=$status ++ ++ if [ $status -ne $OCF_SUCCESS -a $status -ne $OCF_RUNNING_MASTER ] ++ then ++ return $rc ++ fi ++ ++ drbd_set_status_variables ++ ++ ocf_log info "${OCF_RESKEY_drbd_resource} ${DRBD_ROLE_LOCAL}/${DRBD_DSTATE_LOCAL}/${DRBD_DSTATE_REMOTE} ${DRBD_CSTATE}" ++ ++ case "${DRBD_DSTATE_LOCAL}" in ++ UpToDate) ++ case "${DRBD_CSTATE}" in ++ StandAlone) ++ rc=$OCF_DATA_STANDALONE ++ ocf_log info "${OCF_RESKEY_drbd_resource} standalone, attempting to reconnect." ++ do_drbdadm connect ${OCF_RESKEY_drbd_resource} ++ ;; ++ StartingSyncT | WFBitMapT | WFSyncUUID | SyncTarget | \ ++ PausedSyncT) ++ rc=$OCF_DATA_SYNC ++ #drbd-overview | grep -A 1 drbd-cgcs | grep sync\'ed | cut -f2,3 -d' ' ++ ocf_log info "${OCF_RESKEY_drbd_resource} syncing" ++ ;; ++ *) ++ ;; ++ esac ++ ;; ++ Consistent) ++ case "${DRBD_CSTATE}" in ++ StandAlone) ++ rc=$OCF_DATA_STANDALONE ++ ocf_log info "${OCF_RESKEY_drbd_resource} standalone, attempting to reconnect" ++ do_drbdadm connect ${OCF_RESKEY_drbd_resource} ++ ;; ++ *) ++ rc=$OCF_DATA_CONSISTENT ++ ocf_log info "${OCF_RESKEY_drbd_resource} consistent" ++ ;; ++ esac ++ ;; ++ Outdated) ++ rc=$OCF_DATA_OUTDATED ++ ocf_log info "${OCF_RESKEY_drbd_resource} outdated" ++ ;; ++ *) ++ case "${DRBD_CSTATE}" in ++ StandAlone) ++ rc=$OCF_DATA_STANDALONE ++ ocf_log info "${OCF_RESKEY_drbd_resource} standalone" ++ ;; ++ StartingSyncT | WFBitMapT | WFSyncUUID | SyncTarget | \ ++ PausedSyncT) ++ rc=$OCF_DATA_SYNC ++ ocf_log info "${OCF_RESKEY_drbd_resource} sync" ++ ;; ++ *) ++ rc=$OCF_DATA_INCONSISTENT ++ ocf_log info "${OCF_RESKEY_drbd_resource} inconsistent" ++ ;; ++ esac ++ ;; ++ esac ++ ++ if [ $status -eq $OCF_RUNNING_MASTER ] ++ then ++ if [ $rc -eq $OCF_DATA_INCONSISTENT ] ++ then ++ rc=$OCF_RUNNING_MASTER_DATA_INCONSISTENT ++ ++ elif [ $rc -eq $OCF_DATA_OUTDATED ] ++ then ++ rc=$OCF_RUNNING_MASTER_DATA_OUTDATED ++ ++ elif [ $rc -eq $OCF_DATA_CONSISTENT ] ++ then ++ rc=$OCF_RUNNING_MASTER_DATA_CONSISTENT ++ ++ elif [ $rc -eq $OCF_DATA_SYNC ] ++ then ++ rc=$OCF_RUNNING_MASTER_DATA_SYNC ++ ++ elif [ $rc -eq $OCF_DATA_STANDALONE ] ++ then ++ rc=$OCF_RUNNING_MASTER_DATA_STANDALONE ++ fi ++ fi ++ ++ return $rc ++} ++ + drbd_monitor() { + local status + +@@ -501,7 +476,8 @@ drbd_monitor() { + drbd_status + status=$? + +- drbd_update_master_score ++ drbd_condition $status ++ status=$? + + return $status + } +@@ -578,7 +554,8 @@ drbd_start() { + # "running" already, anyways, right? + figure_out_drbd_peer_uname + do_drbdadm $DRBD_TO_PEER adjust $DRBD_RESOURCE +- rc=$OCF_SUCCESS ++ drbd_condition $OCF_SUCCESS ++ rc=$? + break + ;; + $OCF_NOT_RUNNING) +@@ -606,9 +583,6 @@ drbd_start() { + $first_try || sleep 1 + first_try=false + done +- # in case someone does not configure monitor, +- # we must at least call it once after start. +- drbd_update_master_score + + return $rc + } +@@ -642,7 +616,8 @@ drbd_promote() { + break + ;; + $OCF_RUNNING_MASTER) +- rc=$OCF_SUCCESS ++ drbd_condition $OCF_SUCCESS ++ rc=$? + break + esac + $first_try || sleep 1 +@@ -666,7 +641,8 @@ drbd_demote() { + status=$? + case "$status" in + $OCF_SUCCESS) +- rc=$OCF_SUCCESS ++ drbd_condition $OCF_SUCCESS ++ rc=$? + break + ;; + $OCF_NOT_RUNNING) +@@ -718,14 +694,9 @@ drbd_stop() { + # outdate myself in drbd on-disk meta data. + maybe_outdate_self + +- # do not let old master scores laying around. +- # they may confuse crm if this node was set to standby. +- remove_master_score +- + return $rc + } + +- + drbd_notify() { + local n_type=$OCF_RESKEY_CRM_meta_notify_type + local n_op=$OCF_RESKEY_CRM_meta_notify_operation +@@ -760,7 +731,6 @@ drbd_notify() { + # After something has been done is a good time to + # recheck our status: + drbd_set_status_variables +- drbd_update_master_score + + : == DEBUG == ${DRBD_DSTATE_REMOTE[*]} == + case ${DRBD_DSTATE_REMOTE[*]} in +@@ -793,17 +763,6 @@ ls_stat_is_block_maj_147() { + [[ $1 = b* ]] && [[ $5 == 147,* ]] + } + +-check_crm_feature_set() +-{ +- set -- ${OCF_RESKEY_crm_feature_set//[!0-9]/ } +- local a=${1:-0} b=${2:-0} c=${3:-0} +- +- (( a > 3 )) || +- (( a == 3 && b > 0 )) || +- (( a == 3 && b == 0 && c > 0 )) || +- ocf_log warn "You may be disappointed: This RA is intended for pacemaker 1.0 or better!" +-} +- + drbd_validate_all () { + DRBDADM="drbdadm" + DRBDSETUP="drbdsetup" +@@ -821,7 +780,6 @@ drbd_validate_all () { + if (( $DRBDADM_VERSION_CODE >= 0x080400 )); then + DRBD_HAS_MULTI_VOLUME=true + fi +- check_crm_feature_set + + # Check clone and M/S options. + meta_expect clone-max -le 2 +@@ -890,7 +848,6 @@ drbd_validate_all () { + # hm. probably misconfigured constraint somewhere. + # sorry. don't retry anywhere. + ocf_log err "DRBD resource ${DRBD_RESOURCE} not found in configuration file ${OCF_RESKEY_drbdconf}." +- remove_master_score + return $OCF_ERR_INSTALLED + fi + fi +--- a/scripts/drbd ++++ b/scripts/drbd +@@ -4,6 +4,7 @@ + # description: Loads and unloads the drbd module + # + # Copyright 2001-2010 LINBIT ++# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. + # + # Philipp Reisner, Lars Ellenberg + # diff --git a/drbd-tools/centos/patches/0004-drbdadm-ipaddr-change.patch b/drbd-tools/centos/patches/0004-drbdadm-ipaddr-change.patch new file mode 100644 index 0000000..a2bb2a2 --- /dev/null +++ b/drbd-tools/centos/patches/0004-drbdadm-ipaddr-change.patch @@ -0,0 +1,132 @@ +Index: git/user/drbdadm_adjust.c +=================================================================== +--- git.orig/user/drbdadm_adjust.c ++++ git/user/drbdadm_adjust.c +@@ -157,6 +157,7 @@ static int opts_equal(struct context_def + static int addr_equal(struct d_resource* conf, struct d_resource* running) + { + int equal; ++ char *peer_addr, *peer_af, *peer_port; + + if (conf->peer == NULL && running->peer == NULL) return 1; + if (running->peer == NULL) return 0; +@@ -165,16 +166,29 @@ static int addr_equal(struct d_resource* + !strcmp(conf->me->port, running->me->port) && + !strcmp(conf->me->address_family, running->me->address_family); + +- if(conf->me->proxy) +- equal = equal && +- !strcmp(conf->me->proxy->inside_addr, running->peer->address) && +- !strcmp(conf->me->proxy->inside_port, running->peer->port) && +- !strcmp(conf->me->proxy->inside_af, running->peer->address_family); +- else +- equal = equal && conf->peer && +- !strcmp(conf->peer->address, running->peer->address) && +- !strcmp(conf->peer->port, running->peer->port) && +- !strcmp(conf->peer->address_family, running->peer->address_family); ++ if(conf->me->proxy) { ++ peer_addr = conf->me->proxy->inside_addr; ++ peer_port = conf->me->proxy->inside_port; ++ peer_af = conf->me->proxy->inside_af; ++ } else { ++ peer_addr = conf->peer->address; ++ peer_port = conf->peer->port; ++ peer_af = conf->peer->address_family; ++ } ++ ++ equal = equal && conf->peer && ++ !strcmp(peer_addr, running->peer->address) && ++ !strcmp(peer_port, running->peer->port) && ++ !strcmp(peer_af, running->peer->address_family); ++ ++ if (verbose > 2) ++ fprintf(stderr, "Network addresses differ:\n" ++ "\trunning: %s:%s:%s -- %s:%s:%s\n" ++ "\t config: %s:%s:%s -- %s:%s:%s\n", ++ running->me->address_family, running->me->address, running->me->port, ++ running->peer->address_family, running->peer->address, running->peer->port, ++ conf->me->address_family, conf->me->address, conf->me->port, ++ peer_af, peer_addr, peer_port); + + return equal; + } +@@ -690,8 +704,7 @@ int adm_adjust(struct cfg_ctx *ctx) + if (ctx->res->me->proxy && can_do_proxy) + do_connect |= proxy_reconf(ctx, running); + +- if (do_connect && running) +- do_disconnect = running->net_options != NULL; ++ do_disconnect = do_connect && running && (running->peer || running->net_options); + + if (do_res_options) + schedule_deferred_cmd(adm_set_default_res_options, ctx, "resource-options", CFG_RESOURCE); +@@ -716,8 +729,12 @@ int adm_adjust(struct cfg_ctx *ctx) + } + + if (do_connect) { +- if (do_disconnect && ctx->res->peer) +- schedule_deferred_cmd(adm_disconnect, ctx, "disconnect", CFG_NET_PREREQ); ++ /* "disconnect" specifying the end-point addresses currently in-use, ++ * before "connect"ing with the addresses currently in-config-file. */ ++ if (do_disconnect) { ++ struct cfg_ctx tmp_ctx = { .res = running, .vol = vol, }; ++ schedule_deferred_cmd(adm_disconnect, &tmp_ctx, "disconnect", CFG_NET_PREREQ); ++ } + schedule_deferred_cmd(adm_connect, ctx, "connect", CFG_NET); + do_net_options = 0; + } +Index: git/user/legacy/drbdadm_adjust.c +=================================================================== +--- git.orig/user/legacy/drbdadm_adjust.c ++++ git/user/legacy/drbdadm_adjust.c +@@ -133,6 +133,7 @@ static int opts_equal(struct d_option* c + static int addr_equal(struct d_resource* conf, struct d_resource* running) + { + int equal; ++ char *peer_addr, *peer_af, *peer_port; + + if (conf->peer == NULL && running->peer == NULL) return 1; + if (running->peer == NULL) return 0; +@@ -141,18 +142,31 @@ static int addr_equal(struct d_resource* + !strcmp(conf->me->port, running->me->port) && + !strcmp(conf->me->address_family, running->me->address_family); + +- if(conf->me->proxy) +- equal = equal && +- !strcmp(conf->me->proxy->inside_addr, running->peer->address) && +- !strcmp(conf->me->proxy->inside_port, running->peer->port) && +- !strcmp(conf->me->proxy->inside_af, running->peer->address_family); +- else +- equal = equal && conf->peer && +- !strcmp(conf->peer->address, running->peer->address) && +- !strcmp(conf->peer->port, running->peer->port) && +- !strcmp(conf->peer->address_family, running->peer->address_family); ++ if(conf->me->proxy) { ++ peer_addr = conf->me->proxy->inside_addr; ++ peer_port = conf->me->proxy->inside_port; ++ peer_af = conf->me->proxy->inside_af; ++ } else { ++ peer_addr = conf->peer->address; ++ peer_port = conf->peer->port; ++ peer_af = conf->peer->address_family; ++ } ++ ++ equal = equal && conf->peer && ++ !strcmp(peer_addr, running->peer->address) && ++ !strcmp(peer_port, running->peer->port) && ++ !strcmp(peer_af, running->peer->address_family); ++ ++ if (verbose > 2) ++ fprintf(stderr, "Network addresses differ:\n" ++ "\trunning: %s:%s:%s -- %s:%s:%s\n" ++ "\t config: %s:%s:%s -- %s:%s:%s\n", ++ running->me->address_family, running->me->address, running->me->port, ++ running->peer->address_family, running->peer->address, running->peer->port, ++ conf->me->address_family, conf->me->address, conf->me->port, ++ peer_af, peer_addr, peer_port); + +- return equal; ++ return equal; + } + + static int proto_equal(struct d_resource* conf, struct d_resource* running) diff --git a/drbd-tools/centos/patches/0005-drbd_reconnect_standby_standalone.patch b/drbd-tools/centos/patches/0005-drbd_reconnect_standby_standalone.patch new file mode 100644 index 0000000..30444c7 --- /dev/null +++ b/drbd-tools/centos/patches/0005-drbd_reconnect_standby_standalone.patch @@ -0,0 +1,34 @@ +Index: git/scripts/drbd.ocf +=================================================================== +--- git.orig/scripts/drbd.ocf ++++ git/scripts/drbd.ocf +@@ -418,6 +418,29 @@ drbd_condition() { + rc=$OCF_DATA_OUTDATED + ocf_log info "${OCF_RESKEY_drbd_resource} outdated" + ;; ++ Inconsistent) ++ case "${DRBD_CSTATE}" in ++ StandAlone) ++ rc=$OCF_DATA_STANDALONE ++ if [ $status -eq $OCF_SUCCESS ] ++ then ++ ocf_log info "${OCF_RESKEY_drbd_resource} standby standalone, attempting to reconnect." ++ do_drbdadm connect ${OCF_RESKEY_drbd_resource} ++ else ++ ocf_log info "${OCF_RESKEY_drbd_resource} standalone" ++ fi ++ ;; ++ StartingSyncT | WFBitMapT | WFSyncUUID | SyncTarget | \ ++ PausedSyncT) ++ rc=$OCF_DATA_SYNC ++ ocf_log info "${OCF_RESKEY_drbd_resource} sync" ++ ;; ++ *) ++ rc=$OCF_DATA_INCONSISTENT ++ ocf_log info "${OCF_RESKEY_drbd_resource} inconsistent" ++ ;; ++ esac ++ ;; + *) + case "${DRBD_CSTATE}" in + StandAlone) diff --git a/drbd-tools/centos/patches/0006-avoid-kernel-userspace-version-check.patch b/drbd-tools/centos/patches/0006-avoid-kernel-userspace-version-check.patch new file mode 100644 index 0000000..8cd3cc7 --- /dev/null +++ b/drbd-tools/centos/patches/0006-avoid-kernel-userspace-version-check.patch @@ -0,0 +1,55 @@ +From ea19e3020367cfaf6da20dd690433ee72a24120c Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Mon, 2 May 2016 15:17:54 -0400 +Subject: [PATCH 1/1] Avoid kernel/userspace version check + +--- + user/drbdadm_usage_cnt.c | 32 +------------------------------- + 1 file changed, 1 insertion(+), 31 deletions(-) + +diff --git a/user/drbdadm_usage_cnt.c b/user/drbdadm_usage_cnt.c +index ff6d5c8..c6cb4ad 100644 +--- a/user/drbdadm_usage_cnt.c ++++ b/user/drbdadm_usage_cnt.c +@@ -244,37 +244,7 @@ static int vcs_ver_cmp(struct vcs_rel *rev1, struct vcs_rel *rev2) + + void warn_on_version_mismatch(void) + { +- char *msg; +- int cmp; +- +- /* get the kernel module version from /proc/drbd */ +- vcs_get_current(); +- +- /* get the userland version from REL_VERSION */ +- vcs_get_userland(); +- +- cmp = vcs_ver_cmp(&userland_version, ¤t_vcs_rel); +- /* no message if equal */ +- if (cmp == 0) +- return; +- if (cmp > 0xffff || cmp < -0xffff) /* major version differs! */ +- msg = "mixing different major numbers will not work!"; +- else if (cmp < 0) /* userland is older. always warn. */ +- msg = "you should upgrade your drbd tools!"; +- else if (cmp & 0xff00) /* userland is newer minor version */ +- msg = "please don't mix different DRBD series."; +- else /* userland is newer, but only differ in sublevel. */ +- msg = "preferably kernel and userland versions should match."; +- +- fprintf(stderr, "DRBD module version: %u.%u.%u\n" +- " userland version: %u.%u.%u\n%s\n", +- current_vcs_rel.version.major, +- current_vcs_rel.version.minor, +- current_vcs_rel.version.sublvl, +- userland_version.version.major, +- userland_version.version.minor, +- userland_version.version.sublvl, +- msg); ++ return; + } + + void add_lib_drbd_to_path(void) +-- +1.8.3.1 + diff --git a/drbd-tools/centos/patches/0007-Update-OCF-to-attempt-connect-in-certain-states.patch b/drbd-tools/centos/patches/0007-Update-OCF-to-attempt-connect-in-certain-states.patch new file mode 100644 index 0000000..9ff4001 --- /dev/null +++ b/drbd-tools/centos/patches/0007-Update-OCF-to-attempt-connect-in-certain-states.patch @@ -0,0 +1,40 @@ +From 5677e262d5b3f5ecc114f1aace4ffd77a7772282 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Tue, 21 Feb 2017 12:37:02 -0500 +Subject: [PATCH] Update OCF to attempt connect in certain states + +--- + scripts/drbd.ocf | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/scripts/drbd.ocf b/scripts/drbd.ocf +index 0e26ea9..84332b0 100644 +--- a/scripts/drbd.ocf ++++ b/scripts/drbd.ocf +@@ -415,8 +415,21 @@ drbd_condition() { + esac + ;; + Outdated) +- rc=$OCF_DATA_OUTDATED +- ocf_log info "${OCF_RESKEY_drbd_resource} outdated" ++ case "${DRBD_CSTATE}" in ++ StandAlone) ++ rc=$OCF_DATA_STANDALONE ++ if [ $status -eq $OCF_SUCCESS ] ++ then ++ ocf_log info "${OCF_RESKEY_drbd_resource} outdated standalone, attempting to reconnect." ++ do_drbdadm -- --discard-my-data connect ${OCF_RESKEY_drbd_resource} ++ else ++ ocf_log info "${OCF_RESKEY_drbd_resource} outdated" ++ fi ++ ;; ++ *) ++ rc=$OCF_DATA_OUTDATED ++ ocf_log info "${OCF_RESKEY_drbd_resource} outdated" ++ esac + ;; + Inconsistent) + case "${DRBD_CSTATE}" in +-- +1.8.3.1 + diff --git a/drbd-tools/centos/patches/0008-Increase-short-cmd-timeout-to-15-secs.patch b/drbd-tools/centos/patches/0008-Increase-short-cmd-timeout-to-15-secs.patch new file mode 100644 index 0000000..097e975 --- /dev/null +++ b/drbd-tools/centos/patches/0008-Increase-short-cmd-timeout-to-15-secs.patch @@ -0,0 +1,25 @@ +From 100b44d99b0bcbac92abd2122becbfd88d155e09 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Wed, 22 Nov 2017 20:45:28 -0500 +Subject: [PATCH] Increase short cmd timeout to 15 secs + +--- + user/drbdadm_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/user/drbdadm_main.c b/user/drbdadm_main.c +index b89e91a..19c5a44 100644 +--- a/user/drbdadm_main.c ++++ b/user/drbdadm_main.c +@@ -1467,7 +1467,7 @@ void m__system(char **argv, int flags, const char *res_name, pid_t *kid, int *fd + alarm_raised = 0; + switch (flags & SLEEPS_MASK) { + case SLEEPS_SHORT: +- timeout = 5; ++ timeout = 15; + break; + case SLEEPS_LONG: + timeout = COMM_TIMEOUT + 1; +-- +1.8.3.1 + diff --git a/drbd/PKG-INFO b/drbd/PKG-INFO new file mode 100644 index 0000000..667707a --- /dev/null +++ b/drbd/PKG-INFO @@ -0,0 +1,16 @@ +Metadata-Version: 1.1 +Name: drbd-kernel +Version: 8.4.7 +Summary: Kernel driver for DRBD +Home-page: +Author: +Author-email: +License: GPLv2+ + +Description: +This module is the kernel-dependent driver for DRBD. This is split out so +that multiple kernel driver versions can be installed, one for each +installed kernel. + + +Platform: UNKNOWN diff --git a/drbd/centos/build_srpm.data b/drbd/centos/build_srpm.data new file mode 100644 index 0000000..0e3d42e --- /dev/null +++ b/drbd/centos/build_srpm.data @@ -0,0 +1,4 @@ +COPY_LIST="$FILES_BASE/* \ + $DISTRO/patches/* \ + $CGCS_BASE/downloads/drbd-8.4.7-1.tar.gz" +TIS_PATCH_VER=3 diff --git a/drbd/centos/drbd-kernel.spec b/drbd/centos/drbd-kernel.spec new file mode 100644 index 0000000..dd88cfc --- /dev/null +++ b/drbd/centos/drbd-kernel.spec @@ -0,0 +1,159 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name drbd + +Name: drbd-kernel%{?bt_ext} +Summary: Kernel driver for DRBD +Version: 8.4.7 +%define upstream_release 1 +Release: %{upstream_release}%{?_tis_dist}.%{tis_patch_ver} +%global tarball_version %(echo "%{version}-%{?upstream_release}" | sed -e "s,%{?dist}$,,") +Group: System Environment/Kernel +License: GPLv2+ +Summary: %{kmod_name} kernel module(s) + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: http://oss.linbit.com/drbd/drbd-%{tarball_version}.tar.gz + +# WRS +Patch0001: 0001-remove_bind_before_connect_error.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +Summary: drbd kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: drbd-kernel = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod +BuildRequires: kernel%{?bt_ext}-devel + +%description +This module is the kernel-dependent driver for DRBD. This is split out so +that multiple kernel driver versions can be installed, one for each +installed kernel. + +%package -n kmod-drbd%{?bt_ext} +Summary: drbd kernel module(s) +%description -n kmod-drbd%{?bt_ext} +This module is the kernel-dependent driver for DRBD. This is split out so +that multiple kernel driver versions can be installed, one for each +installed kernel. + +%post -n kmod-drbd%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/drbd | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." +%preun -n kmod-drbd%{?bt_ext} +rpm -ql kmod-drbd%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-drbd%{?bt_ext}-modules +%postun -n kmod-drbd%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-drbd%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-drbd%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." +%files -n kmod-drbd%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/drbd.conf +%doc /usr/share/doc/kmod-drbd-%{version}/ + + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%prep +%setup -q -n drbd-%{tarball_version} +%patch0001 -p1 + +%build +rm -rf obj +mkdir obj +ln -s ../scripts obj/ +cp -r drbd obj/default +make -C obj/default %{_smp_mflags} all KDIR=/usr/src/kernels/%{kversion} + +%install +pwd +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} obj/default/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} ChangeLog %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} COPYING %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +mv obj/default/.kernel.config.gz obj/k-config-$kernelrelease.gz +%{__install} obj/k-config-$kernelrelease.gz %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ + +echo "override drbd * weak-updates" > %{buildroot}%{_sysconfdir}/depmod.d/drbd.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Wed Dec 16 2015 Philipp Reisner - 8.4.7-1 +- New upstream release. + +* Wed Sep 16 2015 Lars Ellenberg - 8.4.6-5 +- New upstream release. + +* Thu Jul 30 2015 Lars Ellenberg - 8.4.6-4 +- New upstream release. + +* Fri Apr 3 2015 Philipp Reisner - 8.4.6-1 +- New upstream release. + +* Mon Jun 2 2014 Philipp Reisner - 8.4.5-1 +- New upstream release. + +* Fri Oct 11 2013 Philipp Reisner - 8.4.4-1 +- New upstream release. + +* Tue Feb 5 2013 Philipp Reisner - 8.4.3-1 +- New upstream release. + +* Thu Sep 6 2012 Philipp Reisner - 8.4.2-1 +- New upstream release. + +* Tue Dec 20 2011 Philipp Reisner - 8.4.1-1 +- New upstream release. + +* Mon Jul 18 2011 Philipp Reisner - 8.4.0-1 +- New upstream release. + +* Fri Jan 28 2011 Philipp Reisner - 8.3.10-1 +- New upstream release. + +* Thu Nov 25 2010 Andreas Gruenbacher - 8.3.9-1 +- Convert to a Kernel Module Package. diff --git a/drbd/centos/files/filelist-redhat b/drbd/centos/files/filelist-redhat new file mode 100644 index 0000000..28a2f99 --- /dev/null +++ b/drbd/centos/files/filelist-redhat @@ -0,0 +1,11 @@ +%defattr(644,root,root,755) +%doc COPYING +%doc ChangeLog +%if 0%(grep -q "release 5" /etc/redhat-release && echo 1) +/lib/modules/%verrel%variant +%doc obj/k-config-%verrel%variant.gz +%else +/lib/modules/%verrel%dotvariant +%doc obj/k-config-%verrel%dotvariant.gz +%endif +%config /etc/depmod.d/drbd.conf diff --git a/drbd/centos/patches/0001-remove_bind_before_connect_error.patch b/drbd/centos/patches/0001-remove_bind_before_connect_error.patch new file mode 100644 index 0000000..2060d51 --- /dev/null +++ b/drbd/centos/patches/0001-remove_bind_before_connect_error.patch @@ -0,0 +1,12 @@ +Index: drbd-8.4.7-1/drbd/drbd_receiver.c +=================================================================== +--- drbd-8.4.7-1.orig/drbd/drbd_receiver.c ++++ drbd-8.4.7-1/drbd/drbd_receiver.c +@@ -718,6 +718,7 @@ out: + /* peer not (yet) available, network problem */ + case ECONNREFUSED: case ENETUNREACH: + case EHOSTDOWN: case EHOSTUNREACH: ++ case EADDRNOTAVAIL: + disconnect_on_error = 0; + break; + default: diff --git a/haproxy/PKG-INFO b/haproxy/PKG-INFO new file mode 100644 index 0000000..2f1d821 --- /dev/null +++ b/haproxy/PKG-INFO @@ -0,0 +1,15 @@ +Metadata-Version: 1.1 +Name: haproxy +Version: 1.5.18 +Summary: Abstract asynchronous event notification library +Home-page: +Author: +Author-email: +License: GPLv2+ + +Description: +HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high +availability environments. + + +Platform: UNKNOWN diff --git a/haproxy/centos/build_srpm.data b/haproxy/centos/build_srpm.data new file mode 100644 index 0000000..b768bf6 --- /dev/null +++ b/haproxy/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="haproxy/*" +TIS_PATCH_VER=7 diff --git a/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..2e71baa --- /dev/null +++ b/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From 79f025b91d461a948ca6449eb25a11a6c89144b5 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 7/7] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/haproxy.spec +--- + SPECS/haproxy.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index c1547ef..097aa79 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -8,7 +8,7 @@ + + Name: haproxy + Version: 1.5.18 +-Release: 6%{?dist} ++Release: 6.el7%{?_tis_dist}.%{tis_patch_ver} + Summary: TCP/HTTP proxy and load balancer for high availability environments + + Group: System Environment/Daemons +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/PATCH_ORDER b/haproxy/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..87bd6af --- /dev/null +++ b/haproxy/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,7 @@ +spec-include-TiS-config.patch +haproxy-spec-add-init-script.patch +spec-add-haproxy-env-var-patch.patch +meta_remove_bad_logrotate.patch +haproxy-service-file.patch +meta_add_support_for_tpm.patch +0001-Update-package-versioning-for-TIS-format.patch diff --git a/haproxy/centos/meta_patches/haproxy-service-file.patch b/haproxy/centos/meta_patches/haproxy-service-file.patch new file mode 100644 index 0000000..179b7d5 --- /dev/null +++ b/haproxy/centos/meta_patches/haproxy-service-file.patch @@ -0,0 +1,26 @@ +From c4d74c67ee001af849e7a30e824cc0f8e38ef948 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 5/7] WRS: haproxy-service-file.patch + +--- + SOURCES/haproxy.service | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service +index 2d4c954..c2f1086 100644 +--- a/SOURCES/haproxy.service ++++ b/SOURCES/haproxy.service +@@ -4,7 +4,8 @@ After=syslog.target network.target + + [Service] + EnvironmentFile=/etc/sysconfig/haproxy +-ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS ++ExecStart=/etc/init.d/haproxy start ++ExecStop=/etc/init.d/haproxy stop + ExecReload=/bin/kill -USR2 $MAINPID + KillMode=mixed + +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch b/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch new file mode 100644 index 0000000..d38a4fc --- /dev/null +++ b/haproxy/centos/meta_patches/haproxy-spec-add-init-script.patch @@ -0,0 +1,47 @@ +From 959767df3285a81f1c5650018ed846fe90a68c9d Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 2/7] WRS: haproxy-spec-add-init-script.patch + +--- + SPECS/haproxy.spec | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index 42ddeb0..cbd9161 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -21,6 +21,7 @@ Source2: %{name}.cfg + Source3: %{name}.logrotate + Source4: %{name}.sysconfig + Source5: halog.1 ++Source10: %{name}.sh + + # WRS + Source6: 503.http +@@ -81,11 +82,14 @@ popd + %{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628" + %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} + ++mkdir -p /etc/init.d ++ + %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg + %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} + %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 ++%{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name} + %{__install} -d -m 0755 %{buildroot}%{haproxy_home} + %{__install} -d -m 0755 %{buildroot}%{haproxy_datadir} + %{__install} -d -m 0755 %{buildroot}%{_bindir} +@@ -149,6 +153,7 @@ fi + %{_bindir}/halog + %{_bindir}/iprange + %{_mandir}/man1/* ++/etc/init.d/%{name} + %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} + + # WRS +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch b/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch new file mode 100644 index 0000000..a87dd87 --- /dev/null +++ b/haproxy/centos/meta_patches/meta_add_support_for_tpm.patch @@ -0,0 +1,42 @@ +From a5329bf1468f55c8d6b983e5999c12139dc7479d Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 6/7] WRS: meta_add_support_for_tpm.patch + +--- + SPECS/haproxy.spec | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index 3d112e0..c1547ef 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -30,6 +30,7 @@ Patch1: iprange-return-type.patch + Patch2: haproxy-tcp-user-timeout.patch + Patch3: haproxy-systemd-wrapper-exit-code.patch + Patch4: haproxy-env-var.patch ++Patch5: haproxy-tpm-support.patch + + BuildRequires: pcre-devel + BuildRequires: zlib-devel +@@ -41,6 +42,9 @@ Requires(post): systemd + Requires(preun): systemd + Requires(postun): systemd + ++Requires: tpm2-openssl-engine ++ ++ + %description + HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high + availability environments. Indeed, it can: +@@ -62,6 +66,7 @@ availability environments. Indeed, it can: + %patch2 -p1 + %patch3 -p1 + %patch4 -p1 ++%patch5 -p1 + + %build + regparm_opts= +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch b/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch new file mode 100644 index 0000000..f99a423 --- /dev/null +++ b/haproxy/centos/meta_patches/meta_remove_bad_logrotate.patch @@ -0,0 +1,40 @@ +From 3eac39ba534b92dbcb3a898442b09be7acc389bb Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 4/7] WRS: meta_remove_bad_logrotate.patch + +--- + SPECS/haproxy.spec | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index af94d46..3d112e0 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -18,7 +18,6 @@ URL: http://www.haproxy.org/ + Source0: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz + Source1: %{name}.service + Source2: %{name}.cfg +-Source3: %{name}.logrotate + Source4: %{name}.sysconfig + Source5: halog.1 + Source10: %{name}.sh +@@ -88,7 +87,6 @@ mkdir -p /etc/init.d + + %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + %{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg +-%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} + %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 + %{__install} -p -D -m 0755 %{SOURCE10} %{buildroot}/etc/init.d/%{name} +@@ -147,7 +145,6 @@ fi + %dir %{haproxy_datadir} + %{haproxy_datadir}/* + %config(noreplace) %{haproxy_confdir}/%{name}.cfg +-%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} + %config(noreplace) %{_sysconfdir}/sysconfig/%{name} + %{_unitdir}/%{name}.service + %{_sbindir}/%{name} +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch b/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch new file mode 100644 index 0000000..95eb17e --- /dev/null +++ b/haproxy/centos/meta_patches/spec-add-haproxy-env-var-patch.patch @@ -0,0 +1,32 @@ +From 2e37207c026047e2ce1bc9a5278faddfea81c011 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 3/7] WRS: spec-add-haproxy-env-var-patch.patch + +--- + SPECS/haproxy.spec | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index cbd9161..af94d46 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -30,6 +30,7 @@ Patch0: halog-unused-variables.patch + Patch1: iprange-return-type.patch + Patch2: haproxy-tcp-user-timeout.patch + Patch3: haproxy-systemd-wrapper-exit-code.patch ++Patch4: haproxy-env-var.patch + + BuildRequires: pcre-devel + BuildRequires: zlib-devel +@@ -61,6 +62,7 @@ availability environments. Indeed, it can: + %patch1 -p0 + %patch2 -p1 + %patch3 -p1 ++%patch4 -p1 + + %build + regparm_opts= +-- +1.9.1 + diff --git a/haproxy/centos/meta_patches/spec-include-TiS-config.patch b/haproxy/centos/meta_patches/spec-include-TiS-config.patch new file mode 100644 index 0000000..3cff884 --- /dev/null +++ b/haproxy/centos/meta_patches/spec-include-TiS-config.patch @@ -0,0 +1,58 @@ +From 419d06285552bc31dce214d37edb925b4a82c68b Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:12:36 -0400 +Subject: [PATCH 1/7] WRS: spec-include-TiS-config.patch + +--- + SPECS/haproxy.spec | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec +index b4dde9e..42ddeb0 100644 +--- a/SPECS/haproxy.spec ++++ b/SPECS/haproxy.spec +@@ -22,6 +22,9 @@ Source3: %{name}.logrotate + Source4: %{name}.sysconfig + Source5: halog.1 + ++# WRS ++Source6: 503.http ++ + Patch0: halog-unused-variables.patch + Patch1: iprange-return-type.patch + Patch2: haproxy-tcp-user-timeout.patch +@@ -79,7 +82,7 @@ popd + %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} + + %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +-%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg ++%{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg + %{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} + %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} + %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 +@@ -106,6 +109,11 @@ do + %{__rm} -f $textfile.old + done + ++# WRS ++%{__install} -d 755 %{buildroot}/etc/haproxy/errors/ ++%{__install} -m 755 %{SOURCE6} %{buildroot}/etc/haproxy/errors/503.http ++ ++ + %pre + getent group %{haproxy_group} >/dev/null || groupadd -f -g 188 -r %{haproxy_group} + if ! getent passwd %{haproxy_user} >/dev/null ; then +@@ -143,6 +151,10 @@ fi + %{_mandir}/man1/* + %attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home} + ++# WRS ++%dir /etc/haproxy/errors/ ++/etc/haproxy/errors/* ++ + %changelog + * Mon May 01 2017 Ryan O'Hara - 1.5.18-6 + - Use KillMode=mixed in systemd service file (#1444709) +-- +1.9.1 + diff --git a/haproxy/centos/srpm_path b/haproxy/centos/srpm_path new file mode 100644 index 0000000..fb995db --- /dev/null +++ b/haproxy/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/haproxy-1.5.18-6.el7.src.rpm diff --git a/haproxy/haproxy/503.http b/haproxy/haproxy/503.http new file mode 100644 index 0000000..367d425 --- /dev/null +++ b/haproxy/haproxy/503.http @@ -0,0 +1,9 @@ +HTTP/1.0 503 Service Unavailable +Cache-Control: no-cache +Connection: close +Content-Type: text/html + +

503 Service Unavailable

+No server is available to handle this request. + + diff --git a/haproxy/haproxy/haproxy-env-var.patch b/haproxy/haproxy/haproxy-env-var.patch new file mode 100644 index 0000000..93d1749 --- /dev/null +++ b/haproxy/haproxy/haproxy-env-var.patch @@ -0,0 +1,245 @@ +Index: haproxy-1.5.11/src/cfgparse.c +=================================================================== +--- haproxy-1.5.11.orig/src/cfgparse.c ++++ haproxy-1.5.11/src/cfgparse.c +@@ -5789,12 +5789,19 @@ out: + */ + int readcfgfile(const char *file) + { +- char thisline[LINESIZE]; ++ char *thisline; ++ int linesize = LINESIZE; + FILE *f; + int linenum = 0; + int err_code = 0; + struct cfg_section *cs = NULL; + struct cfg_section *ics; ++ int readbytes = 0; ++ ++ if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) { ++ Alert("parsing [%s] : out of memory.\n", file); ++ return -1; ++ } + + /* Register internal sections */ + if (!cfg_register_section("listen", cfg_parse_listen) || +@@ -5810,11 +5817,14 @@ int readcfgfile(const char *file) + if ((f=fopen(file,"r")) == NULL) + return -1; + +- while (fgets(thisline, sizeof(thisline), f) != NULL) { ++next_line: ++ while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) { + int arg, kwm = KWM_STD; + char *end; + char *args[MAX_LINE_ARGS + 1]; + char *line = thisline; ++ int dquote = 0; /* double quote */ ++ int squote = 0; /* simple quote */ + + linenum++; + +@@ -5824,11 +5834,25 @@ int readcfgfile(const char *file) + /* Check if we reached the limit and the last char is not \n. + * Watch out for the last line without the terminating '\n'! + */ +- Alert("parsing [%s:%d]: line too long, limit: %d.\n", +- file, linenum, (int)sizeof(thisline)-1); +- err_code |= ERR_ALERT | ERR_FATAL; ++ char *newline; ++ int newlinesize = linesize * 2; ++ ++ newline = realloc(thisline, sizeof(*thisline) * newlinesize); ++ if (newline == NULL) { ++ Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n", ++ file, linenum); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ continue; ++ } ++ ++ readbytes = linesize - 1; ++ linesize = newlinesize; ++ thisline = newline; ++ continue; + } + ++ readbytes = 0; ++ + /* skip leading spaces */ + while (isspace((unsigned char)*line)) + line++; +@@ -5837,10 +5861,26 @@ int readcfgfile(const char *file) + args[arg] = line; + + while (*line && arg < MAX_LINE_ARGS) { +- /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their +- * C equivalent value. Other combinations left unchanged (eg: \1). +- */ +- if (*line == '\\') { ++ if (*line == '"' && !squote) { /* double quote outside single quotes */ ++ if (dquote) ++ dquote = 0; ++ else ++ dquote = 1; ++ memmove(line, line + 1, end - line); ++ end--; ++ } ++ else if (*line == '\'' && !dquote) { /* single quote outside double quotes */ ++ if (squote) ++ squote = 0; ++ else ++ squote = 1; ++ memmove(line, line + 1, end - line); ++ end--; ++ } ++ else if (*line == '\\' && !squote) { ++ /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their ++ * C equivalent value. Other combinations left unchanged (eg: \1). ++ */ + int skip = 0; + if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') { + *line = line[1]; +@@ -5872,6 +5912,15 @@ int readcfgfile(const char *file) + Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]); + err_code |= ERR_ALERT | ERR_FATAL; + } ++ } else if (line[1] == '"') { ++ *line = '"'; ++ skip = 1; ++ } else if (line[1] == '\'') { ++ *line = '\''; ++ skip = 1; ++ } else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */ ++ *line = '$'; ++ skip = 1; + } + if (skip) { + memmove(line + 1, line + 1 + skip, end - (line + skip)); +@@ -5879,23 +5928,117 @@ int readcfgfile(const char *file) + } + line++; + } +- else if (*line == '#' || *line == '\n' || *line == '\r') { ++ else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') { + /* end of string, end of loop */ + *line = 0; + break; + } +- else if (isspace((unsigned char)*line)) { ++ else if (!squote && !dquote && isspace((unsigned char)*line)) { + /* a non-escaped space is an argument separator */ + *line++ = '\0'; + while (isspace((unsigned char)*line)) + line++; + args[++arg] = line; + } ++ else if (dquote && *line == '$') { ++ /* environment variables are evaluated inside double quotes */ ++ char *var_beg; ++ char *var_end; ++ char save_char; ++ char *value; ++ int val_len; ++ int newlinesize; ++ int braces = 0; ++ ++ var_beg = line + 1; ++ var_end = var_beg; ++ ++ if (*var_beg == '{') { ++ var_beg++; ++ var_end++; ++ braces = 1; ++ } ++ ++ if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') { ++ Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ goto next_line; /* skip current line */ ++ } ++ ++ while (isalnum((int)(unsigned char)*var_end) || *var_end == '_') ++ var_end++; ++ ++ save_char = *var_end; ++ *var_end = '\0'; ++ value = getenv(var_beg); ++ *var_end = save_char; ++ val_len = value ? strlen(value) : 0; ++ ++ if (braces) { ++ if (*var_end == '}') { ++ var_end++; ++ braces = 0; ++ } else { ++ Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ goto next_line; /* skip current line */ ++ } ++ } ++ ++ newlinesize = (end - thisline) - (var_end - line) + val_len + 1; ++ ++ /* if not enough space in thisline */ ++ if (newlinesize > linesize) { ++ char *newline; ++ ++ newline = realloc(thisline, newlinesize * sizeof(*thisline)); ++ if (newline == NULL) { ++ Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ goto next_line; /* slip current line */ ++ } ++ /* recompute pointers if realloc returns a new pointer */ ++ if (newline != thisline) { ++ int i; ++ int diff; ++ ++ for (i = 0; i <= arg; i++) { ++ diff = args[i] - thisline; ++ args[i] = newline + diff; ++ } ++ ++ diff = var_end - thisline; ++ var_end = newline + diff; ++ diff = end - thisline; ++ end = newline + diff; ++ diff = line - thisline; ++ line = newline + diff; ++ thisline = newline; ++ } ++ linesize = newlinesize; ++ } ++ ++ /* insert value inside the line */ ++ memmove(line + val_len, var_end, end - var_end + 1); ++ memcpy(line, value, val_len); ++ end += val_len - (var_end - line); ++ line += val_len; ++ } + else { + line++; + } + } + ++ if (dquote) { ++ Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ } ++ ++ if (squote) { ++ Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ } ++ + /* empty line */ + if (!**args) + continue; +@@ -5966,6 +6109,7 @@ int readcfgfile(const char *file) + break; + } + cursection = NULL; ++ free(thisline); + fclose(f); + return err_code; + } diff --git a/haproxy/haproxy/haproxy-tpm-support.patch b/haproxy/haproxy/haproxy-tpm-support.patch new file mode 100644 index 0000000..eb4545d --- /dev/null +++ b/haproxy/haproxy/haproxy-tpm-support.patch @@ -0,0 +1,319 @@ +From a2a25214f6f4913b774bdd6c0b80d3ea424d3a1b Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Wed, 22 Mar 2017 12:07:24 -0400 +Subject: [PATCH] haproxy tpm support + +--- + include/types/global.h | 13 +++++ + src/cfgparse.c | 28 ++++++++++ + src/haproxy.c | 26 ++++++++- + src/ssl_sock.c | 147 +++++++++++++++++++++++++++++++++++++++++++------ + 4 files changed, 197 insertions(+), 17 deletions(-) + +diff --git a/include/types/global.h b/include/types/global.h +index f1525ae..2e9c077 100644 +--- a/include/types/global.h ++++ b/include/types/global.h +@@ -30,6 +30,10 @@ + #include + #include + ++#ifdef USE_OPENSSL ++#include ++#endif ++ + #ifndef UNIX_MAX_PATH + #define UNIX_MAX_PATH 108 + #endif +@@ -71,6 +75,14 @@ enum { + SSL_SERVER_VERIFY_REQUIRED = 1, + }; + ++// WRS: Define a new TPM configuration structure ++struct tpm_conf { ++ char *tpm_object; ++ char *tpm_engine; ++ EVP_PKEY *tpm_key; ++ ENGINE *tpm_engine_ref; ++}; ++ + /* FIXME : this will have to be redefined correctly */ + struct global { + #ifdef USE_OPENSSL +@@ -87,6 +99,7 @@ struct global { + char *connect_default_ciphers; + int listen_default_ssloptions; + int connect_default_ssloptions; ++ struct tpm_conf tpm; // tpm configuration + #endif + unsigned int ssl_server_verify; /* default verify mode on servers side */ + struct freq_ctr conn_per_sec; +diff --git a/src/cfgparse.c b/src/cfgparse.c +index 6a7f80c..3bc6e79 100644 +--- a/src/cfgparse.c ++++ b/src/cfgparse.c +@@ -1541,6 +1541,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) + goto out; + #endif + } ++ else if (!strcmp(args[0], "tpm-object")) { ++ if (global.tpm.tpm_object) { ++ free(global.tpm.tpm_object); ++ } ++#ifdef USE_OPENSSL ++ if (*(args[1]) && (access(args[1], F_OK) != -1)) { ++ global.tpm.tpm_object = strdup(args[1]); ++ } ++#else ++ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ goto out; ++#endif ++ } ++ else if (!strcmp(args[0], "tpm-engine")) { ++ if (global.tpm.tpm_engine) { ++ free(global.tpm.tpm_engine); ++ } ++#ifdef USE_OPENSSL ++ if (*(args[1]) && (access(args[1], F_OK) != -1)) { ++ global.tpm.tpm_engine = strdup(args[1]); ++ } ++#else ++ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]); ++ err_code |= ERR_ALERT | ERR_FATAL; ++ goto out; ++#endif ++ } + else { + struct cfg_kw_list *kwl; + int index; +diff --git a/src/haproxy.c b/src/haproxy.c +index 862697d..2a1a0dc 100644 +--- a/src/haproxy.c ++++ b/src/haproxy.c +@@ -959,6 +959,24 @@ static void deinit_stick_rules(struct list *rules) + } + } + ++static void deinit_tpm_engine() ++{ ++ /* ++ * if the tpm engine is present then ++ * deinit it, this is needed to ++ * flush the TPM key handle from TPM memory ++ */ ++ if (global.tpm.tpm_engine_ref) { ++ ENGINE_finish(global.tpm.tpm_engine_ref); ++ } ++ ++ if (global.tpm.tpm_key) { ++ EVP_PKEY_free(global.tpm.tpm_key); ++ } ++ free(global.tpm.tpm_engine); global.tpm.tpm_engine = NULL; ++ free(global.tpm.tpm_object); global.tpm.tpm_object = NULL; ++} ++ + void deinit(void) + { + struct proxy *p = proxy, *p0; +@@ -1218,7 +1236,13 @@ void deinit(void) + + free(uap); + } +- ++ ++ /* if HAProxy was in TPM mode then deinit ++ * that configuration as well. ++ */ ++ if (global.tpm.tpm_object && global.tpm.tpm_object != '\0') ++ deinit_tpm_engine(); ++ + userlist_free(userlist); + + protocol_unbind_all(); +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index ead4c7b..4e16026 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -50,6 +50,7 @@ + #ifndef OPENSSL_NO_DH + #include + #endif ++#include + + #include + #include +@@ -1115,6 +1116,80 @@ end: + return ret; + } + ++/* ++ * initialize the TPM engine and load the ++ * TPM object as private key within the Engine. ++ * Only do this for the first bind since TPM can ++ * only load 3-4 contexes before it runs out of memory ++ */ ++static int ssl_sock_load_tpm_key(SSL_CTX *ctx, char **err) { ++ if (!global.tpm.tpm_object || global.tpm.tpm_object[0] == '\0') { ++ /* not in TPM mode */ ++ return -1; ++ } ++ if (!global.tpm.tpm_key) { ++ Warning ("Could not find tpm_key; initializing engine\n"); ++ /* no key present; load the dynamic TPM engine */ ++ if (global.tpm.tpm_engine && global.tpm.tpm_engine[0]) { ++ ENGINE_load_dynamic(); ++ ENGINE *engine = ENGINE_by_id("dynamic"); ++ if (!engine) { ++ memprintf(err, "%s Unable to load the dynamic engine " ++ "(needed for loading custom TPM engine)\n", ++ err && *err ? *err : ""); ++ return 1; ++ } ++ ++ ENGINE_ctrl_cmd_string(engine, "SO_PATH", global.tpm.tpm_engine, 0); ++ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0); ++ /* stow away for ENGINE cleanup */ ++ global.tpm.tpm_engine_ref = engine; ++ ++ if (ENGINE_init(engine) != 1) { ++ const char *error_str = ERR_error_string(ERR_get_error(), NULL); ++ memprintf(err, "%s Unable to init the TPM engine (%s). Err: %s\n", ++ err && *err ? *err : "", ++ global.tpm.tpm_engine, error_str); ++ goto tpm_err; ++ } ++ EVP_PKEY *pkey = ENGINE_load_private_key(engine, ++ global.tpm.tpm_object, ++ NULL, NULL); ++ if (!pkey) { ++ const char *error_str = ERR_error_string(ERR_get_error(), NULL); ++ memprintf(err, "%s Unable to load TPM object (%s). Err: %s\n", ++ err && *err ? *err : "", ++ global.tpm.tpm_object, error_str); ++ goto tpm_err; ++ } ++ global.tpm.tpm_key = pkey; ++ } ++ else { /* no TPM engine found */ ++ memprintf(err, "%s TPM engine option not set when TPM mode expected\n", ++ err && *err ? *err : ""); ++ goto tpm_err; ++ } ++ } ++ ++ if (SSL_CTX_use_PrivateKey(ctx, global.tpm.tpm_key) <= 0){ ++ const char *error_str = ERR_error_string(ERR_get_error(), ++ NULL); ++ memprintf(err, "%s Invalid private key provided from TPM engine(%s). Err: %s\n", ++ err && *err ? *err : "", ++ global.tpm.tpm_object, error_str); ++ goto tpm_err; ++ } ++ ++ return 0; ++ ++tpm_err: ++ ENGINE_finish(global.tpm.tpm_engine_ref); ++ global.tpm.tpm_engine_ref = NULL; ++ EVP_PKEY_free(global.tpm.tpm_key); ++ global.tpm.tpm_key = NULL; ++ return 1; ++} ++ + static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err) + { + int ret; +@@ -1127,26 +1202,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf + return 1; + } + +- if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { +- memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", +- err && *err ? *err : "", path); +- SSL_CTX_free(ctx); +- return 1; ++ /* NOTE (knasim-wrs): US93721: TPM support ++ * This SSL context applies to SSL frontends only. ++ * If the TPM option is set then the Private key ++ * is stored in TPM. ++ * ++ * Launch the OpenSSL TPM engine and load the TPM ++ * Private Key. The Public key will still be located ++ * at the provided path and needs to be loaded as ++ * per usual. ++ */ ++ if (global.tpm.tpm_object) { ++ ret = ssl_sock_load_tpm_key(ctx, err); ++ if (ret > 0) { ++ /* tpm configuration failed */ ++ SSL_CTX_free(ctx); ++ return 1; ++ } + } +- +- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount); +- if (ret <= 0) { +- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", +- err && *err ? *err : "", path); +- if (ret < 0) /* serious error, must do that ourselves */ ++ else { /* non TPM mode */ ++ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { ++ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", ++ err && *err ? *err : "", path); + SSL_CTX_free(ctx); +- return 1; ++ return 1; ++ } + } + +- if (SSL_CTX_check_private_key(ctx) <= 0) { +- memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", +- err && *err ? *err : "", path); +- return 1; ++ ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount); ++ if (ret <= 0) { ++ memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", ++ err && *err ? *err : "", path); ++ if (ret < 0) /* serious error, must do that ourselves */ ++ SSL_CTX_free(ctx); ++ return 1; ++ } ++ ++ /* ++ * only match the private key to the public key ++ * for non TPM mode. This op would never work for ++ * TPM since the private key has been wrapped, whereas ++ * the public key is still the original one. ++ */ ++ if (!global.tpm.tpm_object) { ++ if (SSL_CTX_check_private_key(ctx) <= 0) { ++ memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", ++ err && *err ? *err : "", path); ++ return 1; ++ } + } + + /* we must not free the SSL_CTX anymore below, since it's already in +@@ -1725,6 +1828,18 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) + cfgerr++; + return cfgerr; + } ++ ++ /* NOTE (knasim-wrs): US93721: TPM support ++ * This SSL context applies to SSL backends only. ++ * Since Titanium backends don't support SSL, there ++ * is no need to offload these keys in TPM or reuse the ++ * same TPM key for the frontend engine. ++ * ++ * If SSL backends are to be supported in the future, ++ * over TPM, then create a new TPM Engine context and ++ * load the backend key in TPM, in a similar fashion to ++ * the frontend key. ++ */ + if (srv->ssl_ctx.client_crt) { + if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) { + Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n", +-- +1.8.3.1 + diff --git a/haproxy/haproxy/haproxy.cfg b/haproxy/haproxy/haproxy.cfg new file mode 100755 index 0000000..f0f0f17 --- /dev/null +++ b/haproxy/haproxy/haproxy.cfg @@ -0,0 +1,80 @@ +# this config needs haproxy-1.1.28 or haproxy-1.2.1 + +global + log 127.0.0.1 local0 + log 127.0.0.1 local1 notice + #log loghost local0 info + maxconn 4096 + chroot /usr/share/haproxy + uid 99 + gid 99 + daemon + #debug + #quiet + +defaults + log global + mode http + option httplog + option dontlognull + retries 3 + option redispatch + maxconn 2000 + timeout connect 5000 + timeout client 50000 + timeout server 50000 + +listen appli1-rewrite 0.0.0.0:10001 + cookie SERVERID rewrite + balance roundrobin + server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5 + server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5 + server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5 + server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5 + +listen appli2-insert 0.0.0.0:10002 + option httpchk + balance roundrobin + cookie SERVERID insert indirect nocache + server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 + server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 + capture cookie vgnvisitor= len 32 + + option httpclose # disable keep-alive + rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address + +listen appli3-relais 0.0.0.0:10003 + dispatch 192.168.135.17:80 + +listen appli4-backup 0.0.0.0:10004 + option httpchk /index.html + option persist + balance roundrobin + server inst1 192.168.114.56:80 check inter 2000 fall 3 + server inst2 192.168.114.56:81 check inter 2000 fall 3 backup + +listen ssl-relay 0.0.0.0:8443 + option ssl-hello-chk + balance source + server inst1 192.168.110.56:443 check inter 2000 fall 3 + server inst2 192.168.110.57:443 check inter 2000 fall 3 + server back1 192.168.120.58:443 backup + +listen appli5-backup 0.0.0.0:10005 + option httpchk * + balance roundrobin + cookie SERVERID insert indirect nocache + server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3 + server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3 + server inst3 192.168.114.57:80 backup check inter 2000 fall 3 + capture cookie ASPSESSION len 32 + timeout server 20000 + + option httpclose # disable keep-alive + option checkcache # block response if set-cookie & cacheable + + rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address + + errorloc 502 http://192.168.114.58/error502.html + errorfile 503 /etc/haproxy/errors/503.http + diff --git a/haproxy/haproxy/haproxy.sh b/haproxy/haproxy/haproxy.sh new file mode 100755 index 0000000..560480e --- /dev/null +++ b/haproxy/haproxy/haproxy.sh @@ -0,0 +1,120 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: HA-Proxy +# Required-Start: networking +# Required-Stop: networking +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: HA-Proxy TCP/HTTP reverse proxy +# Description: HA-Proxy is a TCP/HTTP reverse proxy +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/haproxy +NAME=haproxy +DESC="HA-Proxy TCP/HTTP reverse proxy" +PIDFILE="/var/run/$NAME.pid" +TPM_DATA_DIR="/var/run/TPM_haproxy/" +OPTS="-D -f /etc/haproxy/haproxy.cfg -p $PIDFILE" +RETVAL=0 + +# This is only needed till TPM In-Kernel +# ResourceMgr comes in +remove_TPM_transients () { + _HANDLES=`find $TPM_DATA_DIR -type f -name "hp*.bin" -printf "%f "` + for handle in $_HANDLES; do + handle_addr=`echo $handle | sed 's/hp\([0-9]*\)\.bin/\1/g'` + tss2_flushcontext -ha $handle_addr &> /dev/null + done + rm -f $TPM_DATA_DIR/* +} + +start() { + if [ -e $PIDFILE ]; then + PIDDIR=/proc/$(cat $PIDFILE) + if [ -d $PIDDIR ]; then + echo "$DESC already running." + return + else + echo "Removing stale PID file $PIDFILE" + rm -f $PIDFILE + fi + fi + + # TODO: This is a temporary workaround till + # we eventually add a resource manager for TPM + mkdir -p $TPM_DATA_DIR + + echo -n "Starting $NAME: " + + TPM_DATA_DIR=$TPM_DATA_DIR start-stop-daemon --start --pidfile $PIDFILE -x "$DAEMON" -- $OPTS + RETVAL=$? + if [ $RETVAL -eq 0 ]; then + echo "done." + else + remove_TPM_transients + echo "failed." + fi +} + +stop() { + if [ ! -e $PIDFILE ]; then return; fi + + echo -n "Stopping $DESC..." + + start-stop-daemon --stop --quiet --retry 3 --oknodo --pidfile $PIDFILE -x "$DAEMON" + if [ -n "`pidof $DAEMON`" ] ; then + pkill -KILL -f $DAEMON + fi + echo "done." + rm -f $PIDFILE + rm -f /var/lock/subsys/$NAME + remove_TPM_transients +} + +status() +{ + pid=`cat $PIDFILE 2>/dev/null` + if [ -n "$pid" ]; then + if ps -p $pid &>/dev/null ; then + echo "$DESC is running" + RETVAL=0 + return + else + RETVAL=1 + fi + fi + echo "$DESC is not running" + RETVAL=1 +} + +check() { + /usr/sbin/$NAME -c -q -V -f /etc/$NAME/$NAME.cfg +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|force-reload|reload) + stop + start + ;; + status) + status + ;; + check) + check + ;; + *) + echo "Usage: $0 {start|stop|force-reload|restart|reload|status|check}" + RETVAL=1 + ;; +esac + +exit $RETVAL diff --git a/integrity/PKG-INFO b/integrity/PKG-INFO new file mode 100644 index 0000000..751b82a --- /dev/null +++ b/integrity/PKG-INFO @@ -0,0 +1,12 @@ +Metadata-Version: 1.1 +Name: integrity-kmod +Version: 4.12 +Summary: Integrity Linux* Kernel Modules +Home-page: http://tpmdd.sourceforge.net/ +Author: +Author-email: +License: GPL +Description: +This package contains the Linux driver and modules for the Integrity subsystem + +Platform: UNKNOWN diff --git a/integrity/centos/build_srpm.data b/integrity/centos/build_srpm.data new file mode 100644 index 0000000..89d451b --- /dev/null +++ b/integrity/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/integrity/patches/* \ + $CGCS_BASE/downloads/integrity-kmod-668a8270.tar.gz" +TIS_PATCH_VER=5 diff --git a/integrity/centos/files/COPYING b/integrity/centos/files/COPYING new file mode 100644 index 0000000..e2fed1b --- /dev/null +++ b/integrity/centos/files/COPYING @@ -0,0 +1,344 @@ + +"This software program is licensed subject to the GNU General Public License +(GPL). Version 2, June 1991, available at +" + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/integrity/centos/files/README b/integrity/centos/files/README new file mode 100644 index 0000000..1dbb36f --- /dev/null +++ b/integrity/centos/files/README @@ -0,0 +1,231 @@ + +Integrity and IMA Modules for CentOS 7 (Linux version 3.10) +=============================================================================== + +=============================================================================== + +Kam Nasim +Copyright (c) 2017 Wind River Systems, Inc. + +SPDX-License-Identifier: Apache-2.0 + + +August, 2017 + +=============================================================================== + +Contents +-------- + +- Overview +- Rebasing Guidelines +- Changesets + +================================================================================ + + +Important Notes +--------------- + +No support for APPENDING IMA policies +---------------------------------------------- + +A provision was introduced in April 2014 to allow multiple IMA policies to be +appended.This change involved setting up inode hooks which could not be +backported in the 3.10 Kernel. Therefore we do not allow the following operation +types: +echo /etc/ima/ima_policy > /sys/kernel/security/ima/policy + +only an overwrite is possible: +cat policy-file > /ima/policy + +EVM support disabled in Kernel +------------------------------------------------ + +The EVM Kernel Configuration option was mutually exclusive to the CONFIG_INTEGRITY +Kernel configuration option. Since Integrity is being disabled in the Kernel, EVM +would also need to be built out-of-tree as a Kernel module and would require some +refactoring if it is to be used with this module pack. + + +IMA Keyring allocated inside the Kernel +----------------------------------------- + +Normally, the _ima Keyring is allocated from user space, but this has the +added disadvantage of persisting the public key on the file system. Corruption +of this public key may cripple the system by triggering APPRAISAL failures if +ima 'Enforcement' is enabled. To prevent this, the IMA public key is compiled +into the Kernel and is placed in the Kernel SOURCE (ima_signing_key.pub) + + +Overview +-------- + +This module pack builds Integrity and IMA kernel modules for the 3.10 kernel version. +If newer kernel version are to be supported in the future then the COMPAT +layer (kcompat.h) will need to be adjusted to address kernel-driver compatibility +issues. As well as certain LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ifdefs + +It supports Linux supported x86_64 systems. + +These drivers are only supported as a loadable module at this time. + + +Rebasing Guidelines +-------------------- + +On rebasing TiC software heed the following: +- always rebase the Kernel first before rebasing this package +- get the HEAD from the tpmdd repo and generate a tarball, the tarball +should follow the naming convention: tpm-kmod-; use the short-hand +form of the git commit ID (8 characters) +- update the integrity-kmod spec to Source the new tarball +- apply all existing patches against the new tarball, and adjust the kcompat +layer (LINUX_VERSION_CODE ifdefs, kcompat.h and common.mk) accordingly + +IMA Signing Key Generation Guidelines +-------------------------------------- + +The following may be used to generate an IMA key pair: +openssl req -newkey rsa:2048 -nodes -days 10950 -x509 -outform DER -out ima_signing_key.pub -keyout ima_signing_key.priv + +The "ima_signing_key.pub" MUST be placed in the Kernel source (files/) so that the +Kernel build can pick it up and compile it in. + + +================================================================================ + + +Change Sets +------------------------- + +This driver is a fork from the tpmdd repo: +https://sourceforge.net/projects/tpmdd/ +http://git.infradead.org/users/jjs/linux-tpmdd.git/ + +Sync Head: 668a827057187403999b7ecfcf86b59979c8c3b2 + +COMPAT NOTES: + +1. In newer kernels, VFS layer read operations have been refactored: + VFS: refactor vfs_read() + + integrity_kernel_read() duplicates the file read operations code + in vfs_read(). This patch refactors vfs_read() code creating a + helper function __vfs_read(). It is used by both vfs_read() and + integrity_kernel_read(). + + Signed-off-by: Dmitry Kasatkin + Signed-off-by: Mimi Zohar + + The compat layer therefore needs to redefine the integrity vfs code to use + the original implementation + + +2. In newer kernels, a wrapper has been developed around inode mutex un/lock + + commit 5955102c9984fa081b2d570cfac75c97eecf8f3b + Author: Al Viro + Date: Fri Jan 22 15:40:57 2016 -0500 + + wrappers for ->i_mutex access + + parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested}, + inode_foo(inode) being mutex_foo(&inode->i_mutex). + + Please, use those for access to ->i_mutex; over the coming cycle + ->i_mutex will become rwsem, with ->lookup() done with it held + only shared. + + Signed-off-by: Al Viro + + The compat layer needs to replace all instances of inode locking + with the underlying mutex locking/unlocking calls + + +3. In newer kernels, security PRE and POST Hooks are defined which +have their seperate appraisal calls + + commit 39eeb4fb97f60dbdfc823c1a673a8844b9226b60 + Author: Mimi Zohar + Date: Sat Jan 30 22:23:26 2016 -0500 + + security: define kernel_read_file hook + + The kernel_read_file security hook is called prior to reading the file + into memory. + + Changelog v4+: + - export security_kernel_read_file() + + Signed-off-by: Mimi Zohar + Acked-by: Kees Cook + Acked-by: Luis R. Rodriguez + Acked-by: Casey Schaufler + + The compat layer needs to ignore all PRE and POST File hooks and + cannot support such PRE and POST appraisals + + +4. In newer kernels, IMA policies can be applied by path as opposed to +content allowing multiple policies to be appended + + commit 7429b092811fb20c6a5b261c2c116a6a90cb9a29 +Author: Dmitry Kasatkin +Date: Fri Apr 11 17:47:01 2014 +0300 + + ima: load policy using path + + We currently cannot do appraisal or signature vetting of IMA policies + since we currently can only load IMA policies by writing the contents + of the policy directly in, as follows: + + cat policy-file > /ima/policy + + If we provide the kernel the path to the IMA policy so it can load + the policy itself it'd be able to later appraise or vet the file + signature if it has one. This patch adds support to load the IMA + policy with a given path as follows: + + echo /etc/ima/ima_policy > /sys/kernel/security/ima/policy + + Changelog v4+: + - moved kernel_read_file_from_path() error messages to callers + v3: + - moved kernel_read_file_from_path() to a separate patch + v2: + - after re-ordering the patches, replace calling integrity_kernel_read() + to read the file with kernel_read_file_from_path() (Mimi) + - Patch description re-written by Luis R. Rodriguez + + Signed-off-by: Dmitry Kasatkin + + This feature was removed from the IMA modules since it required extensive +backporting to the INODE and VFS layers inthe base kernel + +5. In newer kernels, IMA allows measurement lists to be preserved over +Kernel reinstalls or kexecs + + commit d9ddf077bb85b54200dfcb5f2edec4f0d6a7c2ca +Author: Mimi Zohar +Date: Thu Jan 14 20:59:14 2016 -0500 + + ima: support for kexec image and initramfs + + Add IMA policy support for measuring/appraising the kexec image and + initramfs. Two new IMA policy identifiers KEXEC_KERNEL_CHECK and + KEXEC_INITRAMFS_CHECK are defined. + + Example policy rules: + measure func=KEXEC_KERNEL_CHECK + appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig + measure func=KEXEC_INITRAMFS_CHECK + appraise func=KEXEC_INITRAMFS_CHECK appraise_type=imasig + + Moving the enumeration to the vfs layer simplified the patches, allowing + the IMA changes, for the most part, to be separated from the other + changes. Unfortunately, passing either a kernel_read_file_id or a + ima_hooks enumeration within IMA is messy. + + This feature was removed from the IMA modules since it required defining a +new Kexec cache in the base Kernel which was an extensive backporting effort diff --git a/integrity/centos/files/ima.conf b/integrity/centos/files/ima.conf new file mode 100644 index 0000000..1c00690 --- /dev/null +++ b/integrity/centos/files/ima.conf @@ -0,0 +1 @@ +options ima ima_appraise_param="log" ima_use_tpm=0 diff --git a/integrity/centos/files/ima.policy b/integrity/centos/files/ima.policy new file mode 100644 index 0000000..07b8b81 --- /dev/null +++ b/integrity/centos/files/ima.policy @@ -0,0 +1,4 @@ +# EXT4_SUPER_MAGIC +measure func=FILE_CHECK uid=0 fsmagic=0xEF53 +appraise func=FILE_MMAP mask=MAY_EXEC uid=0 appraise_type=imasig fsmagic=0xEF53 +appraise func=BPRM_CHECK mask=MAY_EXEC uid=0 appraise_type=imasig fsmagic=0xEF53 diff --git a/integrity/centos/files/integrity.conf b/integrity/centos/files/integrity.conf new file mode 100644 index 0000000..61694e5 --- /dev/null +++ b/integrity/centos/files/integrity.conf @@ -0,0 +1 @@ +options integrity integrity_audit=0 diff --git a/integrity/centos/files/modules-load.conf b/integrity/centos/files/modules-load.conf new file mode 100644 index 0000000..1e720a5 --- /dev/null +++ b/integrity/centos/files/modules-load.conf @@ -0,0 +1,3 @@ +tpm_tis +integrity +ima diff --git a/integrity/centos/integrity-kmod.spec b/integrity/centos/integrity-kmod.spec new file mode 100644 index 0000000..eb3c739 --- /dev/null +++ b/integrity/centos/integrity-kmod.spec @@ -0,0 +1,138 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name integrity + +Name: %{kmod_name}-kmod%{?bt_ext} +# the version is the Kernel version from which +# this driver is extracted +Version: 4.12 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name}%{?bt_ext} kernel module(s) + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, tpm-kmod%{?bt_ext}-symbols, openssl +ExclusiveArch: x86_64 + +# Sources. +# the integrity is available as a tarball, with +# the git commit Id referenced in the name +Source0: %{kmod_name}-kmod-668a8270.tar.gz +Source1: modules-load.conf +Source2: COPYING +Source3: README +Source4: integrity.conf +Source5: ima.conf +Source6: ima.policy + +# Patches +Patch01: 0001-integrity-kcompat-support.patch +Patch02: 0002-integrity-expose-module-params.patch +Patch03: 0003-integrity-restrict-by-iversion.patch +Patch04: 0004-integrity-disable-set-xattr-on-imasig.patch +Patch05: Changes-for-CentOS-7.4-support.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-integrity%{?bt_ext} +Summary: Integrity kernel module(s) and driver +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: integrity-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod + +%description -n kmod-integrity%{?bt_ext} +This package provides the %{version} Integrity / IMA kernel module(s) and drivers built +for the Linux kernel using the %{_target_cpu} family of processors. + +%post -n kmod-integrity%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/kernel/security/integrity/ | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." + +%preun -n kmod-integrity%{?bt_ext} +rpm -ql kmod-integrity%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-integrity%{?bt_ext}-modules + +%postun -n kmod-integrity%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-integrity%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-integrity%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." + +%files -n kmod-integrity%{?bt_ext} +%defattr(-,root,root,-) +/lib/modules/%{kversion}/ +%doc /usr/share/doc/kmod-integrity/ +%{_sysconfdir}/modules-load.d/ima.conf +%config(noreplace) %{_sysconfdir}/modprobe.d/integrity.conf +%config(noreplace) %{_sysconfdir}/modprobe.d/ima.conf +%{_sysconfdir}/ima.policy + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name} + +%build +# build out all the Integrity / IMA kernel modules +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} KBUILD_EXTRA_SYMBOLS=%{_usrsrc}/debug/tpm/Module.symvers + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/kernel/security/%{kmod_name}/ +%{__install} *.ko %{buildroot}/lib/modules/%{kversion}/kernel/security/%{kmod_name}/ +%{__install} -d %{buildroot}/lib/modules/%{kversion}/kernel/security/%{kmod_name}/ima/ +%{__install} ima/*.ko %{buildroot}/lib/modules/%{kversion}/kernel/security/%{kmod_name}/ima/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/modules-load.d/ima.conf +%{__install} -d %{buildroot}%{_sysconfdir}/modprobe.d +%{__install} -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/modprobe.d/integrity.conf +%{__install} -p -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/modprobe.d/ima.conf +%{__install} -p -m 0400 %{SOURCE6} %{buildroot}%{_sysconfdir}/ima.policy +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ +%{__install} %{SOURCE2} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ +%{__install} %{SOURCE3} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Mon Aug 21 2017 Kam Nasim 4.12 +- Initial RPM package. + diff --git a/integrity/patches/0001-integrity-kcompat-support.patch b/integrity/patches/0001-integrity-kcompat-support.patch new file mode 100644 index 0000000..10cbfb4 --- /dev/null +++ b/integrity/patches/0001-integrity-kcompat-support.patch @@ -0,0 +1,1283 @@ +From 7e956b974091563edc1b4f5a7646f4d8dff07ee5 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Fri, 8 Sep 2017 16:34:25 -0400 +Subject: [PATCH] US101216: IMA out-of-tree modules for Titanium Kernel + +Build a kcompat layer and the ability to build out the Integrity and IMA +Kernel modules against a 3.10 Linux Kernel (CentOS v7.3) +--- + Makefile | 107 ++++++++++++++++- + common.mk | 330 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + digsig.c | 35 ++++-- + digsig_asymmetric.c | 22 +++- + iint.c | 52 +++++++-- + ima/Makefile | 8 +- + ima/ima.h | 9 +- + ima/ima_api.c | 14 +-- + ima/ima_appraise.c | 42 ++++--- + ima/ima_fs.c | 4 + + ima/ima_init.c | 4 +- + ima/ima_main.c | 40 +++++-- + ima/ima_policy.c | 32 ++++- + integrity.h | 9 +- + integrity_audit.c | 17 ++- + kcompat.h | 34 ++++++ + 16 files changed, 677 insertions(+), 82 deletions(-) + create mode 100644 common.mk + create mode 100644 kcompat.h + +diff --git a/Makefile b/Makefile +index 8d1f4bf..022a1b7 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,3 +1,7 @@ ++ ++ifneq ($(KERNELRELEASE),) ++# kbuild part of makefile ++ + # + # Makefile for caching inode integrity data (iint) + # +@@ -11,5 +15,104 @@ integrity-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o + + subdir-$(CONFIG_IMA) += ima + obj-$(CONFIG_IMA) += ima/ +-subdir-$(CONFIG_EVM) += evm +-obj-$(CONFIG_EVM) += evm/ ++ ++else # ifneq($(KERNELRELEASE),) ++# normal makefile ++ ++# driver will be provided by the spec file ++DRIVER= ++ ++ifeq (,$(wildcard common.mk)) ++ $(error Cannot find common.mk build rules) ++else ++ include common.mk ++endif ++ ++############### ++# Build rules # ++############### ++ ++# Standard compilation, with regular output ++default: ++ @+$(call kernelbuild,modules) ++ ++# Noisy output, for extra debugging ++noisy: ++ @+$(call kernelbuild,modules,V=1) ++ ++# Silence any output generated ++silent: ++ @+$(call kernelbuild,modules,>/dev/null) ++ ++# Enable higher warning level ++checkwarnings: clean ++ @+$(call kernelbuild,modules,W=1) ++ ++# Run sparse static analyzer ++sparse: clean ++ @+$(call kernelbuild,modules,C=2 CF="-D__CHECK_ENDIAN__ -Wbitwise -Wcontext") ++ ++# Run coccicheck static analyzer ++ccc: clean ++ @+$(call kernelbuild,modules,coccicheck MODE=report) ++ ++# Install the modules ++install: default ++ @echo "Installing modules..." ++ @+$(call kernelbuild,modules_install) ++ @echo "Running depmod..." ++ @$(call cmd_depmod) ++ifeq (${cmd_initrd},) ++ @echo "Unable to update initrd. You may need to do this manually." ++else ++ @echo "Updating initrd..." ++ -@$(call cmd_initrd) ++endif ++ ++# Target used by rpmbuild spec file ++rpm: default ++ @install -D -m 644 ${DRIVER}.ko ${INSTALL_MOD_PATH}/lib/modules/${KVER}/${INSTALL_MOD_DIR}/${DRIVER}.ko ++ ++uninstall: ++ rm -f ${INSTALL_MOD_PATH}/lib/modules/${KVER}/${INSTALL_MOD_DIR}/${DRIVER}.ko; ++ $(call cmd_depmod) ++ifeq (${cmd_initrd},) ++ @echo "Unable to update initrd. You may need to do this manually." ++else ++ @echo "Updating initrd..." ++ -@$(call cmd_initrd) ++endif ++ ++######## ++# Help # ++######## ++help: ++ @echo 'Cleaning targets:' ++ @echo ' clean - Clean files generated by kernel module build' ++ @echo 'Build targets:' ++ @echo ' default - Build module(s) with standard verbosity' ++ @echo ' noisy - Build module(s) with V=1 verbosity -- very noisy' ++ @echo ' silent - Build module(s), squelching all output' ++ @echo 'Static Analysis:' ++ @echo ' checkwarnings - Clean, then build module(s) with W=1 warnings enabled' ++ @echo ' sparse - Clean, then check module(s) using sparse' ++ @echo ' ccc - Clean, then check module(s) using coccicheck' ++ @echo 'Other targets:' ++ @echo ' install - Build then install the module(s)' ++ @echo ' uninstall - Uninstall the module(s)' ++ @echo ' help - Display this help message' ++ @echo 'Variables:' ++ @echo ' LINUX_VERSION - Debug tool to force kernel LINUX_VERSION_CODE. Use at your own risk.' ++ @echo ' W=N - Kernel variable for setting warning levels' ++ @echo ' V=N - Kernel variable for setting output verbosity' ++ @echo ' INSTALL_MOD_PATH - Add prefix for the module and manpage installation path' ++ @echo ' INSTALL_MOD_DIR - Use module directory other than updates/security/integrity/${DRIVER}' ++ @echo ' KSRC - Specifies the full path to the kernel tree to build against' ++ @echo ' Other variables may be available for tuning make process, see' ++ @echo ' Kernel Kbuild documentation for more information' ++ ++.PHONY: default noisy clean silent sparse ccc install uninstall help ++ ++endif # ifneq($(KERNELRELEASE),) ++ ++ +diff --git a/common.mk b/common.mk +new file mode 100644 +index 0000000..3541284 +--- /dev/null ++++ b/common.mk +@@ -0,0 +1,330 @@ ++################################################################################ ++# ++# Linux IMA subsystem ++# Copyright(c) 2013 - 2017 Intel Corporation. ++# Copyright (c) 2017 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms and conditions of the GNU General Public License, ++# version 2, as published by the Free Software Foundation. ++# ++# This program is distributed in the hope it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for ++# more details. ++# ++# The full GNU General Public License is included in this distribution in ++# the file called "COPYING". ++# ++# Contact Information: ++# e1000-devel Mailing List ++# Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 ++################################################################################ ++ ++ ++# common Makefile rules useful for out-of-tree Linux driver builds ++# ++# Usage: include common.mk ++# ++# After including, you probably want to add a minimum_kver_check call ++# ++# Required Variables: ++# DRIVER ++# -- Set to the lowercase driver name ++ ++##################### ++# Helpful functions # ++##################### ++ ++readlink = $(shell readlink -f ${1}) ++ ++# helper functions for converting kernel version to version codes ++get_kver = $(or $(word ${2},$(subst ., ,${1})),0) ++get_kvercode = $(shell [ "${1}" -ge 0 -a "${1}" -le 255 2>/dev/null ] && \ ++ [ "${2}" -ge 0 -a "${2}" -le 255 2>/dev/null ] && \ ++ [ "${3}" -ge 0 -a "${3}" -le 255 2>/dev/null ] && \ ++ printf %d $$(( ( ${1} << 16 ) + ( ${2} << 8 ) + ( ${3} ) )) ) ++ ++################ ++# depmod Macro # ++################ ++ ++cmd_depmod = /sbin/depmod $(if ${SYSTEM_MAP_FILE},-e -F ${SYSTEM_MAP_FILE}) \ ++ $(if $(strip ${INSTALL_MOD_PATH}),-b ${INSTALL_MOD_PATH}) \ ++ -a ${KVER} ++ ++################ ++# dracut Macro # ++################ ++ ++cmd_initrd := $(shell \ ++ if which dracut > /dev/null 2>&1 ; then \ ++ echo "dracut --force"; \ ++ elif which update-initramfs > /dev/null 2>&1 ; then \ ++ echo "update-initramfs -u"; \ ++ fi ) ++ ++##################### ++# Environment tests # ++##################### ++ ++DRIVER_UPPERCASE := $(shell echo ${DRIVER} | tr "[:lower:]" "[:upper:]" ) ++ ++ifeq (,${BUILD_KERNEL}) ++BUILD_KERNEL=$(shell uname -r) ++endif ++ ++# Kernel Search Path ++# All the places we look for kernel source ++KSP := /lib/modules/${BUILD_KERNEL}/source \ ++ /lib/modules/${BUILD_KERNEL}/build \ ++ /usr/src/linux-${BUILD_KERNEL} \ ++ /usr/src/linux-$(${BUILD_KERNEL} | sed 's/-.*//') \ ++ /usr/src/kernel-headers-${BUILD_KERNEL} \ ++ /usr/src/kernel-source-${BUILD_KERNEL} \ ++ /usr/src/linux-$(${BUILD_KERNEL} | sed 's/\([0-9]*\.[0-9]*\)\..*/\1/') \ ++ /usr/src/linux \ ++ /usr/src/kernels/${BUILD_KERNEL} \ ++ /usr/src/kernels ++ ++# prune the list down to only values that exist and have an include/linux ++# sub-directory. We can't use include/config because some older kernels don't ++# have this. ++test_dir = $(shell [ -e ${dir}/include/linux ] && echo ${dir}) ++KSP := $(foreach dir, ${KSP}, ${test_dir}) ++ ++# we will use this first valid entry in the search path ++ifeq (,${KSRC}) ++ KSRC := $(firstword ${KSP}) ++endif ++ ++ifeq (,${KSRC}) ++ $(warning *** Kernel header files not in any of the expected locations.) ++ $(warning *** Install the appropriate kernel development package, e.g.) ++ $(error kernel-devel, for building kernel modules and try again) ++else ++ifeq (/lib/modules/${BUILD_KERNEL}/source, ${KSRC}) ++ KOBJ := /lib/modules/${BUILD_KERNEL}/build ++else ++ KOBJ := ${KSRC} ++endif ++endif ++ ++# Version file Search Path ++VSP := ${KOBJ}/include/generated/utsrelease.h \ ++ ${KOBJ}/include/linux/utsrelease.h \ ++ ${KOBJ}/include/linux/version.h \ ++ ${KOBJ}/include/generated/uapi/linux/version.h \ ++ /boot/vmlinuz.version.h ++ ++# Config file Search Path ++CSP := ${KOBJ}/include/generated/autoconf.h \ ++ ${KOBJ}/include/linux/autoconf.h \ ++ /boot/vmlinuz.autoconf.h ++ ++# System.map Search Path (for depmod) ++MSP := ${KSRC}/System.map \ ++ /boot/System.map-${BUILD_KERNEL} ++ ++# prune the lists down to only files that exist ++test_file = $(shell [ -f ${file} ] && echo ${file}) ++VSP := $(foreach file, ${VSP}, ${test_file}) ++CSP := $(foreach file, ${CSP}, ${test_file}) ++MSP := $(foreach file, ${MSP}, ${test_file}) ++ ++ ++# and use the first valid entry in the Search Paths ++ifeq (,${VERSION_FILE}) ++ VERSION_FILE := $(firstword ${VSP}) ++endif ++ ++ifeq (,${CONFIG_FILE}) ++ CONFIG_FILE := $(firstword ${CSP}) ++endif ++ ++ifeq (,${SYSTEM_MAP_FILE}) ++ SYSTEM_MAP_FILE := $(firstword ${MSP}) ++endif ++ ++ifeq (,$(wildcard ${VERSION_FILE})) ++ $(error Linux kernel source not configured - missing version header file) ++endif ++ ++ifeq (,$(wildcard ${CONFIG_FILE})) ++ $(error Linux kernel source not configured - missing autoconf.h) ++endif ++ ++ifeq (,$(wildcard ${SYSTEM_MAP_FILE})) ++ $(warning Missing System.map file - depmod will not check for missing symbols) ++endif ++ ++####################### ++# Linux Version Setup # ++####################### ++ ++# The following command line parameter is intended for development of KCOMPAT ++# against upstream kernels such as net-next which have broken or non-updated ++# version codes in their Makefile. They are intended for debugging and ++# development purpose only so that we can easily test new KCOMPAT early. If you ++# don't know what this means, you do not need to set this flag. There is no ++# arcane magic here. ++ ++# Convert LINUX_VERSION into LINUX_VERSION_CODE ++ifneq (${LINUX_VERSION},) ++ LINUX_VERSION_CODE=$(call get_kvercode,$(call get_kver,${LINUX_VERSION},1),$(call get_kver,${LINUX_VERSION},2),$(call get_kver,${LINUX_VERSION},3)) ++endif ++ ++# Honor LINUX_VERSION_CODE ++ifneq (${LINUX_VERSION_CODE},) ++ $(warning Forcing target kernel to build with LINUX_VERSION_CODE of ${LINUX_VERSION_CODE}$(if ${LINUX_VERSION}, from LINUX_VERSION=${LINUX_VERSION}). Do this at your own risk.) ++ KVER_CODE := ${LINUX_VERSION_CODE} ++ EXTRA_CFLAGS += -DLINUX_VERSION_CODE=${LINUX_VERSION_CODE} ++endif ++ ++# Determine SLE_LOCALVERSION_CODE for SuSE SLE >= 11 (needed by kcompat) ++# This assumes SuSE will continue setting CONFIG_LOCALVERSION to the string ++# appended to the stable kernel version on which their kernel is based with ++# additional versioning information (up to 3 numbers), a possible abbreviated ++# git SHA1 commit id and a kernel type, e.g. CONFIG_LOCALVERSION=-1.2.3-default ++# or CONFIG_LOCALVERSION=-999.gdeadbee-default ++ifeq (1,$(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_SUSE_KERNEL | awk '{ print $$3 }')) ++ ++ifneq (10,$(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_SLE_VERSION | awk '{ print $$3 }')) ++ ++ LOCALVERSION := $(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_LOCALVERSION | awk '{ print $$3 }' |\ ++ cut -d'-' -f2 | sed 's/\.g[[:xdigit:]]\{7\}//') ++ LOCALVER_A := $(shell echo ${LOCALVERSION} | cut -d'.' -f1) ++ LOCALVER_B := $(shell echo ${LOCALVERSION} | cut -s -d'.' -f2) ++ LOCALVER_C := $(shell echo ${LOCALVERSION} | cut -s -d'.' -f3) ++ SLE_LOCALVERSION_CODE := $(shell expr ${LOCALVER_A} \* 65536 + \ ++ 0${LOCALVER_B} \* 256 + 0${LOCALVER_C}) ++ EXTRA_CFLAGS += -DSLE_LOCALVERSION_CODE=${SLE_LOCALVERSION_CODE} ++endif ++endif ++ ++EXTRA_CFLAGS += ${CFLAGS_EXTRA} ++ ++# get the kernel version - we use this to find the correct install path ++KVER := $(shell ${CC} ${EXTRA_CFLAGS} -E -dM ${VERSION_FILE} | grep UTS_RELEASE | \ ++ awk '{ print $$3 }' | sed 's/\"//g') ++ ++# assume source symlink is the same as build, otherwise adjust KOBJ ++ifneq (,$(wildcard /lib/modules/${KVER}/build)) ++ ifneq (${KSRC},$(call readlink,/lib/modules/${KVER}/build)) ++ KOBJ=/lib/modules/${KVER}/build ++ endif ++endif ++ ++ifeq (${KVER_CODE},) ++ KVER_CODE := $(shell ${CC} ${EXTRA_CFLAGS} -E -dM ${VSP} 2> /dev/null |\ ++ grep -m 1 LINUX_VERSION_CODE | awk '{ print $$3 }' | sed 's/\"//g') ++endif ++ ++# minimum_kver_check ++# ++# helper function to provide uniform output for different drivers to abort the ++# build based on kernel version check. Usage: "$(call minimum_kver_check,2,6,XX)". ++define _minimum_kver_check ++ifeq (0,$(shell [ ${KVER_CODE} -lt $(call get_kvercode,${1},${2},${3}) ]; echo "$$?")) ++ $$(warning *** Aborting the build.) ++ $$(error This driver is not supported on kernel versions older than ${1}.${2}.${3}) ++endif ++endef ++minimum_kver_check = $(eval $(call _minimum_kver_check,${1},${2},${3})) ++ ++################ ++# Manual Pages # ++################ ++ ++MANSECTION = 7 ++ ++ifeq (,${MANDIR}) ++ # find the best place to install the man page ++ MANPATH := $(shell (manpath 2>/dev/null || echo $MANPATH) | sed 's/:/ /g') ++ ifneq (,${MANPATH}) ++ # test based on inclusion in MANPATH ++ test_dir = $(findstring ${dir}, ${MANPATH}) ++ else ++ # no MANPATH, test based on directory existence ++ test_dir = $(shell [ -e ${dir} ] && echo ${dir}) ++ endif ++ # our preferred install path ++ # should /usr/local/man be in here ? ++ MANDIR := /usr/share/man /usr/man ++ MANDIR := $(foreach dir, ${MANDIR}, ${test_dir}) ++ MANDIR := $(firstword ${MANDIR}) ++endif ++ifeq (,${MANDIR}) ++ # fallback to /usr/man ++ MANDIR := /usr/man ++endif ++ ++#################### ++# CCFLAGS variable # ++#################### ++ ++# set correct CCFLAGS variable for kernels older than 2.6.24 ++ifeq (0,$(shell [ ${KVER_CODE} -lt $(call get_kvercode,2,6,24) ]; echo $$?)) ++CCFLAGS_VAR := EXTRA_CFLAGS ++else ++CCFLAGS_VAR := ccflags-y ++endif ++ ++################# ++# KBUILD_OUTPUT # ++################# ++ ++# Only set KBUILD_OUTPUT if KOBJ differs from KSRC ++ifneq (${KSRC},${KOBJ}) ++export KBUILD_OUTPUT ?= ${KOBJ} ++endif ++ ++############################ ++# Module Install Directory # ++############################ ++ ++# Default to using updates/security/integrity/ path, since depmod since ++# v3.1 defaults to checking updates folder first, and only checking kernels/ ++# and extra afterwards. We use updates instead of kernel/* due to desire to ++# prevent over-writing built-in modules files. ++export INSTALL_MOD_DIR ?= updates/security/integrity/ ++ ++ ++###################### ++# Kernel Build Macro # ++###################### ++ ++# kernel build function ++# ${1} is the kernel build target ++# ${2} may contain any extra rules to pass directly to the sub-make process ++# ++# This function is expected to be executed by ++# @+$(call kernelbuild,,) ++# from within a Makefile recipe. ++# ++# The following variables are expected to be defined for its use: ++# GCC_I_SYS -- if set it will enable use of gcc-i-sys.sh wrapper to use -isystem ++# CCFLAGS_VAR -- the CCFLAGS variable to set extra CFLAGS ++# EXTRA_CFLAGS -- a set of extra CFLAGS to pass into the ccflags-y variable ++# KSRC -- the location of the kernel source tree to build against ++# DRIVER_UPPERCASE -- the uppercase name of the kernel module, set from DRIVER ++# ++# N.B: We specify all of our hash, template and PCR choices ++# right when we build the option. This is because the kernel module ++# will be signed, and we will prevent users from modifying these ++# options at runtime and reloading the module ++kernelbuild = ${MAKE} $(if ${GCC_I_SYS},CC="${GCC_I_SYS}") \ ++ ${CCFLAGS_VAR}="${EXTRA_CFLAGS}" \ ++ -C "${KSRC}" \ ++ CONFIG_INTEGRITY=m \ ++ CONFIG_INTEGRITY_AUDIT=y \ ++ CONFIG_INTEGRITY_SIGNATURE=y \ ++ CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y \ ++ CONFIG_IMA=m \ ++ CONFIG_${DRIVER_UPPERCASE}=m \ ++ modules \ ++ M="${CURDIR}" \ ++ ${2} ${1} +diff --git a/digsig.c b/digsig.c +index 106e855..f850ef7 100644 +--- a/digsig.c ++++ b/digsig.c +@@ -37,9 +37,9 @@ static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { + }; + + #ifdef CONFIG_INTEGRITY_TRUSTED_KEYRING +-static bool init_keyring __initdata = true; ++static bool init_keyring = true; + #else +-static bool init_keyring __initdata; ++static bool init_keyring; + #endif + + #ifdef CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY +@@ -77,32 +77,43 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, + + return -EOPNOTSUPP; + } ++EXPORT_SYMBOL_GPL(integrity_digsig_verify); + +-int __init integrity_init_keyring(const unsigned int id) ++int integrity_init_keyring(const unsigned int id) + { + const struct cred *cred = current_cred(); + int err = 0; + +- if (!init_keyring) ++ if (!init_keyring) { ++ /* WRS: This external keyring is created inside ++ * the Kernel as a trusted keyring for which ++ * a search reference is available ++ */ ++ keyring[id] = ima_keyring; + return 0; ++ } + + keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), +- KGIDT_INIT(0), cred, +- ((KEY_POS_ALL & ~KEY_POS_SETATTR) | +- KEY_USR_VIEW | KEY_USR_READ | +- KEY_USR_WRITE | KEY_USR_SEARCH), +- KEY_ALLOC_NOT_IN_QUOTA, +- restrict_link_to_ima, NULL); +- if (IS_ERR(keyring[id])) { ++ KGIDT_INIT(0), cred, ++ ((KEY_POS_ALL & ~KEY_POS_SETATTR) | ++ KEY_USR_VIEW | KEY_USR_READ | ++ KEY_USR_WRITE | KEY_USR_SEARCH), ++ KEY_ALLOC_NOT_IN_QUOTA, NULL); ++ ++ if (!IS_ERR(keyring[id])) ++ set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags); ++ else { + err = PTR_ERR(keyring[id]); + pr_info("Can't allocate %s keyring (%d)\n", + keyring_name[id], err); + keyring[id] = NULL; + } ++ init_keyring = false; + return err; + } ++EXPORT_SYMBOL_GPL(integrity_init_keyring); + +-int __init integrity_load_x509(const unsigned int id, const char *path) ++int integrity_load_x509(const unsigned int id, const char *path) + { + key_ref_t key; + char *data; +diff --git a/digsig_asymmetric.c b/digsig_asymmetric.c +index 80052ed..1753b60 100644 +--- a/digsig_asymmetric.c ++++ b/digsig_asymmetric.c +@@ -34,6 +34,7 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) + + pr_debug("key search: \"%s\"\n", name); + ++#ifdef CONFIG_IMA_MOK_KEYRING + key = get_ima_blacklist_keyring(); + if (key) { + key_ref_t kref; +@@ -45,6 +46,7 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid) + return ERR_PTR(-EKEYREJECTED); + } + } ++#endif + + if (keyring) { + /* search in specific keyring */ +@@ -95,7 +97,11 @@ int asymmetric_verify(struct key *keyring, const char *sig, + if (siglen != __be16_to_cpu(hdr->sig_size)) + return -EBADMSG; + ++#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) ++ if (hdr->hash_algo >= PKEY_HASH__LAST) ++#else + if (hdr->hash_algo >= HASH_ALGO__LAST) ++#endif + return -ENOPKG; + + key = request_asymmetric_key(keyring, __be32_to_cpu(hdr->keyid)); +@@ -103,14 +109,24 @@ int asymmetric_verify(struct key *keyring, const char *sig, + return PTR_ERR(key); + + memset(&pks, 0, sizeof(pks)); +- +- pks.pkey_algo = "rsa"; +- pks.hash_algo = hash_algo_name[hdr->hash_algo]; ++ + pks.digest = (u8 *)data; + pks.digest_size = datalen; ++#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) ++ pks.pkey_algo = PKEY_ALGO_RSA; ++ pks.pkey_hash_algo = hdr->hash_algo; ++ pks.nr_mpi =1; ++ pks.rsa.s = mpi_read_raw_data(hdr->sig, siglen); ++ if(pks.rsa.s) ++ ret = verify_signature(key, &pks); ++ mpi_free(pks.rsa.s); ++#else ++ pks.pkey_algo = "rsa"; ++ pks.hash_algo = hash_algo_name[hdr->hash_algo]; + pks.s = hdr->sig; + pks.s_size = siglen; + ret = verify_signature(key, &pks); ++#endif + key_put(key); + pr_debug("%s() = %d\n", __func__, ret); + return ret; +diff --git a/iint.c b/iint.c +index c710d22..83405a1 100644 +--- a/iint.c ++++ b/iint.c +@@ -27,6 +27,9 @@ static struct rb_root integrity_iint_tree = RB_ROOT; + static DEFINE_RWLOCK(integrity_iint_lock); + static struct kmem_cache *iint_cache __read_mostly; + ++static struct integrity_iint_cache * (*integrity_inode_get_kernel)(struct inode *); ++static void (*integrity_inode_free_kernel)(struct inode *); ++ + /* + * __integrity_iint_find - return the iint associated with an inode + */ +@@ -67,6 +70,7 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode) + + return iint; + } ++EXPORT_SYMBOL_GPL(integrity_iint_find); + + static void iint_free(struct integrity_iint_cache *iint) + { +@@ -90,7 +94,7 @@ static void iint_free(struct integrity_iint_cache *iint) + * + * Caller must lock i_mutex + */ +-struct integrity_iint_cache *integrity_inode_get(struct inode *inode) ++static struct integrity_iint_cache *__integrity_inode_get(struct inode *inode) + { + struct rb_node **p; + struct rb_node *node, *parent = NULL; +@@ -100,7 +104,7 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) + if (iint) + return iint; + +- iint = kmem_cache_alloc(iint_cache, GFP_NOFS); ++ iint = kmem_cache_alloc(iint_cache, GFP_KERNEL); + if (!iint) + return NULL; + +@@ -110,7 +114,7 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) + while (*p) { + parent = *p; + test_iint = rb_entry(parent, struct integrity_iint_cache, +- rb_node); ++ rb_node); + if (inode < test_iint->inode) + p = &(*p)->rb_left; + else +@@ -133,7 +137,7 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) + * + * Free the integrity information(iint) associated with an inode. + */ +-void integrity_inode_free(struct inode *inode) ++static void __integrity_inode_free(struct inode *inode) + { + struct integrity_iint_cache *iint; + +@@ -166,8 +170,21 @@ static void init_once(void *foo) + static int __init integrity_iintcache_init(void) + { + iint_cache = +- kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), +- 0, SLAB_PANIC, init_once); ++ kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), ++ 0, SLAB_PANIC, init_once); ++ ++ /* ++ * stow away original Kernel references ++ * for these functions to assign back ++ * on deinit ++ */ ++ integrity_inode_get_kernel = integrity_inode_get; ++ integrity_inode_free_kernel = integrity_inode_free; ++ ++ integrity_inode_get = &__integrity_inode_get; ++ integrity_inode_free = &__integrity_inode_free; ++ pr_info("Initializing Integrity Base Module\n"); ++ + return 0; + } + security_initcall(integrity_iintcache_init); +@@ -186,18 +203,22 @@ int integrity_kernel_read(struct file *file, loff_t offset, + { + mm_segment_t old_fs; + char __user *buf = (char __user *)addr; +- ssize_t ret; ++ ssize_t ret = -EINVAL; + + if (!(file->f_mode & FMODE_READ)) + return -EBADF; + + old_fs = get_fs(); + set_fs(get_ds()); +- ret = __vfs_read(file, buf, count, &offset); ++ if (file->f_op->read) ++ ret = file->f_op->read(file, buf, count, &offset); ++ else if (file->f_op->aio_read) ++ ret = do_sync_read(file, buf, count, &offset); + set_fs(old_fs); + + return ret; + } ++EXPORT_SYMBOL_GPL(integrity_kernel_read); + + /* + * integrity_read_file - read entire file content into the buffer +@@ -259,3 +280,18 @@ void __init integrity_load_keys(void) + ima_load_x509(); + evm_load_x509(); + } ++ ++static void __exit cleanup_integrity(void) ++{ ++ /* ++ * assign back to default kernel definations ++ * for these dynamic functions ++ */ ++ integrity_inode_get = integrity_inode_get_kernel; ++ integrity_inode_free = integrity_inode_free_kernel; ++} ++ ++module_exit(cleanup_integrity); ++MODULE_DESCRIPTION("Integrity Base Driver"); ++MODULE_LICENSE("GPL"); ++ +diff --git a/ima/Makefile b/ima/Makefile +index 29f198b..cdf918c 100644 +--- a/ima/Makefile ++++ b/ima/Makefile +@@ -6,7 +6,7 @@ + obj-$(CONFIG_IMA) += ima.o + + ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ +- ima_policy.o ima_template.o ima_template_lib.o +-ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o +-ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o +-obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o ++ ima_policy.o ima_template.o ima_template_lib.o ima_appraise.o ++#ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o ++#ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o ++#obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o +diff --git a/ima/ima.h b/ima/ima.h +index b563fbd..5492dda 100644 +--- a/ima/ima.h ++++ b/ima/ima.h +@@ -17,6 +17,9 @@ + #ifndef __LINUX_IMA_H + #define __LINUX_IMA_H + ++// include kcompat layer ++#include "../kcompat.h" ++ + #include + #include + #include +@@ -155,6 +158,7 @@ unsigned long ima_get_binary_runtime_size(void); + int ima_init_template(void); + void ima_init_template_list(void); + ++ + /* + * used to protect h_table and sha_table + */ +@@ -242,7 +246,10 @@ enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, + int xattr_len); + int ima_read_xattr(struct dentry *dentry, + struct evm_ima_xattr_data **xattr_value); +- ++void __ima_inode_post_setattr(struct dentry *dentry); ++int __ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, ++ const void *xattr_value, size_t xattr_value_len); ++int __ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); + #else + static inline int ima_appraise_measurement(enum ima_hooks func, + struct integrity_iint_cache *iint, +diff --git a/ima/ima_api.c b/ima/ima_api.c +index c2edba8..e14e9d0 100644 +--- a/ima/ima_api.c ++++ b/ima/ima_api.c +@@ -307,11 +307,9 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, + if (!ab) + return; + +- audit_log_format(ab, "file="); +- audit_log_untrustedstring(ab, filename); +- audit_log_format(ab, " hash="); ++ audit_log_format(ab, "file=%s", filename); + snprintf(algo_hash, sizeof(algo_hash), "%s:%s", algo_name, hash); +- audit_log_untrustedstring(ab, algo_hash); ++ audit_log_format(ab, " hash=%s", algo_hash); + + audit_log_task_info(ab, current); + audit_log_end(ab); +@@ -332,12 +330,12 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, + const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf) + { + char *pathname = NULL; +- +- *pathbuf = __getname(); ++ /* We will allow 11 spaces for ' (deleted)' to be appended */ ++ *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); + if (*pathbuf) { +- pathname = d_absolute_path(path, *pathbuf, PATH_MAX); ++ pathname = d_path(path, *pathbuf, PATH_MAX + 11); + if (IS_ERR(pathname)) { +- __putname(*pathbuf); ++ kfree(*pathbuf); + *pathbuf = NULL; + pathname = NULL; + } +diff --git a/ima/ima_appraise.c b/ima/ima_appraise.c +index 1fd9539..b0d4286 100644 +--- a/ima/ima_appraise.c ++++ b/ima/ima_appraise.c +@@ -8,6 +8,9 @@ + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2 of the License. + */ ++ ++#include "../kcompat.h" ++ + #include + #include + #include +@@ -58,10 +61,10 @@ static int ima_fix_xattr(struct dentry *dentry, + iint->ima_hash->xattr.ng.type = IMA_XATTR_DIGEST_NG; + iint->ima_hash->xattr.ng.algo = algo; + } +- rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA, +- &iint->ima_hash->xattr.data[offset], +- (sizeof(iint->ima_hash->xattr) - offset) + +- iint->ima_hash->length, 0); ++ rc = vfs_setxattr(dentry, XATTR_NAME_IMA, ++ &iint->ima_hash->xattr.data[offset], ++ (sizeof(iint->ima_hash->xattr) - offset) + ++ iint->ima_hash->length, 0); + return rc; + } + +@@ -168,14 +171,14 @@ enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, + int ima_read_xattr(struct dentry *dentry, + struct evm_ima_xattr_data **xattr_value) + { +- ssize_t ret; ++ struct inode *inode = d_backing_inode(dentry); ++ if (!inode->i_op->getxattr) ++ return 0; + +- ret = vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value, +- 0, GFP_NOFS); +- if (ret == -EOPNOTSUPP) +- ret = 0; +- return ret; ++ return vfs_getxattr_alloc(dentry, XATTR_NAME_IMA, (char **)xattr_value, ++ 0, GFP_NOFS); + } ++EXPORT_SYMBOL_GPL(ima_read_xattr); + + /* + * ima_appraise_measurement - appraise file measurement +@@ -198,7 +201,7 @@ int ima_appraise_measurement(enum ima_hooks func, + enum integrity_status status = INTEGRITY_UNKNOWN; + int rc = xattr_len, hash_start = 0; + +- if (!(inode->i_opflags & IOP_XATTR)) ++ if (!inode->i_op->getxattr) + return INTEGRITY_UNKNOWN; + + if (rc <= 0) { +@@ -214,7 +217,11 @@ int ima_appraise_measurement(enum ima_hooks func, + goto out; + } + ++#ifdef CONFIG_EVM + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); ++#else ++ status = INTEGRITY_UNKNOWN; /* CONFIG_INTEGRITY */ ++#endif + if ((status != INTEGRITY_PASS) && (status != INTEGRITY_UNKNOWN)) { + if ((status == INTEGRITY_NOLABEL) + || (status == INTEGRITY_NOXATTRS)) +@@ -321,14 +328,14 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) + * This function is called from notify_change(), which expects the caller + * to lock the inode's i_mutex. + */ +-void ima_inode_post_setattr(struct dentry *dentry) ++void __ima_inode_post_setattr(struct dentry *dentry) + { + struct inode *inode = d_backing_inode(dentry); + struct integrity_iint_cache *iint; +- int must_appraise; ++ int must_appraise, rc; + + if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode) +- || !(inode->i_opflags & IOP_XATTR)) ++ || !inode->i_op->removexattr) + return; + + must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); +@@ -341,7 +348,8 @@ void ima_inode_post_setattr(struct dentry *dentry) + iint->flags |= IMA_APPRAISE; + } + if (!must_appraise) +- __vfs_removexattr(dentry, XATTR_NAME_IMA); ++ rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); ++ return; + } + + /* +@@ -378,7 +386,7 @@ static void ima_reset_appraise_flags(struct inode *inode, int digsig) + return; + } + +-int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, ++int __ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, + const void *xattr_value, size_t xattr_value_len) + { + const struct evm_ima_xattr_data *xvalue = xattr_value; +@@ -396,7 +404,7 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, + return result; + } + +-int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) ++int __ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) + { + int result; + +diff --git a/ima/ima_fs.c b/ima/ima_fs.c +index ca303e5..e871955 100644 +--- a/ima/ima_fs.c ++++ b/ima/ima_fs.c +@@ -274,6 +274,9 @@ static const struct file_operations ima_ascii_measurements_ops = { + + static ssize_t ima_read_policy(char *path) + { ++#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) ++ return -EINVAL; ++#else + void *data; + char *datap; + loff_t size; +@@ -307,6 +310,7 @@ static ssize_t ima_read_policy(char *path) + return -EINVAL; + else + return pathlen; ++#endif + } + + static ssize_t ima_write_policy(struct file *file, const char __user *buf, +diff --git a/ima/ima_init.c b/ima/ima_init.c +index 2967d49..0759c8c 100644 +--- a/ima/ima_init.c ++++ b/ima/ima_init.c +@@ -117,7 +117,9 @@ int __init ima_init(void) + if (!ima_used_chip) + pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n", + rc); +- ++ else ++ pr_info("TPM chip found, using TPM for aggregate measurements!\n"); ++ + rc = integrity_init_keyring(INTEGRITY_KEYRING_IMA); + if (rc) + return rc; +diff --git a/ima/ima_main.c b/ima/ima_main.c +index 2aebb79..5d6ba23 100644 +--- a/ima/ima_main.c ++++ b/ima/ima_main.c +@@ -16,6 +16,10 @@ + * implements the IMA hooks: ima_bprm_check, ima_file_mmap, + * and ima_file_check. + */ ++ ++// include kcompat layer ++#include "../kcompat.h" ++ + #include + #include + #include +@@ -30,7 +34,10 @@ + int ima_initialized; + + #ifdef CONFIG_IMA_APPRAISE +-int ima_appraise = IMA_APPRAISE_ENFORCE; ++/* ++ * WRS: Set default appraise action as "log" ++ */ ++int ima_appraise = IMA_APPRAISE_LOG; + #else + int ima_appraise; + #endif +@@ -140,7 +147,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, + * + * Flag files that changed, based on i_version + */ +-void ima_file_free(struct file *file) ++static void __ima_file_free(struct file *file) + { + struct inode *inode = file_inode(file); + struct integrity_iint_cache *iint; +@@ -259,8 +266,7 @@ out_digsig: + rc = -EACCES; + kfree(xattr_value); + out_free: +- if (pathbuf) +- __putname(pathbuf); ++ kfree(pathbuf); + out: + inode_unlock(inode); + if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) +@@ -279,7 +285,7 @@ out: + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. + */ +-int ima_file_mmap(struct file *file, unsigned long prot) ++static int __ima_file_mmap(struct file *file, unsigned long prot) + { + if (file && (prot & PROT_EXEC)) + return process_measurement(file, NULL, 0, MAY_EXEC, +@@ -300,7 +306,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. + */ +-int ima_bprm_check(struct linux_binprm *bprm) ++static int __ima_bprm_check(struct linux_binprm *bprm) + { + return process_measurement(bprm->file, NULL, 0, MAY_EXEC, + BPRM_CHECK, 0); +@@ -316,13 +322,12 @@ int ima_bprm_check(struct linux_binprm *bprm) + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. + */ +-int ima_file_check(struct file *file, int mask, int opened) ++static int __ima_file_check(struct file *file, int mask, int opened) + { + return process_measurement(file, NULL, 0, + mask & (MAY_READ | MAY_WRITE | MAY_EXEC | + MAY_APPEND), FILE_CHECK, opened); + } +-EXPORT_SYMBOL_GPL(ima_file_check); + + /** + * ima_post_path_mknod - mark as a new inode +@@ -346,6 +351,7 @@ void ima_post_path_mknod(struct dentry *dentry) + iint->flags |= IMA_NEW_FILE; + } + ++#if ( LINUX_VERSION_CODE > KERNEL_VERSION(3,10,0) ) + /** + * ima_read_file - pre-measure/appraise hook decision based on policy + * @file: pointer to the file to be measured/appraised/audit +@@ -415,10 +421,28 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, + func = read_idmap[read_id] ?: FILE_CHECK; + return process_measurement(file, buf, size, MAY_READ, func, 0); + } ++#endif + + static int __init init_ima(void) + { + int error; ++ ++ /* ++ * On loading the module, map the kernel inline ++ * function calls (used by the FS layer) to ++ * function definations within the module. ++ * ++ * N.B: No specific unmapping (to Kernel default) ++ * required as IMA module cannot be removed (even forcebly), ++ * once it binds to the Kernel VFS layer ++ */ ++ ima_bprm_check = &__ima_bprm_check; ++ ima_file_check = &__ima_file_check; ++ ima_file_free = &__ima_file_free; ++ ima_file_mmap = &__ima_file_mmap; ++ ima_inode_post_setattr = &__ima_inode_post_setattr; ++ ima_inode_setxattr = &__ima_inode_setxattr; ++ ima_inode_removexattr = &__ima_inode_removexattr; + + ima_init_template_list(); + hash_setup(CONFIG_IMA_DEFAULT_HASH); +diff --git a/ima/ima_policy.c b/ima/ima_policy.c +index aed47b7..dd52d98 100644 +--- a/ima/ima_policy.c ++++ b/ima/ima_policy.c +@@ -92,9 +92,11 @@ static struct ima_rule_entry dont_measure_rules[] = { + {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, + {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, ++#if ( LINUX_VERSION_CODE > KERNEL_VERSION(3,10,0) ) ++ {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, ++#endif + {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC, +- .flags = IMA_FSMAGIC}, +- {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC} ++ .flags = IMA_FSMAGIC} + }; + + static struct ima_rule_entry original_measurement_rules[] = { +@@ -132,7 +134,9 @@ static struct ima_rule_entry default_appraise_rules[] = { + {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC}, + {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC}, + {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, ++#if ( LINUX_VERSION_CODE > KERNEL_VERSION(3,10,0) ) + {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, ++#endif + {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, + #ifdef CONFIG_IMA_WRITE_POLICY + {.action = APPRAISE, .func = POLICY_CHECK, +@@ -243,7 +247,11 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, + if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) + return false; + if (rule->flags & IMA_EUID) { ++#if ( LINUX_VERSION_CODE > KERNEL_VERSION(3,10,0) ) + if (has_capability_noaudit(current, CAP_SETUID)) { ++#else ++ if (capable_wrt_inode_uidgid(inode, CAP_SETUID) || capable(CAP_SETUID)) { ++#endif + if (!uid_eq(rule->uid, cred->euid) + && !uid_eq(rule->uid, cred->suid) + && !uid_eq(rule->uid, cred->uid)) +@@ -541,10 +549,26 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, + return result; + } + ++static int ima_string_contains_hex(const char *string, size_t len) ++{ ++ const unsigned char *p; ++ for (p = string; p < (const unsigned char *)string + len; p++) { ++ if (*p == '"' || *p < 0x21 || *p > 0x7e) ++ return 1; ++ } ++ return 0; ++} ++ ++ + static void ima_log_string(struct audit_buffer *ab, char *key, char *value) + { +- audit_log_format(ab, "%s=", key); +- audit_log_untrustedstring(ab, value); ++ if (ima_string_contains_hex(value, strlen(value))) { ++ // value string contains hex. Convert to hex instead ++ audit_log_format(ab, "%s=(contains hex)%s", key, value); ++ } ++ else { ++ audit_log_format(ab, "%s=%s", key, value); ++ } + audit_log_format(ab, " "); + } + +diff --git a/integrity.h b/integrity.h +index 24520b4..c13e61d 100644 +--- a/integrity.h ++++ b/integrity.h +@@ -16,6 +16,8 @@ + #include + #include + ++#include "kcompat.h" ++ + /* iint action cache flags */ + #define IMA_MEASURE 0x00000001 + #define IMA_MEASURED 0x00000002 +@@ -91,7 +93,7 @@ struct ima_digest_data { + struct signature_v2_hdr { + uint8_t type; /* xattr type */ + uint8_t version; /* signature format version */ +- uint8_t hash_algo; /* Digest algorithm [enum hash_algo] */ ++ uint8_t hash_algo; /* Digest algorithm [enum pkey_hash_algo] */ + uint32_t keyid; /* IMA key identifier - not X509/PGP specific */ + uint16_t sig_size; /* signature size */ + uint8_t sig[0]; /* signature payload */ +@@ -127,12 +129,11 @@ int __init integrity_read_file(const char *path, char **data); + #define INTEGRITY_KEYRING_MAX 3 + + #ifdef CONFIG_INTEGRITY_SIGNATURE +- + int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, + const char *digest, int digestlen); + +-int __init integrity_init_keyring(const unsigned int id); +-int __init integrity_load_x509(const unsigned int id, const char *path); ++int integrity_init_keyring(const unsigned int id); ++int integrity_load_x509(const unsigned int id, const char *path); + #else + + static inline int integrity_digsig_verify(const unsigned int id, +diff --git a/integrity_audit.c b/integrity_audit.c +index 90987d1..ba5e532 100644 +--- a/integrity_audit.c ++++ b/integrity_audit.c +@@ -10,6 +10,7 @@ + * Audit calls for the integrity subsystem + */ + ++#include "kcompat.h" + #include + #include + #include +@@ -45,21 +46,17 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, + from_kuid(&init_user_ns, audit_get_loginuid(current)), + audit_get_sessionid(current)); + audit_log_task_context(ab); +- audit_log_format(ab, " op="); +- audit_log_string(ab, op); +- audit_log_format(ab, " cause="); +- audit_log_string(ab, cause); +- audit_log_format(ab, " comm="); +- audit_log_untrustedstring(ab, get_task_comm(name, current)); ++ audit_log_format(ab, " op=\"%s\"", op); ++ audit_log_format(ab, " cause=\"%s\"", cause); ++ audit_log_format(ab, " comm=%s", get_task_comm(name, current)); + if (fname) { +- audit_log_format(ab, " name="); +- audit_log_untrustedstring(ab, fname); ++ audit_log_format(ab, " name=%s", fname); + } + if (inode) { +- audit_log_format(ab, " dev="); +- audit_log_untrustedstring(ab, inode->i_sb->s_id); ++ audit_log_format(ab, " dev=%s", inode->i_sb->s_id); + audit_log_format(ab, " ino=%lu", inode->i_ino); + } + audit_log_format(ab, " res=%d", !result); + audit_log_end(ab); + } ++EXPORT_SYMBOL_GPL(integrity_audit_msg); +diff --git a/kcompat.h b/kcompat.h +new file mode 100644 +index 0000000..936b76c +--- /dev/null ++++ b/kcompat.h +@@ -0,0 +1,34 @@ ++#ifndef _KCOMPAT_H_ ++#define _KCOMPAT_H_ ++ ++#ifndef LINUX_VERSION_CODE ++#include ++#else ++#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) ++#endif ++ ++#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) ++ ++/* kcompat definitions */ ++#define CONFIG_TCG_TPM_MODULE 1 ++ ++#define CONFIG_IMA 1 ++#define CONFIG_IMA_APPRAISE_SIGNED_INIT 1 ++#define CONFIG_IMA_APPRAISE 1 ++#define CONFIG_IMA_DEFAULT_HASH "sha256" ++#define CONFIG_IMA_MEASURE_PCR_IDX 10 ++#define CONFIG_IMA_DEFAULT_TEMPLATE "ima-sig" ++#define CONFIG_INTEGRITY 1 ++#define CONFIG_INTEGRITY_AUDIT 1 ++#define CONFIG_INTEGRITY_ASYMMETRIC_KEYS 1 ++#define CONFIG_INTEGRITY_SIGNATURE 1 ++#define CONFIG_CRYPTO_RSA 1 ++ ++#define __GFP_RECLAIM __GFP_WAIT ++ ++#define inode_lock(_node) mutex_lock(&_node->i_mutex) ++#define inode_unlock(_node) mutex_unlock(&_node->i_mutex) ++ ++ ++#endif ++#endif +-- +1.8.3.1 + diff --git a/integrity/patches/0002-integrity-expose-module-params.patch b/integrity/patches/0002-integrity-expose-module-params.patch new file mode 100644 index 0000000..c35ab83 --- /dev/null +++ b/integrity/patches/0002-integrity-expose-module-params.patch @@ -0,0 +1,156 @@ +From 6d0d8278d37b3874e0b272a6d01663fbfc91cdcb Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Fri, 22 Sep 2017 14:19:39 -0400 +Subject: [PATCH] US103091: IMA: System Configuration + +Expose integrity_audit and ima_appraise (which were only available +as boot parameters), as Module parameters since it is perceived that +customers would want to tune these at runtime. The integrity_audit +parameter can be toggled at runtime, however the ima_appraise modparam +will require a node reboot inorder to change appraise type. + +In addition we introduce a new module param to disable IMA-TPM +interactions. Ths is tunable at runtime. +--- + ima/ima_appraise.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- + ima/ima_init.c | 18 ++++++++++++------ + integrity_audit.c | 2 ++ + kcompat.h | 4 ++++ + 4 files changed, 63 insertions(+), 8 deletions(-) + +diff --git a/ima/ima_appraise.c b/ima/ima_appraise.c +index b0d4286..88b5091 100644 +--- a/ima/ima_appraise.c ++++ b/ima/ima_appraise.c +@@ -21,7 +21,21 @@ + + #include "ima.h" + +-static int __init default_appraise_setup(char *str) ++static char *ima_appraise_param = "log"; ++static int ima_appraise_param_set(const char *, ++ const struct kernel_param *); ++static struct kernel_param_ops ima_appraise_param_ops = { ++ .set = ima_appraise_param_set, ++ .get = param_get_charp, ++}; ++module_param_cb(ima_appraise_param, &ima_appraise_param_ops, ++ &ima_appraise_param, 0444); ++MODULE_PARM_DESC(ima_appraise_param, ++ "IMA appraise type " \ ++ "{ \"off\" | \"enforce\" | \"fix\" | \"log\" }" \ ++ "(default: log)."); ++ ++static int default_appraise_setup(char *str) + { + if (strncmp(str, "off", 3) == 0) + ima_appraise = 0; +@@ -29,11 +43,40 @@ static int __init default_appraise_setup(char *str) + ima_appraise = IMA_APPRAISE_LOG; + else if (strncmp(str, "fix", 3) == 0) + ima_appraise = IMA_APPRAISE_FIX; +- return 1; ++ else if (strncmp(str, "enforce", 7) == 0) ++ ima_appraise = IMA_APPRAISE_ENFORCE; ++ else { ++ return -1; ++ } ++ return 1; + } + + __setup("ima_appraise=", default_appraise_setup); + ++ ++static int ima_appraise_param_set(const char *val, ++ const struct kernel_param *kp) ++{ ++ char *ima_appraise_type = strstrip((char *)val); ++ ++ /* no change required */ ++ if (!strcmp(ima_appraise_type, *(char **)kp->arg)) ++ return 0; ++ ++ /* set the ima_appraise mode and only ++ * update the kernel parameter if the parameter ++ * was successfully set */ ++ int ret; ++ ret = default_appraise_setup(ima_appraise_type); ++ if (ret == -1) { ++ pr_err("Undefined value for ima_appraise_param: %s\n", ++ ima_appraise_type); ++ return -EINVAL; ++ } ++ ++ return param_set_charp(ima_appraise_type, kp); ++} ++ + /* + * ima_must_appraise - set appraise flag + * +diff --git a/ima/ima_init.c b/ima/ima_init.c +index 0759c8c..a7362e8 100644 +--- a/ima/ima_init.c ++++ b/ima/ima_init.c +@@ -26,7 +26,11 @@ + + /* name for boot aggregate entry */ + static const char *boot_aggregate_name = "boot_aggregate"; +-int ima_used_chip; ++int ima_used_chip = -1; ++module_param_named(ima_use_tpm, ima_used_chip, int, 0644); ++MODULE_PARM_DESC(ima_use_tpm, ++ "Enable TPM interaction for storing measurement aggregate " \ ++ " { 0(disable) | 1(enable) }(default: 0)."); + + /* Add the boot aggregate to the IMA measurement list and extend + * the PCR register. +@@ -108,11 +112,13 @@ int __init ima_init(void) + { + u8 pcr_i[TPM_DIGEST_SIZE]; + int rc; +- +- ima_used_chip = 0; +- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); +- if (rc == 0) +- ima_used_chip = 1; ++ ++ if (ima_used_chip != 0) { ++ ima_used_chip = 0; ++ rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); ++ if (rc == 0) ++ ima_used_chip = 1; ++ } + + if (!ima_used_chip) + pr_info("No TPM chip found, activating TPM-bypass! (rc=%d)\n", +diff --git a/integrity_audit.c b/integrity_audit.c +index ba5e532..da29f91 100644 +--- a/integrity_audit.c ++++ b/integrity_audit.c +@@ -17,6 +17,8 @@ + #include "integrity.h" + + static int integrity_audit_info; ++module_param_named(integrity_audit, integrity_audit_info, uint, 0644); ++MODULE_PARM_DESC(integrity_audit, "Enable debug integrity auditing."); + + /* ima_audit_setup - enable informational auditing messages */ + static int __init integrity_audit_setup(char *str) +diff --git a/kcompat.h b/kcompat.h +index 936b76c..a5445aa 100644 +--- a/kcompat.h ++++ b/kcompat.h +@@ -9,6 +9,10 @@ + + #if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) + ++#include ++#include ++#include ++ + /* kcompat definitions */ + #define CONFIG_TCG_TPM_MODULE 1 + +-- +1.8.3.1 + diff --git a/integrity/patches/0003-integrity-restrict-by-iversion.patch b/integrity/patches/0003-integrity-restrict-by-iversion.patch new file mode 100644 index 0000000..0813915 --- /dev/null +++ b/integrity/patches/0003-integrity-restrict-by-iversion.patch @@ -0,0 +1,54 @@ +From 0c83c892509e592692e5002d855ce1f3001149e5 Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Fri, 22 Sep 2017 16:47:36 -0400 +Subject: [PATCH] US103091: IMA: System Configuration + +Since IMA does measurements on all EXT4 file systems (as per IMA +policy), we end up with a large number of measurements for log files and +the DRBD fs. Therefore we restrict IMA to only do measurements & +appraisals on file systems that have i_version set, which is only the +rootfs. +--- + ima/ima_main.c | 6 +++++- + kcompat.h | 1 + + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/ima/ima_main.c b/ima/ima_main.c +index 5d6ba23..ea3ace3 100644 +--- a/ima/ima_main.c ++++ b/ima/ima_main.c +@@ -22,6 +22,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -178,7 +179,10 @@ static int process_measurement(struct file *file, char *buf, loff_t size, + bool violation_check; + enum hash_algo hash_algo; + +- if (!ima_policy_flag || !S_ISREG(inode->i_mode)) ++ /* WRS: Only do measurements & appraisals ++ * on inodes that have i_version set (i.e the rootfs) ++ */ ++ if (!ima_policy_flag || !S_ISREG(inode->i_mode) || !IS_I_VERSION(inode)) + return 0; + + /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action +diff --git a/kcompat.h b/kcompat.h +index a5445aa..59e32a8 100644 +--- a/kcompat.h ++++ b/kcompat.h +@@ -19,6 +19,7 @@ + #define CONFIG_IMA 1 + #define CONFIG_IMA_APPRAISE_SIGNED_INIT 1 + #define CONFIG_IMA_APPRAISE 1 ++#define CONFIG_IMA_LSM_RULES 1 + #define CONFIG_IMA_DEFAULT_HASH "sha256" + #define CONFIG_IMA_MEASURE_PCR_IDX 10 + #define CONFIG_IMA_DEFAULT_TEMPLATE "ima-sig" +-- +1.8.3.1 + diff --git a/integrity/patches/0004-integrity-disable-set-xattr-on-imasig.patch b/integrity/patches/0004-integrity-disable-set-xattr-on-imasig.patch new file mode 100644 index 0000000..cb48968 --- /dev/null +++ b/integrity/patches/0004-integrity-disable-set-xattr-on-imasig.patch @@ -0,0 +1,121 @@ +From 928f2de735ab38802984938618aa051dd55f536c Mon Sep 17 00:00:00 2001 +From: Kam Nasim +Date: Wed, 4 Oct 2017 14:23:13 -0400 +Subject: [PATCH] US103091: IMA: System Configuration + +When appraise_type="imasig" is set in the IMA policy then don't allow +IMA to put a hash value for the security.ima xattr, if the extended +attribute is missing. This is a fool's errand, as there is already a +check in the driver which will give an appraisal failure if it detects +that the security.ima xattr is a Hash and NOT a Signature, so appraisal +would fail again next time that file is executed. + +The advantage of this fix is that it improves driver performance as we +are not collecting a measurement on appraisal failure + +By virtue of the same, we will not remove the security.ima xattr if we +detect that imasig is set on that iint +--- + ima/ima_appraise.c | 33 +++++++++++++++++++++++++++++---- + ima/ima_main.c | 2 -- + 2 files changed, 29 insertions(+), 6 deletions(-) + +diff --git a/ima/ima_appraise.c b/ima/ima_appraise.c +index 88b5091..cff2ad2 100644 +--- a/ima/ima_appraise.c ++++ b/ima/ima_appraise.c +@@ -250,8 +250,11 @@ int ima_appraise_measurement(enum ima_hooks func, + if (rc <= 0) { + if (rc && rc != -ENODATA) + goto out; +- +- cause = "missing-hash"; ++ ++ if (iint->flags & IMA_DIGSIG_REQUIRED) ++ cause = "missing-signature"; ++ else ++ cause = "missing-hash"; + status = INTEGRITY_NOLABEL; + if (opened & FILE_CREATED) { + iint->flags |= IMA_NEW_FILE; +@@ -352,7 +355,8 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) + int rc = 0; + + /* do not collect and update hash for digital signatures */ +- if (iint->flags & IMA_DIGSIG) ++ /* WRS: Don't do it if appraise_type is set to imasig */ ++ if ((iint->flags & IMA_DIGSIG) || (iint->flags & IMA_DIGSIG_REQUIRED)) + return; + + rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo); +@@ -376,6 +380,7 @@ void __ima_inode_post_setattr(struct dentry *dentry) + struct inode *inode = d_backing_inode(dentry); + struct integrity_iint_cache *iint; + int must_appraise, rc; ++ int imasig = 0; + + if (!(ima_policy_flag & IMA_APPRAISE) || !S_ISREG(inode->i_mode) + || !inode->i_op->removexattr) +@@ -384,11 +389,20 @@ void __ima_inode_post_setattr(struct dentry *dentry) + must_appraise = ima_must_appraise(inode, MAY_ACCESS, POST_SETATTR); + iint = integrity_iint_find(inode); + if (iint) { ++ /* WRS: Before we clear all the ACTION RULE FLAGS, check if ++ * imasig was set on this iint, which implies that we are ++ * expecting a signature for the security.ima xattr ++ */ ++ if (iint->flags & IMA_DIGSIG_REQUIRED) ++ imasig = 1; + iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED | + IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK | + IMA_ACTION_RULE_FLAGS); +- if (must_appraise) ++ if (must_appraise) { + iint->flags |= IMA_APPRAISE; ++ if (imasig) ++ iint->flags |= IMA_DIGSIG_REQUIRED; ++ } + } + if (!must_appraise) + rc = inode->i_op->removexattr(dentry, XATTR_NAME_IMA); +@@ -450,6 +464,17 @@ int __ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, + int __ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) + { + int result; ++ ++ /* WRS: If this security.ima xattr is a digital signature ++ * then we will not allow it to be removed (only if we ++ * have a cached iint entry for it) ++ */ ++ struct inode *inode = d_backing_inode(dentry); ++ struct integrity_iint_cache *iint = integrity_iint_find(inode); ++ if (iint) { ++ if (iint->flags & IMA_DIGSIG_REQUIRED) ++ return -EPERM; ++ } + + result = ima_protect_xattr(dentry, xattr_name, NULL, 0); + if (result == 1) { +diff --git a/ima/ima_main.c b/ima/ima_main.c +index ea3ace3..15ac6a7 100644 +--- a/ima/ima_main.c ++++ b/ima/ima_main.c +@@ -129,7 +129,6 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, + if (!(mode & FMODE_WRITE)) + return; + +- inode_lock(inode); + if (atomic_read(&inode->i_writecount) == 1) { + if ((iint->version != inode->i_version) || + (iint->flags & IMA_NEW_FILE)) { +@@ -139,7 +138,6 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, + ima_update_xattr(iint, file); + } + } +- inode_unlock(inode); + } + + /** +-- +1.8.3.1 + diff --git a/integrity/patches/Changes-for-CentOS-7.4-support.patch b/integrity/patches/Changes-for-CentOS-7.4-support.patch new file mode 100644 index 0000000..b20f9b2 --- /dev/null +++ b/integrity/patches/Changes-for-CentOS-7.4-support.patch @@ -0,0 +1,28 @@ +From cf5d8b554d6fdacf3ad3d18333bd00f8b937ff54 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Jim Somerville +Date: Wed, 11 Oct 2017 16:38:36 -0400 +Subject: [PATCH 1/1] Changes for CentOS 7.4 support + +Signed-off-by: Jim Somerville +--- + kcompat.h | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/kcompat.h b/kcompat.h +index 59e32a8..3d4e8f6 100644 +--- a/kcompat.h ++++ b/kcompat.h +@@ -31,9 +31,5 @@ + + #define __GFP_RECLAIM __GFP_WAIT + +-#define inode_lock(_node) mutex_lock(&_node->i_mutex) +-#define inode_unlock(_node) mutex_unlock(&_node->i_mutex) +- +- + #endif + #endif +-- +1.8.3.1 + diff --git a/integrity/patches/integrity-kmod.spec.patchlist b/integrity/patches/integrity-kmod.spec.patchlist new file mode 100644 index 0000000..e2a7a19 --- /dev/null +++ b/integrity/patches/integrity-kmod.spec.patchlist @@ -0,0 +1,3 @@ +0001-integrity-kcompat-support.patch +0002-integrity-expose-module-params.patch +0003-integrity-restrict-by-iversion.patch diff --git a/intel-e1000e/centos/build_srpm.data b/intel-e1000e/centos/build_srpm.data new file mode 100644 index 0000000..1c54cf2 --- /dev/null +++ b/intel-e1000e/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/intel-e1000e/files/* \ + $CGCS_BASE/downloads/e1000e-3.3.6.tar.gz" +TIS_PATCH_VER=1 diff --git a/intel-e1000e/centos/e1000e-kmod.spec b/intel-e1000e/centos/e1000e-kmod.spec new file mode 100644 index 0000000..ac1473f --- /dev/null +++ b/intel-e1000e/centos/e1000e-kmod.spec @@ -0,0 +1,125 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name e1000e + +Name: %{kmod_name}-kmod%{?bt_ext} +Version: 3.3.6 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name}%{?bt_ext} kernel module(s) +URL: http://www.intel.com/ + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: %{kmod_name}-%{version}.tar.gz +Source5: GPL-v2.0.txt +Source11: modules-load.conf + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-e1000e%{?bt_ext} +Summary: e1000e kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: e1000e-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod + +%description -n kmod-e1000e%{?bt_ext} +This package provides the e1000e kernel module(s) built +for the Linux kernel using the %{_target_cpu} family of processors. + +%post -n kmod-e1000e%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/e1000e | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." + +%preun -n kmod-e1000e%{?bt_ext} +rpm -ql kmod-e1000e%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-e1000e%{?bt_ext}-modules + +%postun -n kmod-e1000e%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-e1000e%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-e1000e%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." + +%files -n kmod-e1000e%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/kmod-e1000e.conf +%doc /usr/share/doc/kmod-e1000e-%{version}/ +%doc /usr/share/man/man7/ +%{_sysconfdir}/modules-load.d/e1000e.conf + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name}-%{version} +%{__gzip} %{kmod_name}.7 +echo "override %{kmod_name} * weak-updates/%{kmod_name}" > kmod-%{kmod_name}.conf + +%build +pushd src >/dev/null +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} +popd >/dev/null + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} src/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} kmod-%{kmod_name}.conf %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} %{SOURCE5} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} pci.updates %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} README %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} -d %{buildroot}%{_mandir}/man7/ +%{__install} %{kmod_name}.7.gz %{buildroot}%{_mandir}/man7/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/modules-load.d/e1000e.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Fri Feb 24 2017 Matt Peters 3.3.5.3 +- Initial RPM package + diff --git a/intel-e1000e/centos/files/GPL-v2.0.txt b/intel-e1000e/centos/files/GPL-v2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/intel-e1000e/centos/files/GPL-v2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/intel-e1000e/files/modules-load.conf b/intel-e1000e/files/modules-load.conf new file mode 100644 index 0000000..146fa26 --- /dev/null +++ b/intel-e1000e/files/modules-load.conf @@ -0,0 +1 @@ +e1000e diff --git a/intel-i40e/PKG-INFO b/intel-i40e/PKG-INFO new file mode 100644 index 0000000..7d67ac1 --- /dev/null +++ b/intel-i40e/PKG-INFO @@ -0,0 +1,13 @@ +Metadata-Version: 1.1 +Name: i40e-kmod +Version: 1.4.25 +Summary: i40e Linux* Base Driver for the Intel(R) XL710 Ethernet Controller Family +Home-page: http://www.intel.com/network/connectivity/products/server_adapters.htm +Author: +Author-email: +License: GPL +Description: +This package contains the Linux driver for the Intel(R) Ethernet Connection +XL710 Family of devices. + +Platform: UNKNOWN diff --git a/intel-i40e/centos/build_srpm.data b/intel-i40e/centos/build_srpm.data new file mode 100644 index 0000000..73df0e4 --- /dev/null +++ b/intel-i40e/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/intel-i40e/files/* \ + $CGCS_BASE/downloads/i40e-2.4.3.tar.gz" +TIS_PATCH_VER=6 diff --git a/intel-i40e/centos/files/GPL-v2.0.txt b/intel-i40e/centos/files/GPL-v2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/intel-i40e/centos/files/GPL-v2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/intel-i40e/centos/i40e-kmod.spec b/intel-i40e/centos/i40e-kmod.spec new file mode 100644 index 0000000..7665cb0 --- /dev/null +++ b/intel-i40e/centos/i40e-kmod.spec @@ -0,0 +1,127 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name i40e + +Name: %{kmod_name}-kmod%{?bt_ext} +Version: 2.4.3 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name}%{?bt_ext} kernel module(s) +URL: http://www.intel.com/ + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: %{kmod_name}-%{version}.tar.gz +Source5: GPL-v2.0.txt +Source11: modules-load.conf + +Patch01: 0001-i40e-Enable-getting-link-status-from-VF.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-i40e%{?bt_ext} +Summary: i40e kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: i40e-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod + +%description -n kmod-i40e%{?bt_ext} +This package provides the i40e kernel module(s) built +for the Linux kernel using the %{_target_cpu} family of processors. + +%post -n kmod-i40e%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/i40e | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." + +%preun -n kmod-i40e%{?bt_ext} +rpm -ql kmod-i40e%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-i40e%{?bt_ext}-modules + +%postun -n kmod-i40e%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-i40e%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-i40e%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." + +%files -n kmod-i40e%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/kmod-i40e.conf +%doc /usr/share/doc/kmod-i40e-%{version}/ +%doc /usr/share/man/man7/ +%{_sysconfdir}/modules-load.d/i40e.conf + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name}-%{version} +%{__gzip} %{kmod_name}.7 +echo "override %{kmod_name} * weak-updates/%{kmod_name}" > kmod-%{kmod_name}.conf + +%build +pushd src >/dev/null +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} +popd >/dev/null + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} src/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} kmod-%{kmod_name}.conf %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} %{SOURCE5} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} pci.updates %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} README %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} -d %{buildroot}%{_mandir}/man7/ +%{__install} %{kmod_name}.7.gz %{buildroot}%{_mandir}/man7/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/modules-load.d/i40e.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Thu Feb 11 2016 Matthias Saou 1.4.25-1 +- Initial RPM package, based on elrepo.org's ixgbe one. + diff --git a/intel-i40e/files/0001-i40e-Enable-getting-link-status-from-VF.patch b/intel-i40e/files/0001-i40e-Enable-getting-link-status-from-VF.patch new file mode 100644 index 0000000..95f73a2 --- /dev/null +++ b/intel-i40e/files/0001-i40e-Enable-getting-link-status-from-VF.patch @@ -0,0 +1,126 @@ +From 71b273f39c927e5e4b4ea196f17106c147cd0804 Mon Sep 17 00:00:00 2001 +From: Vadim Suraev +Date: Mon, 8 Feb 2016 15:57:30 -0500 +Subject: [PATCH 1/2] i40e: Enable getting link status from VF + +Add handling of custom OP code sent from the PMD VF to get link status via the +virtual channel interface. + +Signed-off-by: Allain Legacy +Signed-off-by: eric zhang +--- + src/i40e_virtchnl_pf.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++ + src/virtchnl.h | 1 + + 2 files changed, 79 insertions(+) + +diff --git a/src/i40e_virtchnl_pf.c b/src/i40e_virtchnl_pf.c +index 8270b67..0eeaaca 100644 +--- a/src/i40e_virtchnl_pf.c ++++ b/src/i40e_virtchnl_pf.c +@@ -1859,6 +1859,81 @@ error_param: + aq_ret); + } + ++struct i40e_eth_link { ++ uint16_t link_speed; /**< ETH_LINK_SPEED_[10, 100, 1000, 10000] */ ++ uint16_t link_duplex; /**< ETH_LINK_[HALF_DUPLEX, FULL_DUPLEX] */ ++ uint8_t link_status : 1; /**< 1 -> link up, 0 -> link down */ ++}__attribute__((aligned(8))); ++ ++#define ETH_LINK_SPEED_AUTONEG 0 /**< Auto-negotiate link speed. */ ++#define ETH_LINK_SPEED_10 10 /**< 10 megabits/second. */ ++#define ETH_LINK_SPEED_100 100 /**< 100 megabits/second. */ ++#define ETH_LINK_SPEED_1000 1000 /**< 1 gigabits/second. */ ++#define ETH_LINK_SPEED_10000 10000 /**< 10 gigabits/second. */ ++#define ETH_LINK_SPEED_10G 10000 /**< alias of 10 gigabits/second. */ ++#define ETH_LINK_SPEED_20G 20000 /**< 20 gigabits/second. */ ++#define ETH_LINK_SPEED_40G 40000 /**< 40 gigabits/second. */ ++ ++#define ETH_LINK_AUTONEG_DUPLEX 0 /**< Auto-negotiate duplex. */ ++#define ETH_LINK_HALF_DUPLEX 1 /**< Half-duplex connection. */ ++#define ETH_LINK_FULL_DUPLEX 2 /**< Full-duplex connection. */ ++ ++static void ++i40e_vc_get_link_status(struct i40e_vf *vf) ++{ ++ struct i40e_pf *pf = vf->pf; ++ struct i40e_hw *hw; ++ i40e_status aq_ret = I40E_SUCCESS; ++ i40e_status status; ++ struct i40e_eth_link eth_link; ++ bool new_link; ++ ++ if (!test_bit(I40E_VF_STATE_ACTIVE, &vf->vf_states) || ++ !test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps)) { ++ aq_ret = I40E_ERR_PARAM; ++ goto error_param; ++ } ++ hw = &pf->hw; ++ ++ /* set this to force the get_link_status call to refresh state */ ++ pf->hw.phy.get_link_info = true; ++ ++ status = i40e_get_link_status(&pf->hw, &new_link); ++ if (status != I40E_SUCCESS) { ++ dev_dbg(&pf->pdev->dev, "couldn't get link state, status: %d\n", ++ status); ++ aq_ret = I40E_ERR_INVALID_LINK_SETTINGS; ++ goto error_param; ++ } ++ ++ /* Update link status first to acquire latest link change */ ++ eth_link.link_status = new_link ? 1 : 0; ++ ++ switch(hw->phy.link_info.link_speed) { ++ case I40E_LINK_SPEED_40GB: ++ eth_link.link_speed = ETH_LINK_SPEED_40G; ++ break; ++ case I40E_LINK_SPEED_10GB: ++ eth_link.link_speed = ETH_LINK_SPEED_10G; ++ break; ++ case I40E_LINK_SPEED_1GB: ++ eth_link.link_speed = ETH_LINK_SPEED_1000; ++ break; ++ case I40E_LINK_SPEED_100MB: ++ eth_link.link_speed = ETH_LINK_SPEED_100; ++ break; ++ default: ++ eth_link.link_speed = ETH_LINK_SPEED_AUTONEG; ++ break; ++ } ++ eth_link.link_duplex = ETH_LINK_FULL_DUPLEX;/* always */ ++ ++error_param: ++ i40e_vc_send_msg_to_vf(vf, VIRTCHNL_OP_GET_LINK_STAT, ++ aq_ret, (uint8_t *)ð_link, ++ sizeof(eth_link)); ++} ++ + /** + * i40e_vc_config_queues_msg + * @vf: pointer to the VF info +@@ -2835,6 +2910,9 @@ int i40e_vc_process_vf_msg(struct i40e_pf *pf, s16 vf_id, u32 v_opcode, + case VIRTCHNL_OP_REQUEST_QUEUES: + ret = i40e_vc_request_queues_msg(vf, msg, msglen); + break; ++ case VIRTCHNL_OP_GET_LINK_STAT: ++ i40e_vc_get_link_status(vf); ++ break; + + case VIRTCHNL_OP_UNKNOWN: + default: +diff --git a/src/virtchnl.h b/src/virtchnl.h +index 8cf91d4..ba64641 100644 +--- a/src/virtchnl.h ++++ b/src/virtchnl.h +@@ -133,6 +133,7 @@ enum virtchnl_ops { + VIRTCHNL_OP_ENABLE_VLAN_STRIPPING = 27, + VIRTCHNL_OP_DISABLE_VLAN_STRIPPING = 28, + VIRTCHNL_OP_REQUEST_QUEUES = 29, ++ VIRTCHNL_OP_GET_LINK_STAT = 0x101, + + }; + +-- +1.8.3.1 + diff --git a/intel-i40e/files/modules-load.conf b/intel-i40e/files/modules-load.conf new file mode 100644 index 0000000..d772f16 --- /dev/null +++ b/intel-i40e/files/modules-load.conf @@ -0,0 +1 @@ +i40e diff --git a/intel-i40evf/PKG-INFO b/intel-i40evf/PKG-INFO new file mode 100644 index 0000000..d35d936 --- /dev/null +++ b/intel-i40evf/PKG-INFO @@ -0,0 +1,13 @@ +Metadata-Version: 1.1 +Name: i40evf-kmod +Version: 1.4.15 +Summary: Linux* Driver for Intel(R) XL710/X710 Virtual Function +Home-page: http://www.intel.com/network/connectivity/products/server_adapters.htm +Author: +Author-email: +License: GPL +Description: +This package contains the Linux driver for the Virtual Functions of Intel(R) +Ethernet Connection XL710 Family of devices. + +Platform: UNKNOWN diff --git a/intel-i40evf/centos/build_srpm.data b/intel-i40evf/centos/build_srpm.data new file mode 100644 index 0000000..f05768c --- /dev/null +++ b/intel-i40evf/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/intel-i40evf/files/* \ + $CGCS_BASE/downloads/i40evf-3.4.2.tar.gz" +TIS_PATCH_VER=4 diff --git a/intel-i40evf/centos/files/GPL-v2.0.txt b/intel-i40evf/centos/files/GPL-v2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/intel-i40evf/centos/files/GPL-v2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/intel-i40evf/centos/i40evf-kmod.spec b/intel-i40evf/centos/i40evf-kmod.spec new file mode 100644 index 0000000..ce82e37 --- /dev/null +++ b/intel-i40evf/centos/i40evf-kmod.spec @@ -0,0 +1,125 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name i40evf + +Name: %{kmod_name}-kmod%{?bt_ext} +Version: 3.4.2 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name} kernel module(s) +URL: http://www.intel.com/ + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: %{kmod_name}-%{version}.tar.gz +Source5: GPL-v2.0.txt +Source11: modules-load.conf + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-i40evf%{?bt_ext} +Summary: i40evf kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: i40evf-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod + +%description -n kmod-i40evf%{?bt_ext} +This package provides the i40evf kernel module(s) built +for the Linux kernel using the %{_target_cpu} family of processors. + +%post -n kmod-i40evf%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/i40evf | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." + +%preun -n kmod-i40evf%{?bt_ext} +rpm -ql kmod-i40evf%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-i40evf%{?bt_ext}-modules + +%postun -n kmod-i40evf%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-i40evf%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-i40evf%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." + +%files -n kmod-i40evf%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/kmod-i40evf.conf +%doc /usr/share/doc/kmod-i40evf-%{version}/ +%doc /usr/share/man/man7/ +%{_sysconfdir}/modules-load.d/i40evf.conf + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name}-%{version} +%{__gzip} %{kmod_name}.7 +echo "override %{kmod_name} * weak-updates/%{kmod_name}" > kmod-%{kmod_name}.conf + +%build +pushd src >/dev/null +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} +popd >/dev/null + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} src/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} kmod-%{kmod_name}.conf %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} %{SOURCE5} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} pci.updates %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} README %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} -d %{buildroot}%{_mandir}/man7/ +%{__install} %{kmod_name}.7.gz %{buildroot}%{_mandir}/man7/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/modules-load.d/i40evf.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Thu Feb 11 2016 Matthias Saou 1.4.25-1 +- Initial RPM package, based on elrepo.org's ixgbe one. + diff --git a/intel-i40evf/files/modules-load.conf b/intel-i40evf/files/modules-load.conf new file mode 100644 index 0000000..c647f0e --- /dev/null +++ b/intel-i40evf/files/modules-load.conf @@ -0,0 +1 @@ +i40evf diff --git a/intel-ixgbe/centos/build_srpm.data b/intel-ixgbe/centos/build_srpm.data new file mode 100644 index 0000000..ce5c045 --- /dev/null +++ b/intel-ixgbe/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/intel-ixgbe/files/* \ + $CGCS_BASE/downloads/ixgbe-5.2.3.tar.gz" +TIS_PATCH_VER=2 diff --git a/intel-ixgbe/centos/files/GPL-v2.0.txt b/intel-ixgbe/centos/files/GPL-v2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/intel-ixgbe/centos/files/GPL-v2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/intel-ixgbe/centos/ixgbe-kmod.spec b/intel-ixgbe/centos/ixgbe-kmod.spec new file mode 100644 index 0000000..c858f14 --- /dev/null +++ b/intel-ixgbe/centos/ixgbe-kmod.spec @@ -0,0 +1,124 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name ixgbe + +Name: %{kmod_name}-kmod%{?bt_ext} +Version: 5.2.3 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name} kernel module(s) +URL: http://www.intel.com/ + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: %{kmod_name}-%{version}.tar.gz +Source5: GPL-v2.0.txt +Source11: modules-load.conf + +#Patch01: first-patch-would-go-here.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-ixgbe%{?bt_ext} +Summary: ixgbe kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: ixgbe-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod +BuildRequires: kernel%{?bt_ext}-devel +%description -n kmod-ixgbe%{?bt_ext} +This package provides the ixgbe kernel module(s) built +for the Linux kernel using the %{_target_cpu} family of processors. +%post -n kmod-ixgbe%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/ixgbe | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." +%preun -n kmod-ixgbe%{?bt_ext} +rpm -ql kmod-ixgbe%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-ixgbe%{?bt_ext}-modules +%postun -n kmod-ixgbe%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-ixgbe%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-ixgbe%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." +%files -n kmod-ixgbe%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/kmod-ixgbe.conf +%doc /usr/share/doc/kmod-ixgbe-%{version}/ +%doc /usr/share/man/man7/ +%{_sysconfdir}/modules-load.d/ixgbe.conf + + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name}-%{version} +%{__gzip} %{kmod_name}.7 +echo "override %{kmod_name} * weak-updates/%{kmod_name}" > kmod-%{kmod_name}.conf + +%build +pushd src >/dev/null +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} +popd >/dev/null + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} src/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} kmod-%{kmod_name}.conf %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} %{SOURCE5} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} pci.updates %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} README %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} -d %{buildroot}%{_mandir}/man7/ +%{__install} %{kmod_name}.7.gz %{buildroot}%{_mandir}/man7/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/modules-load.d/ixgbe.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Thu Feb 11 2016 Matthias Saou 1.4.25-1 +- Initial RPM package, based on elrepo.org's ixgbe one. + diff --git a/intel-ixgbe/files/modules-load.conf b/intel-ixgbe/files/modules-load.conf new file mode 100644 index 0000000..e11d477 --- /dev/null +++ b/intel-ixgbe/files/modules-load.conf @@ -0,0 +1 @@ +ixgbe diff --git a/intel-ixgbevf/centos/build_srpm.data b/intel-ixgbevf/centos/build_srpm.data new file mode 100644 index 0000000..3fc72c9 --- /dev/null +++ b/intel-ixgbevf/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/intel-ixgbevf/files/* \ + $CGCS_BASE/downloads/ixgbevf-4.2.1.tar.gz" +TIS_PATCH_VER=2 diff --git a/intel-ixgbevf/centos/files/GPL-v2.0.txt b/intel-ixgbevf/centos/files/GPL-v2.0.txt new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/intel-ixgbevf/centos/files/GPL-v2.0.txt @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/intel-ixgbevf/centos/ixgbevf-kmod.spec b/intel-ixgbevf/centos/ixgbevf-kmod.spec new file mode 100644 index 0000000..cfe84e4 --- /dev/null +++ b/intel-ixgbevf/centos/ixgbevf-kmod.spec @@ -0,0 +1,124 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name ixgbevf + +Name: %{kmod_name}-kmod%{?bt_ext} +Version: 4.2.1 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name} kernel module(s) +URL: http://www.intel.com/ + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +Source0: %{kmod_name}-%{version}.tar.gz +Source5: GPL-v2.0.txt +Source11: modules-load.conf + +Patch01: 0001-i40evf-Fix-compile-issue.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-ixgbevf%{?bt_ext} +Summary: ixgbevf kernel module(s) +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: ixgbevf-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod +BuildRequires: kernel%{?bt_ext}-devel +%description -n kmod-ixgbevf%{?bt_ext} +This package provides the ixgbevf kernel module(s) built +for the Linux kernel using the %{_target_cpu} family of processors. +%post -n kmod-ixgbevf%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/extra/ixgbevf | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." +%preun -n kmod-ixgbevf%{?bt_ext} +rpm -ql kmod-ixgbevf%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-ixgbevf%{?bt_ext}-modules +%postun -n kmod-ixgbevf%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-ixgbevf%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-ixgbevf%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." +%files -n kmod-ixgbevf%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%config(noreplace)/etc/depmod.d/kmod-ixgbevf.conf +%doc /usr/share/doc/kmod-ixgbevf-%{version}/ +%doc /usr/share/man/man7/ +%{_sysconfdir}/modules-load.d/ixgbevf.conf + + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name}-%{version} +%{__gzip} %{kmod_name}.7 +echo "override %{kmod_name} * weak-updates/%{kmod_name}" > kmod-%{kmod_name}.conf + +%build +pushd src >/dev/null +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} +popd >/dev/null + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} src/%{kmod_name}.ko %{buildroot}/lib/modules/%{kversion}/extra/%{kmod_name}/ +%{__install} -d %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} kmod-%{kmod_name}.conf %{buildroot}%{_sysconfdir}/depmod.d/ +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} %{SOURCE5} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} pci.updates %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} README %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}-%{version}/ +%{__install} -d %{buildroot}%{_mandir}/man7/ +%{__install} %{kmod_name}.7.gz %{buildroot}%{_mandir}/man7/ +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/modules-load.d/ixgbevf.conf + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Thu Feb 11 2016 Matthias Saou 1.4.25-1 +- Initial RPM package, based on elrepo.org's ixgbevf one. + diff --git a/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch b/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch new file mode 100644 index 0000000..52a20e3 --- /dev/null +++ b/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch @@ -0,0 +1,27 @@ +From af5c220050e90b388fdff4b3730cde150988daec Mon Sep 17 00:00:00 2001 +From: Dahir Osman +Date: Fri, 23 Sep 2016 11:17:54 -0400 +Subject: [PATCH] i40evf: Fix compile issue. + +The Makefile was using the wrong CONFIG to compile the driver sources. +The driver was not being built at all without this fix. +--- + src/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile b/src/Makefile +index b50a61d..610c5f9 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -28,7 +28,7 @@ ifneq ($(KERNELRELEASE),) + # Makefile for the Intel(R) 10GbE PCI Express Virtual Function Driver + # + +-obj-$(CONFIG_IXGBE) += ixgbevf.o ++obj-$(CONFIG_IXGBEVF) += ixgbevf.o + + define ixgbevf-y + ixgbevf_main.o +-- +1.9.1 + diff --git a/intel-ixgbevf/files/modules-load.conf b/intel-ixgbevf/files/modules-load.conf new file mode 100644 index 0000000..2ee9727 --- /dev/null +++ b/intel-ixgbevf/files/modules-load.conf @@ -0,0 +1 @@ +ixgbevf diff --git a/iptables/PKG-INFO b/iptables/PKG-INFO new file mode 100644 index 0000000..fe0d3ab --- /dev/null +++ b/iptables/PKG-INFO @@ -0,0 +1,16 @@ +Metadata-Version: 1.1 +Name: iptables +Version: 1.4.21 +Summary: Tools for managing Linux kernel packet filtering capabilities +Home-page: +Author: +Author-email: +License: GPLv2 + +Description: +The iptables utility controls the network packet filtering code in the +Linux kernel. If you need to set up firewalls and/or IP masquerading, +you should install this package. + + +Platform: UNKNOWN diff --git a/iptables/centos/build_srpm.data b/iptables/centos/build_srpm.data new file mode 100644 index 0000000..f158cfb --- /dev/null +++ b/iptables/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="iptables/*" +TIS_PATCH_VER=3 diff --git a/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..c8292cd --- /dev/null +++ b/iptables/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From d34bb2d38b4a62db5be32ddd901b1ebd6966165c Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/iptables.spec +--- + SPECS/iptables.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index ddf75a0..9d65fc7 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -7,7 +7,7 @@ + Name: iptables + Summary: Tools for managing Linux kernel packet filtering capabilities + Version: 1.4.21 +-Release: 18.0.1%{?dist} ++Release: 18.0.1.el7%{?_tis_dist}.%{tis_patch_ver} + Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 + Source1: iptables.init + Source2: iptables-config +-- +1.9.1 + diff --git a/iptables/centos/meta_patches/0002-default-service-enabled.patch b/iptables/centos/meta_patches/0002-default-service-enabled.patch new file mode 100644 index 0000000..3486938 --- /dev/null +++ b/iptables/centos/meta_patches/0002-default-service-enabled.patch @@ -0,0 +1,24 @@ +From 48e4805ac9d088837bd639b06388dd34f0a6e0f1 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 3/3] WRS: 0002-default-service-enabled.patch + +--- + SPECS/iptables.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index 9d65fc7..9f59ede 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -223,6 +223,7 @@ done + + %post services + %systemd_post iptables.service ip6tables.service ++/usr/bin/systemctl enable iptables.service ip6tables.service >/dev/null 2>&1 + + %preun services + %systemd_preun iptables.service ip6tables.service +-- +1.9.1 + diff --git a/iptables/centos/meta_patches/PATCH_ORDER b/iptables/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..08234f3 --- /dev/null +++ b/iptables/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,3 @@ +spec-include-custom-rules.patch +0001-Update-package-versioning-for-TIS-format.patch +0002-default-service-enabled.patch diff --git a/iptables/centos/meta_patches/spec-include-custom-rules.patch b/iptables/centos/meta_patches/spec-include-custom-rules.patch new file mode 100644 index 0000000..fc7c926 --- /dev/null +++ b/iptables/centos/meta_patches/spec-include-custom-rules.patch @@ -0,0 +1,50 @@ +From 2c6bfc5f39203c8293f1db33804816c9d881ddde Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:15:33 -0400 +Subject: [PATCH 1/3] WRS: spec-include-custom-rules.patch + +--- + SPECS/iptables.spec | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec +index fc07a38..ddf75a0 100644 +--- a/SPECS/iptables.spec ++++ b/SPECS/iptables.spec +@@ -16,6 +16,11 @@ Source4: iptables.save-legacy + Source5: sysconfig_iptables + Source6: sysconfig_ip6tables + Source7: iptables.panic-legacy ++ ++# WRS ++Source8: iptables.rules ++Source9: ip6tables.rules ++ + Patch1: iptables-1.4.21-rhbz_1054871.patch + Patch2: iptables-1.4.21-libxt_cgroup.patch + Patch3: iptables-1.4.21-wait_seconds.patch +@@ -76,8 +81,8 @@ Requires(post): systemd + Requires(preun): systemd + Requires(postun): systemd + # provide and obsolete old main package +-Provides: %{name} = 1.4.16.1 +-Obsoletes: %{name} < 1.4.16.1 ++#Provides: %{name} = 1.4.16.1 ++#Obsoletes: %{name} < 1.4.16.1 + # provide and obsolete ipv6 sub package + Provides: %{name}-ipv6 = 1.4.11.1 + Obsoletes: %{name}-ipv6 < 1.4.11.1 +@@ -179,6 +184,10 @@ sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildr + install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save + install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic + ++# WRS ++install -m 600 %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/iptables ++install -m 600 %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables ++ + %if 0%{?rhel} + %pre + for p in %{_sysconfdir}/alternatives/iptables.*; do +-- +1.9.1 + diff --git a/iptables/centos/srpm_path b/iptables/centos/srpm_path new file mode 100644 index 0000000..d46cdfd --- /dev/null +++ b/iptables/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/iptables-1.4.21-18.0.1.el7.centos.src.rpm diff --git a/iptables/iptables/ip6tables.rules b/iptables/iptables/ip6tables.rules new file mode 100644 index 0000000..9ba9a26 --- /dev/null +++ b/iptables/iptables/ip6tables.rules @@ -0,0 +1,8 @@ +# system default rules +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:INPUT-custom-pre - [0:0] +:INPUT-custom-post - [0:0] +COMMIT diff --git a/iptables/iptables/iptables.rules b/iptables/iptables/iptables.rules new file mode 100644 index 0000000..9ba9a26 --- /dev/null +++ b/iptables/iptables/iptables.rules @@ -0,0 +1,8 @@ +# system default rules +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:INPUT-custom-pre - [0:0] +:INPUT-custom-post - [0:0] +COMMIT diff --git a/iscsi-initiator-utils/PKG-INFO b/iscsi-initiator-utils/PKG-INFO new file mode 100644 index 0000000..1336d62 --- /dev/null +++ b/iscsi-initiator-utils/PKG-INFO @@ -0,0 +1,17 @@ +Metadata-Version: 1.1 +Name: iscsi-initiator-utils +Version: 2.0-873 +Summary: iSCSI daemon and utility programs +Home-page: +Author: +Author-email: +License: GPLv2+ + +Description: +The iscsi package provides the server daemon for the iSCSI protocol, +as well as the utility programs used to manage it. iSCSI is a protocol +for distributed disk access using SCSI commands sent over Internet +Protocol networks. + + +Platform: UNKNOWN diff --git a/iscsi-initiator-utils/centos/build_srpm.data b/iscsi-initiator-utils/centos/build_srpm.data new file mode 100644 index 0000000..112ca54 --- /dev/null +++ b/iscsi-initiator-utils/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="files/*" +TIS_PATCH_VER=2 diff --git a/iscsi-initiator-utils/centos/meta_patches/0001-spec-include-TiS-changes.patch b/iscsi-initiator-utils/centos/meta_patches/0001-spec-include-TiS-changes.patch new file mode 100644 index 0000000..4979dd2 --- /dev/null +++ b/iscsi-initiator-utils/centos/meta_patches/0001-spec-include-TiS-changes.patch @@ -0,0 +1,88 @@ +From 70c42ca7d05032305e77b7ea10d003cac0b932ef Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:19:19 -0400 +Subject: [PATCH 1/2] WRS: spec-include-TiS-changes.patch + +--- + SPECS/iscsi-initiator-utils.spec | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/SPECS/iscsi-initiator-utils.spec b/SPECS/iscsi-initiator-utils.spec +index e164c03..ce2198d 100644 +--- a/SPECS/iscsi-initiator-utils.spec ++++ b/SPECS/iscsi-initiator-utils.spec +@@ -13,6 +13,9 @@ Source0: https://github.com/open-iscsi/open-iscsi/archive/%{open_iscsi_version}. + Source4: 04-iscsi + Source5: iscsi-tmpfiles.conf + ++# WRS ++Source6: iscsi-cache.volatiles ++ + # upstream patches, post last tagged version + Patch1: open-iscsi-2.0.874-1-iBFT-origin-is-an-enum-not-a-string.patch + Patch2: open-iscsi-2.0.874-4-iscsid-treat-SIGTERM-like-iscsiadm-k-0.patch +@@ -54,6 +57,9 @@ Patch198: keep-open-isns.patch + # version string, needs to be updated with each build + Patch199: 0199-use-Red-Hat-version-string-to-match-RPM-package-vers.patch + ++# WRS ++Patch200: increase-default-error-timeouts-for-iSCSI-initiator.patch ++ + BuildRequires: flex bison python-devel doxygen kmod-devel systemd-devel libmount-devel autoconf automake libtool + # For dir ownership + Requires: %{name}-iscsiuio >= %{version}-%{release} +@@ -167,6 +173,9 @@ touch $RPM_BUILD_ROOT/var/lock/iscsi/lock + %{__install} -pm 755 libiscsi/build/lib.linux-*/libiscsimodule.so \ + $RPM_BUILD_ROOT%{python_sitearch} + ++# WRS ++%{__install} -D -p -m 0644 %{SOURCE6} $RPM_BUILD_ROOT%{_tmpfilesdir}/iscsi-cache.conf ++ + + %post + /sbin/ldconfig +@@ -229,13 +238,13 @@ fi + + %files + %doc README +-%dir %{_sharedstatedir}/iscsi +-%dir %{_sharedstatedir}/iscsi/nodes +-%dir %{_sharedstatedir}/iscsi/isns +-%dir %{_sharedstatedir}/iscsi/static +-%dir %{_sharedstatedir}/iscsi/slp +-%dir %{_sharedstatedir}/iscsi/ifaces +-%dir %{_sharedstatedir}/iscsi/send_targets ++%ghost %{_sharedstatedir}/iscsi ++%ghost %{_sharedstatedir}/iscsi/nodes ++%ghost %{_sharedstatedir}/iscsi/isns ++%ghost %{_sharedstatedir}/iscsi/static ++%ghost %{_sharedstatedir}/iscsi/slp ++%ghost %{_sharedstatedir}/iscsi/ifaces ++%ghost %{_sharedstatedir}/iscsi/send_targets + %ghost %{_var}/lock/iscsi + %ghost %{_var}/lock/iscsi/lock + %{_unitdir}/iscsi.service +@@ -245,8 +254,8 @@ fi + %{_libexecdir}/iscsi-mark-root-nodes + %{_sysconfdir}/NetworkManager/dispatcher.d/04-iscsi + %{_tmpfilesdir}/iscsi.conf +-%dir %{_sysconfdir}/iscsi +-%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/iscsi/iscsid.conf ++%attr(0750,root,root) %dir %{_sysconfdir}/iscsi ++%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/iscsi/iscsid.conf + %{_sbindir}/iscsi-iname + %{_sbindir}/iscsiadm + %{_sbindir}/iscsid +@@ -258,6 +267,9 @@ fi + %{_mandir}/man8/iscsid.8.gz + %{_mandir}/man8/iscsistart.8.gz + ++# WRS ++%{_tmpfilesdir}/iscsi-cache.conf ++ + %files iscsiuio + %{_sbindir}/iscsiuio + %{_unitdir}/iscsiuio.service +-- +1.9.1 + diff --git a/iscsi-initiator-utils/centos/meta_patches/0002-Update-package-versioning-for-TIS-format.patch b/iscsi-initiator-utils/centos/meta_patches/0002-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..28bdf0b --- /dev/null +++ b/iscsi-initiator-utils/centos/meta_patches/0002-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From 85c339bab120a0ca76e97af0ec3c48ad0448b066 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:19:19 -0400 +Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/iscsi-initiator-utils.spec +--- + SPECS/iscsi-initiator-utils.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/iscsi-initiator-utils.spec b/SPECS/iscsi-initiator-utils.spec +index ce2198d..e9402cb 100644 +--- a/SPECS/iscsi-initiator-utils.spec ++++ b/SPECS/iscsi-initiator-utils.spec +@@ -4,7 +4,7 @@ + Summary: iSCSI daemon and utility programs + Name: iscsi-initiator-utils + Version: 6.%{open_iscsi_version}.%{open_iscsi_build} +-Release: 4%{?dist} ++Release: 4.el7%{?_tis_dist}.%{tis_patch_ver} + Group: System Environment/Daemons + License: GPLv2+ + URL: http://www.open-iscsi.org +-- +1.9.1 + diff --git a/iscsi-initiator-utils/centos/meta_patches/0003-Add-iscsi-shutdown.service-patch.patch b/iscsi-initiator-utils/centos/meta_patches/0003-Add-iscsi-shutdown.service-patch.patch new file mode 100644 index 0000000..f7c2835 --- /dev/null +++ b/iscsi-initiator-utils/centos/meta_patches/0003-Add-iscsi-shutdown.service-patch.patch @@ -0,0 +1,26 @@ +From a6f22ef69ec794098fdd639f15a8266949de1499 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Thu, 2 Nov 2017 11:03:43 -0400 +Subject: [PATCH] Add iscsi-shutdown.service patch + +--- + SPECS/iscsi-initiator-utils.spec | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/SPECS/iscsi-initiator-utils.spec b/SPECS/iscsi-initiator-utils.spec +index 1457acb..0a95945 100644 +--- a/SPECS/iscsi-initiator-utils.spec ++++ b/SPECS/iscsi-initiator-utils.spec +@@ -57,7 +57,8 @@ Patch198: keep-open-isns.patch + Patch199: 0199-use-Red-Hat-version-string-to-match-RPM-package-vers.patch + + # WRS +-Patch200: increase-default-error-timeouts-for-iSCSI-initiator.patch ++Patch10001: 0001-increase-default-error-timeouts-for-iSCSI-initiator.patch ++Patch10002: 0002-Add-dependency-against-network.service-to-iscsi-shut.patch + + BuildRequires: flex bison python-devel doxygen kmod-devel systemd-devel libmount-devel autoconf automake libtool + # For dir ownership +-- +1.8.3.1 + diff --git a/iscsi-initiator-utils/centos/meta_patches/PATCH_ORDER b/iscsi-initiator-utils/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..5177e03 --- /dev/null +++ b/iscsi-initiator-utils/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,3 @@ +0001-spec-include-TiS-changes.patch +0002-Update-package-versioning-for-TIS-format.patch +0003-Add-iscsi-shutdown.service-patch.patch diff --git a/iscsi-initiator-utils/centos/patches/0001-increase-default-error-timeouts-for-iSCSI-initiator.patch b/iscsi-initiator-utils/centos/patches/0001-increase-default-error-timeouts-for-iSCSI-initiator.patch new file mode 100644 index 0000000..a3794ce --- /dev/null +++ b/iscsi-initiator-utils/centos/patches/0001-increase-default-error-timeouts-for-iSCSI-initiator.patch @@ -0,0 +1,48 @@ +From e030a19da5a93a8fdca9ed1c7263d6e2be3ceb5a Mon Sep 17 00:00:00 2001 +From: Chris Friesen +Date: Wed, 5 Aug 2015 18:09:36 -0400 +Subject: [PATCH] Increase default error timeouts for iSCSI initiator + +The only place we use the iSCSI initiator within our system is on +the compute nodes when using cinder volumes. + +Accordingly, change the default values to something that makes more +sense when instance root filesystems are being accessed via iSCSI. + +This addresses CGTS-2286. +--- + etc/iscsid.conf | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/etc/iscsid.conf b/etc/iscsid.conf +index b9b3b1f..0f270b5 100644 +--- a/etc/iscsid.conf ++++ b/etc/iscsid.conf +@@ -95,7 +95,7 @@ node.leading_login = No + # - If the value is 0, IO will be failed immediately. + # - If the value is less than 0, IO will remain queued until the session + # is logged back in, or until the user runs the logout command. +-node.session.timeo.replacement_timeout = 120 ++node.session.timeo.replacement_timeout = 900 + + # To specify the time to wait for login to complete, edit the line. + # The value is in seconds and the default is 15 seconds. +@@ -106,13 +106,13 @@ node.conn[0].timeo.login_timeout = 15 + node.conn[0].timeo.logout_timeout = 15 + + # Time interval to wait for on connection before sending a ping. +-node.conn[0].timeo.noop_out_interval = 5 ++node.conn[0].timeo.noop_out_interval = 900 + + # To specify the time to wait for a Nop-out response before failing + # the connection, edit this line. Failing the connection will + # cause IO to be failed back to the SCSI layer. If using dm-multipath + # this will cause the IO to be failed to the multipath layer. +-node.conn[0].timeo.noop_out_timeout = 5 ++node.conn[0].timeo.noop_out_timeout = 900 + + # To specify the time to wait for abort response before + # failing the operation and trying a logical unit reset edit the line. +-- +1.9.1 + diff --git a/iscsi-initiator-utils/centos/patches/0002-Add-dependency-against-network.service-to-iscsi-shut.patch b/iscsi-initiator-utils/centos/patches/0002-Add-dependency-against-network.service-to-iscsi-shut.patch new file mode 100644 index 0000000..28dacdb --- /dev/null +++ b/iscsi-initiator-utils/centos/patches/0002-Add-dependency-against-network.service-to-iscsi-shut.patch @@ -0,0 +1,25 @@ +From f1f45f8028b8ef5804e0c9ff4d7dd5be6d21fdb4 Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Thu, 2 Nov 2017 11:00:17 -0400 +Subject: [PATCH] Add dependency against network.service to + iscsi-shutdown.service + +--- + etc/systemd/iscsi-shutdown.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/etc/systemd/iscsi-shutdown.service b/etc/systemd/iscsi-shutdown.service +index fcb431a..35ee8ba 100644 +--- a/etc/systemd/iscsi-shutdown.service ++++ b/etc/systemd/iscsi-shutdown.service +@@ -4,6 +4,7 @@ Documentation=man:iscsid(8) man:iscsiadm(8) + DefaultDependencies=no + Conflicts=shutdown.target + After=systemd-remount-fs.service network.target iscsid.service iscsiuio.service ++After=network.service + Before=remote-fs-pre.target + Wants=remote-fs-pre.target + RefuseManualStop=yes +-- +1.8.3.1 + diff --git a/iscsi-initiator-utils/centos/srpm_path b/iscsi-initiator-utils/centos/srpm_path new file mode 100644 index 0000000..ab53ea1 --- /dev/null +++ b/iscsi-initiator-utils/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/iscsi-initiator-utils-6.2.0.874-4.el7.src.rpm diff --git a/iscsi-initiator-utils/files/iscsi-cache.volatiles b/iscsi-initiator-utils/files/iscsi-cache.volatiles new file mode 100644 index 0000000..9f26672 --- /dev/null +++ b/iscsi-initiator-utils/files/iscsi-cache.volatiles @@ -0,0 +1,3 @@ +# See "man tmpfiles.d" for details +d /run/iscsi-cache 0755 root root - +L /var/lib/iscsi - - - - /run/iscsi-cache diff --git a/ldapscripts/PKG-INFO b/ldapscripts/PKG-INFO new file mode 100644 index 0000000..a5f4eb3 --- /dev/null +++ b/ldapscripts/PKG-INFO @@ -0,0 +1,14 @@ +Metadata-Version: 1.1 +Name: ldapscripts +Version: 2.0.8 +Summary: ldapscripts +Home-page: +Author: +Author-email: +License: GPLv2 + +Description: +Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory. + + +Platform: UNKNOWN diff --git a/ldapscripts/centos/build_srpm.data b/ldapscripts/centos/build_srpm.data new file mode 100644 index 0000000..0beff5c --- /dev/null +++ b/ldapscripts/centos/build_srpm.data @@ -0,0 +1,3 @@ +COPY_LIST="files/* \ + $CGCS_BASE/downloads/ldapscripts-2.0.8.tgz" +TIS_PATCH_VER=1 diff --git a/ldapscripts/centos/ldapscripts.spec b/ldapscripts/centos/ldapscripts.spec new file mode 100644 index 0000000..3baeb1f --- /dev/null +++ b/ldapscripts/centos/ldapscripts.spec @@ -0,0 +1,73 @@ +Name: ldapscripts +Version: 2.0.8 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Summary: ldapscripts + +Group: base +License: GPLv2 +URL: unknown +Source0: %{name}-%{version}.tgz +Source1: ldapscripts.conf.cgcs +Source2: ldapadduser.template.cgcs +Source3: ldapaddgroup.template.cgcs +Source4: ldapmoduser.template.cgcs +Source5: ldapaddsudo.template.cgcs +Source6: ldapmodsudo.template.cgcs +Source7: ldapscripts.passwd + +Patch0: sudo-support.patch +Patch1: sudo-delete-support.patch +Patch2: log_timestamp.patch +Patch3: ldap-user-setup-support.patch +Patch4: ldap-user-setup-support-input-validation.patch +Patch5: ldap-user-setup-noninteractive-mode-fix.patch + +%define debug_package %{nil} + +# BuildRequires: +# Requires: + +%description +Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory. + + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 + + +%build + + +%install +make install DESTDIR=%{buildroot} + +rm -Rf %{buildroot}/usr/local/man +rm -f %{buildroot}/usr/local/sbin/*machine* +rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample +install -d ldroot}}/usr/local/etc/ +install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf +install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs +install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs +install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs +install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs +install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs +install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd + +%files +%defattr(-,root,root,-) +%dir /usr/local/etc/ldapscripts/ +%dir /usr/local/lib/ldapscripts/ +/usr/local/sbin/* +%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd +/usr/local/etc/ldapscripts/* +/usr/local/lib/ldapscripts/* + + +%changelog + diff --git a/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch b/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch new file mode 100644 index 0000000..da3b20f --- /dev/null +++ b/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch @@ -0,0 +1,15 @@ +--- + sbin/ldapusersetup | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sbin/ldapusersetup ++++ b/sbin/ldapusersetup +@@ -105,7 +105,7 @@ LdapAddLoginShell () { + ;; + esac + else +- shellopn=${$2,,} ++ shellopn=${2,,} + case $shellopn in + "bash") _SHELL="/bin/sh";; + "lshell") _SHELL="$_DEFAULTLSHELL";; diff --git a/ldapscripts/files/ldap-user-setup-support-input-validation.patch b/ldapscripts/files/ldap-user-setup-support-input-validation.patch new file mode 100644 index 0000000..91caf1a --- /dev/null +++ b/ldapscripts/files/ldap-user-setup-support-input-validation.patch @@ -0,0 +1,87 @@ +--- + sbin/ldapusersetup | 45 ++++++++++++++++++++++++++++++++++----------- + 1 file changed, 34 insertions(+), 11 deletions(-) + +--- a/sbin/ldapusersetup ++++ b/sbin/ldapusersetup +@@ -44,6 +44,29 @@ _SHELL="" + + ### Helper functions ### + ++# Gets input from user and validates it. ++# Will only return if input meets validation ++# criteria otherwise will just sit there. ++# ++# Input : input string ($1), valid output options ($2) ++# Output: the validated input ++# Note : the validation list must be an array ++LdapUserInput () { ++declare -a optionAry=("${!2}") ++while true; do ++ read -p "$1" _output ++ # convert to lower case ++ _output2=${_output,,} ++ # check if output is a valid option ++ if [[ "${optionAry[@]}" =~ "$_output2" ]]; then ++ break ++ else ++ echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2 ++ fi ++done ++ echo "$_output2" ++} ++ + # Delete an ldap user if it exists + # and exit with error + # Input : username ($1), exit msg ($2) +@@ -67,10 +90,12 @@ LdapAddUser() { + LdapAddLoginShell () { + if [ -z "$2" ]; then + # Ask the user for the login shell +- echo "Select Login Shell option # [2]: ++ shellInput="Select Login Shell option # [2]: + 1) Bash +-2) Lshell" +- read opn ++2) Lshell ++" ++ options=( 1, 2 ) ++ opn=`LdapUserInput "$shellInput" options[@]` + case $opn in + 1) _SHELL="/bin/sh";; + 2) _SHELL="$_DEFAULTLSHELL";; +@@ -139,7 +164,6 @@ LdapUpdateShadowWarning () { + echo "Updating password expiry to $_newWarning days" + } + +- + # Since this setup script is meant to be a + # wrapper on top of existing ldap scripts, + # it share invoke those... we could have achieved +@@ -170,10 +194,9 @@ if [ "$#" -eq 0 ]; then + # prompt for sudo permissions + if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then + # Should sudo be activated for this user +- echo -n "Add $_username to sudoer list? (yes/NO): " +- read CONFIRM +- CONFIRM=${CONFIRM,,} +- ++ shellInput="Add $_username to sudoer list? (yes/NO): " ++ options=( "yes", "no" ) ++ CONFIRM=`LdapUserInput "$shellInput" options[@]` + if is_yes $CONFIRM + then + LdapAddSudo "$_username" +@@ -181,9 +204,9 @@ if [ "$#" -eq 0 ]; then + fi + + # Add to secondary user group +- echo -n "Add $_username to secondary user group? (yes/NO): " +- read CONFIRM +- CONFIRM=${CONFIRM,,} ++ shellInput="Add $_username to secondary user group? (yes/NO): " ++ options=( "yes", "no" ) ++ CONFIRM=`LdapUserInput "$shellInput" options[@]` + if is_yes $CONFIRM + then + echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: " diff --git a/ldapscripts/files/ldap-user-setup-support.patch b/ldapscripts/files/ldap-user-setup-support.patch new file mode 100644 index 0000000..c24576f --- /dev/null +++ b/ldapscripts/files/ldap-user-setup-support.patch @@ -0,0 +1,354 @@ +--- + Makefile | 5 + man/man1/ldapusersetup.1 | 61 ++++++++++ + sbin/ldapusersetup | 263 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 327 insertions(+), 2 deletions(-) + +--- /dev/null ++++ b/sbin/ldapusersetup +@@ -0,0 +1,263 @@ ++#!/bin/sh ++ ++# ldapusersetup : interactive setup for adding users to LDAP ++ ++# Copyright (c) 2015 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++ ++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ] ++then ++ echo "Usage : $0 [-u ] ++where accepted field(s) are as follows: ++--sudo : whether to add this user to sudoer list ++--shell <\"bash\"|\"lshell\"> : choose the shell for this user (default is lshell) ++--secondgroup : the secondary group to add this user to ++--passmax : the shadowMax value for this user ++--passwarning : the shadowWarning value for this user" ++ exit 1 ++fi ++ ++# Source runtime file ++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" ++. "$_RUNTIMEFILE" ++ ++# runtime defaults ++_DEFAULTGRP2="wrs_protected" ++_DEFAULTLSHELL="/usr/local/bin/cgcs_cli" ++_DEFAULTSHADOWMAX="90" ++_DEFAULTSHADOWWARNING="2" ++_SHELL="" ++ ++### Helper functions ### ++ ++# Delete an ldap user if it exists ++# and exit with error ++# Input : username ($1), exit msg ($2) ++# Output : none ++LdapRollback() { ++ ldapdeleteuser "$1" ++ end_die "$2" ++} ++ ++# Add an ldap user and exit on failure ++# Input : username ($1) ++# Output : none ++LdapAddUser() { ++ ldapadduser "$1" users ++ [ $? -eq 0 ] || end_die "Critical setup error: cannot add user" ++} ++ ++# Replace Login Shell and call Rollback on failure ++# Input : username ($1), shell to set ($2) ++# Output : none ++LdapAddLoginShell () { ++ if [ -z "$2" ]; then ++ # Ask the user for the login shell ++ echo "Select Login Shell option # [2]: ++1) Bash ++2) Lshell" ++ read opn ++ case $opn in ++ 1) _SHELL="/bin/sh";; ++ 2) _SHELL="$_DEFAULTLSHELL";; ++ *) ++ [ ! -z "$opn" ] && echo "Invalid option. Selecting Lshell" ++ _SHELL="$_DEFAULTLSHELL" ++ ;; ++ esac ++ else ++ shellopn=${$2,,} ++ case $shellopn in ++ "bash") _SHELL="/bin/sh";; ++ "lshell") _SHELL="$_DEFAULTLSHELL";; ++ *) ++ echo "Invalid option($2). Selecting Lshell"; _SHELL="$_DEFAULTLSHELL" ++ ;; ++ esac ++ fi ++ # Replace the login shell ++ ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null ++ [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell" ++} ++ ++# Add user to sudoer list ++# Input : username ($1) ++# Output : true or false ++LdapAddSudo() { ++ ldapaddsudo "$1" 2> /dev/null ++ [ $? -eq 0 ] || \ ++ echo_log "Non critical setup error: cannot add to sudoer list" ++} ++ ++# Add user to a secondary user group ++# Input : username ($1), user group ($2) ++# Output : true or false ++LdapSecondaryGroup () { ++ _newGrp="$2" ++ [ -z "$2" ] && _newGrp=$_DEFAULTGRP2 ++ ++ ldapaddusertogroup $1 $_newGrp ++ [ $? -eq 0 ] || \ ++ echo_log "Non critical setup error: cannot add $1 to $_newGrp" ++} ++ ++# Update shadowMax for user ++# Input : username ($1), shadow Max value ($2) ++# Output : none ++LdapUpdateShadowMax () { ++ _newShadow="$2" ++ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \ ++ && _newShadow=$_DEFAULTSHADOWMAX ++ ++ ldapmodifyuser $1 replace shadowMax $_newShadow ++ echo "Updating password expiry to $_newShadow days" ++} ++ ++# Update shadowWarning for user ++# Input : username ($1), shadow Warning value ($2) ++# Output : none ++LdapUpdateShadowWarning () { ++ _newWarning="$2" ++ ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \ ++ && _newWarning=$_DEFAULTSHADOWWARNING ++ ++ ldapmodifyuser $1 replace shadowWarning $_newWarning ++ echo "Updating password expiry to $_newWarning days" ++} ++ ++ ++# Since this setup script is meant to be a ++# wrapper on top of existing ldap scripts, ++# it share invoke those... we could have achieved ++# loose coupling by not relying on helpers but ++# at the expense of massively redundant code ++# duplication. ++declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_DEFAULTLSHELL") ++ ++# Do some quick sanity tests to make sure ++# helper scripts are present ++for src in "${helper_scripts[@]}"; do ++ if ! type "$src" &>/dev/null; then ++ end_die "Cannot locate $src. Update your PATH variable" ++ fi ++done ++ ++if [ "$#" -eq 0 ]; then ++ # This setup collects all attributes ++ # interactively during runtime ++ echo -n "Enter username to add to LDAP: " ++ read _username ++ LdapAddUser "$_username" ++ ++ # Replace the login shell. We will prompt the user for this ++ LdapAddLoginShell "$_username" ++ ++ # If login shell is NOT the default limited shell then ++ # prompt for sudo permissions ++ if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then ++ # Should sudo be activated for this user ++ echo -n "Add $_username to sudoer list? (yes/NO): " ++ read CONFIRM ++ CONFIRM=${CONFIRM,,} ++ ++ if is_yes $CONFIRM ++ then ++ LdapAddSudo "$_username" ++ fi ++ fi ++ ++ # Add to secondary user group ++ echo -n "Add $_username to secondary user group? (yes/NO): " ++ read CONFIRM ++ CONFIRM=${CONFIRM,,} ++ if is_yes $CONFIRM ++ then ++ echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: " ++ read _grp2 ++ LdapSecondaryGroup $_username $_grp2 ++ fi ++ ++ # Set password expiry ++ echo -n "Enter days after which user password must \ ++be changed [$_DEFAULTSHADOWMAX]: " ++ read _shadowMax ++ LdapUpdateShadowMax $_username $_shadowMax ++ ++ # Set password warning ++ echo -n "Enter days before password is to expire that \ ++user is warned [$_DEFAULTSHADOWWARNING]: " ++ read _shadowWarning ++ LdapUpdateShadowWarning $_username $_shadowWarning ++ ++else ++ # we have to read command line option ++ while [[ $# > 1 ]] ++ do ++ key="$1" ++ ++ case $key in ++ -u|--user) # compulsory ++ _username="$2" ++ shift ++ ;; ++ --sudo) # optional ++ _sudo="yes" ++ ;; ++ --shell) # optional ++ _loginshell="$2" ++ shift ++ ;; ++ --passmax) # optional ++ _shadowMax="$2" ++ shift ++ ;; ++ --passwarning) # optional ++ _shadowWarning="$2" ++ shift ++ ;; ++ --secondgroup) # optional ++ _grpConfirm="1" ++ _grp2="$2" ++ shift ++ ;; ++ *) ++ ++ ;; ++ esac ++ shift ++ done ++ ++ # Add LDAP user ++ [ -z "$_username" ] && end_die "No username argument specified" ++ LdapAddUser $_username ++ ++ # Change Login Shell ++ LdapAddLoginShell $_username "$_loginshell" ++ ++ # Add sudo if required ++ if is_yes $_sudo ++ then ++ LdapAddSudo "$_username" ++ fi ++ ++ # Add secondary group if required ++ [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2 ++ ++ # Password modifications ++ LdapUpdateShadowMax $_username $_shadowMax ++ LdapUpdateShadowWarning $_username $_shadowWarning ++fi +--- a/Makefile ++++ b/Makefile +@@ -41,12 +41,13 @@ SBINFILES = ldapdeletemachine ldapmodify + ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ + ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ + ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ +- ldaprenameuser ldapmodifysudo ldapdeletesudo ++ ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup + MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ + ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ + ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ + ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ +- ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 ++ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \ ++ ldapdeletesudo.1 ldapusersetup.1 + MAN5FILES = ldapscripts.5 + TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ + ldapadduser.template.sample +--- /dev/null ++++ b/man/man1/ldapusersetup.1 +@@ -0,0 +1,61 @@ ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Kam Nasim ++.\" knasim@windriver.com ++.\" ++.TH ldapusersetup 1 "December 16, 2015" ++ ++.SH NAME ++ldapusersetup \- wizard for adding an LDAP user to CGCS. ++ ++.SH SYNOPSIS ++.B ldapusersetup ++ ++.SH DESCRIPTION ++ldapusersetup interactively walks through the process of creating an LDAP user ++for access to CGCS services. The user is prompted for: ++- username ++- if a sudoEntry needs to be created ++- if a secondary user group needs to be added ++- user password expiry and warning configuration ++Alternatively, the user may provide these parameters as command line actions. ++Look at the OPTIONS section for more information. ++ ++To delete the user and all its group associations, simply use ldapdeleteuser(1) ++ ++.SH OPTIONS ++.TP ++.B [-u ] ++The name or uid of the user to modify. ++The following fields are available as long format options: ++--sudo : whether to add this user to sudoer list ++--shell : which login shell to use (default is lshell) ++--secondgroup : the secondary group to add this user to ++--passmax : the shadowMax value for this user ++--passwarning : the shadowWarning value for this user" ++ ++.SH "SEE ALSO" ++ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. diff --git a/ldapscripts/files/ldapaddgroup.template.cgcs b/ldapscripts/files/ldapaddgroup.template.cgcs new file mode 100755 index 0000000..b34c105 --- /dev/null +++ b/ldapscripts/files/ldapaddgroup.template.cgcs @@ -0,0 +1,5 @@ +dn: cn=,, +objectClass: posixGroup +cn: +gidNumber: +description: Group account diff --git a/ldapscripts/files/ldapaddsudo.template.cgcs b/ldapscripts/files/ldapaddsudo.template.cgcs new file mode 100755 index 0000000..f93170d --- /dev/null +++ b/ldapscripts/files/ldapaddsudo.template.cgcs @@ -0,0 +1,10 @@ +dn: cn=,ou=SUDOers, +objectClass: top +objectClass: sudoRole +cn: +sudoUser: +sudoHost: ALL +sudoRunAsUser: ALL +sudoCommand: ALL +#sudoOrder: +#sudoOption: diff --git a/ldapscripts/files/ldapadduser.template.cgcs b/ldapscripts/files/ldapadduser.template.cgcs new file mode 100755 index 0000000..29f3ccc --- /dev/null +++ b/ldapscripts/files/ldapadduser.template.cgcs @@ -0,0 +1,16 @@ +dn: uid=,, +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +objectClass: top +cn: +uid: +uidNumber: +gidNumber: +shadowMax: 99999 +shadowWarning: 7 +shadowLastChange: 0 +homeDirectory: +loginShell: +gecos: +description: User account diff --git a/ldapscripts/files/ldapmodsudo.template.cgcs b/ldapscripts/files/ldapmodsudo.template.cgcs new file mode 100755 index 0000000..c79705f --- /dev/null +++ b/ldapscripts/files/ldapmodsudo.template.cgcs @@ -0,0 +1,4 @@ +dn: cn=,ou=SUDOers, +changeType: modify +: +: diff --git a/ldapscripts/files/ldapmoduser.template.cgcs b/ldapscripts/files/ldapmoduser.template.cgcs new file mode 100755 index 0000000..f192024 --- /dev/null +++ b/ldapscripts/files/ldapmoduser.template.cgcs @@ -0,0 +1,4 @@ +dn: uid=,, +changeType: modify +: +: diff --git a/ldapscripts/files/ldapscripts.conf.cgcs b/ldapscripts/files/ldapscripts.conf.cgcs new file mode 100755 index 0000000..9350dd3 --- /dev/null +++ b/ldapscripts/files/ldapscripts.conf.cgcs @@ -0,0 +1,152 @@ +# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora +# Copyright (C) 2006-2013 Ganaël LAPLANCHE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +# LDAP server +SERVER="ldap://controller" + +# Suffixes +SUFFIX="dc=cgcs,dc=local" # Global suffix +GSUFFIX="ou=Group" # Groups ou (just under $SUFFIX) +USUFFIX="ou=People" # Users ou (just under $SUFFIX) +MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) + +# Authentication type +# If empty, use simple authentication +# Else, use the value as an SASL authentication mechanism +SASLAUTH="" +#SASLAUTH="GSSAPI" + +# Simple authentication parameters +# The following BIND* parameters are ignored if SASLAUTH is set +BINDDN="cn=ldapadmin,dc=cgcs,dc=local" +# The following file contains the raw password of the BINDDN +# Create it with something like : echo -n 'secret' > $BINDPWDFILE +# WARNING !!!! Be careful not to make this file world-readable +BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd" +# For older versions of OpenLDAP, it is still possible to use +# unsecure command-line passwords by defining the following option +# AND commenting the previous one (BINDPWDFILE takes precedence) +#BINDPWD="secret" + +# Start with these IDs *if no entry found in LDAP* +GIDSTART="10000" # Group ID +UIDSTART="10000" # User ID +MIDSTART="20000" # Machine ID + +# Group membership management +# ObjectCLass used for groups +# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) +# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). +# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, +# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. +GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! +# When using groupOfNames or groupOfUniqueNames, creating a group requires an initial +# member. Specify it below, you will be able to remove it once groups are populated. +#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" + +# User properties +USHELL="/bin/sh" +UHOMES="/home/%u" # You may use %u for username here +CREATEHOMES="no" # Create home directories and set rights ? +HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. +HOMEPERMS="700" # Default permissions for home directories + +# User passwords generation +# Command-line used to generate a password for added users. +# You may use %u for username here ; special value "" will ask for a password interactively +# WARNING !!!! This is evaluated, everything specified here will be run ! +# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). +# In this case, consider using /dev/urandom instead. +#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" +#PASSWORDGEN="pwgen" +#PASSWORDGEN="echo changeme" +PASSWORDGEN="echo %u" +#PASSWORDGEN="" + +# User passwords recording +# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS +# (useful when performing a massive creation / net rpc vampire) +# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! +# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! +RECORDPASSWORDS="no" +PASSWORDFILE="/var/log/ldapscripts_passwd.log" + +# Where to log +LOGFILE="/var/log/ldapscripts.log" + +# Temporary folder +TMPDIR="/tmp" + +# Various binaries used within the scripts +# Warning : they also use uuencode, date, grep, sed, cut, which... +# Please check they are installed before using these scripts +# Note that many of them should come with your OS + +# OpenLDAP client commands +LDAPSEARCHBIN="/usr/bin/ldapsearch" +LDAPADDBIN="/usr/bin/ldapadd" +LDAPDELETEBIN="/usr/bin/ldapdelete" +LDAPMODIFYBIN="/usr/bin/ldapmodify" +LDAPMODRDNBIN="/usr/bin/ldapmodrdn" +LDAPPASSWDBIN="/usr/bin/ldappasswd" + +# OpenLDAP client common additional options +# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS +#LDAPBINOPTS="-ZZ" + +# OpenLDAP ldapsearch-specific additional options +# The following option disables long-line wrapping (which makes the scripts bug +# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so +# comment it if you are using OpenLDAP < 2.4.24. +LDAPSEARCHOPTS="-o ldif-wrap=no" +# And here is an example to activate paged results +#LDAPSEARCHOPTS="-E pr=500/noprompt" + +# Character set conversion : $ICONVCHAR <-> UTF-8 +# Comment ICONVBIN to disable UTF-8 conversion +# ICONVBIN="/usr/bin/iconv" +# ICONVCHAR="" + +# Base64 decoding +# Comment UUDECODEBIN to disable Base64 decoding +#UUDECODEBIN="/usr/bin/uudecode" + +# Getent command to use - choose the ones used +# on your system. Leave blank or comment for auto-guess. +# GNU/Linux +GETENTPWCMD="getent passwd" +GETENTGRCMD="getent group" +# FreeBSD +#GETENTPWCMD="pw usershow" +#GETENTGRCMD="pw groupshow" +# Auto +#GETENTPWCMD="" +#GETENTGRCMD="" + +# You can specify custom LDIF templates here +# Leave empty to use default templates +# See *.template.sample for default templates +#GTEMPLATE="/path/to/ldapaddgroup.template" +#UTEMPLATE="/path/to/ldapadduser.template" +#MTEMPLATE="/path/to/ldapaddmachine.template" +GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs" +UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs" +UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs" +STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs" +SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs" +MTEMPLATE="" diff --git a/ldapscripts/files/ldapscripts.passwd b/ldapscripts/files/ldapscripts.passwd new file mode 100644 index 0000000..385336f --- /dev/null +++ b/ldapscripts/files/ldapscripts.passwd @@ -0,0 +1 @@ +_LDAPADMIN_PW_ diff --git a/ldapscripts/files/log_timestamp.patch b/ldapscripts/files/log_timestamp.patch new file mode 100644 index 0000000..a521d0e --- /dev/null +++ b/ldapscripts/files/log_timestamp.patch @@ -0,0 +1,15 @@ +--- + lib/runtime | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/runtime ++++ b/lib/runtime +@@ -863,7 +863,7 @@ fi + # Log command + if [ "$LOGTOFILE" = "yes" ] + then +- log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" ++ log_to_file "$(date '+%FT%T') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" + fi + if [ "$LOGTOSYSLOG" = "yes" ] + then diff --git a/ldapscripts/files/sudo-delete-support.patch b/ldapscripts/files/sudo-delete-support.patch new file mode 100644 index 0000000..ed0d48e --- /dev/null +++ b/ldapscripts/files/sudo-delete-support.patch @@ -0,0 +1,352 @@ +--- + Makefile | 4 +-- + lib/runtime | 15 ++++++++++++ + man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++ + man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++ + man/man1/ldapdeleteuser.1 | 5 ++-- + man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++ + man/man1/ldapmodifyuser.1 | 15 ++++++++--- + sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++ + sbin/ldapdeleteuser | 5 ++++ + sbin/ldapmodifysudo | 2 - + 10 files changed, 232 insertions(+), 9 deletions(-) + +--- a/sbin/ldapdeleteuser ++++ b/sbin/ldapdeleteuser +@@ -46,6 +46,11 @@ _UDN="$_ENTRY" + # Delete entry + _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP" + ++ ++# Optionally, delete the sudoer entry if it exists ++_ldapdeletesudo $1 ++[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete" ++ + # Finally, delete this user from all his secondary groups + case $GCLASS in + posixGroup) +--- a/sbin/ldapmodifysudo ++++ b/sbin/ldapmodifysudo +@@ -1,6 +1,6 @@ + #!/bin/sh + +-# ldapmodifyuser : modifies a sudo entry in an LDAP directory ++# ldapmodifysudo : modifies a sudo entry in an LDAP directory + + # Copyright (C) 2007-2013 Ganaël LAPLANCHE + # Copyright (C) 2014 Stephen Crooks +--- /dev/null ++++ b/sbin/ldapdeletesudo +@@ -0,0 +1,38 @@ ++#!/bin/sh ++ ++# ldapdeletesudo : deletes a sudoRole from LDAP ++ ++# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora ++# Copyright (C) 2006-2013 Ganaël LAPLANCHE ++# Copyright (c) 2015 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++ ++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] ++then ++ echo "Usage : $0 " ++ exit 1 ++fi ++ ++# Source runtime file ++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" ++. "$_RUNTIMEFILE" ++ ++# Username = first argument ++_ldapdeletesudo "$1" ++[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1" ++ ++end_ok "Successfully deleted sudoUser entry for $1 from LDAP" +--- a/man/man1/ldapmodifyuser.1 ++++ b/man/man1/ldapmodifyuser.1 +@@ -1,4 +1,5 @@ + .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. + .\" + .\" This program is free software; you can redistribute it and/or + .\" modify it under the terms of the GNU General Public License +@@ -19,14 +20,14 @@ + .\" ganael.laplanche@martymac.org + .\" http://contribs.martymac.org + .\" +-.TH ldapmodifyuser 1 "August 22, 2007" ++.TH ldapmodifyuser 1 "December 8, 2015" + + .SH NAME + ldapmodifyuser \- modifies a POSIX user account in LDAP interactively + + .SH SYNOPSIS + .B ldapmodifyuser +-.RB ++.RB [ ] + + .SH DESCRIPTION + ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you +@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif + The DN of the entry being modified is already specified : just begin with a changeType attribute or any + other one(s) of your choice (in this case, the defaut changeType is 'modify'). + ++Alternatively, if an optional "action" argument is given, followed by a ++field - value pair then user will not be interactively prompted. ++ + .SH OPTIONS + .TP +-.B ++.B [ ] + The name or uid of the user to modify. ++The optional "action" pertaining to this user entry. ++The field - value pair on which the action needs to be undertaken. + + .SH "SEE ALSO" +-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). ++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5). + + .SH AVAILABILITY + The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). +--- a/man/man1/ldapdeleteuser.1 ++++ b/man/man1/ldapdeleteuser.1 +@@ -1,4 +1,5 @@ + .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. + .\" + .\" This program is free software; you can redistribute it and/or + .\" modify it under the terms of the GNU General Public License +@@ -19,10 +20,10 @@ + .\" ganael.laplanche@martymac.org + .\" http://contribs.martymac.org + .\" +-.TH ldapdeleteuser 1 "January 1, 2006" ++.TH ldapdeleteuser 1 "December 8, 2015" + + .SH NAME +-ldapdeleteuser \- deletes a POSIX user account from LDAP. ++ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP. + + .SH SYNOPSIS + .B ldapdeleteuser +--- /dev/null ++++ b/man/man1/ldapaddsudo.1 +@@ -0,0 +1,54 @@ ++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapaddsudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP. ++ ++.SH SYNOPSIS ++.B ldapaddsudo ++.RB ++.RB ++.RB [uid] ++ ++.SH OPTIONS ++.TP ++.B ++The name of the user to add. ++.TP ++.B ++The group name or the gid of the user to add. ++.TP ++.B [uid] ++The uid of the user to add. Automatically computed if not specified. ++ ++.SH "SEE ALSO" ++ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- /dev/null ++++ b/man/man1/ldapmodifysudo.1 +@@ -0,0 +1,57 @@ ++.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapmodifysudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively ++ ++.SH SYNOPSIS ++.B ldapmodifysudo ++.RB [ ] ++ ++.SH DESCRIPTION ++ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you ++are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). ++The DN of the entry being modified is already specified : just begin with a changeType attribute or any ++other one(s) of your choice (in this case, the defaut changeType is 'modify'). ++ ++Alternatively, if an optional "action" argument is given, followed by a ++field - value pair then user will not be interactively prompted. ++ ++.SH OPTIONS ++.TP ++.B [ ] ++The name or uid of the user to modify. ++The optional "action" pertaining to this user entry. ++The field - value pair on which the action needs to be undertaken. ++ ++.SH "SEE ALSO" ++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- /dev/null ++++ b/man/man1/ldapdeletesudo.1 +@@ -0,0 +1,46 @@ ++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE ++.\" Copyright (c) 2015 Wind River Systems, Inc. ++.\" ++.\" This program is free software; you can redistribute it and/or ++.\" modify it under the terms of the GNU General Public License ++.\" as published by the Free Software Foundation; either version 2 ++.\" of the License, or (at your option) any later version. ++.\" ++.\" This program is distributed in the hope that it will be useful, ++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of ++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++.\" GNU General Public License for more details. ++.\" ++.\" You should have received a copy of the GNU General Public License ++.\" along with this program; if not, write to the Free Software ++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++.\" USA. ++.\" ++.\" Ganael Laplanche ++.\" ganael.laplanche@martymac.org ++.\" http://contribs.martymac.org ++.\" ++.TH ldapdeletesudo 1 "December 8, 2015" ++ ++.SH NAME ++ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP ++ ++.SH SYNOPSIS ++.B ldapdeletesudo ++.RB ++ ++.SH OPTIONS ++.TP ++.B ++The name or uid of the user to delete. ++ ++.SH "SEE ALSO" ++ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5). ++ ++.SH AVAILABILITY ++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). ++The latest version of the ldapscripts is available on : ++.B http://contribs.martymac.org ++ ++.SH BUGS ++No bug known. +--- a/Makefile ++++ b/Makefile +@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser | + ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ + ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ + ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ +- ldaprenameuser ldapmodifysudo ++ ldaprenameuser ldapmodifysudo ldapdeletesudo + MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ + ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ + ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ + ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ +- ldapaddmachine.1 ldapdeleteuser.1 ++ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1 + MAN5FILES = ldapscripts.5 + TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ + ldapadduser.template.sample +--- a/lib/runtime ++++ b/lib/runtime +@@ -294,6 +294,21 @@ _ldapdelete () { + fi + } + ++# Deletes a sudoUser entry in the LDAP directory ++# Input : POSIX username whose sudo entry to delete ($1) ++# Output: 0 on successful delete ++# 1 on being unable to find sudoUser ++# 2 on being unable to delete found sudoUser entry ++_ldapdeletesudo () { ++ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument" ++ # Find the entry ++ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" ++ [ -z "$_ENTRY" ] && return 1 ++ ++ # Now delete that entry ++ _ldapdelete "$_ENTRY" || return 2 ++} ++ + # Extracts LDIF information from $0 (the current script itself) + # selecting lines beginning with $1 occurrences of '#' + # Input : depth ($1) diff --git a/ldapscripts/files/sudo-support.patch b/ldapscripts/files/sudo-support.patch new file mode 100644 index 0000000..76fff94 --- /dev/null +++ b/ldapscripts/files/sudo-support.patch @@ -0,0 +1,289 @@ +Index: ldapscripts-2.0.8/sbin/ldapaddsudo +=================================================================== +--- /dev/null ++++ ldapscripts-2.0.8/sbin/ldapaddsudo +@@ -0,0 +1,63 @@ ++#!/bin/sh ++ ++# ldapaddsudo : adds a sudoRole to LDAP ++ ++# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora ++# Copyright (C) 2006-2013 Ganaël LAPLANCHE ++# Copyright (c) 2014 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++ ++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] ++then ++ echo "Usage : $0 " ++ exit 1 ++fi ++ ++# Source runtime file ++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" ++. "$_RUNTIMEFILE" ++ ++# Username = first argument ++_USER="$1" ++ ++# Use template if necessary ++if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ] ++then ++ _getldif="cat $STEMPLATE" ++else ++ _getldif="_extractldif 2" ++fi ++ ++# Add sudo entry to LDAP ++$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd ++ ++[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" ++echo_log "Successfully added sudo access for user $_USER to LDAP" ++ ++end_ok ++ ++# Ldif template ################################## ++##dn: cn=,ou=SUDOers,, ++##objectClass: top ++##objectClass: sudoRole ++##cn: ++##sudoUser: ++##sudoHost: ALL ++##sudoRunAsUser: ALL ++##sudoCommand: ALL ++###sudoOrder: ++###sudoOption: +Index: ldapscripts-2.0.8/sbin/ldapmodifyuser +=================================================================== +--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser ++++ ldapscripts-2.0.8/sbin/ldapmodifyuser +@@ -19,9 +19,11 @@ + # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + # USA. + +-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] ++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ ++ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ ++ [ "$#" -ne 4 ] + then +- echo "Usage : $0 " ++ echo "Usage : $0 [ ]" + exit 1 + fi + +@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti + _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" + [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" + +-# Allocate and create temp file +-mktempf +-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" +- +-# Display entry +-echo "# About to modify the following entry :" +-_ldapsearch "$_ENTRY" +- +-# Edit entry +-echo "# Enter your modifications here, end with CTRL-D." +-echo "dn: $_ENTRY" +-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" ++# Username = first argument ++_USER="$1" ++ ++if [ "$#" -eq 1 ] ++then ++ # Allocate and create temp file ++ mktempf ++ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" ++ ++ # Display entry ++ echo "# About to modify the following entry :" ++ _ldapsearch "$_ENTRY" ++ ++ # Edit entry ++ echo "# Enter your modifications here, end with CTRL-D." ++ echo "dn: $_ENTRY" ++ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" ++ ++ # Send modifications ++ cat "$_TMPFILE" | _utf8encode | _ldapmodify ++else ++ # Action = second argument ++ _ACTION="$2" ++ ++ # Field = third argument ++ _FIELD="$3" ++ ++ # Value = fourth argument ++ _VALUE="$4" ++ ++ # Use template if necessary ++ if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ] ++ then ++ _getldif="cat $UMTEMPLATE" ++ else ++ _getldif="_extractldif 2" ++ fi ++ ++ # Modify user in LDAP ++ $_getldif | _filterldif | _utf8encode | _ldapmodify ++fi + +-# Send modifications +-cat "$_TMPFILE" | _utf8encode | _ldapmodify + if [ $? -ne 0 ] + then + reltempf +@@ -55,3 +84,9 @@ then + fi + reltempf + end_ok "Successfully modified user entry $_ENTRY in LDAP" ++ ++# Ldif template ################################## ++##dn: uid=,, ++##changeType: modify ++##: ++##: +Index: ldapscripts-2.0.8/lib/runtime +=================================================================== +--- ldapscripts-2.0.8.orig/lib/runtime ++++ ldapscripts-2.0.8/lib/runtime +@@ -344,6 +344,9 @@ s||$MSUFFIX|g + s|<_msuffix>|$_MSUFFIX|g + s||$GSUFFIX|g + s|<_gsuffix>|$_GSUFFIX|g ++s||$_ACTION|g ++s||$_FIELD|g ++s||$_VALUE|g + EOF + + # Use it +Index: ldapscripts-2.0.8/Makefile +=================================================================== +--- ldapscripts-2.0.8.orig/Makefile ++++ ldapscripts-2.0.8/Makefile +@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME) + RUNFILE = runtime + ETCFILE = ldapscripts.conf + PWDFILE = ldapscripts.passwd +-SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \ ++SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \ + ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ + ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ + ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ +- ldaprenameuser ++ ldaprenameuser ldapmodifysudo + MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ + ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ + ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ +Index: ldapscripts-2.0.8/sbin/ldapmodifysudo +=================================================================== +--- /dev/null ++++ ldapscripts-2.0.8/sbin/ldapmodifysudo +@@ -0,0 +1,93 @@ ++#!/bin/sh ++ ++# ldapmodifyuser : modifies a sudo entry in an LDAP directory ++ ++# Copyright (C) 2007-2013 Ganaël LAPLANCHE ++# Copyright (C) 2014 Stephen Crooks ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, ++# USA. ++ ++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \ ++ [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \ ++ [ "$#" -ne 4 ] ++then ++ echo "Usage : $0 [ ]" ++ exit 1 ++fi ++ ++# Source runtime file ++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime" ++. "$_RUNTIMEFILE" ++ ++# Find username : $1 must exist in LDAP ! ++_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))" ++[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP" ++ ++# Username = first argument ++_USER="$1" ++ ++if [ "$#" -eq 1 ] ++then ++ # Allocate and create temp file ++ mktempf ++ echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" ++ ++ # Display entry ++ echo "# About to modify the following entry :" ++ _ldapsearch "$_ENTRY" ++ ++ # Edit entry ++ echo "# Enter your modifications here, end with CTRL-D." ++ echo "dn: $_ENTRY" ++ cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" ++ ++ # Send modifications ++ cat "$_TMPFILE" | _utf8encode | _ldapmodify ++else ++ # Action = second argument ++ _ACTION="$2" ++ ++ # Field = third argument ++ _FIELD="$3" ++ ++ # Value = fourth argument ++ _VALUE="$4" ++ ++ # Use template if necessary ++ if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ] ++ then ++ _getldif="cat $SMTEMPLATE" ++ else ++ _getldif="_extractldif 2" ++ fi ++ ++ # Modify user in LDAP ++ $_getldif | _filterldif | _utf8encode | _ldapmodify ++fi ++ ++if [ $? -ne 0 ] ++then ++ reltempf ++ end_die "Error modifying sudo entry $_ENTRY in LDAP" ++fi ++reltempf ++end_ok "Successfully modified sudo entry $_ENTRY in LDAP" ++ ++# Ldif template ################################## ++##dn: cn=,ou=SUDOers, ++##changeType: modify ++##: ++##: diff --git a/libfdt/.gitignore b/libfdt/.gitignore new file mode 100644 index 0000000..14c4956 --- /dev/null +++ b/libfdt/.gitignore @@ -0,0 +1,6 @@ +!.distro +.distro/centos7/rpmbuild/RPMS +.distro/centos7/rpmbuild/SRPMS +.distro/centos7/rpmbuild/BUILD +.distro/centos7/rpmbuild/BUILDROOT +.distro/centos7/rpmbuild/SOURCES/dtc*tar.gz diff --git a/libfdt/PKG-INFO b/libfdt/PKG-INFO new file mode 100644 index 0000000..197bd39 --- /dev/null +++ b/libfdt/PKG-INFO @@ -0,0 +1,13 @@ +Metadata-Version: 1.1 +Name: libfdt +Version: 1.4.4 +Summary: Device Tree Compiler +Home-page: +Author: David Gibson +Author-email: david@gibson.dropbear.id.au +License: GPLv2 + +Description: Device Tree Compiler + + +Platform: UNKNOWN diff --git a/libfdt/README b/libfdt/README new file mode 100644 index 0000000..3da3e22 --- /dev/null +++ b/libfdt/README @@ -0,0 +1,6 @@ +Only needed for building qemu on Centos. + +I have found traces of this package for earlier epel release (5 and 6). Not +sure why it's not provided anymore. + +Source: https://github.com/qemu/dtc diff --git a/libfdt/centos/build_srpm.data b/libfdt/centos/build_srpm.data new file mode 100644 index 0000000..80f0c0a --- /dev/null +++ b/libfdt/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="$CGCS_BASE/downloads/dtc-1.4.4.tar.gz" +TIS_PATCH_VER=1 diff --git a/libfdt/centos/libfdt.spec b/libfdt/centos/libfdt.spec new file mode 100644 index 0000000..a504490 --- /dev/null +++ b/libfdt/centos/libfdt.spec @@ -0,0 +1,51 @@ +Summary: libfdt +Name: libfdt +Version: 1.4.4 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +License: GPLv2 +Group: base +Packager: Wind River +URL: unknown +Source0: dtc-1.4.4.tar.gz + +BuildRequires: gcc +BuildRequires: bison +BuildRequires: flex + +%define debug_package %{nil} + +%description +Device Tree Compiler + +%package -n libfdt-devel +Summary: libfdt devel + +%description -n libfdt-devel +libfdt devel + +%define prefix /usr/ + +%prep +%setup -n dtc-1.4.4 + +%build +make + +%install +make install PREFIX=%{buildroot}%{prefix} + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%license GPL README.license +%defattr(-,root,root,-) + +# TODO: Devel shouldn't contain bin +%files -n libfdt-devel +%license GPL README.license +%defattr(-,root,root,-) +%{prefix}/bin/* +%dir %{prefix}/include +%{prefix}/include/* +%{prefix}/lib/* diff --git a/mariadb/centos/README b/mariadb/centos/README new file mode 100644 index 0000000..963b66b --- /dev/null +++ b/mariadb/centos/README @@ -0,0 +1,6 @@ +The upstream mariadb includes TokuDB source code with AGPL license. +As AGPL-3.0 is considered a prohibited license by WR, we've modified +the source tarball to delete the storage/tokudb directory and remove +the AGPL reference from the EXCEPTIONS-CLIENT Foss License file. The +spec file has also been modified to compile without tokudb support. + diff --git a/mariadb/centos/build_srpm.data b/mariadb/centos/build_srpm.data new file mode 100644 index 0000000..4563119 --- /dev/null +++ b/mariadb/centos/build_srpm.data @@ -0,0 +1,4 @@ +COPY_LIST="$CGCS_BASE/downloads/mariadb-10.1.28.tar.gz $PKG_BASE/centos/files/*" +TIS_PATCH_VER=15 +BUILD_IS_BIG=7 +BUILD_IS_SLOW=19 diff --git a/mariadb/centos/files/LICENSE.clustercheck b/mariadb/centos/files/LICENSE.clustercheck new file mode 100644 index 0000000..609015d --- /dev/null +++ b/mariadb/centos/files/LICENSE.clustercheck @@ -0,0 +1,27 @@ +Copyright (c) 2012-2014, Olaf van Zandwijk +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/mariadb/centos/files/README.mysql-cnf b/mariadb/centos/files/README.mysql-cnf new file mode 100644 index 0000000..3700c7f --- /dev/null +++ b/mariadb/centos/files/README.mysql-cnf @@ -0,0 +1,13 @@ +This directory contains prepared configuration files with .cnf extension, +which provide a configuration for some common MariaDB deployment scenarios. +These configuration files do not include the default configuration of datadir, +log-file and pid-file locations, as specified in the default my.cnf file, +provided in this distribution. + +Thus, it is recommended to use these configuration files as an addition to the +default my.cnf configuration file. + +Since default my.cnf contains `!includedir @INSTALL_SYSCONF2DIR@` directive, it is +recommended to copy required configuration under @INSTALL_SYSCONF2DIR@ directory, +so the default my.cnf specifications will be extended. + diff --git a/mariadb/centos/files/README.mysql-docs b/mariadb/centos/files/README.mysql-docs new file mode 100644 index 0000000..dd894a7 --- /dev/null +++ b/mariadb/centos/files/README.mysql-docs @@ -0,0 +1,4 @@ +The official MySQL documentation is not freely redistributable, so we cannot +include it in RHEL or Fedora. You can find it on-line at + +http://dev.mysql.com/doc/ diff --git a/mariadb/centos/files/README.mysql-license b/mariadb/centos/files/README.mysql-license new file mode 100644 index 0000000..ceabbcf --- /dev/null +++ b/mariadb/centos/files/README.mysql-license @@ -0,0 +1,9 @@ +MySQL is distributed under GPL v2, but there are some licensing exceptions +that allow the client libraries to be linked with a non-GPL application, +so long as the application is under a license approved by Oracle. +For details see + +http://www.mysql.com/about/legal/licensing/foss-exception/ + +Some innobase code from Percona and Google is under BSD license. +Some code related to test-suite is under LGPLv2. diff --git a/mariadb/centos/files/clustercheck.sh b/mariadb/centos/files/clustercheck.sh new file mode 100644 index 0000000..782dbb6 --- /dev/null +++ b/mariadb/centos/files/clustercheck.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# +# Script to make a proxy (ie HAProxy) capable of monitoring Galera cluster nodes properly +# +# Author: Olaf van Zandwijk +# Author: Raghavendra Prabhu +# Author: Ryan O'Hara +# +# Documentation and download: https://github.com/olafz/percona-clustercheck +# +# Based on the original script from Unai Rodriguez +# + +if [ -f @INSTALL_SYSCONFDIR@/sysconfig/clustercheck ]; then + . @INSTALL_SYSCONFDIR@/sysconfig/clustercheck +fi + +MYSQL_USERNAME="${MYSQL_USERNAME-clustercheckuser}" +MYSQL_PASSWORD="${MYSQL_PASSWORD-clustercheckpassword!}" +MYSQL_HOST="${MYSQL_HOST:-127.0.0.1}" +MYSQL_PORT="${MYSQL_PORT:-3306}" +ERR_FILE="${ERR_FILE:-/dev/null}" +AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-0} +AVAILABLE_WHEN_READONLY=${AVAILABLE_WHEN_READONLY:-1} +DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-@INSTALL_SYSCONFDIR@/my.cnf} + +#Timeout exists for instances where mysqld may be hung +TIMEOUT=10 + +if [[ -r $DEFAULTS_EXTRA_FILE ]];then + MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE \ + --connect-timeout=$TIMEOUT \ + --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT}" +else + MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT \ + --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT}" +fi +# +# Perform the query to check the wsrep_local_state +# +WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \ + 2>${ERR_FILE} | tail -1 2>>${ERR_FILE}) + +if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]] +then + # Check only when set to 0 to avoid latency in response. + if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then + READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \ + 2>${ERR_FILE} | tail -1 2>>${ERR_FILE}) + + if [[ "${READ_ONLY}" == "ON" ]];then + # Galera cluster node local state is 'Synced', but it is in + # read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0. + # => return HTTP 503 + # Shell return-code is 1 + echo -en "HTTP/1.1 503 Service Unavailable\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 35\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is read-only.\r\n" + sleep 0.1 + exit 1 + fi + fi + # Galera cluster node local state is 'Synced' => return HTTP 200 + # Shell return-code is 0 + echo -en "HTTP/1.1 200 OK\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 32\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is synced.\r\n" + sleep 0.1 + exit 0 +else + # Galera cluster node local state is not 'Synced' => return HTTP 503 + # Shell return-code is 1 + echo -en "HTTP/1.1 503 Service Unavailable\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 36\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is not synced.\r\n" + sleep 0.1 + exit 1 +fi diff --git a/mariadb/centos/files/mariadb-admincrash.patch b/mariadb/centos/files/mariadb-admincrash.patch new file mode 100644 index 0000000..cc2b10d --- /dev/null +++ b/mariadb/centos/files/mariadb-admincrash.patch @@ -0,0 +1,32 @@ +mysqladmin crash on execution of below command: + + #> mysqladmin -u root -p + ... + Segmentation fault (core dumped) + +This is probably caused by memory corruption based on working with temp_argv[-1]. + +RHBZ: #1207041 +Upstream report: https://mariadb.atlassian.net/browse/MDEV-7883 + +--- + client/mysqladmin.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc +index ffdc73f..cb0c558 100644 +--- a/client/mysqladmin.cc ++++ b/client/mysqladmin.cc +@@ -1361,7 +1361,8 @@ static char **mask_password(int argc, char ***argv) + } + argc--; + } +- temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE)); ++ if (argc >= 0) ++ temp_argv[argc]= my_strdup((*argv)[argc], MYF(MY_FAE)); + return(temp_argv); + } + +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-basedir.patch b/mariadb/centos/files/mariadb-basedir.patch new file mode 100644 index 0000000..d1f4c10 --- /dev/null +++ b/mariadb/centos/files/mariadb-basedir.patch @@ -0,0 +1,24 @@ +Don't guess basedir in mysql_config; we place it under _libdir because +of multilib conflicts, so use rather configured @prefix@ path directly. + +--- + scripts/mysql_config.sh | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/scripts/mysql_config.sh b/scripts/mysql_config.sh +index 52f6d56..df63365 100644 +--- a/scripts/mysql_config.sh ++++ b/scripts/mysql_config.sh +@@ -76,8 +76,7 @@ get_full_path () + + me=`get_full_path $0` + +-# Script might have been renamed but assume mysql_config +-basedir=`echo $me | sed -e 's;/bin/mysql_.*config.*;;'` ++basedir='@prefix@' + + ldata='@localstatedir@' + execdir='@libexecdir@' +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-errno.patch b/mariadb/centos/files/mariadb-errno.patch new file mode 100644 index 0000000..5ff34f0 --- /dev/null +++ b/mariadb/centos/files/mariadb-errno.patch @@ -0,0 +1,26 @@ +--- + include/my_sys.h | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/include/my_sys.h b/include/my_sys.h +index 110a2ee..a90ac5c 100644 +--- a/include/my_sys.h ++++ b/include/my_sys.h +@@ -212,13 +212,7 @@ + #define my_safe_afree(ptr, size) my_afree(ptr) + #endif /* HAVE_ALLOCA */ + +-#ifndef errno /* did we already get it? */ +-#ifdef HAVE_ERRNO_AS_DEFINE +-#include /* errno is a define */ +-#else +-extern int errno; /* declare errno */ +-#endif +-#endif /* #ifndef errno */ ++#include /* errno is a define */ + extern char *home_dir; /* Home directory for user */ + extern MYSQL_PLUGIN_IMPORT char *mysql_data_home; + extern const char *my_progname; /* program-name (printed in errors) */ +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-example-config-files.patch b/mariadb/centos/files/mariadb-example-config-files.patch new file mode 100644 index 0000000..f29d129 --- /dev/null +++ b/mariadb/centos/files/mariadb-example-config-files.patch @@ -0,0 +1,72 @@ +--- + support-files/my-huge.cnf.sh | 1 + + support-files/my-innodb-heavy-4G.cnf.sh | 2 +- + support-files/my-large.cnf.sh | 1 + + support-files/my-medium.cnf.sh | 1 + + support-files/my-small.cnf.sh | 1 + + 5 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/support-files/my-huge.cnf.sh b/support-files/my-huge.cnf.sh +index 4e08348..d8bf29e 100644 +--- a/support-files/my-huge.cnf.sh ++++ b/support-files/my-huge.cnf.sh +@@ -25,6 +25,7 @@ socket = @MYSQL_UNIX_ADDR@ + + # The MySQL server + [mysqld] ++log-error = @LOG_LOCATION@ + port = @MYSQL_TCP_PORT@ + socket = @MYSQL_UNIX_ADDR@ + skip-external-locking +diff --git a/support-files/my-innodb-heavy-4G.cnf.sh b/support-files/my-innodb-heavy-4G.cnf.sh +index 2590ff5..85fd33a 100644 +--- a/support-files/my-innodb-heavy-4G.cnf.sh ++++ b/support-files/my-innodb-heavy-4G.cnf.sh +@@ -42,7 +42,7 @@ socket = @MYSQL_UNIX_ADDR@ + # The MariaDB server + # + [mysqld] +- ++log-error = @LOG_LOCATION@ + # generic configuration options + port = @MYSQL_TCP_PORT@ + socket = @MYSQL_UNIX_ADDR@ +diff --git a/support-files/my-large.cnf.sh b/support-files/my-large.cnf.sh +index 6f8dab0..e8c5f74 100644 +--- a/support-files/my-large.cnf.sh ++++ b/support-files/my-large.cnf.sh +@@ -25,6 +25,7 @@ socket = @MYSQL_UNIX_ADDR@ + + # The MariaDB server + [mysqld] ++log-error = @LOG_LOCATION@ + port = @MYSQL_TCP_PORT@ + socket = @MYSQL_UNIX_ADDR@ + skip-external-locking +diff --git a/support-files/my-medium.cnf.sh b/support-files/my-medium.cnf.sh +index 19ab8df..fc8fc78 100644 +--- a/support-files/my-medium.cnf.sh ++++ b/support-files/my-medium.cnf.sh +@@ -26,6 +26,7 @@ socket = @MYSQL_UNIX_ADDR@ + + # The MariaDB server + [mysqld] ++log-error = @LOG_LOCATION@ + port = @MYSQL_TCP_PORT@ + socket = @MYSQL_UNIX_ADDR@ + skip-external-locking +diff --git a/support-files/my-small.cnf.sh b/support-files/my-small.cnf.sh +index 8c78072..6777431 100644 +--- a/support-files/my-small.cnf.sh ++++ b/support-files/my-small.cnf.sh +@@ -24,6 +24,7 @@ socket = @MYSQL_UNIX_ADDR@ + + # The MySQL server + [mysqld] ++log-error = @LOG_LOCATION@ + port = @MYSQL_TCP_PORT@ + socket = @MYSQL_UNIX_ADDR@ + skip-external-locking +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-file-contents.patch b/mariadb/centos/files/mariadb-file-contents.patch new file mode 100644 index 0000000..5f438fc --- /dev/null +++ b/mariadb/centos/files/mariadb-file-contents.patch @@ -0,0 +1,49 @@ +Upstream chooses to install INFO_SRC and INFO_BIN into the docs dir, which +breaks at least two packaging commandments, so we put them into $libdir +instead. That means we have to hack the file_contents regression test +to know about this. + +Recommendation they change is at http://bugs.mysql.com/bug.php?id=61425 + +--- + mysql-test/t/file_contents.test | 13 ++++++++++-- + 1 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/mysql-test/t/file_contents.test b/mysql-test/t/file_contents.test +index 4734a02..a892297 100644 +--- a/mysql-test/t/file_contents.test ++++ b/mysql-test/t/file_contents.test +@@ -11,7 +11,7 @@ + --perl + print "\nChecking 'INFO_SRC' and 'INFO_BIN'\n"; + $dir_bin = $ENV{'MYSQL_BINDIR'}; +-if ($dir_bin eq '/usr/') { ++if ($dir_bin =~ '.*/usr/$') { + # RPM package + $dir_docs = $dir_bin; + $dir_docs =~ s|/lib|/share/doc|; +@@ -22,7 +22,7 @@ if ($dir_bin eq '/usr/') { + # RedHat: version number in directory name + $dir_docs = glob "$dir_docs/MariaDB-server*"; + } +-} elsif ($dir_bin eq '/usr') { ++} elsif ($dir_bin =~ '.*/usr$') { + # RPM build during development + $dir_docs = "$dir_bin/share/doc"; + if(-d "$dir_docs/packages") { +@@ -32,6 +32,15 @@ if ($dir_bin eq '/usr/') { + # RedHat/Debian: version number in directory name + $dir_docs = glob "$dir_docs/mariadb-server-*"; + $dir_docs = glob "$dir_docs/MariaDB-server*" unless -d $dir_docs; ++ ++ # All the above is entirely wacko, because these files are not docs; ++ # they should be kept in libdir instead. mtr does not provide a nice ++ # way to find libdir though, so we have to kluge it like this: ++ if (-d "$dir_bin/lib64/mysql") { ++ $dir_docs = "$dir_bin/lib64/mysql"; ++ } else { ++ $dir_docs = "$dir_bin/lib/mysql"; ++ } + } + # Slackware + $dir_docs = glob "$dir_bin/doc/mariadb-[0-9]*" unless -d $dir_docs; diff --git a/mariadb/centos/files/mariadb-galera.cnf.patch b/mariadb/centos/files/mariadb-galera.cnf.patch new file mode 100644 index 0000000..e03ee88 --- /dev/null +++ b/mariadb/centos/files/mariadb-galera.cnf.patch @@ -0,0 +1,21 @@ +--- + support-files/wsrep.cnf.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/support-files/wsrep.cnf.sh b/support-files/wsrep.cnf.sh +index a539085..51ce3dc 100644 +--- a/support-files/wsrep.cnf.sh ++++ b/support-files/wsrep.cnf.sh +@@ -30,6 +30,9 @@ bind-address=0.0.0.0 + ## WSREP options + ## + ++# Enable wsrep ++wsrep_on=1 ++ + # Full path to wsrep provider library or 'none' + wsrep_provider=none + +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-install-db-sharedir.patch b/mariadb/centos/files/mariadb-install-db-sharedir.patch new file mode 100644 index 0000000..44dbd6e --- /dev/null +++ b/mariadb/centos/files/mariadb-install-db-sharedir.patch @@ -0,0 +1,49 @@ +Use configured value instead of hardcoded path + +--- + scripts/mysql_install_db.pl.in | 2 +- + scripts/mysql_install_db.sh | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/scripts/mysql_install_db.pl.in b/scripts/mysql_install_db.pl.in +index 9d2c1f6..0accdd1 100644 +--- a/scripts/mysql_install_db.pl.in ++++ b/scripts/mysql_install_db.pl.in +@@ -320,7 +320,7 @@ elsif ( $opt->{basedir} ) + find_in_basedir($opt,"file","mysqld-nt", + "bin"); # ,"sql" + $srcpkgdatadir = find_in_basedir($opt,"dir","fill_help_tables.sql", +- "share","share/mysql"); # ,"scripts" ++ "share","@INSTALL_MYSQLSHAREDIR@"); # ,"scripts" + $buildpkgdir = $srcpkgdatadir; + $scriptdir = "$opt->{basedir}/scripts"; + } +diff --git a/scripts/mysql_install_db.sh b/scripts/mysql_install_db.sh +index 364cc4f..eaa7a89 100644 +--- a/scripts/mysql_install_db.sh ++++ b/scripts/mysql_install_db.sh +@@ -311,17 +311,17 @@ then + cannot_find_file mysqld $basedir/libexec $basedir/sbin $basedir/bin + exit 1 + fi +- langdir=`find_in_basedir --dir errmsg.sys share/english share/mysql/english` ++ langdir=`find_in_basedir --dir errmsg.sys share/english @INSTALL_MYSQLSHAREDIR@/english` + if test -z "$langdir" + then +- cannot_find_file errmsg.sys $basedir/share/english $basedir/share/mysql/english ++ cannot_find_file errmsg.sys $basedir/share/english $basedir/@INSTALL_MYSQLSHAREDIR@/english + exit 1 + fi +- srcpkgdatadir=`find_in_basedir --dir fill_help_tables.sql share share/mysql` ++ srcpkgdatadir=`find_in_basedir --dir fill_help_tables.sql share @INSTALL_MYSQLSHAREDIR@` + buildpkgdatadir=$srcpkgdatadir + if test -z "$srcpkgdatadir" + then +- cannot_find_file fill_help_tables.sql $basedir/share $basedir/share/mysql ++ cannot_find_file fill_help_tables.sql $basedir/share $basedir/@INSTALL_MYSQLSHAREDIR@ + exit 1 + fi + scriptdir="$basedir/scripts" +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-install-test.patch b/mariadb/centos/files/mariadb-install-test.patch new file mode 100644 index 0000000..2bbfc47 --- /dev/null +++ b/mariadb/centos/files/mariadb-install-test.patch @@ -0,0 +1,62 @@ +Improve the documentation that will be installed in the mysql-test RPM. + +--- + mysql-test/README | 36 +++++++++++++++++++++++++----------- + 1 file changed, 25 insertions(+), 11 deletions(-) + +diff --git a/mysql-test/README b/mysql-test/README +index 0fba1cc..2e756e9 100644 +--- a/mysql-test/README ++++ b/mysql-test/README +@@ -1,15 +1,28 @@ +-This directory contains a test suite for the MySQL daemon. To run +-the currently existing test cases, simply execute ./mysql-test-run in +-this directory. It will fire up the newly built mysqld and test it. ++This directory contains a test suite for the MariaDB daemon. To run ++the currently existing test cases, execute ./mysql-test-run in ++this directory. + +-Note that you do not have to have to do "make install", and you could +-actually have a co-existing MySQL installation. The tests will not +-conflict with it. To run the test suite in a source directory, you +-must do make first. ++For use in Red Hat distributions, you should run the script as user mysql, ++who is created with nologin shell however, so the best bet is something like ++ $ su - ++ # cd /usr/share/mysql-test ++ # su -s /bin/bash mysql -c "./mysql-test-run --skip-test-list=rh-skipped-tests.list" + +-All tests must pass. If one or more of them fail on your system, please +-read the following manual section for instructions on how to report the +-problem: ++This will use the installed mysql executables, but will run a private copy ++of the server process (using data files within /usr/share/mysql-test), ++so you need not start the mysqld service beforehand. ++ ++The "--skip-test-list=rh-skipped-tests.list" option excludes tests that are ++known to fail on one or more Red-Hat-supported platforms. You can omit it ++if you want to check whether such failures occur for you. Documentation ++about the reasons for omitting such tests can be found in the file ++rh-skipped-tests.list. ++ ++To clean up afterwards, remove the created "var" subdirectory, eg ++ # su -s /bin/bash - mysql -c "rm -rf /usr/share/mysql-test/var" ++ ++If one or more tests fail on your system, please read the following manual ++section for instructions on how to report the problem: + + https://mariadb.com/kb/en/reporting-bugs + +@@ -26,7 +39,8 @@ other relevant options. + + With no test cases named on the command line, mysql-test-run falls back + to the normal "non-extern" behavior. The reason for this is that some +-tests cannot run with an external server. ++tests cannot run with an external server (because they need to control the ++options with which the server is started). + + You can create your own test cases. To create a test case, create a new + file in the t subdirectory using a text editor. The file should have a .test +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-logrotate.patch b/mariadb/centos/files/mariadb-logrotate.patch new file mode 100644 index 0000000..e87240c --- /dev/null +++ b/mariadb/centos/files/mariadb-logrotate.patch @@ -0,0 +1,80 @@ +Adjust the mysql-log-rotate script in several ways: + +* Use the correct log file pathname for Red Hat installations. +* Enable creation of the log file by logrotate (needed since + /var/log/ isn't writable by mysql user); and set the same 640 + permissions we normally use. +* Comment out the actual rotation commands, so that user must edit + the file to enable rotation. This is unfortunate, but the fact + that the script will probably fail without manual configuration + (to set a root password) means that we can't really have it turned + on by default. Fortunately, in most configurations the log file + is low-volume and so rotation is not critical functionality. + +See discussions at RH bugs 799735, 547007 + +--- + support-files/mysql-log-rotate.sh | 44 ++++++++++++++++++++------------------- + 1 files changed, 23 insertions(+), 21 deletions(-) + +diff --git a/support-files/mysql-log-rotate.sh b/support-files/mysql-log-rotate.sh +index 5d1b30b..425c591 100644 +--- a/support-files/mysql-log-rotate.sh ++++ b/support-files/mysql-log-rotate.sh +@@ -1,9 +1,9 @@ + # This logname can be set in /etc/my.cnf +-# by setting the variable "err-log" +-# in the [safe_mysqld] section as follows: ++# by setting the variable "log-error" ++# in the [mysqld_safe] section as follows: + # +-# [safe_mysqld] +-# err-log=@localstatedir@/mysqld.log ++# [mysqld_safe] ++# log-error=@LOG_LOCATION@ + # + # If the root user has a password you have to create a + # /root/.my.cnf configuration file with the following +@@ -18,20 +18,22 @@ + # ATTENTION: This /root/.my.cnf should be readable ONLY + # for root ! + +-@localstatedir@/mysqld.log { +- # create 600 mysql mysql +- notifempty +- daily +- rotate 3 +- missingok +- compress +- postrotate +- # just if mysqld is really running +- if test -x @bindir@/mysqladmin && \ +- @bindir@/mysqladmin ping &>/dev/null +- then +- @bindir@/mysqladmin --local flush-error-log \ +- flush-engine-log flush-general-log flush-slow-log +- fi +- endscript +-} ++# Then, un-comment the following lines to enable rotation of mysql's log file: ++ ++#@LOG_LOCATION@ { ++# # create 600 mysql mysql ++# notifempty ++# daily ++# rotate 3 ++# missingok ++# compress ++# postrotate ++# # just if mysqld is really running ++# if test -x @bindir@/mysqladmin && \ ++# @bindir@/mysqladmin ping &>/dev/null ++# then ++# @bindir@/mysqladmin --local flush-error-log \ ++# flush-engine-log flush-general-log flush-slow-log ++# fi ++# endscript ++#} +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-notestdb.patch b/mariadb/centos/files/mariadb-notestdb.patch new file mode 100644 index 0000000..b6ea1f5 --- /dev/null +++ b/mariadb/centos/files/mariadb-notestdb.patch @@ -0,0 +1,24 @@ +--- + scripts/mysql_install_db.pl.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/mysql_install_db.pl.in b/scripts/mysql_install_db.pl.in +index 0accdd1..3ab2786 100644 +--- a/scripts/mysql_install_db.pl.in ++++ b/scripts/mysql_install_db.pl.in +@@ -399,10 +399,10 @@ if ( $opt->{'skip-name-resolve'} and $resolved and $resolved =~ /\s/ ) + } + + # ---------------------------------------------------------------------- +-# Create database directories mysql & test ++# Create database directories mysql + # ---------------------------------------------------------------------- + +-foreach my $dir ( $opt->{ldata}, "$opt->{ldata}/mysql", "$opt->{ldata}/test" ) ++foreach my $dir ( $opt->{ldata}, "$opt->{ldata}/mysql" ) + { + # FIXME not really the same as original "mkdir -p", but ok? + mkdir($dir, 0700) unless -d $dir; +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-ownsetup.patch b/mariadb/centos/files/mariadb-ownsetup.patch new file mode 100644 index 0000000..b54c24a --- /dev/null +++ b/mariadb/centos/files/mariadb-ownsetup.patch @@ -0,0 +1,41 @@ +--- + support-files/CMakeLists.txt | 1 + + support-files/rpm/server.cnf | 9 +++++++++ + 2 files changed, 10 insertions(+) + +diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt +index 71e9b3f..5f3b2a6 100644 +--- a/support-files/CMakeLists.txt ++++ b/support-files/CMakeLists.txt +@@ -81,6 +81,7 @@ IF(UNIX) + ENDIF() + + CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY) ++ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development) + + INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development) +diff --git a/support-files/rpm/server.cnf b/support-files/rpm/server.cnf +index 9682d2b..6f398d4 100644 +--- a/support-files/rpm/server.cnf ++++ b/support-files/rpm/server.cnf +@@ -9,7 +9,16 @@ + [server] + + # this is only for the mysqld standalone daemon ++# Settings user and group are ignored when systemd is used. ++# If you need to run mysqld under a different user or group, ++# customize your systemd unit file for mysqld/mariadb according to the ++# instructions in http://fedoraproject.org/wiki/Systemd + [mysqld] ++datadir=@MYSQL_DATADIR@ ++socket=@MYSQL_UNIX_ADDR@ ++log-error=@LOG_LOCATION@ ++pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ++ + + # + # * Galera-related settings +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-revert-stdouterr-closing.patch b/mariadb/centos/files/mariadb-revert-stdouterr-closing.patch new file mode 100644 index 0000000..96274c3 --- /dev/null +++ b/mariadb/centos/files/mariadb-revert-stdouterr-closing.patch @@ -0,0 +1,34 @@ +--- + scripts/mysqld_safe.sh | 2 +- + support-files/mysql.server.sh | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/mysqld_safe.sh b/scripts/mysqld_safe.sh +index 5564f92..fe77d97 100644 +--- a/scripts/mysqld_safe.sh ++++ b/scripts/mysqld_safe.sh +@@ -756,7 +756,7 @@ if [ ! -d $mysql_unix_port_dir ] + then + if ! `mkdir -p $mysql_unix_port_dir` + then +- log_error "Fatal error Can't create database directory '$mysql_unix_port'" ++ echo "Fatal error Can't create database directory '$mysql_unix_port'" + exit 1 + fi + chown $user $mysql_unix_port_dir +diff --git a/support-files/mysql.server.sh b/support-files/mysql.server.sh +index ed0da3c..312f2b2 100644 +--- a/support-files/mysql.server.sh ++++ b/support-files/mysql.server.sh +@@ -296,7 +296,7 @@ case "$mode" in + then + # Give extra arguments to mysqld with the my.cnf file. This script + # may be overwritten at next upgrade. +- $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" "$@" & ++ $bindir/mysqld_safe --datadir="$datadir" --pid-file="$mysqld_pid_file_path" "$@" >dev/null & + wait_for_ready; return_value=$? + + # Make lock for RedHat / SuSE +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-scripts.patch b/mariadb/centos/files/mariadb-scripts.patch new file mode 100644 index 0000000..fe51eb7 --- /dev/null +++ b/mariadb/centos/files/mariadb-scripts.patch @@ -0,0 +1,47 @@ +--- + scripts/CMakeLists.txt | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt +index 2f9c185..a6e4d49 100644 +--- a/scripts/CMakeLists.txt ++++ b/scripts/CMakeLists.txt +@@ -362,6 +362,35 @@ ELSE() + ) + ENDFOREACH() + ++ # files for systemd ++ SET(SYSTEMD_SCRIPTS ++ mysql.tmpfiles.d ++ mysql.service ++ mysql@.service ++ mysql-prepare-db-dir ++ mysql-wait-ready ++ mysql-wait-stop ++ mysql-check-socket ++ mysql-check-upgrade ++ mysql-scripts-common ++ mysql_config_multilib ++ clustercheck ++ mysql.init ++ my.cnf ++ ) ++ FOREACH(file ${SYSTEMD_SCRIPTS}) ++ IF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh) ++ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh ++ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY) ++ ELSEIF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.in) ++ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.in ++ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY) ++ ELSE() ++ MESSAGE(FATAL_ERROR "Can not find ${file}.sh or ${file}.in in " ++ "${CMAKE_CURRENT_SOURCE_DIR}" ) ++ ENDIF() ++ ENDFOREACH() ++ + FOREACH(file ${WSREP_SOURCE}) + CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh + ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY) +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-server-galera.te b/mariadb/centos/files/mariadb-server-galera.te new file mode 100644 index 0000000..bdce127 --- /dev/null +++ b/mariadb/centos/files/mariadb-server-galera.te @@ -0,0 +1,23 @@ + +module mariadb-server-galera 1.0; + +require { + type mysqld_t; + type rsync_exec_t; + type anon_inodefs_t; + type proc_net_t; + type kerberos_port_t; + class file { read execute execute_no_trans getattr open }; + class tcp_socket { name_bind name_connect }; + class process { setpgid siginh rlimitinh noatsecure }; +} + +# allow mysqld to run rsyncd +allow mysqld_t self:process setpgid; +allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open }; +allow mysqld_t anon_inodefs_t:file getattr; +allow mysqld_t proc_net_t:file { read open }; + +# allow rsyncd to listen on port 4444 +allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect }; + diff --git a/mariadb/centos/files/mariadb-ssl-cypher.patch b/mariadb/centos/files/mariadb-ssl-cypher.patch new file mode 100644 index 0000000..9ff9e02 --- /dev/null +++ b/mariadb/centos/files/mariadb-ssl-cypher.patch @@ -0,0 +1,30 @@ +--- + mysql-test/r/ssl_8k_key.result | 4 ++-- + mysql-test/t/ssl_8k_key.test | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mysql-test/r/ssl_8k_key.result b/mysql-test/r/ssl_8k_key.result +index b33a1d2..ff9d0cc 100644 +--- a/mysql-test/r/ssl_8k_key.result ++++ b/mysql-test/r/ssl_8k_key.result +@@ -1,2 +1,2 @@ +-Variable_name Value +-Ssl_cipher DHE-RSA-AES256-SHA ++have_ssl ++1 +diff --git a/mysql-test/t/ssl_8k_key.test b/mysql-test/t/ssl_8k_key.test +index 27cffdc..4b81648 100644 +--- a/mysql-test/t/ssl_8k_key.test ++++ b/mysql-test/t/ssl_8k_key.test +@@ -5,7 +5,7 @@ + # + # Bug#29784 YaSSL assertion failure when reading 8k key. + # +---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SHOW STATUS LIKE 'ssl_Cipher'" 2>&1 ++--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 + + ## This test file is for testing encrypted communication only, not other + ## encryption routines that the SSL library happens to provide! +-- +1.9.1 + diff --git a/mariadb/centos/files/mariadb-strmov.patch b/mariadb/centos/files/mariadb-strmov.patch new file mode 100644 index 0000000..cdd2f8b --- /dev/null +++ b/mariadb/centos/files/mariadb-strmov.patch @@ -0,0 +1,40 @@ +Remove overly optimistic definition of strmov() as stpcpy(). + +mysql uses this macro with overlapping source and destination strings, +which is verboten per spec, and fails on some Red Hat platforms. +Deleting the definition is sufficient to make it fall back to a +byte-at-a-time copy loop, which should consistently give the +expected behavior. + +Note: the particular case that prompted this patch is reported and fixed +at http://bugs.mysql.com/bug.php?id=48864. However, my faith in upstream's +ability to detect this type of error is low, and I also see little evidence +of any real performance gain from optimizing these calls. So I'm keeping +this patch. + +--- + include/m_string.h | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/include/m_string.h b/include/m_string.h +index 7437ea8..bb3ab57 100644 +--- a/include/m_string.h ++++ b/include/m_string.h +@@ -73,14 +73,6 @@ + extern void *(*my_str_realloc)(void *, size_t); + extern void (*my_str_free)(void *); + +-#ifdef DBUG_OFF +-#if defined(HAVE_STPCPY) && MY_GNUC_PREREQ(3, 4) && !defined(__INTEL_COMPILER) +-#define strmov(A,B) __builtin_stpcpy((A),(B)) +-#elif defined(HAVE_STPCPY) +-#define strmov(A,B) stpcpy((A),(B)) +-#endif +-#endif +- + /* Declared in int2str() */ + extern const char _dig_vec_upper[]; + extern const char _dig_vec_lower[]; +-- +1.9.1 + diff --git a/mariadb/centos/files/my.cnf.in b/mariadb/centos/files/my.cnf.in new file mode 100644 index 0000000..247e12d --- /dev/null +++ b/mariadb/centos/files/my.cnf.in @@ -0,0 +1,18 @@ +# +# This group is read both both by the client and the server +# use it for options that affect everything +# +[client-server] + +# +# This group is read by the server +# +[mysqld] +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +# +# include all files from the config directory +# +!includedir @INSTALL_SYSCONF2DIR@ + diff --git a/mariadb/centos/files/mysql-check-socket.sh b/mariadb/centos/files/mysql-check-socket.sh new file mode 100644 index 0000000..b15cd32 --- /dev/null +++ b/mariadb/centos/files/mysql-check-socket.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# We check if there is already a process using the socket file, +# since otherwise the systemd service file could report false +# positive result when starting and mysqld_safe could remove +# a socket file, which is actually being used by a different daemon. + +source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" + +if test -e "$socketfile" ; then + echo "Socket file $socketfile exists." >&2 + + # no write permissions + if ! test -w "$socketfile" ; then + echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2 + echo "Please, remove $socketfile manually to start the service." >&2 + exit 1 + fi + + # not a socket file + if ! test -S "$socketfile" ; then + echo "The file $socketfile is not a socket file, which is suspicious." >&2 + echo "Please, remove $socketfile manually to start the service." >&2 + exit 1 + fi + + # some process uses the socket file + if fuser "$socketfile" &>/dev/null ; then + socketpid=$(fuser "$socketfile" 2>/dev/null) + echo "Is another MySQL daemon already running with the same unix socket?" >&2 + echo "Please, stop the process $socketpid or remove $socketfile manually to start the service." >&2 + exit 1 + fi + + # socket file is a garbage + echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2 +fi + +exit 0 diff --git a/mariadb/centos/files/mysql-check-upgrade.sh b/mariadb/centos/files/mysql-check-upgrade.sh new file mode 100644 index 0000000..1bfd3bc --- /dev/null +++ b/mariadb/centos/files/mysql-check-upgrade.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" + +upgrade_info_file="$datadir/mysql_upgrade_info" +version=0 +# get version as integer from mysql_upgrade_info file +if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then + version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/') + version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/') + if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then + version=$((version_major*100+version_minor)) + fi +fi + +# compute current version as integer +thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@)) + +# provide warning in cases we should run mysql_upgrade +if [ $version -ne $thisversion ] ; then + + # give extra warning if some version seems to be skipped + if [ $version -gt 0 ] && [ $version -lt 505 ] ; then + echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2 + fi + + cat <&2 +The datadir located at $datadir needs to be upgraded using 'mysql_upgrade' tool. This can be done using the following steps: + + 1. Back-up your data before with 'mysql_upgrade' + 2. Start the database daemon using 'service @DAEMON_NAME@ start' + 3. Run 'mysql_upgrade' with a database user that has sufficient privileges + +Read more about 'mysql_upgrade' usage at: +https://mariadb.com/kb/en/mariadb/documentation/sql-commands/table-commands/mysql_upgrade/ +EOF +fi + +exit 0 diff --git a/mariadb/centos/files/mysql-embedded-check.c b/mariadb/centos/files/mysql-embedded-check.c new file mode 100644 index 0000000..8bf8ca5 --- /dev/null +++ b/mariadb/centos/files/mysql-embedded-check.c @@ -0,0 +1,26 @@ +/* simple test program to see if we can link the embedded server library */ + +#include +#include +#include + +#include "mysql.h" + +MYSQL *mysql; + +static char *server_options[] = \ + { "mysql_test", "--defaults-file=my.cnf", NULL }; +int num_elements = (sizeof(server_options) / sizeof(char *)) - 1; + +static char *server_groups[] = { "libmysqld_server", + "libmysqld_client", NULL }; + +int main(int argc, char **argv) +{ + mysql_library_init(num_elements, server_options, server_groups); + mysql = mysql_init(NULL); + mysql_close(mysql); + mysql_library_end(); + + return 0; +} diff --git a/mariadb/centos/files/mysql-prepare-db-dir.sh b/mariadb/centos/files/mysql-prepare-db-dir.sh new file mode 100644 index 0000000..b47fa9b --- /dev/null +++ b/mariadb/centos/files/mysql-prepare-db-dir.sh @@ -0,0 +1,137 @@ +#!/bin/sh + +# This script creates the mysql data directory during first service start. +# In subsequent starts, it does nothing much. + +source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" + +# Returns content of the specified directory +# If listing files fails, fake-file is returned so which means +# we'll behave like there was some data initialized +# @param datadir +ls_check_datadir () +{ + ls -A "$1" 2>/dev/null + test $? -eq 0 || echo "fake-file" +} + +# Checks whether datadir should be initialized +# @param datadir +should_initialize () +{ + case `ls_check_datadir "$1"` in + ""|lost+found|*.err) true ;; + *) false ;; + esac +} + +# If two args given first is user, second is group +# otherwise the arg is the systemd service file +if [ "$#" -eq 2 ] +then + myuser="$1" + mygroup="$2" +else + # Absorb configuration settings from the specified systemd service file, + # or the default service if not specified + SERVICE_NAME="$1" + if [ x"$SERVICE_NAME" = x ] + then + SERVICE_NAME=@DAEMON_NAME@.service + fi + + myuser=`systemctl show -p User "${SERVICE_NAME}" | + sed 's/^User=//'` + if [ x"$myuser" = x ] + then + myuser=mysql + fi + + mygroup=`systemctl show -p Group "${SERVICE_NAME}" | + sed 's/^Group=//'` + if [ x"$mygroup" = x ] + then + mygroup=mysql + fi +fi + +# Set up the errlogfile with appropriate permissions +touch "$errlogfile" +ret=$? +# Provide some advice if the log file cannot be touched +if [ $ret -ne 0 ] ; then + errlogdir=$(dirname $errlogfile) + if ! [ -d "$errlogdir" ] ; then + echo "The directory $errlogdir does not exist." + elif [ -f "$errlogfile" ] ; then + echo "The log file $errlogfile cannot be touched, please, fix its permissions." + else + echo "The log file $errlogfile could not be created." + fi + echo "The daemon will be run under $myuser:$mygroup" + exit 1 +fi +chown "$myuser:$mygroup" "$errlogfile" +chmod 0640 "$errlogfile" +[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile" + +# Make the data directory if doesn't exist or empty +if should_initialize "$datadir" ; then + # First, make sure $datadir is there with correct permissions + # (note: if it's not, and we're not root, this'll fail ...) + if [ ! -e "$datadir" -a ! -h "$datadir" ] + then + mkdir -p "$datadir" || exit 1 + fi + chown "$myuser:$mygroup" "$datadir" + chmod 0755 "$datadir" + [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" + + # Now create the database + echo "Initializing @NICE_PROJECT_NAME@ database" + # Avoiding deletion of files not created by mysql_install_db is + # guarded by time check and sleep should help work-arounded + # potential issues on systems with 1 second resolution timestamps + # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19 + INITDB_TIMESTAMP=`LANG=C date -u` + sleep 1 + @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" + ret=$? + if [ $ret -ne 0 ] ; then + echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2 + echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2 + # Clean up any partially-created database files + if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then + echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2 + echo "Files created so far will be removed." >&2 + find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \ + -not -name "lost+found" -exec rm -rf {} + + if [ $? -ne 0 ] ; then + echo "Removing of created files was not successfull." >&2 + echo "Please, clean directory $datadir manually." >&2 + fi + else + echo "However, part of data has been initialized and those will not be removed." >&2 + echo "Please, clean directory $datadir manually." >&2 + fi + exit $ret + fi + # upgrade does not need to be run on a fresh datadir + echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info" + # In case we're running as root, make sure files are owned properly + chown -R "$myuser:$mygroup" "$datadir" +else + if [ -d "$datadir/mysql/" ] ; then + # mysql dir exists, it seems data are initialized properly + echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done." + echo "If this is not the case, make sure the $datadir is empty before running `basename $0`." + else + # if the directory is not empty but mysql/ directory is missing, then + # print error and let user to initialize manually or empty the directory + echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." + echo "Make sure the $datadir is empty before running `basename $0`." + exit 1 + fi +fi + +exit 0 diff --git a/mariadb/centos/files/mysql-scripts-common.sh b/mariadb/centos/files/mysql-scripts-common.sh new file mode 100644 index 0000000..bf2888f --- /dev/null +++ b/mariadb/centos/files/mysql-scripts-common.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +# Some useful functions used in other MySQL helper scripts +# This scripts defines variables datadir, errlogfile, socketfile + +export LC_ALL=C + +# extract value of a MySQL option from config files +# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ] +# result is returned in $result +# We use my_print_defaults which prints all options from multiple files, +# with the more specific ones later; hence take the last match. +get_mysql_option(){ + if [ $# -ne 3 ] ; then + echo "get_mysql_option requires 3 arguments: section option default_value" + return + fi + sections="$1" + option_name="$2" + default_value="$3" + result=`@bindir@/my_print_defaults $sections | sed -n "s/^--${option_name}=//p" | tail -n 1` + if [ -z "$result" ]; then + # not found, use default + result="${default_value}" + fi +} + +# Defaults here had better match what mysqld_safe will default to +# The option values are generally defined on three important places +# on the default installation: +# 1) default values are hardcoded in the code of mysqld daemon or +# mysqld_safe script +# 2) configurable values are defined in @sysconfdir@/my.cnf +# 3) default values for helper scripts are specified bellow +# So, in case values are defined in my.cnf, we need to get that value. +# In case they are not defined in my.cnf, we need to get the same value +# in the daemon, as in the helper scripts. Thus, default values here +# must correspond with values defined in mysqld_safe script and source +# code itself. + +server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ client-server" + +get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@" +datadir="$result" + +# if there is log_error in the my.cnf, my_print_defaults still +# returns log-error +# log-error might be defined in mysqld_safe and mysqld sections, +# the former has bigger priority +get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err" +errlogfile="$result" + +get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@" +socketfile="$result" + +get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid" +pidfile="$result" + diff --git a/mariadb/centos/files/mysql-wait-ready.sh b/mariadb/centos/files/mysql-wait-ready.sh new file mode 100644 index 0000000..2ed5fe1 --- /dev/null +++ b/mariadb/centos/files/mysql-wait-ready.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" + +# This script waits for mysqld to be ready to accept connections +# (which can be many seconds or even minutes after launch, if there's +# a lot of crash-recovery work to do). +# Running this as ExecStartPost is useful so that services declared as +# "After mysqld" won't be started until the database is really ready. + +if [ $# -ne 1 ] ; then + echo "You need to pass daemon pid as an argument for this script." + exit 20 +fi + +# Service file passes us the daemon's PID (actually, mysqld_safe's PID) +daemon_pid="$1" + +# Wait for the server to come up or for the mysqld process to disappear +ret=0 +while /bin/true; do + # Check process still exists + if ! [ -d "/proc/${daemon_pid}" ] ; then + ret=1 + break + fi + RESPONSE=`@bindir@/mysqladmin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER ping 2>&1` + mret=$? + if [ $mret -eq 0 ] ; then + break + fi + # exit codes 1, 11 (EXIT_CANNOT_CONNECT_TO_SERVICE) are expected, + # anything else suggests a configuration error + if [ $mret -ne 1 -a $mret -ne 11 ]; then + echo "Cannot check for @NICE_PROJECT_NAME@ Daemon startup because of mysqladmin failure." >&2 + ret=$mret + break + fi + # "Access denied" also means the server is alive + echo "$RESPONSE" | grep -q "Access denied for user" && break + + sleep 1 +done + +exit $ret diff --git a/mariadb/centos/files/mysql-wait-stop.sh b/mariadb/centos/files/mysql-wait-stop.sh new file mode 100644 index 0000000..62bde30 --- /dev/null +++ b/mariadb/centos/files/mysql-wait-stop.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" + +# This script waits for mysqld to be properly stopped +# (which can be many seconds in some large load). +# Running this as ExecStopPost is useful so that starting which is done +# as part of restart doesn't see the former process still running. + +# Wait for the server to properly end the main server +ret=0 +TIMEOUT=60 +SECONDS=0 + +if ! [ -f "$pidfile" ]; then + exit 0 +fi + +MYSQLPID=`cat "$pidfile" 2>/dev/null` +if [ -z "$MYSQLPID" ] ; then + exit 2 +fi + +while /bin/true; do + # Check process still exists + if ! [ -d "/proc/${MYSQLPID}" ] ; then + break + fi + if [ $SECONDS -gt $TIMEOUT ] ; then + ret=3 + break + fi + sleep 1 +done + +exit $ret diff --git a/mariadb/centos/files/mysql.init.in b/mariadb/centos/files/mysql.init.in new file mode 100644 index 0000000..0a022af --- /dev/null +++ b/mariadb/centos/files/mysql.init.in @@ -0,0 +1,186 @@ +#!/bin/sh +# +# @DAEMON_NAME@ This shell script takes care of starting and stopping +# the MySQL subsystem (mysqld). +# +# chkconfig: - 64 36 +# description: MySQL database server. +# processname: mysqld +# config: @sysconfdir@/my.cnf +# pidfile: /var/run/@DAEMON_NAME@/@DAEMON_NAME@.pid +### BEGIN INIT INFO +# Provides: mysqld +# Required-Start: $local_fs $remote_fs $network $named $syslog $time +# Required-Stop: $local_fs $remote_fs $network $named $syslog $time +# Short-Description: start and stop MySQL server +# Description: MySQL database server +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + + +exec="@bindir@/mysqld_safe" +prog="@DAEMON_NAME@" + +# Set timeouts here so they can be overridden from @sysconfdir@/sysconfig/@DAEMON_NO_PREFIX@ +STARTTIMEOUT=300 +STOPTIMEOUT=60 + +# User and group the daemon will run under +MYUSER=mysql +MYGROUP=mysql + +# Edit the following file in order to re-write some of the environment +# variables defined above, like $STARTTIMEOUT, $STOPTIMEOUT, $exec +[ -e @sysconfdir@/sysconfig/@DAEMON_NO_PREFIX@ ] && . @sysconfdir@/sysconfig/@DAEMON_NO_PREFIX@ + +lockfile=/var/lock/subsys/$prog + +# get options from my.cnf +source "@libexecdir@/mysql-scripts-common" + +start(){ + [ -x $exec ] || exit 5 + + # check permissions + if ! touch $(dirname $socketfile) &>/dev/null ; then + action $"Starting $prog: " /bin/false + return 4 + fi + + # check to see if it's already running + MYSQLDRUNNING=0 + if [ -f "$pidfile" ]; then + MYSQLPID=`cat "$pidfile" 2>/dev/null` + if [ -n "$MYSQLPID" ] && [ -d "/proc/$MYSQLPID" ] ; then + MYSQLDRUNNING=1 + fi + fi + RESPONSE=`@bindir@/mysqladmin --socket="$socketfile" --user=UNKNOWN_MYSQL_USER ping 2>&1` + if [ $MYSQLDRUNNING = 1 ] && [ $? = 0 ]; then + # already running, do nothing + action $"Starting $prog: " /bin/true + ret=0 + elif [ $MYSQLDRUNNING = 1 ] && echo "$RESPONSE" | grep -q "Access denied for user" + then + # already running, do nothing + action $"Starting $prog: " /bin/true + ret=0 + else + @libexecdir@/mysql-prepare-db-dir $MYUSER $MYGROUP || return 4 + @libexecdir@/mysql-check-socket || return 1 + + # Pass all the options determined above, to ensure consistent behavior. + # In many cases mysqld_safe would arrive at the same conclusions anyway + # but we need to be sure. (An exception is that we don't force the + # log-error setting, since this script doesn't really depend on that, + # and some users might prefer to configure logging to syslog.) + # Note: set --basedir to prevent probes that might trigger SELinux + # alarms, per bug #547485 + $exec --datadir="$datadir" --socket="$socketfile" \ + --pid-file="$pidfile" \ + --basedir=@prefix@ --user=$MYUSER >/dev/null 2>&1 & + safe_pid=$! + + # Wait until the daemon is up + @libexecdir@/mysql-wait-ready "$safe_pid" + ret=$? + + if [ $ret -eq 0 ]; then + action $"Starting $prog: " /bin/true + chmod o+r $pidfile >/dev/null 2>&1 + touch $lockfile + else + action $"Starting $prog: " /bin/false + fi + fi + return $ret +} + +stop(){ + if [ ! -f "$pidfile" ]; then + # not running; per LSB standards this is "ok" + action $"Stopping $prog: " /bin/true + return 0 + fi + MYSQLPID=`cat "$pidfile" 2>/dev/null` + if [ -n "$MYSQLPID" ]; then + if ! [ -d "/proc/$MYSQLPID" ] ; then + # process doesn't run anymore + action $"Stopping $prog: " /bin/true + return 0 + fi + /bin/kill "$MYSQLPID" >/dev/null 2>&1 + ret=$? + if [ $ret -eq 0 ]; then + TIMEOUT="$STOPTIMEOUT" + while [ $TIMEOUT -gt 0 ]; do + /bin/kill -0 "$MYSQLPID" >/dev/null 2>&1 || break + sleep 1 + let TIMEOUT=${TIMEOUT}-1 + done + if [ $TIMEOUT -eq 0 ]; then + echo "Timeout error occurred trying to stop MySQL Daemon." + ret=1 + action $"Stopping $prog: " /bin/false + else + rm -f $lockfile + rm -f "$socketfile" + action $"Stopping $prog: " /bin/true + fi + else + # kill command failed, probably insufficient permissions + action $"Stopping $prog: " /bin/false + ret=4 + fi + else + # failed to read pidfile, probably insufficient permissions + action $"Stopping $prog: " /bin/false + ret=4 + fi + return $ret +} + +restart(){ + stop + start +} + +condrestart(){ + [ -e $lockfile ] && restart || : +} + + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status -p "$pidfile" $prog + ;; + restart) + restart + ;; + condrestart|try-restart) + condrestart + ;; + reload) + exit 3 + ;; + force-reload) + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac + +exit $? diff --git a/mariadb/centos/files/mysql.service.in b/mariadb/centos/files/mysql.service.in new file mode 100644 index 0000000..c385b4a --- /dev/null +++ b/mariadb/centos/files/mysql.service.in @@ -0,0 +1,70 @@ +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, the +# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service", +# containing +# .include /usr/lib/systemd/system/@DAEMON_NAME@.service +# ...make your changes here... +# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf", +# which doesn't need to include ".include" call and which will be parsed +# after the file @DAEMON_NAME@.service itself is parsed. +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# For example, if you want to increase mysql's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, so create a file named +# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing: +# [Service] +# LimitNOFILE=10000 + +# Note: /usr/lib/... is recommended in the .include line though /lib/... +# still works. +# Don't forget to reload systemd daemon after you change unit configuration: +# root> systemctl --system daemon-reload + +# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance. + +[Unit] +Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +After=syslog.target +After=network.target + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=@libexecdir@/mysql-check-socket +ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=@libexecdir@/mysqld --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=@libexecdir@/mysql-check-upgrade +ExecStopPost=@libexecdir@/mysql-wait-stop + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address mysqld option. +PrivateNetwork=false + +KillMode=process +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/mariadb/centos/files/mysql.tmpfiles.d.in b/mariadb/centos/files/mysql.tmpfiles.d.in new file mode 100644 index 0000000..9e6b6e8 --- /dev/null +++ b/mariadb/centos/files/mysql.tmpfiles.d.in @@ -0,0 +1,3 @@ +# Do not edit this file. +# To override this, put /etc/tmpfiles.d/mariadb.conf instead. +d @PID_FILE_DIR@ 0755 mysql mysql - diff --git a/mariadb/centos/files/mysql@.service.in b/mariadb/centos/files/mysql@.service.in new file mode 100644 index 0000000..ab9a7cd --- /dev/null +++ b/mariadb/centos/files/mysql@.service.in @@ -0,0 +1,77 @@ +# Multi instance version of mariadb. For if you run mutiple verions at once. +# Also used for @DAEMON_NAME@@bootstrap to bootstrap Galera. +# +# To use multi instance variant, use [mysqld.INSTANCENAME] as sections in my.cnf +# and start the service via: +# systemctl start @DAEMON_NAME@@{instancename}.server +# +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, the +# best way is to create a file "/etc/systemd/system/@DAEMON_NAME@.service", +# containing +# .include /usr/lib/systemd/system/@DAEMON_NAME@.service +# ...make your changes here... +# or create a file "/etc/systemd/system/@DAEMON_NAME@.service.d/foo.conf", +# which doesn't need to include ".include" call and which will be parsed +# after the file @DAEMON_NAME@.service itself is parsed. +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F + +# For example, if you want to increase mysql's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, so create a file named +# "/etc/systemd/system/@DAEMON_NAME@.service.d/limits.conf" containing: +# [Service] +# LimitNOFILE=10000 + +# Note: /usr/lib/... is recommended in the .include line though /lib/... +# still works. +# Don't forget to reload systemd daemon after you change unit configuration: +# root> systemctl --system daemon-reload + +# Use [mysqld.INSTANCENAME] as sections in my.cnf to configure this instance. + +[Unit] +Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +After=syslog.target +After=network.target + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=@libexecdir@/mysql-check-socket +ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=@libexecdir@/mysql-check-upgrade +ExecStopPost=@libexecdir@/mysql-wait-stop + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address mysqld option. +PrivateNetwork=false + +KillMode=process +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/mariadb/centos/files/mysql_config_multilib.sh b/mariadb/centos/files/mysql_config_multilib.sh new file mode 100644 index 0000000..06c2a2b --- /dev/null +++ b/mariadb/centos/files/mysql_config_multilib.sh @@ -0,0 +1,26 @@ +#! /bin/sh +# +# Wrapper script for mysql_config to support multilib +# +# This command respects setarch + +bits=$(rpm --eval %__isa_bits) + +case $bits in + 32|64) status=known ;; + *) status=unknown ;; +esac + +if [ "$status" = "unknown" ] ; then + echo "$0: error: command 'rpm --eval %__isa_bits' returned unknown value: $bits" + exit 1 +fi + + +if [ -x @bindir@/mysql_config-$bits ] ; then + @bindir@/mysql_config-$bits "$@" +else + echo "$0: error: needed binary: @bindir@/mysql_config-$bits is missing" + exit 1 +fi + diff --git a/mariadb/centos/files/rh-skipped-tests-arm.list b/mariadb/centos/files/rh-skipped-tests-arm.list new file mode 100644 index 0000000..d7e0b58 --- /dev/null +++ b/mariadb/centos/files/rh-skipped-tests-arm.list @@ -0,0 +1,8 @@ +main.partition_exchange : #1399847 +main.analyze_stmt_orderby : #1399847 +main.explain_json_innodb : #1399847 +main.explain_json_format_partitions : #1399847 +main.analyze_format_json : #1399847 +main.explain_json : #1399847 +main.subselect_cache : #1399847 +main.type_year : #1399847 diff --git a/mariadb/centos/files/rh-skipped-tests-base.list b/mariadb/centos/files/rh-skipped-tests-base.list new file mode 100644 index 0000000..2992d7e --- /dev/null +++ b/mariadb/centos/files/rh-skipped-tests-base.list @@ -0,0 +1,9 @@ +main.userstat : #1399847 +main.multi_update : #1399847 +main.set_statement_notembedded_binlog : #1399847 +main.ssl_7937 : #1399847 +main.ssl_crl_clients : #1399847 +main.ssl_cert_verify : #1399847 +perfschema.nesting : #1399847 +perfschema.socket_summary_by_event_name_func : #1399847 +perfschema.socket_summary_by_instance_func : #1399847 diff --git a/mariadb/centos/files/rh-skipped-tests-ppc-s390.list b/mariadb/centos/files/rh-skipped-tests-ppc-s390.list new file mode 100644 index 0000000..e69de29 diff --git a/mariadb/centos/mariadb.spec b/mariadb/centos/mariadb.spec new file mode 100644 index 0000000..1ca23fa --- /dev/null +++ b/mariadb/centos/mariadb.spec @@ -0,0 +1,2032 @@ +# Prefix that is used for patches +%global pkg_name %{name} +%global pkgnamepatch mariadb + +# Regression tests may take a long time (many cores recommended), skip them by +# passing --nocheck to rpmbuild or by setting runselftest to 0 if defining +# --nocheck is not possible (e.g. in koji build) +%{!?runselftest:%global runselftest 0} + +# Set this to 1 to see which tests fail, but 0 on production ready build +%global ignore_testsuite_result 0 + +# In f20+ use unversioned docdirs, otherwise the old versioned one +%global _pkgdocdirname %{pkg_name}%{!?_pkgdocdir:-%{version}} +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{pkg_name}-%{version}} + +# Use Full RELRO for all binaries (RHBZ#1092548) +%global _hardened_build 1 + +# By default, patch(1) creates backup files when chunks apply with offsets. +# Turn that off to ensure such files don't get included in RPMs (cf bz#884755). +%global _default_patch_flags --no-backup-if-mismatch + +# TokuDB engine is now part of MariaDB, but it is available only for x86_64; +# variable tokudb allows to build with TokuDB storage engine +# Temporarily disabled in F21+ for https://mariadb.atlassian.net/browse/MDEV-6446 +# WRS: TokuDB has AGPL license, so disable it +%ifarch 0 #x86_64 +%bcond_without tokudb +%else +%bcond_with tokudb +%endif + +# Mroonga engine is now part of MariaDB, but it only builds for x86_64; +# variable mroonga allows to build with Mroonga storage engine +%ifarch x86_64 i686 +%bcond_without mroonga +%else +%bcond_with mroonga +%endif + +# The Open Query GRAPH engine (OQGRAPH) is a computation engine allowing +# hierarchies and more complex graph structures to be handled in a relational +# fashion; enabled by default +# Temporarily disabling oqgraph: https://mariadb.atlassian.net/browse/MDEV-9479 +%bcond_with oqgraph + +# For some use cases we do not need some parts of the package +%bcond_without clibrary +%bcond_without embedded +%bcond_without devel +%bcond_without client +%bcond_without common +%bcond_without errmsg +%bcond_without bench +%bcond_without test +%bcond_without connect +%bcond_without galera + +# When there is already another package that ships /etc/my.cnf, +# rather include it than ship the file again, since conflicts between +# those files may create issues +%bcond_without config + +# For deep debugging we need to build binaries with extra debug info +%bcond_with debug + +# Include files for SysV init or systemd +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%bcond_without init_systemd +%bcond_with init_sysv +%global daemon_name %{name} +%global daemondir %{_unitdir} +%global daemon_no_prefix %{pkg_name} +%global mysqld_pid_dir mysqld +%else +%bcond_with init_systemd +%bcond_without init_sysv +%global daemon_name mysqld +%global daemondir %{_sysconfdir}/rc.d/init.d +%global daemon_no_prefix mysqld +%endif + +# MariaDB 10.0 and later requires pcre >= 8.35, otherwise we need to use +# the bundled library, since the package cannot be build with older version +%global pcre_version 8.41 +%if 0%{?fedora} >= 21 +%bcond_without pcre +%else +%bcond_with pcre +%endif + +# We define some system's well known locations here so we can use them easily +# later when building to another location (like SCL) +%global logrotateddir %{_sysconfdir}/logrotate.d +%global logfiledir %{_localstatedir}/log/%{daemon_name} +%global logfile %{logfiledir}/%{daemon_name}.log + +# Directory for storing pid file +%global pidfiledir %{_localstatedir}/run/%{daemon_name} + +# Defining where database data live +%global dbdatadir %{_localstatedir}/lib/mysql + +# Home directory of mysql user should be same for all packages that create it +%global mysqluserhome /var/lib/mysql + +# The evr of mysql we want to obsolete +%global obsoleted_mysql_evr 5.6-0 +%global obsoleted_mysql_case_evr 5.5.30-5 + +# The evr of mariadb-galera we want to obsolete +%global obsoleted_mariadb_galera_evr 1:10.0.17-6 +%global obsoleted_mariadb_galera_common_evr 5.5.36-10 +%global obsoleted_mariadb_galera_server_evr 1:10.0.17-6 + +# Provide mysql names for compatibility +%bcond_without mysql_names +%bcond_without conflicts + +# Make long macros shorter +%global sameevr %{epoch}:%{version}-%{release} +%global compatver 10.1 +%global bugfixver 28 + +Name: mariadb +Version: %{compatver}.%{bugfixver} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} +Epoch: 3 + +Summary: A community developed branch of MySQL +Group: Applications/Databases +URL: http://mariadb.org +# Exceptions allow client libraries to be linked with most open source SW, +# not only GPL code. See README.mysql-license +License: GPLv2 with exceptions and LGPLv2 and BSD + +#Source0: http://mirrors.syringanetworks.net/mariadb/mariadb-%{version}/source/mariadb-%{version}.tar.gz +Source0: mariadb-%{version}.tar.gz +Source2: mysql_config_multilib.sh +Source3: my.cnf.in +Source5: README.mysql-cnf +Source6: README.mysql-docs +Source7: README.mysql-license +Source9: mysql-embedded-check.c +Source10: mysql.tmpfiles.d.in +Source11: mysql.service.in +Source12: mysql-prepare-db-dir.sh +Source13: mysql-wait-ready.sh +Source14: mysql-check-socket.sh +Source15: mysql-scripts-common.sh +Source16: mysql-check-upgrade.sh +Source17: mysql-wait-stop.sh +Source18: mysql@.service.in +Source19: mysql.init.in +Source50: rh-skipped-tests-base.list +Source51: rh-skipped-tests-arm.list +Source52: rh-skipped-tests-ppc-s390.list +# TODO: clustercheck contains some hard-coded paths, these should be expanded using template system +Source70: clustercheck.sh +Source71: LICENSE.clustercheck +Source72: mariadb-server-galera.te + +# Comments for these patches are in the patch files +# Patches common for more mysql-like packages +Patch1: %{pkgnamepatch}-strmov.patch +Patch2: %{pkgnamepatch}-install-test.patch +Patch4: %{pkgnamepatch}-logrotate.patch +Patch5: %{pkgnamepatch}-file-contents.patch +Patch7: %{pkgnamepatch}-scripts.patch +Patch8: %{pkgnamepatch}-install-db-sharedir.patch +Patch9: %{pkgnamepatch}-ownsetup.patch +Patch12: %{pkgnamepatch}-admincrash.patch +Patch13: %{pkgnamepatch}-ssl-cypher.patch +Patch14: %{pkgnamepatch}-example-config-files.patch + +# Patches specific for this mysql package +Patch30: %{pkgnamepatch}-errno.patch +# Patch31: %{pkgnamepatch}-string-overflow.patch +Patch32: %{pkgnamepatch}-basedir.patch +# Patch34: %{pkgnamepatch}-covscan-stroverflow.patch +Patch37: %{pkgnamepatch}-notestdb.patch +# Due to LP https://bugs.launchpad.net/tripleo/+bug/1638864 +# Reverts 7497ebf8a49bfe30bb4110f2ac20a30f804b7946 until we fix the +# galera resource agent to cope with this change +# When RHBZ#1391470 gets fixed and released in centos we can remove this patch +Patch38: %{pkgnamepatch}-revert-stdouterr-closing.patch + +# Patches for galera +Patch40: %{pkgnamepatch}-galera.cnf.patch +# Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch + +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libaio-devel +BuildRequires: libedit-devel +BuildRequires: ncurses-devel +BuildRequires: perl +%if 0%{?fedora} >= 22 || 0%{?rhel} > 7 +BuildRequires: perl-generators +%endif +BuildRequires: systemtap-sdt-devel +BuildRequires: zlib-devel +BuildRequires: multilib-rpm-config + +# Mariabackup +BuildRequires: libarchive libarchive-devel +# auth_pam.so plugin will be build if pam-devel is installed +BuildRequires: pam-devel +# use either new enough version of pcre or provide bundles(pcre) +%{?with_pcre:BuildRequires: pcre-devel >= 8.35} +%{!?with_pcre:Provides: bundled(pcre) = %{pcre_version}} +# Tests requires time and ps and some perl modules +BuildRequires: procps +BuildRequires: time +BuildRequires: perl(Env) +BuildRequires: perl(Exporter) +BuildRequires: perl(Fcntl) +BuildRequires: perl(File::Temp) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(IPC::Open3) +BuildRequires: perl(Memoize) +BuildRequires: perl(Socket) +BuildRequires: perl(Sys::Hostname) +BuildRequires: perl(Test::More) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(Symbol) + +# Temporary workaound to build with OpenSSL 1.0 on Fedora >=26 (wich requires OpenSSL 1.1) +%if 0%{?fedora} >= 26 +BuildRequires: compat-openssl10-devel +Requires: compat-openssl10 +%else +# for running some openssl tests rhbz#1189180 +BuildRequires: openssl +BuildRequires: openssl-devel +%endif + +BuildRequires: krb5-devel + +BuildRequires: selinux-policy-devel +%{?with_init_systemd:BuildRequires: systemd systemd-devel} + +BuildRequires: krb5-devel + +Requires: bash +Requires: fileutils +Requires: grep +Requires: %{name}-common%{?_isa} = %{sameevr} + +# Explicit EVR requirement for -libs is needed for +# https://bugzilla.redhat.com/show_bug.cgi?id=1406320 +Requires: %{name}-libs%{?_isa} = %{sameevr} + +%if %{with mysql_names} +Provides: mysql = %{sameevr} +Provides: mysql%{?_isa} = %{sameevr} +Provides: mysql-compat-client = %{sameevr} +Provides: mysql-compat-client%{?_isa} = %{sameevr} +%endif + + + +# MySQL (with caps) is upstream's spelling of their own RPMs for mysql +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql < %{obsoleted_mysql_evr}} +%{?with_conflicts:Conflicts: community-mysql} + +# obsoletion of mariadb-galera +Provides: mariadb-galera = %{sameevr} +Obsoletes: mariadb-galera < %{obsoleted_mariadb_galera_evr} + +# Filtering: https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering +%if 0%{?fedora} > 14 || 0%{?rhel} > 6 +%global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::) +%global __provides_exclude_from ^(%{_datadir}/(mysql|mysql-test)/.*|%{_libdir}/mysql/plugin/.*\\.so)$ +%else +%filter_from_requires /perl(\(hostnames\|lib::mtr\|lib::v1\|mtr_\|My::\)/d +%filter_provides_in -P (%{_datadir}/(mysql|mysql-test)/.*|%{_libdir}/mysql/plugin/.*\.so) +%filter_setup +%endif + +# Define license macro if not present +%{!?_licensedir:%global license %doc} + +%description +MariaDB is a community developed branch of MySQL. +MariaDB is a multi-user, multi-threaded SQL database server. +It is a client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. The base package +contains the standard MariaDB/MySQL client programs and generic MySQL files. + + +%if %{with clibrary} +%package libs +Summary: The shared libraries required for MariaDB/MySQL clients +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-libs = %{sameevr} +Provides: mysql-libs%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-libs < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-libs < %{obsoleted_mysql_evr}} + +%description libs +The mariadb-libs package provides the essential shared libraries for any +MariaDB/MySQL client program or interface. You will need to install this +package to use any other MariaDB package or any clients that need to connect +to a MariaDB/MySQL server. MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with config} +%package config +Summary: The config files required by server and client +Group: Applications/Databases + +%description config +The package provides the config file my.cnf and my.cnf.d directory used by any +MariaDB or MySQL program. You will need to install this package to use any +other MariaDB or MySQL package if the config files are not provided in the +package itself. +%endif + + +%if %{with common} +%package common +Summary: The shared files required by server and client +Group: Applications/Databases +Requires: %{_sysconfdir}/my.cnf + +# obsoletion of mariadb-galera-common +Provides: mariadb-galera-common = %{sameevr} +Obsoletes: mariadb-galera-common < %{obsoleted_mariadb_galera_common_evr} + +%description common +The package provides the essential shared files for any MariaDB program. +You will need to install this package to use any other MariaDB package. +%endif + + +%if %{with errmsg} +%package errmsg +Summary: The error messages files required by server and embedded +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} + +%description errmsg +The package provides error messages files for the MariaDB daemon and the +embedded server. You will need to install this package to use any of those +MariaDB packages. +%endif + + +%if %{with galera} +%package server-galera +Summary: The configuration files and scripts for galera replication +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: galera >= 25.3.3 +Requires(post): libselinux-utils +Requires(post): policycoreutils-python + +# obsoletion of mariadb-galera-server +Provides: mariadb-galera-server = %{sameevr} +Obsoletes: mariadb-galera-server <= %{obsoleted_mariadb_galera_server_evr} + +%description server-galera +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. This package contains +the MariaDB server and some accompanying files and directories. +MariaDB is a community developed branch of MySQL. +%endif + + +%package server +Summary: The MariaDB server and related files +Group: Applications/Databases + +# note: no version here = %%{version}-%%{release} +%if %{with mysql_names} +Requires: mysql-compat-client%{?_isa} +Requires: mysql%{?_isa} +%else +Requires: %{name}%{?_isa} +%endif +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{_sysconfdir}/my.cnf +Requires: %{_sysconfdir}/my.cnf.d +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +Requires: sh-utils +Requires(pre): /usr/sbin/useradd +%if %{with init_systemd} +# We require this to be present for %%{_tmpfilesdir} +Requires: systemd +# Make sure it's there when scriptlets run, too +Requires(pre): systemd +Requires(posttrans): systemd +%{?systemd_requires: %systemd_requires} +%endif +# mysqlhotcopy needs DBI/DBD support +Requires: perl(DBI) +Requires: perl(DBD::mysql) +# wsrep requirements +Requires: lsof +Requires: net-tools +Requires: sh-utils +Requires: rsync +%if %{with mysql_names} +Provides: mysql-server = %{sameevr} +Provides: mysql-server%{?_isa} = %{sameevr} +Provides: mysql-compat-server = %{sameevr} +Provides: mysql-compat-server%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-server < %{obsoleted_mysql_case_evr}} +%{?with_conflicts:Conflicts: community-mysql-server} +%{?with_conflicts:Conflicts: mariadb-galera-server <= %{obsoleted_mariadb_galera_server_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-server < %{obsoleted_mysql_evr}} + +%description server +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. This package contains +the MariaDB server and some accompanying files and directories. +MariaDB is a community developed branch of MySQL. + + +%if %{with oqgraph} +%package oqgraph-engine +Summary: The Open Query GRAPH engine for MariaDB +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{sameevr} +# boost and Judy required for oograph +BuildRequires: boost-devel +BuildRequires: Judy-devel + +%description oqgraph-engine +The package provides Open Query GRAPH engine (OQGRAPH) as plugin for MariaDB +database server. OQGRAPH is a computation engine allowing hierarchies and more +complex graph structures to be handled in a relational fashion. In a nutshell, +tree structures and friend-of-a-friend style searches can now be done using +standard SQL syntax, and results joined onto other tables. +%endif + + +%if %{with connect} +%package connect-engine +Summary: The CONNECT storage engine for MariaDB +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{sameevr} + +%description connect-engine +The CONNECT storage engine enables MariaDB to access external local or +remote data (MED). This is done by defining tables based on different data +types, in particular files in various formats, data extracted from other DBMS +or products (such as Excel), or data retrieved from the environment +(for example DIR, WMI, and MAC tables). +%endif + + +%if %{with devel} +%package devel +Summary: Files for development of MariaDB/MySQL applications +Group: Applications/Databases +%{?with_clibrary:Requires: %{name}-libs%{?_isa} = %{sameevr}} +# avoid issues with openssl1.0 / openssl1.1 / compat +Requires: pkgconfig(openssl) +%if %{with mysql_names} +Provides: mysql-devel = %{sameevr} +Provides: mysql-devel%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-devel < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-devel < %{obsoleted_mysql_evr}} +%{?with_conflicts:Conflicts: community-mysql-devel} + +%description devel +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains the libraries and header files that are needed for +developing MariaDB/MySQL client applications. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with embedded} +%package embedded +Summary: MariaDB as an embeddable library +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-embedded = %{sameevr} +Provides: mysql-embedded%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-embedded < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-embedded < %{obsoleted_mysql_evr}} + +%description embedded +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains a version of the MariaDB server that can be embedded +into a client application instead of running as a separate process. +MariaDB is a community developed branch of MySQL. + + +%package embedded-devel +Summary: Development files for MariaDB as an embeddable library +Group: Applications/Databases +Requires: %{name}-embedded%{?_isa} = %{sameevr} +Requires: %{name}-devel%{?_isa} = %{sameevr} +# embedded-devel should require libaio-devel (rhbz#1290517) +Requires: libaio-devel +%if %{with mysql_names} +Provides: mysql-embedded-devel = %{sameevr} +Provides: mysql-embedded-devel%{?_isa} = %{sameevr} +%endif +%{?with_conflicts:Conflicts: community-mysql-embedded-devel} +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-embedded-devel < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-embedded-devel < %{obsoleted_mysql_evr}} + +%description embedded-devel +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains files needed for developing and testing with +the embedded version of the MariaDB server. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with bench} +%package bench +Summary: MariaDB benchmark scripts and data +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-bench = %{sameevr} +Provides: mysql-bench%{?_isa} = %{sameevr} +%endif +%{?with_conflicts:Conflicts: community-mysql-bench} +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-bench < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-bench < %{obsoleted_mysql_evr}} + +%description bench +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains benchmark scripts and data for use when benchmarking +MariaDB. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with test} +%package test +Summary: The test suite distributed with MariaDB +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{sameevr} +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: perl(Env) +Requires: perl(Exporter) +Requires: perl(Fcntl) +Requires: perl(File::Temp) +Requires: perl(Data::Dumper) +Requires: perl(Getopt::Long) +Requires: perl(IPC::Open3) +Requires: perl(Socket) +Requires: perl(Sys::Hostname) +Requires: perl(Test::More) +Requires: perl(Time::HiRes) +%{?with_conflicts:Conflicts: community-mysql-test} +%if %{with mysql_names} +Provides: mysql-test = %{sameevr} +Provides: mysql-test%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-test < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-test < %{obsoleted_mysql_evr}} + +%description test +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains the regression test suite distributed with +the MariaDB sources. +MariaDB is a community developed branch of MySQL. +%endif + +%prep +%setup -q -n mariadb-%{version} + +%patch1 -p1 +%patch2 -p1 +%patch4 -p1 +%patch5 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch30 -p1 +# %patch31 -p1 +%patch32 -p1 +# %patch34 -p1 +%patch37 -p1 +%patch38 -p1 +%patch40 -p1 +# %patch41 -p1 + +sed -i -e 's/2.8.7/2.6.4/g' cmake/cpack_rpm.cmake +# workaround to deploy mariadb@.service on EL7 +sed -i 's/IF(NOT CMAKE_VERSION VERSION_LESS 3.3.0 OR NOT RPM)/IF(TRUE)/g' support-files/CMakeLists.txt + +# workaround for upstream bug #56342 +rm -f mysql-test/t/ssl_8k_key-master.opt + +# generate a list of tests that fail, but are not disabled by upstream +cat %{SOURCE50} | tee mysql-test/rh-skipped-tests.list + +# disable some tests failing on different architectures +%ifarch %{arm} aarch64 +cat %{SOURCE51} | tee -a mysql-test/rh-skipped-tests.list +%endif + +%ifarch ppc ppc64 ppc64p7 s390 s390x +cat %{SOURCE52} | tee -a mysql-test/rh-skipped-tests.list +%endif + +cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} \ + %{SOURCE70} scripts + +%if %{with galera} +# prepare selinux policy +mkdir selinux +sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{name}-server-galera.te +cat selinux/%{name}-server-galera.te +%endif + +# Check if PCRE version is actual +%{!?with_pcre: +pcre_maj=`grep '^m4_define(pcre_major' pcre/configure.ac | sed -r 's/^m4_define\(pcre_major, \[([0-9]+)\]\)/\1/'` +pcre_min=`grep '^m4_define(pcre_minor' pcre/configure.ac | sed -r 's/^m4_define\(pcre_minor, \[([0-9]+)\]\)/\1/'` + +if [ %{pcre_version} != "$pcre_maj.$pcre_min" ] +then + echo "\n PCRE version is outdated. \n\tIncluded version:%{pcre_version} \n\tUpstream version: $pcre_maj.$pcre_min\n" + exit 1 +fi +} + + + +%build + +# fail quickly and obviously if user tries to build as root +%if %runselftest + if [ x"$(id -u)" = "x0" ]; then + echo "mysql's regression tests fail if run as root." + echo "If you really need to build the RPM as root, use" + echo "--nocheck to skip the regression tests." + exit 1 + fi +%endif + +CFLAGS="%{optflags} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" +# force PIC mode so that we can build libmysqld.so +CFLAGS="$CFLAGS -fPIC" +# GCC 4.9 causes segfaults: https://mariadb.atlassian.net/browse/MDEV-6360 +CFLAGS="$CFLAGS -fno-delete-null-pointer-checks" +# gcc seems to have some bugs on sparc as of 4.4.1, back off optimization +# submitted as bz #529298 +%ifarch sparc sparcv9 sparc64 +CFLAGS=`echo $CFLAGS| sed -e "s|-O2|-O1|g" ` +%endif +# significant performance gains can be achieved by compiling with -O3 optimization +# rhbz#1051069 +%ifarch ppc64 +CFLAGS=`echo $CFLAGS| sed -e "s|-O2|-O3|g" ` +%endif +CXXFLAGS="$CFLAGS" +export CFLAGS CXXFLAGS + +%if 0%{?_hardened_build} +# building with PIE +LDFLAGS="$LDFLAGS -pie -Wl,-z,relro,-z,now" +export LDFLAGS +%endif + +# The INSTALL_xxx macros have to be specified relative to CMAKE_INSTALL_PREFIX +# so we can't use %%{_datadir} and so forth here. +%cmake . \ + -DBUILD_CONFIG=mysql_release \ + -DFEATURE_SET="community" \ + -DINSTALL_LAYOUT=RPM \ + -DDAEMON_NAME="%{daemon_name}" \ + -DDAEMON_NO_PREFIX="%{daemon_no_prefix}" \ + -DLOG_LOCATION="%{logfile}" \ + -DPID_FILE_DIR="%{pidfiledir}" \ + -DNICE_PROJECT_NAME="MariaDB" \ + -DRPM="%{?rhel:rhel%{rhel}}%{!?rhel:fedora%{fedora}}" \ + -DCMAKE_INSTALL_PREFIX="%{_prefix}" \ + -DINSTALL_SYSCONFDIR="%{_sysconfdir}" \ + -DINSTALL_SYSCONF2DIR="%{_sysconfdir}/my.cnf.d" \ + -DINSTALL_DOCDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_DOCREADMEDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_INCLUDEDIR=include/mysql \ + -DINSTALL_INFODIR=share/info \ + -DINSTALL_LIBDIR="%{_lib}/mysql" \ + -DINSTALL_MANDIR=share/man \ + -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ + -DINSTALL_MYSQLTESTDIR=share/mysql-test \ + -DINSTALL_PLUGINDIR="%{_lib}/mysql/plugin" \ + -DINSTALL_SBINDIR=libexec \ + -DINSTALL_SCRIPTDIR=bin \ + -DINSTALL_SQLBENCHDIR=share \ + -DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \ + -DMYSQL_DATADIR="%{dbdatadir}" \ + -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ + -DENABLED_LOCAL_INFILE=ON \ + -DENABLE_DTRACE=ON \ + -DWITH_EMBEDDED_SERVER=ON \ + -DWITH_SSL=system \ + -DWITH_ZLIB=system \ +%{?with_pcre: -DWITH_PCRE=system}\ + -DWITH_JEMALLOC=no \ +%{!?with_tokudb: -DWITHOUT_TOKUDB=ON}\ +%{!?with_mroonga: -DWITHOUT_MROONGA=ON}\ +%{!?with_oqgraph: -DWITHOUT_OQGRAPH=ON}\ + -DTMPDIR=/var/tmp \ +%{?with_debug: -DCMAKE_BUILD_TYPE=Debug}\ + %{?_hardened_build:-DWITH_MYSQLD_LDFLAGS="-pie -Wl,-z,relro,-z,now"} + +make %{?_smp_mflags} VERBOSE=1 + +# debuginfo extraction scripts fail to find source files in their real +# location -- satisfy them by copying these files into location, which +# is expected by scripts +for e in innobase xtradb ; do + for f in pars0grm.y pars0lex.l ; do + cp -p "storage/$e/pars/$f" "storage/$e/$f" + done +done + +# build selinux policy +%if %{with galera} +pushd selinux +make -f /usr/share/selinux/devel/Makefile %{name}-server-galera.pp +%endif + +%install +make DESTDIR=%{buildroot} install + +# cmake generates some completely wacko references to -lprobes_mysql when +# building with dtrace support. Haven't found where to shut that off, +# so resort to this blunt instrument. While at it, let's not reference +# libmysqlclient_r anymore either. +sed -e 's/-lprobes_mysql//' -e 's/-lmysqlclient_r/-lmysqlclient/' \ + %{buildroot}%{_bindir}/mysql_config >mysql_config.tmp +cp -p -f mysql_config.tmp %{buildroot}%{_bindir}/mysql_config +chmod 755 %{buildroot}%{_bindir}/mysql_config + +# multilib header support +for header in mysql/my_config.h mysql/private/config.h; do +%multilib_fix_c_header --file %{_includedir}/$header +done + +# multilib support for shell scripts +# we only apply this to known Red Hat multilib arches, per bug #181335 +if %multilib_capable; then +mv %{buildroot}%{_bindir}/mysql_config %{buildroot}%{_bindir}/mysql_config-%{__isa_bits} +install -p -m 0755 scripts/mysql_config_multilib %{buildroot}%{_bindir}/mysql_config +fi + +# Upstream install this into arch-independent directory, TODO: report +mkdir -p %{buildroot}/%{_libdir}/pkgconfig +mv %{buildroot}/%{_datadir}/pkgconfig/*.pc %{buildroot}/%{_libdir}/pkgconfig + +# install INFO_SRC, INFO_BIN into libdir (upstream thinks these are doc files, +# but that's pretty wacko --- see also %%{name}-file-contents.patch) +install -p -m 644 Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/ +install -p -m 644 Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/ +rm -r %{buildroot}%{_datadir}/doc/%{_pkgdocdirname}/MariaDB-server-%{version}/ + +mkdir -p %{buildroot}%{logfiledir} +chmod 0750 %{buildroot}%{logfiledir} +touch %{buildroot}%{logfile} + +# current setting in my.cnf is to use /var/run/mariadb for creating pid file, +# however since my.cnf is not updated by RPM if changed, we need to create mysqld +# as well because users can have odd settings in their /etc/my.cnf +mkdir -p %{buildroot}%{pidfiledir} +install -p -m 0755 -d %{buildroot}%{dbdatadir} + +%if %{with config} +install -D -p -m 0644 scripts/my.cnf %{buildroot}%{_sysconfdir}/my.cnf +%else +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/mysql-clients.cnf +rm -f %{buildroot}%{_sysconfdir}/my.cnf +%endif + +# use different config file name for each variant of server +mv %{buildroot}%{_sysconfdir}/my.cnf.d/server.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf + +# install systemd unit files and scripts for handling server startup +%if %{with init_systemd} +install -D -p -m 644 scripts/mysql.service %{buildroot}%{_unitdir}/%{daemon_name}.service +install -D -p -m 644 scripts/mysql@.service %{buildroot}%{_unitdir}/%{daemon_name}@.service +install -D -p -m 0644 scripts/mysql.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf +%if 0%{?mysqld_pid_dir:1} +echo "d %{_localstatedir}/run/%{mysqld_pid_dir} 0755 mysql mysql -" >>%{buildroot}%{_tmpfilesdir}/%{name}.conf +%endif +%endif + +# install SysV init script +%if %{with init_sysv} +install -D -p -m 755 scripts/mysql.init %{buildroot}%{daemondir}/%{daemon_name} +%endif + +# helper scripts for service starting +install -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir +install -p -m 755 scripts/mysql-wait-ready %{buildroot}%{_libexecdir}/mysql-wait-ready +install -p -m 755 scripts/mysql-wait-stop %{buildroot}%{_libexecdir}/mysql-wait-stop +install -p -m 755 scripts/mysql-check-socket %{buildroot}%{_libexecdir}/mysql-check-socket +install -p -m 755 scripts/mysql-check-upgrade %{buildroot}%{_libexecdir}/mysql-check-upgrade +install -p -m 644 scripts/mysql-scripts-common %{buildroot}%{_libexecdir}/mysql-scripts-common + +# install selinux policy +%if %{with galera} +install -p -m 644 -D selinux/%{name}-server-galera.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif +# install -p -m 644 -D selinux/%{name}.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.pp +# install -p -m 644 -D selinux/%{name}.te %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}.te + + +# Remove libmysqld.a +rm -f %{buildroot}%{_libdir}/mysql/libmysqld.a + +# libmysqlclient_r is no more. Upstream tries to replace it with symlinks +# but that really doesn't work (wrong soname in particular). We'll keep +# just the devel libmysqlclient_r.so link, so that rebuilding without any +# source change is enough to get rid of dependency on libmysqlclient_r. +rm -f %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so* +ln -s libmysqlclient.so %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so + +# mysql-test includes one executable that doesn't belong under /usr/share, +# so move it and provide a symlink +mv %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process %{buildroot}%{_bindir} +ln -s ../../../../../bin/my_safe_process %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process + +# should move this to /etc/ ? +rm -f %{buildroot}%{_bindir}/mysql_embedded +rm -f %{buildroot}%{_libdir}/mysql/*.a +rm -f %{buildroot}%{_datadir}/%{pkg_name}/binary-configure +rm -f %{buildroot}%{_datadir}/%{pkg_name}/magic +rm -f %{buildroot}%{_datadir}/%{pkg_name}/ndb-config-2-node.ini +rm -f %{buildroot}%{_datadir}/%{pkg_name}/mysql.server +rm -f %{buildroot}%{_datadir}/%{pkg_name}/mysqld_multi.server +rm -f %{buildroot}%{_mandir}/man1/mysql-stress-test.pl.1* +rm -f %{buildroot}%{_mandir}/man1/mysql-test-run.pl.1* +rm -f %{buildroot}%{_bindir}/mytop + +#WRS +rm -rf %{buildroot}/usr/DESTINATION/JdbcInterface.jar + +# put logrotate script where it needs to be +mkdir -p %{buildroot}%{logrotateddir} +mv %{buildroot}%{_datadir}/%{pkg_name}/mysql-log-rotate %{buildroot}%{logrotateddir}/%{daemon_name} +chmod 644 %{buildroot}%{logrotateddir}/%{daemon_name} + +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d +echo "%{_libdir}/mysql" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf + +# copy additional docs into build tree so %%doc will find them +install -p -m 0644 %{SOURCE5} %{basename:%{SOURCE5}} +install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}} +install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}} +install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}} +install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}} + +# install galera config file +sed -i -r 's|^wsrep_provider=none|wsrep_provider=%{_libdir}/galera/libgalera_smm.so|' support-files/wsrep.cnf +install -p -m 0644 support-files/wsrep.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf + +# install the clustercheck script +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck +install -p -m 0755 scripts/clustercheck %{buildroot}%{_bindir}/clustercheck + +# install the list of skipped tests to be available for user runs +install -p -m 0644 mysql-test/rh-skipped-tests.list %{buildroot}%{_datadir}/mysql-test + +# remove unneeded RHEL-4 SELinux stuff +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/SELinux/ + +# remove SysV init script and a symlink to that +rm -f %{buildroot}%{_sysconfdir}/init.d/mysql +rm -f %{buildroot}%{_libexecdir}/rcmysql + +# remove duplicate logrotate script +rm -f %{buildroot}%{_sysconfdir}/logrotate.d/mysql + +# remove solaris files +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/solaris/ + +# rename the wsrep README so it corresponds with the other README names +mv Docs/README-wsrep Docs/README.wsrep + +# remove *.jar file from mysql-test +rm -rf %{buildroot}%{_datadir}/mysql-test/plugin/connect/connect/std_data/JdbcMariaDB.jar + +%if %{without clibrary} +unlink %{buildroot}%{_libdir}/mysql/libmysqlclient.so +unlink %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so +rm -rf %{buildroot}%{_libdir}/mysql/libmysqlclient*.so.* +rm -rf %{buildroot}%{_sysconfdir}/ld.so.conf.d +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/client.cnf +%endif + +%if %{without embedded} +rm -f %{buildroot}%{_libdir}/mysql/libmysqld.so* +rm -f %{buildroot}%{_bindir}/{mysql_client_test_embedded,mysqltest_embedded} +rm -f %{buildroot}%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* +%endif + +%if %{without devel} +rm -f %{buildroot}%{_bindir}/mysql_config* +rm -rf %{buildroot}%{_includedir}/mysql +rm -f %{buildroot}%{_datadir}/aclocal/mysql.m4 +rm -f %{buildroot}%{_libdir}/pkgconfig/mariadb.pc +rm -f %{buildroot}%{_libdir}/mysql/libmysqlclient*.so +rm -f %{buildroot}%{_mandir}/man1/mysql_config.1* +%endif + +%if %{without client} +rm -f %{buildroot}%{_bindir}/{msql2mysql,mysql,mysql_find_rows,\ +mysql_plugin,mysql_waitpid,mysqlaccess,mysqladmin,mysqlbinlog,mysqlcheck,\ +mysqldump,mysqlimport,mysqlshow,mysqlslap,my_print_defaults} +rm -f %{buildroot}%{_mandir}/man1/{msql2mysql,mysql,mysql_find_rows,\ +mysql_plugin,mysql_waitpid,mysqlaccess,mysqladmin,mysqlbinlog,mysqlcheck,\ +mysqldump,mysqlimport,mysqlshow,mysqlslap,my_print_defaults}.1* +%endif + +%if %{without connect} +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/connect.cnf +%endif + +%if %{without oqgraph} +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/oqgraph.cnf +%endif + +%if %{without config} +rm -f %{buildroot}%{_sysconfdir}/my.cnf +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/mysql-clients.cnf +%endif + +%if %{without common} +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/charsets +%endif + +%if %{without errmsg} +rm -f %{buildroot}%{_datadir}/%{pkg_name}/errmsg-utf8.txt +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/{english,czech,danish,dutch,estonian,\ +french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\ +polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian} +%endif + +%if %{without bench} +rm -rf %{buildroot}%{_datadir}/sql-bench +%endif + +%if %{without test} +rm -f %{buildroot}%{_bindir}/{mysql_client_test,my_safe_process} +rm -rf %{buildroot}%{_datadir}/mysql-test +rm -f %{buildroot}%{_mandir}/man1/mysql_client_test.1* +%endif + +%if %{without tokudb} +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/cracklib_password_check.cnf +%endif + +%check +%if %{with test} +%if %runselftest +make test VERBOSE=1 +# hack to let 32- and 64-bit tests run concurrently on same build machine +export MTR_PARALLEL=1 +# builds might happen at the same host, avoid collision +export MTR_BUILD_THREAD=%{__isa_bits} + +# The cmake build scripts don't provide any simple way to control the +# options for mysql-test-run, so ignore the make target and just call it +# manually. Nonstandard options chosen are: +# --force to continue tests after a failure +# no retries please +# test SSL with --ssl +# skip tests that are listed in rh-skipped-tests.list +# avoid redundant test runs with --binlog-format=mixed +# increase timeouts to prevent unwanted failures during mass rebuilds +( + set -e + cd mysql-test + perl ./mysql-test-run.pl --force --retry=0 --ssl \ + --suite-timeout=720 --testcase-timeout=30 --skip-rpl \ + --mysqld=--binlog-format=mixed --force-restart \ + --shutdown-timeout=60 --max-test-fail=0 \ +%if %{ignore_testsuite_result} + || : +%else + --skip-test-list=rh-skipped-tests.list +%endif + # cmake build scripts will install the var cruft if left alone :-( + rm -rf var +) +%endif +%endif + +%pre server +/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g mysql -o -r -d %{mysqluserhome} -s /sbin/nologin \ + -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || : + +%if %{with clibrary} +%post libs -p /sbin/ldconfig +%endif + +%if %{with embedded} +%post embedded -p /sbin/ldconfig +%endif + +%if %{with galera} +%post server-galera +semanage port -a -t mysqld_port_t -p tcp 4568 >/dev/null 2>&1 || : +semodule -i %{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp >/dev/null 2>&1 || : +%endif + +%post server +%if %{with init_systemd} +%systemd_post %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 = 1 ]; then + /sbin/chkconfig --add %{daemon_name} +fi +%endif + +%preun server +%if %{with init_systemd} +%systemd_preun %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 = 0 ]; then + /sbin/service %{daemon_name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{daemon_name} +fi +%endif + +%if %{with clibrary} +%postun libs -p /sbin/ldconfig +%endif + +%if %{with embedded} +%postun embedded -p /sbin/ldconfig +%endif + +%if %{with galera} +%postun server-galera +if [ $1 -eq 0 ]; then + semodule -r %{name}-server-galera 2>/dev/null || : +fi +%endif + +%postun server +%if %{with init_systemd} +%systemd_postun_with_restart %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 -ge 1 ]; then + /sbin/service %{daemon_name} condrestart >/dev/null 2>&1 || : +fi +%endif + +%if %{with client} +%files +%{_bindir}/msql2mysql +%{_bindir}/mysql +%{_bindir}/mysql_find_rows +%{_bindir}/mysql_plugin +%{_bindir}/mysql_waitpid +%{_bindir}/mysqlaccess +%{_bindir}/mysqladmin +%{_bindir}/mysqlbinlog +%{_bindir}/mysqlcheck +%{_bindir}/mysqldump +%{_bindir}/mysqlimport +%{_bindir}/mysqlshow +%{_bindir}/mysqlslap +%{_bindir}/my_print_defaults + +%{_mandir}/man1/msql2mysql.1* +%{_mandir}/man1/mysql.1* +%{_mandir}/man1/mysql_find_rows.1* +%{_mandir}/man1/mysql_plugin.1* +%{_mandir}/man1/mysql_waitpid.1* +%{_mandir}/man1/mysqlaccess.1* +%{_mandir}/man1/mysqladmin.1* +%{_mandir}/man1/mysqlbinlog.1* +%{_mandir}/man1/mysqlcheck.1* +%{_mandir}/man1/mysqldump.1* +%{_mandir}/man1/mysqlimport.1* +%{_mandir}/man1/mysqlshow.1* +%{_mandir}/man1/mysqlslap.1* +%{_mandir}/man1/my_print_defaults.1* +%endif + +%if %{with clibrary} +%files libs +%{_libdir}/mysql/libmysqlclient.so.* +%{_sysconfdir}/ld.so.conf.d/* +%config(noreplace) %{_sysconfdir}/my.cnf.d/client.cnf +%endif + +%if %{with config} +%files config +# although the default my.cnf contains only server settings, we put it in the +# common package because it can be used for client settings too. +%dir %{_sysconfdir}/my.cnf.d +%config(noreplace) %{_sysconfdir}/my.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/mysql-clients.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/enable_encryption.preset +%endif + +%if %{with common} +%files common +%license COPYING +%license storage/innobase/COPYING.Percona storage/innobase/COPYING.Google +%doc README README.mysql-license README.mysql-docs +%dir %{_libdir}/mysql +%dir %{_libdir}/mysql/plugin +%dir %{_datadir}/%{pkg_name} +%{_libdir}/mysql/plugin/dialog.so +%{_libdir}/mysql/plugin/mysql_clear_password.so +%{_datadir}/%{pkg_name}/charsets +%endif + +%if %{with errmsg} +%files errmsg +%{_datadir}/%{pkg_name}/errmsg-utf8.txt +%{_datadir}/%{pkg_name}/english +%lang(cs) %{_datadir}/%{pkg_name}/czech +%lang(da) %{_datadir}/%{pkg_name}/danish +%lang(nl) %{_datadir}/%{pkg_name}/dutch +%lang(et) %{_datadir}/%{pkg_name}/estonian +%lang(fr) %{_datadir}/%{pkg_name}/french +%lang(de) %{_datadir}/%{pkg_name}/german +%lang(el) %{_datadir}/%{pkg_name}/greek +%lang(hu) %{_datadir}/%{pkg_name}/hungarian +%lang(it) %{_datadir}/%{pkg_name}/italian +%lang(ja) %{_datadir}/%{pkg_name}/japanese +%lang(ko) %{_datadir}/%{pkg_name}/korean +%lang(no) %{_datadir}/%{pkg_name}/norwegian +%lang(no) %{_datadir}/%{pkg_name}/norwegian-ny +%lang(pl) %{_datadir}/%{pkg_name}/polish +%lang(pt) %{_datadir}/%{pkg_name}/portuguese +%lang(ro) %{_datadir}/%{pkg_name}/romanian +%lang(ru) %{_datadir}/%{pkg_name}/russian +%lang(sr) %{_datadir}/%{pkg_name}/serbian +%lang(sk) %{_datadir}/%{pkg_name}/slovak +%lang(es) %{_datadir}/%{pkg_name}/spanish +%lang(sv) %{_datadir}/%{pkg_name}/swedish +%lang(uk) %{_datadir}/%{pkg_name}/ukrainian +%endif + +%if %{with galera} +%files server-galera +%doc Docs/README.wsrep +%license LICENSE.clustercheck +%{_bindir}/clustercheck +%if %{with init_systemd} +%{_bindir}/galera_new_cluster +%{_bindir}/galera_recovery +%{_datadir}/%{pkg_name}/systemd/use_galera_new_cluster.conf +%endif +%config(noreplace) %{_sysconfdir}/my.cnf.d/galera.cnf +%attr(0640,root,root) %ghost %config(noreplace) %{_sysconfdir}/sysconfig/clustercheck +%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif + +%files server +%doc README.mysql-cnf + +%{_bindir}/aria_chk +%{_bindir}/aria_dump_log +%{_bindir}/aria_ftdump +%{_bindir}/aria_pack +%{_bindir}/aria_read_log +%{_bindir}/mariabackup +%{_bindir}/mariadb-service-convert +%{_bindir}/mbstream +%{_bindir}/myisamchk +%{_bindir}/myisam_ftdump +%{_bindir}/myisamlog +%{_bindir}/myisampack +%{_bindir}/mysql_convert_table_format +%{_bindir}/mysql_fix_extensions +%{_bindir}/mysql_install_db +%{_bindir}/mysql_secure_installation +%{_bindir}/mysql_setpermission +%{_bindir}/mysql_tzinfo_to_sql +%{_bindir}/mysql_upgrade +%{_bindir}/mysql_zap +%{_bindir}/mysqlbug +%{_bindir}/mysqldumpslow +%{_bindir}/mysqld_multi +%{_bindir}/mysqld_safe +%{_bindir}/mysqlhotcopy +%{_bindir}/mysqltest +%{_bindir}/innochecksum +%{_bindir}/perror +%{_bindir}/replace +%{_bindir}/resolve_stack_dump +%{_bindir}/resolveip +%{_bindir}/wsrep_sst_common +%{_bindir}/wsrep_sst_mariabackup +%{_bindir}/wsrep_sst_mysqldump +%{_bindir}/wsrep_sst_rsync +%{_bindir}/wsrep_sst_xtrabackup +%{_bindir}/wsrep_sst_xtrabackup-v2 +%{?with_tokudb:%{_bindir}/tokuftdump} +%{?with_tokudb:%{_bindir}/tokuft_logprint} + +%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/auth_gssapi.cnf +%{?with_tokudb:%config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf} + +%{_libexecdir}/mysqld + +%{_libdir}/mysql/INFO_SRC +%{_libdir}/mysql/INFO_BIN +%if %{without common} +%dir %{_datadir}/%{pkg_name} +%endif + +%{_libdir}/mysql/plugin/* +%{?with_oqgraph:%exclude %{_libdir}/mysql/plugin/ha_oqgraph.so} +%{?with_connect:%exclude %{_libdir}/mysql/plugin/ha_connect.so} +%exclude %{_libdir}/mysql/plugin/dialog.so +%exclude %{_libdir}/mysql/plugin/mysql_clear_password.so + +%{_mandir}/man1/aria_chk.1* +%{_mandir}/man1/aria_dump_log.1* +%{_mandir}/man1/aria_ftdump.1* +%{_mandir}/man1/aria_pack.1* +%{_mandir}/man1/aria_read_log.1* +%{_mandir}/man1/galera_new_cluster.1* +%{_mandir}/man1/galera_recovery.1* +%{_mandir}/man1/mariadb-service-convert.1* +%{_mandir}/man1/myisamchk.1* +%{_mandir}/man1/myisamlog.1* +%{_mandir}/man1/myisampack.1* +%{_mandir}/man1/mysql_convert_table_format.1* +%{_mandir}/man1/myisam_ftdump.1* +%{_mandir}/man1/mysql.server.1* +%{_mandir}/man1/mysql_fix_extensions.1* +%{_mandir}/man1/mysql_install_db.1* +%{_mandir}/man1/mysql_secure_installation.1* +%{_mandir}/man1/mysql_upgrade.1* +%{_mandir}/man1/mysql_zap.1* +%{_mandir}/man1/mysqlbug.1* +%{_mandir}/man1/mysqldumpslow.1* +%{_mandir}/man1/mysqld_multi.1* +%{_mandir}/man1/mysqld_safe.1* +%{_mandir}/man1/mysqld_safe_helper.1* +%{_mandir}/man1/my_safe_process.1* +%{_mandir}/man1/innochecksum.1* +%{_mandir}/man1/perror.1* +%{_mandir}/man1/replace.1* +%{_mandir}/man1/resolve_stack_dump.1* +%{_mandir}/man1/resolveip.1* +%{_mandir}/man1/mysql_tzinfo_to_sql.1* +%{_mandir}/man8/mysqld.8* +%{_mandir}/man1/wsrep_sst_common.1* +%{_mandir}/man1/wsrep_sst_mysqldump.1* +%{_mandir}/man1/wsrep_sst_rsync.1* +%{_mandir}/man1/wsrep_sst_xtrabackup.1* +%{_mandir}/man1/wsrep_sst_xtrabackup-v2.1* + +%{_datadir}/%{pkg_name}/fill_help_tables.sql +%{_datadir}/%{pkg_name}/install_spider.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp_bootstrap.sql +%{_datadir}/%{pkg_name}/mysql_system_tables.sql +%{_datadir}/%{pkg_name}/mysql_system_tables_data.sql +%{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql +%{_datadir}/%{pkg_name}/mysql_to_mariadb.sql +%{_datadir}/%{pkg_name}/mysql_performance_tables.sql +%{?with_mroonga:%{_datadir}/%{pkg_name}/mroonga/install.sql} +%{?with_mroonga:%{_datadir}/%{pkg_name}/mroonga/uninstall.sql} +%{_datadir}/%{pkg_name}/my-*.cnf +%{_datadir}/%{pkg_name}/wsrep.cnf +%{_datadir}/%{pkg_name}/wsrep_notify +%dir %{_datadir}/%{pkg_name}/policy +%dir %{_datadir}/%{pkg_name}/policy/apparmor +%dir %{_datadir}/%{pkg_name}/policy/selinux +%{_datadir}/%{pkg_name}/policy/apparmor/README +%{_datadir}/%{pkg_name}/policy/apparmor/usr.sbin.mysqld* +%{_datadir}/%{pkg_name}/policy/selinux/README +%{_datadir}/%{pkg_name}/policy/selinux/mariadb-server.* +%{_datadir}/%{pkg_name}/policy/selinux/mariadb.* +%{_datadir}/%{pkg_name}/systemd/mariadb.service +# mariadb@ is installed only when we have cmake newer than 3.3 +%if 0%{?fedora} > 22 || 0%{?rhel} > 6 +%{_datadir}/%{pkg_name}/systemd/mariadb@.service +%endif + +%{daemondir}/%{daemon_name}* +%{_libexecdir}/mysql-prepare-db-dir +%{_libexecdir}/mysql-wait-ready +%{_libexecdir}/mysql-wait-stop +%{_libexecdir}/mysql-check-socket +%{_libexecdir}/mysql-check-upgrade +%{_libexecdir}/mysql-scripts-common + +%{?with_init_systemd:%{_tmpfilesdir}/%{name}.conf} +%attr(0755,mysql,mysql) %dir %{pidfiledir} +%attr(0755,mysql,mysql) %dir %{dbdatadir} +%attr(0750,mysql,mysql) %dir %{logfiledir} +%attr(0640,mysql,mysql) %config %ghost %verify(not md5 size mtime) %{logfile} +%config(noreplace) %{logrotateddir}/%{daemon_name} + +%if %{with oqgraph} +%files oqgraph-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/oqgraph.cnf +%{_libdir}/mysql/plugin/ha_oqgraph.so +%endif + +%if %{with connect} +%files connect-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/connect.cnf +%{_libdir}/mysql/plugin/ha_connect.so +%endif + +%{_mandir}/man1/mysqlhotcopy.1* +%{_mandir}/man1/mysql_setpermission.1* +%{_mandir}/man1/mysqltest.1* + +# Other utilities +%{_bindir}/mysqld_safe_helper + +%if %{with devel} +%files devel +%{_bindir}/mysql_config* +%{_includedir}/mysql +%{_datadir}/aclocal/mysql.m4 +%{_libdir}/pkgconfig/mariadb.pc +%if %{with clibrary} +%{_libdir}/mysql/libmysqlclient.so +%{_libdir}/mysql/libmysqlclient_r.so +%endif +%{_mandir}/man1/mysql_config.1* +%endif + +%if %{with embedded} +%files embedded +%{_libdir}/mysql/libmysqld.so.* + +%files embedded-devel +%{_libdir}/mysql/libmysqld.so +%{_bindir}/mysql_client_test_embedded +%{_bindir}/mysqltest_embedded +%{_mandir}/man1/mysql_client_test_embedded.1* +%{_mandir}/man1/mysqltest_embedded.1* +%endif + +%if %{with bench} +%files bench +%{_datadir}/sql-bench +%endif + +%if %{with test} +%files test +%{_bindir}/mysql_client_test +%{_bindir}/my_safe_process +%attr(-,mysql,mysql) %{_datadir}/mysql-test +%{_mandir}/man1/mysql_client_test.1* +%endif + +%changelog +* Tue Jan 10 2017 Michael Bayer - 3:10.1.20-1 +- Update to version 10.1.20 +- Add explicit EVR requirement in main package for -libs + Related: #1406320 +- Use correct macro when removing doc files + Resolves: #1400981 +- JdbcMariaDB.jar test removed +- PCRE version check added + Related: #1382988, #1396945, #1096787 +- added temporary support to build with OpenSSL 1.0 on Fedora >= 26 +- added krb5-devel pkg as Buldrquires to prevent gssapi failure + +* Thu Nov 03 2016 Michele Baldessari - 3:10.1.18-3 +- Actually apply the revert added as patch in the previous release + +* Thu Nov 03 2016 Michele Baldessari - 3:10.1.18-2 +- Back out upstream commit 7497ebf8a49bfe30bb4110f2ac20a30f804b7946 as it + breaks the resource agent + +* Tue Oct 4 2016 Jakub Dorňák - 3:10.1.18-1 +- Update to 10.1.18 + +* Wed Aug 31 2016 Jakub Dorňák - 3:10.1.17-1 +- Update to 10.1.17 + +* Mon Aug 29 2016 Jakub Dorňák - 3:10.1.16-2 +- Fixed galera replication + Resolves: #1352946 + +* Tue Jul 19 2016 Jakub Dorňák - 3:10.1.16-1 +- Update to 10.1.16 + +* Fri Jul 15 2016 Honza Horak - 3:10.1.14-5 +- Fail build when test-suite fails +- Use license macro for inclusion of licenses + +* Thu Jul 14 2016 Honza Horak - 3:10.1.14-4 +- Revert Update to 10.1.15, this release is broken + https://lists.launchpad.net/maria-discuss/msg03691.html + +* Thu Jul 14 2016 Honza Horak - 2:10.1.15-3 +- Check datadir more carefully to avoid unwanted data corruption + Related: #1335849 + +* Thu Jul 7 2016 Jakub Dorňák - 2:10.1.15-2 +- Bump epoch + (related to the downgrade from the pre-release version) + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.15-1 +- Update to 10.1.15 + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.14-3 + Revert "Update to 10.2.0" + It is possible that MariaDB 10.2.0 won't be stable till f25 GA. + +* Tue Jun 21 2016 Pavel Raiskup - 1:10.1.14-3 +- BR multilib-rpm-config and use it for multilib workarounds +- install architecture dependant pc file to arch-dependant location + +* Thu May 26 2016 Jakub Dorňák - 1:10.2.0-2 +- Fix mysql-prepare-db-dir + Resolves: #1335849 + +* Thu May 12 2016 Jakub Dorňák - 1:10.2.0-1 +- Update to 10.2.0 + +* Thu May 12 2016 Jakub Dorňák - 1:10.1.14-1 +- Add selinux policy +- Update to 10.1.14 (includes various bug fixes) +- Add -h and --help options to galera_new_cluster + +* Thu Apr 7 2016 Jakub Dorňák - 1:10.1.13-3 +- wsrep_on in galera.cnf + +* Tue Apr 5 2016 Jakub Dorňák - 1:10.1.13-2 +- Moved /etc/sysconfig/clustercheck + and /usr/share/mariadb/systemd/use_galera_new_cluster.conf + to mariadb-server-galera + +* Tue Mar 29 2016 Jakub Dorňák - 1:10.1.13-1 +- Update to 10.1.13 + +* Wed Mar 23 2016 Jakub Dorňák - 1:10.1.12-4 +- Fixed conflict with mariadb-galera-server + +* Tue Mar 22 2016 Jakub Dorňák - 1:10.1.12-3 +- Add subpackage mariadb-server-galera + Resolves: 1310622 + +* Tue Mar 01 2016 Honza Horak - 1:10.1.12-2 +- Rebuild for BZ#1309199 (symbol versioning) + +* Mon Feb 29 2016 Jakub Dorňák - 1:10.1.12-1 +- Update to 10.1.12 + +* Tue Feb 16 2016 Honza Horak - 1:10.1.11-9 +- Remove dangling symlink to /etc/init.d/mysql + +* Sat Feb 13 2016 Honza Horak - 1:10.1.11-8 +- Use epoch for obsoleting mariadb-galera-server + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-7 +- Add Provides: bundled(pcre) in case we build with bundled pcre + Related: #1302296 +- embedded-devel should require libaio-devel + Resolves: #1290517 + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-6 +- Fix typo s/obsolate/obsolete/ + +* Thu Feb 11 2016 Honza Horak - 1:10.1.11-5 +- Add missing requirements for proper wsrep functionality +- Obsolate mariadb-galera & mariadb-galera-server (thanks Tomas Repik) + Resolves: #1279753 +- Re-enable using libedit, which should be now fixed + Related: #1201988 +- Remove mariadb-wait-ready call from systemd unit, we have now systemd notify support +- Make mariadb@.service similar to mariadb.service + +* Mon Feb 08 2016 Honza Horak - 1:10.1.11-4 +- Use systemd unit file more compatible with upstream + +* Sun Feb 07 2016 Honza Horak - 1:10.1.11-3 +- Temporarily disabling oqgraph for + https://mariadb.atlassian.net/browse/MDEV-9479 + +* Thu Feb 04 2016 Fedora Release Engineering - 1:10.1.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Feb 3 2016 Jakub Dorňák - 1:10.1.11-1 +- Update to 10.1.11 + +* Tue Jan 19 2016 Jakub Dorňák - 1:10.1.10-1 +- Update to 10.1.10 + +* Mon Dec 07 2015 Dan Horák - 1:10.1.8-3 +- rebuilt for s390(x) + +* Tue Nov 03 2015 Honza Horak - 1:10.1.8-2 +- Expand variables in server.cnf + +* Thu Oct 22 2015 Jakub Dorňák - 1:10.1.8-1 +- Update to 10.1.8 + +* Thu Aug 27 2015 Jonathan Wakely - 1:10.0.21-2 +- Rebuilt for Boost 1.59 + +* Mon Aug 10 2015 Jakub Dorňák - 1:10.0.21-1 +- Update to 10.0.21 + +* Wed Jul 29 2015 Fedora Release Engineering - 1:10.0.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 + +* Wed Jul 22 2015 David Tardon - 1:10.0.20-2 +- rebuild for Boost 1.58 + +* Tue Jun 23 2015 Honza Horak - 1:10.0.20-1 +- Update to 10.0.20 + +* Wed Jun 17 2015 Fedora Release Engineering - 1:10.0.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Dan Horák - 1:10.0.19-2 +- Update lists of failing tests (jdornak) + Related: #1149647 + +* Mon May 11 2015 Honza Horak - 1:10.0.19-1 +- Update to 10.0.19 + +* Thu May 07 2015 Honza Horak - 1:10.0.18-1 +- Update to 10.0.18 + +* Thu May 07 2015 Honza Horak - 1:10.0.17-4 +- Include client plugins into -common package since they are used by both -libs + and base packages. +- Do not use libedit + Related: #1201988 +- Let plugin dir to be owned by -common +- Use correct comment in the init script + Related: #1184604 +- Add openssl as BuildRequires to run some openssl tests during build + Related: #1189180 +- Fail in case any command in check fails + Related: #1124791 +- Fix mysqladmin crash if run with -u root -p + Resolves: #1207170 + +* Sat May 02 2015 Kalev Lember - 1:10.0.17-3 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Mar 06 2015 Honza Horak - 1:10.0.17-2 +- Wait for daemon ends + Resolves: #1072958 +- Do not include symlink to libmysqlclient if not shipping the library +- Do not use scl prefix more than once in paths + Based on https://www.redhat.com/archives/sclorg/2015-February/msg00038.html + +* Wed Mar 04 2015 Honza Horak - 1:10.0.17-1 +- Rebase to version 10.0.17 +- Added variable for turn off skipping some tests + +* Tue Mar 03 2015 Honza Horak - 1:10.0.16-6 +- Check permissions when starting service on RHEL-6 + Resolves: #1194699 +- Do not create test database by default + Related: #1194611 + +* Fri Feb 13 2015 Matej Muzila - 1:10.0.16-4 +- Enable tokudb + +* Tue Feb 10 2015 Honza Horak - 1:10.0.16-3 +- Fix openssl_1 test + +* Wed Feb 4 2015 Jakub Dorňák - 1:10.0.16-2 +- Include new certificate for tests +- Update lists of failing tests + Related: #1186110 + +* Tue Feb 3 2015 Jakub Dorňák - 1:10.0.16-9 +- Rebase to version 10.0.16 + Resolves: #1187895 + +* Tue Jan 27 2015 Petr Machata - 1:10.0.15-9 +- Rebuild for boost 1.57.0 + +* Mon Jan 26 2015 Honza Horak - 1:10.0.15-8 +- Fix typo in the config file + +* Sun Jan 25 2015 Honza Horak - 1:10.0.15-7 +- Do not create log file in post script + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-6 +- Move server settings to config file under my.cnf.d dir + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-5 +- Fix path for sysconfig file + Filter provides in el6 properly + Fix initscript file location + +* Tue Jan 06 2015 Honza Horak - 1:10.0.15-4 +- Disable failing tests connect.mrr, connect.updelx2 on ppc and s390 + +* Mon Dec 22 2014 Honza Horak - 1:10.0.15-3 +- Fix macros paths in my.cnf +- Create old location for pid file if it remained in my.cnf + +* Fri Dec 05 2014 Honza Horak - 1:10.0.15-2 +- Rework usage of macros and remove some compatibility artefacts + +* Thu Nov 27 2014 Jakub Dorňák - 1:10.0.15-1 +- Update to 10.0.15 + +* Thu Nov 20 2014 Jan Stanek - 1:10.0.14-8 +- Applied upstream fix for mysql_config --cflags output. + Resolves: #1160845 + +* Fri Oct 24 2014 Jan Stanek - 1:10.0.14-7 +- Fixed compat service file. + Resolves: #1155700 + +* Mon Oct 13 2014 Honza Horak - 1:10.0.14-6 +- Remove bundled cmd-line-utils + Related: #1079637 +- Move mysqlimport man page to proper package +- Disable main.key_cache test on s390 + Releated: #1149647 + +* Wed Oct 08 2014 Honza Horak - 1:10.0.14-5 +- Disable tests connect.part_file, connect.part_table + and connect.updelx + Related: #1149647 + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-4 +- Add bcond_without mysql_names + Use more correct path when deleting mysql logrotate script + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-3 +- Build with system libedit + Resolves: #1079637 + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-2 +- Add with_debug option + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-1 +- Update to 10.0.14 + +* Wed Sep 24 2014 Honza Horak - 1:10.0.13-8 +- Move connect engine to a separate package + Rename oqgraph engine to align with upstream packages +- Move some files to correspond with MariaDB upstream packages + client.cnf into -libs, mysql_plugin and msql2mysql into base, + tokuftdump and aria_* into -server, errmsg-utf8.txt into -errmsg +- Remove duplicate cnf files packaged using %%doc +- Check upgrade script added to warn about need for mysql_upgrade + +* Wed Sep 24 2014 Matej Muzila - 1:10.0.13-7 +- Client related libraries moved from mariadb-server to mariadb-libs + Related: #1138843 + +* Mon Sep 08 2014 Honza Horak - 1:10.0.13-6 +- Disable vcol_supported_sql_funcs_myisam test on all arches + Related: #1096787 +- Install systemd service file on RHEL-7+ + Server requires any mysql package, so it should be fine with older client + +* Thu Sep 04 2014 Honza Horak - 1:10.0.13-5 +- Fix paths in mysql_install_db script + Resolves: #1134328 +- Use %%cmake macro + +* Tue Aug 19 2014 Honza Horak - 1:10.0.13-4 +- Build config subpackage everytime +- Disable failing tests: innodb_simulate_comp_failures_small, key_cache + rhbz#1096787 + +* Sun Aug 17 2014 Fedora Release Engineering - 1:10.0.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Honza Horak - 1:10.0.13-2 +- Include mysqld_unit only if required; enable tokudb in f20- + +* Wed Aug 13 2014 Honza Horak - 1:10.0.13-1 +- Rebase to version 10.0.13 + +* Tue Aug 12 2014 Honza Horak - 1:10.0.12-8 +- Introduce -config subpackage and ship base config files here + +* Tue Aug 5 2014 Honza Horak - 1:10.0.12-7 +- Adopt changes from mysql, thanks Bjorn Munch + +* Mon Jul 28 2014 Honza Horak - 1:10.0.12-6 +- Use explicit sysconfdir +- Absolut path for default value for pid file and error log + +* Tue Jul 22 2014 Honza Horak - 1:10.0.12-5 +- Hardcoded paths removed to work fine in chroot +- Spec rewrite to be more similar to oterh MySQL implementations +- Use variable for daemon unit name +- Include SysV init script if built on older system +- Add possibility to not ship some sub-packages + +* Mon Jul 21 2014 Honza Horak - 1:10.0.12-4 +- Reformating spec and removing unnecessary snippets + +* Tue Jul 15 2014 Honza Horak - 1:10.0.12-3 +- Enable OQGRAPH engine and package it as a sub-package +- Add support for TokuDB engine for x86_64 (currently still disabled) +- Re-enable tokudb_innodb_xa_crash again, seems to be fixed now +- Drop superfluous -libs and -embedded ldconfig deps (thanks Ville Skyttä) +- Separate -lib and -common sub-packages +- Require /etc/my.cnf instead of shipping it +- Include README.mysql-cnf +- Multilib support re-worked +- Introduce new option with_mysqld_unit +- Removed obsolete mysql-cluster, the package should already be removed +- Improve error message when log file is not writable +- Compile all binaries with full RELRO (RHBZ#1092548) +- Use modern symbol filtering with compatible backup +- Add more groupnames for server's my.cnf +- Error messages now provided by a separate package (thanks Alexander Barkov) +- Expand paths in helper scripts using cmake + +* Wed Jun 18 2014 Mikko Tiihonen - 1:10.0.12-2 +- Use -fno-delete-null-pointer-checks to avoid segfaults with gcc 4.9 + +* Tue Jun 17 2014 Jakub Dorňák - 1:10.0.12-1 +- Rebase to version 10.0.12 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:10.0.11-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jun 3 2014 Jakub Dorňák - 1:10.0.11-4 +- rebuild with tests failing on different arches disabled (#1096787) + +* Thu May 29 2014 Dan Horák - 1:10.0.11-2 +- rebuild with tests failing on big endian arches disabled (#1096787) + +* Wed May 14 2014 Jakub Dorňák - 1:10.0.11-1 +- Rebase to version 10.0.11 + +* Mon May 05 2014 Honza Horak - 1:10.0.10-3 +- Script for socket check enhanced + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-2 +- use system pcre library + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-1 +- Rebase to version 10.0.10 + +* Wed Mar 12 2014 Honza Horak - 1:5.5.36-2 +- Server crashes on SQL select containing more group by and left join statements using innodb tables + Resolves: #1065676 +- Fix paths in helper scripts +- Move language files into mariadb directory + +* Thu Mar 06 2014 Honza Horak - 1:5.5.36-1 +- Rebase to 5.5.36 + https://kb.askmonty.org/en/mariadb-5536-changelog/ + +* Tue Feb 25 2014 Honza Horak 1:5.5.35-5 +- Daemon helper scripts sanity changes and spec files clean-up + +* Tue Feb 11 2014 Honza Horak 1:5.5.35-4 +- Fix typo in mysqld.service + Resolves: #1063981 + +* Wed Feb 5 2014 Honza Horak 1:5.5.35-3 +- Do not touch the log file in post script, so it does not get wrong owner + Resolves: #1061045 + +* Thu Jan 30 2014 Honza Horak 1:5.5.35-1 +- Rebase to 5.5.35 + https://kb.askmonty.org/en/mariadb-5535-changelog/ + Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, + CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, + CVE-2014-0402 + Resolves: #1054043 + Resolves: #1059546 + +* Tue Jan 14 2014 Honza Horak - 1:5.5.34-9 +- Adopt compatible system versioning + Related: #1045013 +- Use compatibility mysqld.service instead of link + Related: #1014311 + +* Mon Jan 13 2014 Rex Dieter 1:5.5.34-8 +- move mysql_config alternatives scriptlets to -devel too + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-7 +- Build with -O3 on ppc64 + Related: #1051069 +- Move mysql_config to -devel sub-package and remove Require: mariadb + Related: #1050920 + +* Fri Jan 10 2014 Marcin Juszkiewicz 1:5.5.34-6 +- Disable main.gis-precise test also for AArch64 +- Disable perfschema.func_file_io and perfschema.func_mutex for AArch64 + (like it is done for 32-bit ARM) + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-5 +- Clean all non-needed doc files properly + +* Wed Jan 8 2014 Honza Horak 1:5.5.34-4 +- Read socketfile location in mariadb-prepare-db-dir script + +* Mon Jan 6 2014 Honza Horak 1:5.5.34-3 +- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl + which now makes mariadb/mysql FTBFS because openssl_1 test fails + Related: #1044565 +- Use upstream's layout for symbols version in client library + Related: #1045013 +- Check if socket file is not being used by another process at a time + of starting the service + Related: #1045435 +- Use %%ghost directive for the log file + Related: 1043501 + +* Wed Nov 27 2013 Honza Horak 1:5.5.34-2 +- Fix mariadb-wait-ready script + +* Fri Nov 22 2013 Honza Horak 1:5.5.34-1 +- Rebase to 5.5.34 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-4 +- Fix spec file to be ready for backport by Oden Eriksson + Resolves: #1026404 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-3 +- Add pam-devel to build-requires in order to build + Related: #1019945 +- Check if correct process is running in mysql-wait-ready script + Related: #1026313 + +* Mon Oct 14 2013 Honza Horak 1:5.5.33a-2 +- Turn on test suite + +* Thu Oct 10 2013 Honza Horak 1:5.5.33a-1 +- Rebase to 5.5.33a + https://kb.askmonty.org/en/mariadb-5533-changelog/ + https://kb.askmonty.org/en/mariadb-5533a-changelog/ +- Enable outfile_loaddata test +- Disable tokudb_innodb_xa_crash test + +* Mon Sep 2 2013 Honza Horak - 1:5.5.32-12 +- Re-organize my.cnf to include only generic settings + Resolves: #1003115 +- Move pid file location to /var/run/mariadb +- Make mysqld a symlink to mariadb unit file rather than the opposite way + Related: #999589 + +* Thu Aug 29 2013 Honza Horak - 1:5.5.32-11 +- Move log file into /var/log/mariadb/mariadb.log +- Rename logrotate script to mariadb +- Resolves: #999589 + +* Wed Aug 14 2013 Rex Dieter 1:5.5.32-10 +- fix alternatives usage + +* Tue Aug 13 2013 Honza Horak - 1:5.5.32-9 +- Multilib issues solved by alternatives + Resolves: #986959 + +* Sat Aug 03 2013 Petr Pisar - 1:5.5.32-8 +- Perl 5.18 rebuild + +* Wed Jul 31 2013 Honza Horak - 1:5.5.32-7 +- Do not use login shell for mysql user + +* Tue Jul 30 2013 Honza Horak - 1:5.5.32-6 +- Remove unneeded systemd-sysv requires +- Provide mysql-compat-server symbol +- Create mariadb.service symlink +- Fix multilib header location for arm +- Enhance documentation in the unit file +- Use scriptstub instead of links to avoid multilib conflicts +- Add condition for doc placement in F20+ + +* Sun Jul 28 2013 Dennis Gilmore - 1:5.5.32-5 +- remove "Requires(pretrans): systemd" since its not possible +- when installing mariadb and systemd at the same time. as in a new install + +* Sat Jul 27 2013 Kevin Fenzi 1:5.5.32-4 +- Set rpm doc macro to install docs in unversioned dir + +* Fri Jul 26 2013 Dennis Gilmore 1:5.5.32-3 +- add Requires(pre) on systemd for the server package + +* Tue Jul 23 2013 Dennis Gilmore 1:5.5.32-2 +- replace systemd-units requires with systemd +- remove solaris files + +* Fri Jul 19 2013 Honza Horak 1:5.5.32-1 +- Rebase to 5.5.32 + https://kb.askmonty.org/en/mariadb-5532-changelog/ +- Clean-up un-necessary systemd snippets + +* Wed Jul 17 2013 Petr Pisar - 1:5.5.31-7 +- Perl 5.18 rebuild + +* Mon Jul 1 2013 Honza Horak 1:5.5.31-6 +- Test suite params enhanced to decrease server condition influence +- Fix misleading error message when uninstalling built-in plugins + Related: #966873 + +* Thu Jun 27 2013 Honza Horak 1:5.5.31-5 +- Apply fixes found by Coverity static analysis tool + +* Wed Jun 19 2013 Honza Horak 1:5.5.31-4 +- Do not use pretrans scriptlet, which doesn't work in anaconda + Resolves: #975348 + +* Fri Jun 14 2013 Honza Horak 1:5.5.31-3 +- Explicitly enable mysqld if it was enabled in the beginning + of the transaction. + +* Thu Jun 13 2013 Honza Horak 1:5.5.31-2 +- Apply man page fix from Jan Stanek + +* Fri May 24 2013 Honza Horak 1:5.5.31-1 +- Rebase to 5.5.31 + https://kb.askmonty.org/en/mariadb-5531-changelog/ +- Preserve time-stamps in case of installed files +- Use /var/tmp instead of /tmp, since the later is using tmpfs, + which can cause problems + Resolves: #962087 +- Fix test suite requirements + +* Sun May 5 2013 Honza Horak 1:5.5.30-2 +- Remove mytop utility, which is packaged separately +- Resolve multilib conflicts in mysql/private/config.h + +* Fri Mar 22 2013 Honza Horak 1:5.5.30-1 +- Rebase to 5.5.30 + https://kb.askmonty.org/en/mariadb-5530-changelog/ + +* Fri Mar 22 2013 Honza Horak 1:5.5.29-11 +- Obsolete MySQL since it is now renamed to community-mysql +- Remove real- virtual names + +* Thu Mar 21 2013 Honza Horak 1:5.5.29-10 +- Adding epoch to have higher priority than other mysql implementations + when comes to provider comparison + +* Wed Mar 13 2013 Honza Horak 5.5.29-9 +- Let mariadb-embedded-devel conflict with MySQL-embedded-devel +- Adjust mariadb-sortbuffer.patch to correspond with upstream patch + +* Mon Mar 4 2013 Honza Horak 5.5.29-8 +- Mask expected warnings about setrlimit in test suite + +* Thu Feb 28 2013 Honza Horak 5.5.29-7 +- Use configured prefix value instead of guessing basedir + in mysql_config +Resolves: #916189 +- Export dynamic columns and non-blocking API functions documented + by upstream + +* Wed Feb 27 2013 Honza Horak 5.5.29-6 +- Fix sort_buffer_length option type + +* Wed Feb 13 2013 Honza Horak 5.5.29-5 +- Suppress warnings in tests and skip tests also on ppc64p7 + +* Tue Feb 12 2013 Honza Horak 5.5.29-4 +- Suppress warning in tests on ppc +- Enable fixed index_merge_myisam test case + +* Thu Feb 07 2013 Honza Horak 5.5.29-3 +- Packages need to provide also %%_isa version of mysql package +- Provide own symbols with real- prefix to distinguish from mysql + unambiguously +- Fix format for buffer size in error messages (MDEV-4156) +- Disable some tests that fail on ppc and s390 +- Conflict only with real-mysql, otherwise mariadb conflicts with ourself + +* Tue Feb 05 2013 Honza Horak 5.5.29-2 +- Let mariadb-libs to own /etc/my.cnf.d + +* Thu Jan 31 2013 Honza Horak 5.5.29-1 +- Rebase to 5.5.29 + https://kb.askmonty.org/en/mariadb-5529-changelog/ +- Fix inaccurate default for socket location in mysqld-wait-ready + Resolves: #890535 + +* Thu Jan 31 2013 Honza Horak 5.5.28a-8 +- Enable obsoleting mysql + +* Wed Jan 30 2013 Honza Horak 5.5.28a-7 +- Adding necessary hacks for perl dependency checking, rpm is still + not wise enough +- Namespace sanity re-added for symbol default_charset_info + +* Mon Jan 28 2013 Honza Horak 5.5.28a-6 +- Removed %%{_isa} from provides/obsoletes, which doesn't allow + proper obsoleting +- Do not obsolete mysql at the time of testing + +* Thu Jan 10 2013 Honza Horak 5.5.28a-5 +- Added licenses LGPLv2 and BSD +- Removed wrong usage of %%{epoch} +- Test-suite is run in %%check +- Removed perl dependency checking adjustment, rpm seems to be smart enough +- Other minor spec file fixes + +* Tue Dec 18 2012 Honza Horak 5.5.28a-4 +- Packaging of MariaDB based on MySQL package + diff --git a/mariadb/centos/mariadb.spec.unmodified b/mariadb/centos/mariadb.spec.unmodified new file mode 100644 index 0000000..0ed5cc9 --- /dev/null +++ b/mariadb/centos/mariadb.spec.unmodified @@ -0,0 +1,1998 @@ +# Prefix that is used for patches +%global pkg_name %{name} +%global pkgnamepatch mariadb + +# Regression tests may take a long time (many cores recommended), skip them by +# passing --nocheck to rpmbuild or by setting runselftest to 0 if defining +# --nocheck is not possible (e.g. in koji build) +%{!?runselftest:%global runselftest 0} + +# Set this to 1 to see which tests fail, but 0 on production ready build +%global ignore_testsuite_result 0 + +# In f20+ use unversioned docdirs, otherwise the old versioned one +%global _pkgdocdirname %{pkg_name}%{!?_pkgdocdir:-%{version}} +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{pkg_name}-%{version}} + +# Use Full RELRO for all binaries (RHBZ#1092548) +%global _hardened_build 1 + +# By default, patch(1) creates backup files when chunks apply with offsets. +# Turn that off to ensure such files don't get included in RPMs (cf bz#884755). +%global _default_patch_flags --no-backup-if-mismatch + +# TokuDB engine is now part of MariaDB, but it is available only for x86_64; +# variable tokudb allows to build with TokuDB storage engine +# Temporarily disabled in F21+ for https://mariadb.atlassian.net/browse/MDEV-6446 +%ifarch x86_64 +%bcond_without tokudb +%else +%bcond_with tokudb +%endif + +# Mroonga engine is now part of MariaDB, but it only builds for x86_64; +# variable mroonga allows to build with Mroonga storage engine +%ifarch x86_64 i686 +%bcond_without mroonga +%else +%bcond_with mroonga +%endif + +# The Open Query GRAPH engine (OQGRAPH) is a computation engine allowing +# hierarchies and more complex graph structures to be handled in a relational +# fashion; enabled by default +# Temporarily disabling oqgraph: https://mariadb.atlassian.net/browse/MDEV-9479 +%bcond_with oqgraph + +# For some use cases we do not need some parts of the package +%bcond_without clibrary +%bcond_without embedded +%bcond_without devel +%bcond_without client +%bcond_without common +%bcond_without errmsg +%bcond_without bench +%bcond_without test +%bcond_without connect +%bcond_without galera + +# When there is already another package that ships /etc/my.cnf, +# rather include it than ship the file again, since conflicts between +# those files may create issues +%bcond_without config + +# For deep debugging we need to build binaries with extra debug info +%bcond_with debug + +# Include files for SysV init or systemd +%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 +%bcond_without init_systemd +%bcond_with init_sysv +%global daemon_name %{name} +%global daemondir %{_unitdir} +%global daemon_no_prefix %{pkg_name} +%global mysqld_pid_dir mysqld +%else +%bcond_with init_systemd +%bcond_without init_sysv +%global daemon_name mysqld +%global daemondir %{_sysconfdir}/rc.d/init.d +%global daemon_no_prefix mysqld +%endif + +# MariaDB 10.0 and later requires pcre >= 8.35, otherwise we need to use +# the bundled library, since the package cannot be build with older version +%global pcre_version 8.39 +%if 0%{?fedora} >= 21 +%bcond_without pcre +%else +%bcond_with pcre +%endif + +# We define some system's well known locations here so we can use them easily +# later when building to another location (like SCL) +%global logrotateddir %{_sysconfdir}/logrotate.d +%global logfiledir %{_localstatedir}/log/%{daemon_name} +%global logfile %{logfiledir}/%{daemon_name}.log + +# Directory for storing pid file +%global pidfiledir %{_localstatedir}/run/%{daemon_name} + +# Defining where database data live +%global dbdatadir %{_localstatedir}/lib/mysql + +# Home directory of mysql user should be same for all packages that create it +%global mysqluserhome /var/lib/mysql + +# The evr of mysql we want to obsolete +%global obsoleted_mysql_evr 5.6-0 +%global obsoleted_mysql_case_evr 5.5.30-5 + +# The evr of mariadb-galera we want to obsolete +%global obsoleted_mariadb_galera_evr 1:10.0.17-6 +%global obsoleted_mariadb_galera_common_evr 5.5.36-10 +%global obsoleted_mariadb_galera_server_evr 1:10.0.17-6 + +# Provide mysql names for compatibility +%bcond_without mysql_names +%bcond_without conflicts + +# Make long macros shorter +%global sameevr %{epoch}:%{version}-%{release} +%global compatver 10.1 +%global bugfixver 20 + +Name: mariadb +Version: %{compatver}.%{bugfixver} +Release: 1%{?with_debug:.debug}%{?dist} +Epoch: 3 + +Summary: A community developed branch of MySQL +Group: Applications/Databases +URL: http://mariadb.org +# Exceptions allow client libraries to be linked with most open source SW, +# not only GPL code. See README.mysql-license +License: GPLv2 with exceptions and LGPLv2 and BSD + +Source0: http://mirrors.syringanetworks.net/mariadb/mariadb-%{version}/source/mariadb-%{version}.tar.gz +Source2: mysql_config_multilib.sh +Source3: my.cnf.in +Source5: README.mysql-cnf +Source6: README.mysql-docs +Source7: README.mysql-license +Source9: mysql-embedded-check.c +Source10: mysql.tmpfiles.d.in +Source11: mysql.service.in +Source12: mysql-prepare-db-dir.sh +Source13: mysql-wait-ready.sh +Source14: mysql-check-socket.sh +Source15: mysql-scripts-common.sh +Source16: mysql-check-upgrade.sh +Source17: mysql-wait-stop.sh +Source18: mysql@.service.in +Source19: mysql.init.in +Source50: rh-skipped-tests-base.list +Source51: rh-skipped-tests-arm.list +Source52: rh-skipped-tests-ppc-s390.list +# TODO: clustercheck contains some hard-coded paths, these should be expanded using template system +Source70: clustercheck.sh +Source71: LICENSE.clustercheck +Source72: mariadb-server-galera.te + +# Comments for these patches are in the patch files +# Patches common for more mysql-like packages +Patch1: %{pkgnamepatch}-strmov.patch +Patch2: %{pkgnamepatch}-install-test.patch +Patch4: %{pkgnamepatch}-logrotate.patch +Patch5: %{pkgnamepatch}-file-contents.patch +Patch7: %{pkgnamepatch}-scripts.patch +Patch8: %{pkgnamepatch}-install-db-sharedir.patch +Patch9: %{pkgnamepatch}-ownsetup.patch +Patch12: %{pkgnamepatch}-admincrash.patch +Patch13: %{pkgnamepatch}-ssl-cypher.patch +Patch14: %{pkgnamepatch}-example-config-files.patch + +# Patches specific for this mysql package +Patch30: %{pkgnamepatch}-errno.patch +Patch31: %{pkgnamepatch}-string-overflow.patch +Patch32: %{pkgnamepatch}-basedir.patch +Patch34: %{pkgnamepatch}-covscan-stroverflow.patch +Patch37: %{pkgnamepatch}-notestdb.patch +# Due to LP https://bugs.launchpad.net/tripleo/+bug/1638864 +# Reverts 7497ebf8a49bfe30bb4110f2ac20a30f804b7946 until we fix the +# galera resource agent to cope with this change +# When RHBZ#1391470 gets fixed and released in centos we can remove this patch +Patch38: %{pkgnamepatch}-10.1.20-revert-stdouterr-closing.patch + +# Patches for galera +Patch40: %{pkgnamepatch}-galera.cnf.patch +Patch41: %{pkgnamepatch}-galera-new-cluster-help.patch + +BuildRequires: cmake +BuildRequires: libaio-devel +BuildRequires: libedit-devel +BuildRequires: ncurses-devel +BuildRequires: perl +%if 0%{?fedora} >= 22 || 0%{?rhel} > 7 +BuildRequires: perl-generators +%endif +BuildRequires: systemtap-sdt-devel +BuildRequires: zlib-devel +BuildRequires: multilib-rpm-config +# auth_pam.so plugin will be build if pam-devel is installed +BuildRequires: pam-devel +# use either new enough version of pcre or provide bundles(pcre) +%{?with_pcre:BuildRequires: pcre-devel >= 8.35} +%{!?with_pcre:Provides: bundled(pcre) = %{pcre_version}} +# Tests requires time and ps and some perl modules +BuildRequires: procps +BuildRequires: time +BuildRequires: perl(Env) +BuildRequires: perl(Exporter) +BuildRequires: perl(Fcntl) +BuildRequires: perl(File::Temp) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(IPC::Open3) +BuildRequires: perl(Memoize) +BuildRequires: perl(Socket) +BuildRequires: perl(Sys::Hostname) +BuildRequires: perl(Test::More) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(Symbol) + +# Temporary workaound to build with OpenSSL 1.0 on Fedora >=26 (wich requires OpenSSL 1.1) +%if 0%{?fedora} >= 26 +BuildRequires: compat-openssl10-devel +Requires: compat-openssl10 +%else +# for running some openssl tests rhbz#1189180 +BuildRequires: openssl +BuildRequires: openssl-devel +%endif + +BuildRequires: krb5-devel + +BuildRequires: selinux-policy-devel +%{?with_init_systemd:BuildRequires: systemd systemd-devel} + +BuildRequires: krb5-devel + +Requires: bash +Requires: fileutils +Requires: grep +Requires: %{name}-common%{?_isa} = %{sameevr} + +# Explicit EVR requirement for -libs is needed for +# https://bugzilla.redhat.com/show_bug.cgi?id=1406320 +Requires: %{name}-libs%{?_isa} = %{sameevr} + +%if %{with mysql_names} +Provides: mysql = %{sameevr} +Provides: mysql%{?_isa} = %{sameevr} +Provides: mysql-compat-client = %{sameevr} +Provides: mysql-compat-client%{?_isa} = %{sameevr} +%endif + + + +# MySQL (with caps) is upstream's spelling of their own RPMs for mysql +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql < %{obsoleted_mysql_evr}} +%{?with_conflicts:Conflicts: community-mysql} + +# obsoletion of mariadb-galera +Provides: mariadb-galera = %{sameevr} +Obsoletes: mariadb-galera < %{obsoleted_mariadb_galera_evr} + +# Filtering: https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering +%if 0%{?fedora} > 14 || 0%{?rhel} > 6 +%global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::) +%global __provides_exclude_from ^(%{_datadir}/(mysql|mysql-test)/.*|%{_libdir}/mysql/plugin/.*\\.so)$ +%else +%filter_from_requires /perl(\(hostnames\|lib::mtr\|lib::v1\|mtr_\|My::\)/d +%filter_provides_in -P (%{_datadir}/(mysql|mysql-test)/.*|%{_libdir}/mysql/plugin/.*\.so) +%filter_setup +%endif + +# Define license macro if not present +%{!?_licensedir:%global license %doc} + +%description +MariaDB is a community developed branch of MySQL. +MariaDB is a multi-user, multi-threaded SQL database server. +It is a client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. The base package +contains the standard MariaDB/MySQL client programs and generic MySQL files. + + +%if %{with clibrary} +%package libs +Summary: The shared libraries required for MariaDB/MySQL clients +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-libs = %{sameevr} +Provides: mysql-libs%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-libs < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-libs < %{obsoleted_mysql_evr}} + +%description libs +The mariadb-libs package provides the essential shared libraries for any +MariaDB/MySQL client program or interface. You will need to install this +package to use any other MariaDB package or any clients that need to connect +to a MariaDB/MySQL server. MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with config} +%package config +Summary: The config files required by server and client +Group: Applications/Databases + +%description config +The package provides the config file my.cnf and my.cnf.d directory used by any +MariaDB or MySQL program. You will need to install this package to use any +other MariaDB or MySQL package if the config files are not provided in the +package itself. +%endif + + +%if %{with common} +%package common +Summary: The shared files required by server and client +Group: Applications/Databases +Requires: %{_sysconfdir}/my.cnf + +# obsoletion of mariadb-galera-common +Provides: mariadb-galera-common = %{sameevr} +Obsoletes: mariadb-galera-common < %{obsoleted_mariadb_galera_common_evr} + +%description common +The package provides the essential shared files for any MariaDB program. +You will need to install this package to use any other MariaDB package. +%endif + + +%if %{with errmsg} +%package errmsg +Summary: The error messages files required by server and embedded +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} + +%description errmsg +The package provides error messages files for the MariaDB daemon and the +embedded server. You will need to install this package to use any of those +MariaDB packages. +%endif + + +%if %{with galera} +%package server-galera +Summary: The configuration files and scripts for galera replication +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: galera >= 25.3.3 +Requires(post): libselinux-utils +Requires(post): policycoreutils-python + +# obsoletion of mariadb-galera-server +Provides: mariadb-galera-server = %{sameevr} +Obsoletes: mariadb-galera-server <= %{obsoleted_mariadb_galera_server_evr} + +%description server-galera +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. This package contains +the MariaDB server and some accompanying files and directories. +MariaDB is a community developed branch of MySQL. +%endif + + +%package server +Summary: The MariaDB server and related files +Group: Applications/Databases + +# note: no version here = %%{version}-%%{release} +%if %{with mysql_names} +Requires: mysql-compat-client%{?_isa} +Requires: mysql%{?_isa} +%else +Requires: %{name}%{?_isa} +%endif +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{_sysconfdir}/my.cnf +Requires: %{_sysconfdir}/my.cnf.d +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +Requires: sh-utils +Requires(pre): /usr/sbin/useradd +%if %{with init_systemd} +# We require this to be present for %%{_tmpfilesdir} +Requires: systemd +# Make sure it's there when scriptlets run, too +Requires(pre): systemd +Requires(posttrans): systemd +%{?systemd_requires: %systemd_requires} +%endif +# mysqlhotcopy needs DBI/DBD support +Requires: perl(DBI) +Requires: perl(DBD::mysql) +# wsrep requirements +Requires: lsof +Requires: net-tools +Requires: sh-utils +Requires: rsync +%if %{with mysql_names} +Provides: mysql-server = %{sameevr} +Provides: mysql-server%{?_isa} = %{sameevr} +Provides: mysql-compat-server = %{sameevr} +Provides: mysql-compat-server%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-server < %{obsoleted_mysql_case_evr}} +%{?with_conflicts:Conflicts: community-mysql-server} +%{?with_conflicts:Conflicts: mariadb-galera-server <= %{obsoleted_mariadb_galera_server_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-server < %{obsoleted_mysql_evr}} + +%description server +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mysqld) +and many different client programs and libraries. This package contains +the MariaDB server and some accompanying files and directories. +MariaDB is a community developed branch of MySQL. + + +%if %{with oqgraph} +%package oqgraph-engine +Summary: The Open Query GRAPH engine for MariaDB +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{sameevr} +# boost and Judy required for oograph +BuildRequires: boost-devel +BuildRequires: Judy-devel + +%description oqgraph-engine +The package provides Open Query GRAPH engine (OQGRAPH) as plugin for MariaDB +database server. OQGRAPH is a computation engine allowing hierarchies and more +complex graph structures to be handled in a relational fashion. In a nutshell, +tree structures and friend-of-a-friend style searches can now be done using +standard SQL syntax, and results joined onto other tables. +%endif + + +%if %{with connect} +%package connect-engine +Summary: The CONNECT storage engine for MariaDB +Group: Applications/Databases +Requires: %{name}-server%{?_isa} = %{sameevr} + +%description connect-engine +The CONNECT storage engine enables MariaDB to access external local or +remote data (MED). This is done by defining tables based on different data +types, in particular files in various formats, data extracted from other DBMS +or products (such as Excel), or data retrieved from the environment +(for example DIR, WMI, and MAC tables). +%endif + + +%if %{with devel} +%package devel +Summary: Files for development of MariaDB/MySQL applications +Group: Applications/Databases +%{?with_clibrary:Requires: %{name}-libs%{?_isa} = %{sameevr}} +# avoid issues with openssl1.0 / openssl1.1 / compat +Requires: pkgconfig(openssl) +%if %{with mysql_names} +Provides: mysql-devel = %{sameevr} +Provides: mysql-devel%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-devel < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-devel < %{obsoleted_mysql_evr}} +%{?with_conflicts:Conflicts: community-mysql-devel} + +%description devel +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains the libraries and header files that are needed for +developing MariaDB/MySQL client applications. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with embedded} +%package embedded +Summary: MariaDB as an embeddable library +Group: Applications/Databases +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-embedded = %{sameevr} +Provides: mysql-embedded%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-embedded < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-embedded < %{obsoleted_mysql_evr}} + +%description embedded +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains a version of the MariaDB server that can be embedded +into a client application instead of running as a separate process. +MariaDB is a community developed branch of MySQL. + + +%package embedded-devel +Summary: Development files for MariaDB as an embeddable library +Group: Applications/Databases +Requires: %{name}-embedded%{?_isa} = %{sameevr} +Requires: %{name}-devel%{?_isa} = %{sameevr} +# embedded-devel should require libaio-devel (rhbz#1290517) +Requires: libaio-devel +%if %{with mysql_names} +Provides: mysql-embedded-devel = %{sameevr} +Provides: mysql-embedded-devel%{?_isa} = %{sameevr} +%endif +%{?with_conflicts:Conflicts: community-mysql-embedded-devel} +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-embedded-devel < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-embedded-devel < %{obsoleted_mysql_evr}} + +%description embedded-devel +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains files needed for developing and testing with +the embedded version of the MariaDB server. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with bench} +%package bench +Summary: MariaDB benchmark scripts and data +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-bench = %{sameevr} +Provides: mysql-bench%{?_isa} = %{sameevr} +%endif +%{?with_conflicts:Conflicts: community-mysql-bench} +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-bench < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-bench < %{obsoleted_mysql_evr}} + +%description bench +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains benchmark scripts and data for use when benchmarking +MariaDB. +MariaDB is a community developed branch of MySQL. +%endif + + +%if %{with test} +%package test +Summary: The test suite distributed with MariaDB +Group: Applications/Databases +Requires: %{name}%{?_isa} = %{sameevr} +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: perl(Env) +Requires: perl(Exporter) +Requires: perl(Fcntl) +Requires: perl(File::Temp) +Requires: perl(Data::Dumper) +Requires: perl(Getopt::Long) +Requires: perl(IPC::Open3) +Requires: perl(Socket) +Requires: perl(Sys::Hostname) +Requires: perl(Test::More) +Requires: perl(Time::HiRes) +%{?with_conflicts:Conflicts: community-mysql-test} +%if %{with mysql_names} +Provides: mysql-test = %{sameevr} +Provides: mysql-test%{?_isa} = %{sameevr} +%endif +%{?obsoleted_mysql_case_evr:Obsoletes: MySQL-test < %{obsoleted_mysql_case_evr}} +%{?obsoleted_mysql_evr:Obsoletes: mysql-test < %{obsoleted_mysql_evr}} + +%description test +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains the regression test suite distributed with +the MariaDB sources. +MariaDB is a community developed branch of MySQL. +%endif + +%prep +%setup -q -n mariadb-%{version} + +%patch1 -p1 +%patch2 -p1 +%patch4 -p1 +%patch5 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch34 -p1 +%patch37 -p1 +%patch38 -p1 +%patch40 -p1 +%patch41 -p1 + +sed -i -e 's/2.8.7/2.6.4/g' cmake/cpack_rpm.cmake +# workaround to deploy mariadb@.service on EL7 +sed -i 's/IF(NOT CMAKE_VERSION VERSION_LESS 3.3.0 OR NOT RPM)/IF(TRUE)/g' support-files/CMakeLists.txt + +# workaround for upstream bug #56342 +rm -f mysql-test/t/ssl_8k_key-master.opt + +# generate a list of tests that fail, but are not disabled by upstream +cat %{SOURCE50} | tee mysql-test/rh-skipped-tests.list + +# disable some tests failing on different architectures +%ifarch %{arm} aarch64 +cat %{SOURCE51} | tee -a mysql-test/rh-skipped-tests.list +%endif + +%ifarch ppc ppc64 ppc64p7 s390 s390x +cat %{SOURCE52} | tee -a mysql-test/rh-skipped-tests.list +%endif + +cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} \ + %{SOURCE70} scripts + +%if %{with galera} +# prepare selinux policy +mkdir selinux +sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{name}-server-galera.te +cat selinux/%{name}-server-galera.te +%endif + +# Check if PCRE version is actual +%{!?with_pcre: +pcre_maj=`grep '^m4_define(pcre_major' pcre/configure.ac | sed -r 's/^m4_define\(pcre_major, \[([0-9]+)\]\)/\1/'` +pcre_min=`grep '^m4_define(pcre_minor' pcre/configure.ac | sed -r 's/^m4_define\(pcre_minor, \[([0-9]+)\]\)/\1/'` + +if [ %{pcre_version} != "$pcre_maj.$pcre_min" ] +then + echo "\n PCRE version is outdated. \n\tIncluded version:%{pcre_version} \n\tUpstream version: $pcre_maj.$pcre_min\n" + exit 1 +fi +} + + + +%build + +# fail quickly and obviously if user tries to build as root +%if %runselftest + if [ x"$(id -u)" = "x0" ]; then + echo "mysql's regression tests fail if run as root." + echo "If you really need to build the RPM as root, use" + echo "--nocheck to skip the regression tests." + exit 1 + fi +%endif + +CFLAGS="%{optflags} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" +# force PIC mode so that we can build libmysqld.so +CFLAGS="$CFLAGS -fPIC" +# GCC 4.9 causes segfaults: https://mariadb.atlassian.net/browse/MDEV-6360 +CFLAGS="$CFLAGS -fno-delete-null-pointer-checks" +# gcc seems to have some bugs on sparc as of 4.4.1, back off optimization +# submitted as bz #529298 +%ifarch sparc sparcv9 sparc64 +CFLAGS=`echo $CFLAGS| sed -e "s|-O2|-O1|g" ` +%endif +# significant performance gains can be achieved by compiling with -O3 optimization +# rhbz#1051069 +%ifarch ppc64 +CFLAGS=`echo $CFLAGS| sed -e "s|-O2|-O3|g" ` +%endif +CXXFLAGS="$CFLAGS" +export CFLAGS CXXFLAGS + +%if 0%{?_hardened_build} +# building with PIE +LDFLAGS="$LDFLAGS -pie -Wl,-z,relro,-z,now" +export LDFLAGS +%endif + +# The INSTALL_xxx macros have to be specified relative to CMAKE_INSTALL_PREFIX +# so we can't use %%{_datadir} and so forth here. +%cmake . \ + -DBUILD_CONFIG=mysql_release \ + -DFEATURE_SET="community" \ + -DINSTALL_LAYOUT=RPM \ + -DDAEMON_NAME="%{daemon_name}" \ + -DDAEMON_NO_PREFIX="%{daemon_no_prefix}" \ + -DLOG_LOCATION="%{logfile}" \ + -DPID_FILE_DIR="%{pidfiledir}" \ + -DNICE_PROJECT_NAME="MariaDB" \ + -DRPM="%{?rhel:rhel%{rhel}}%{!?rhel:fedora%{fedora}}" \ + -DCMAKE_INSTALL_PREFIX="%{_prefix}" \ + -DINSTALL_SYSCONFDIR="%{_sysconfdir}" \ + -DINSTALL_SYSCONF2DIR="%{_sysconfdir}/my.cnf.d" \ + -DINSTALL_DOCDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_DOCREADMEDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_INCLUDEDIR=include/mysql \ + -DINSTALL_INFODIR=share/info \ + -DINSTALL_LIBDIR="%{_lib}/mysql" \ + -DINSTALL_MANDIR=share/man \ + -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ + -DINSTALL_MYSQLTESTDIR=share/mysql-test \ + -DINSTALL_PLUGINDIR="%{_lib}/mysql/plugin" \ + -DINSTALL_SBINDIR=libexec \ + -DINSTALL_SCRIPTDIR=bin \ + -DINSTALL_SQLBENCHDIR=share \ + -DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \ + -DMYSQL_DATADIR="%{dbdatadir}" \ + -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ + -DENABLED_LOCAL_INFILE=ON \ + -DENABLE_DTRACE=ON \ + -DWITH_EMBEDDED_SERVER=ON \ + -DWITH_SSL=system \ + -DWITH_ZLIB=system \ +%{?with_pcre: -DWITH_PCRE=system}\ + -DWITH_JEMALLOC=no \ +%{!?with_tokudb: -DWITHOUT_TOKUDB=ON}\ +%{!?with_mroonga: -DWITHOUT_MROONGA=ON}\ +%{!?with_oqgraph: -DWITHOUT_OQGRAPH=ON}\ + -DTMPDIR=/var/tmp \ +%{?with_debug: -DCMAKE_BUILD_TYPE=Debug}\ + %{?_hardened_build:-DWITH_MYSQLD_LDFLAGS="-pie -Wl,-z,relro,-z,now"} + +make %{?_smp_mflags} VERBOSE=1 + +# debuginfo extraction scripts fail to find source files in their real +# location -- satisfy them by copying these files into location, which +# is expected by scripts +for e in innobase xtradb ; do + for f in pars0grm.y pars0lex.l ; do + cp -p "storage/$e/pars/$f" "storage/$e/$f" + done +done + +# build selinux policy +%if %{with galera} +pushd selinux +make -f /usr/share/selinux/devel/Makefile %{name}-server-galera.pp +%endif + +%install +make DESTDIR=%{buildroot} install + +# cmake generates some completely wacko references to -lprobes_mysql when +# building with dtrace support. Haven't found where to shut that off, +# so resort to this blunt instrument. While at it, let's not reference +# libmysqlclient_r anymore either. +sed -e 's/-lprobes_mysql//' -e 's/-lmysqlclient_r/-lmysqlclient/' \ + %{buildroot}%{_bindir}/mysql_config >mysql_config.tmp +cp -p -f mysql_config.tmp %{buildroot}%{_bindir}/mysql_config +chmod 755 %{buildroot}%{_bindir}/mysql_config + +# multilib header support +for header in mysql/my_config.h mysql/private/config.h; do +%multilib_fix_c_header --file %{_includedir}/$header +done + +# multilib support for shell scripts +# we only apply this to known Red Hat multilib arches, per bug #181335 +if %multilib_capable; then +mv %{buildroot}%{_bindir}/mysql_config %{buildroot}%{_bindir}/mysql_config-%{__isa_bits} +install -p -m 0755 scripts/mysql_config_multilib %{buildroot}%{_bindir}/mysql_config +fi + +# Upstream install this into arch-independent directory, TODO: report +mkdir -p %{buildroot}/%{_libdir}/pkgconfig +mv %{buildroot}/%{_datadir}/pkgconfig/*.pc %{buildroot}/%{_libdir}/pkgconfig + +# install INFO_SRC, INFO_BIN into libdir (upstream thinks these are doc files, +# but that's pretty wacko --- see also %%{name}-file-contents.patch) +install -p -m 644 Docs/INFO_SRC %{buildroot}%{_libdir}/mysql/ +install -p -m 644 Docs/INFO_BIN %{buildroot}%{_libdir}/mysql/ +rm -r %{buildroot}%{_datadir}/doc/%{_pkgdocdirname}/MariaDB-server-%{version}/ + +mkdir -p %{buildroot}%{logfiledir} +chmod 0750 %{buildroot}%{logfiledir} +touch %{buildroot}%{logfile} + +# current setting in my.cnf is to use /var/run/mariadb for creating pid file, +# however since my.cnf is not updated by RPM if changed, we need to create mysqld +# as well because users can have odd settings in their /etc/my.cnf +mkdir -p %{buildroot}%{pidfiledir} +install -p -m 0755 -d %{buildroot}%{dbdatadir} + +%if %{with config} +install -D -p -m 0644 scripts/my.cnf %{buildroot}%{_sysconfdir}/my.cnf +%else +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/mysql-clients.cnf +rm -f %{buildroot}%{_sysconfdir}/my.cnf +%endif + +# use different config file name for each variant of server +mv %{buildroot}%{_sysconfdir}/my.cnf.d/server.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf + +# install systemd unit files and scripts for handling server startup +%if %{with init_systemd} +install -D -p -m 644 scripts/mysql.service %{buildroot}%{_unitdir}/%{daemon_name}.service +install -D -p -m 644 scripts/mysql@.service %{buildroot}%{_unitdir}/%{daemon_name}@.service +install -D -p -m 0644 scripts/mysql.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf +%if 0%{?mysqld_pid_dir:1} +echo "d %{_localstatedir}/run/%{mysqld_pid_dir} 0755 mysql mysql -" >>%{buildroot}%{_tmpfilesdir}/%{name}.conf +%endif +%endif + +# install SysV init script +%if %{with init_sysv} +install -D -p -m 755 scripts/mysql.init %{buildroot}%{daemondir}/%{daemon_name} +%endif + +# helper scripts for service starting +install -p -m 755 scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir +install -p -m 755 scripts/mysql-wait-ready %{buildroot}%{_libexecdir}/mysql-wait-ready +install -p -m 755 scripts/mysql-wait-stop %{buildroot}%{_libexecdir}/mysql-wait-stop +install -p -m 755 scripts/mysql-check-socket %{buildroot}%{_libexecdir}/mysql-check-socket +install -p -m 755 scripts/mysql-check-upgrade %{buildroot}%{_libexecdir}/mysql-check-upgrade +install -p -m 644 scripts/mysql-scripts-common %{buildroot}%{_libexecdir}/mysql-scripts-common + +# install selinux policy +%if %{with galera} +install -p -m 644 -D selinux/%{name}-server-galera.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif + +# Remove libmysqld.a +rm -f %{buildroot}%{_libdir}/mysql/libmysqld.a + +# libmysqlclient_r is no more. Upstream tries to replace it with symlinks +# but that really doesn't work (wrong soname in particular). We'll keep +# just the devel libmysqlclient_r.so link, so that rebuilding without any +# source change is enough to get rid of dependency on libmysqlclient_r. +rm -f %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so* +ln -s libmysqlclient.so %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so + +# mysql-test includes one executable that doesn't belong under /usr/share, +# so move it and provide a symlink +mv %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process %{buildroot}%{_bindir} +ln -s ../../../../../bin/my_safe_process %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process + +# should move this to /etc/ ? +rm -f %{buildroot}%{_bindir}/mysql_embedded +rm -f %{buildroot}%{_libdir}/mysql/*.a +rm -f %{buildroot}%{_datadir}/%{pkg_name}/binary-configure +rm -f %{buildroot}%{_datadir}/%{pkg_name}/magic +rm -f %{buildroot}%{_datadir}/%{pkg_name}/ndb-config-2-node.ini +rm -f %{buildroot}%{_datadir}/%{pkg_name}/mysql.server +rm -f %{buildroot}%{_datadir}/%{pkg_name}/mysqld_multi.server +rm -f %{buildroot}%{_mandir}/man1/mysql-stress-test.pl.1* +rm -f %{buildroot}%{_mandir}/man1/mysql-test-run.pl.1* +rm -f %{buildroot}%{_bindir}/mytop + +# put logrotate script where it needs to be +mkdir -p %{buildroot}%{logrotateddir} +mv %{buildroot}%{_datadir}/%{pkg_name}/mysql-log-rotate %{buildroot}%{logrotateddir}/%{daemon_name} +chmod 644 %{buildroot}%{logrotateddir}/%{daemon_name} + +mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d +echo "%{_libdir}/mysql" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf + +# copy additional docs into build tree so %%doc will find them +install -p -m 0644 %{SOURCE5} %{basename:%{SOURCE5}} +install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}} +install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}} +install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}} +install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}} + +# install galera config file +sed -i -r 's|^wsrep_provider=none|wsrep_provider=%{_libdir}/galera/libgalera_smm.so|' support-files/wsrep.cnf +install -p -m 0644 support-files/wsrep.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf + +# install the clustercheck script +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck +install -p -m 0755 scripts/clustercheck %{buildroot}%{_bindir}/clustercheck + +# install the list of skipped tests to be available for user runs +install -p -m 0644 mysql-test/rh-skipped-tests.list %{buildroot}%{_datadir}/mysql-test + +# remove unneeded RHEL-4 SELinux stuff +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/SELinux/ + +# remove SysV init script and a symlink to that +rm -f %{buildroot}%{_sysconfdir}/init.d/mysql +rm -f %{buildroot}%{_libexecdir}/rcmysql + +# remove duplicate logrotate script +rm -f %{buildroot}%{_sysconfdir}/logrotate.d/mysql + +# remove solaris files +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/solaris/ + +# rename the wsrep README so it corresponds with the other README names +mv Docs/README-wsrep Docs/README.wsrep + +# remove *.jar file from mysql-test +rm -rf %{buildroot}%{_datadir}/mysql-test/plugin/connect/connect/std_data/JdbcMariaDB.jar + +%if %{without clibrary} +unlink %{buildroot}%{_libdir}/mysql/libmysqlclient.so +unlink %{buildroot}%{_libdir}/mysql/libmysqlclient_r.so +rm -rf %{buildroot}%{_libdir}/mysql/libmysqlclient*.so.* +rm -rf %{buildroot}%{_sysconfdir}/ld.so.conf.d +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/client.cnf +%endif + +%if %{without embedded} +rm -f %{buildroot}%{_libdir}/mysql/libmysqld.so* +rm -f %{buildroot}%{_bindir}/{mysql_client_test_embedded,mysqltest_embedded} +rm -f %{buildroot}%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* +%endif + +%if %{without devel} +rm -f %{buildroot}%{_bindir}/mysql_config* +rm -rf %{buildroot}%{_includedir}/mysql +rm -f %{buildroot}%{_datadir}/aclocal/mysql.m4 +rm -f %{buildroot}%{_libdir}/pkgconfig/mariadb.pc +rm -f %{buildroot}%{_libdir}/mysql/libmysqlclient*.so +rm -f %{buildroot}%{_mandir}/man1/mysql_config.1* +%endif + +%if %{without client} +rm -f %{buildroot}%{_bindir}/{msql2mysql,mysql,mysql_find_rows,\ +mysql_plugin,mysql_waitpid,mysqlaccess,mysqladmin,mysqlbinlog,mysqlcheck,\ +mysqldump,mysqlimport,mysqlshow,mysqlslap,my_print_defaults} +rm -f %{buildroot}%{_mandir}/man1/{msql2mysql,mysql,mysql_find_rows,\ +mysql_plugin,mysql_waitpid,mysqlaccess,mysqladmin,mysqlbinlog,mysqlcheck,\ +mysqldump,mysqlimport,mysqlshow,mysqlslap,my_print_defaults}.1* +%endif + +%if %{without connect} +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/connect.cnf +%endif + +%if %{without oqgraph} +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/oqgraph.cnf +%endif + +%if %{without config} +rm -f %{buildroot}%{_sysconfdir}/my.cnf +rm -f %{buildroot}%{_sysconfdir}/my.cnf.d/mysql-clients.cnf +%endif + +%if %{without common} +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/charsets +%endif + +%if %{without errmsg} +rm -f %{buildroot}%{_datadir}/%{pkg_name}/errmsg-utf8.txt +rm -rf %{buildroot}%{_datadir}/%{pkg_name}/{english,czech,danish,dutch,estonian,\ +french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\ +polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian} +%endif + +%if %{without bench} +rm -rf %{buildroot}%{_datadir}/sql-bench +%endif + +%if %{without test} +rm -f %{buildroot}%{_bindir}/{mysql_client_test,my_safe_process} +rm -rf %{buildroot}%{_datadir}/mysql-test +rm -f %{buildroot}%{_mandir}/man1/mysql_client_test.1* +%endif + +%check +%if %{with test} +%if %runselftest +make test VERBOSE=1 +# hack to let 32- and 64-bit tests run concurrently on same build machine +export MTR_PARALLEL=1 +# builds might happen at the same host, avoid collision +export MTR_BUILD_THREAD=%{__isa_bits} + +# The cmake build scripts don't provide any simple way to control the +# options for mysql-test-run, so ignore the make target and just call it +# manually. Nonstandard options chosen are: +# --force to continue tests after a failure +# no retries please +# test SSL with --ssl +# skip tests that are listed in rh-skipped-tests.list +# avoid redundant test runs with --binlog-format=mixed +# increase timeouts to prevent unwanted failures during mass rebuilds +( + set -e + cd mysql-test + perl ./mysql-test-run.pl --force --retry=0 --ssl \ + --suite-timeout=720 --testcase-timeout=30 --skip-rpl \ + --mysqld=--binlog-format=mixed --force-restart \ + --shutdown-timeout=60 --max-test-fail=0 \ +%if %{ignore_testsuite_result} + || : +%else + --skip-test-list=rh-skipped-tests.list +%endif + # cmake build scripts will install the var cruft if left alone :-( + rm -rf var +) +%endif +%endif + +%pre server +/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g mysql -o -r -d %{mysqluserhome} -s /sbin/nologin \ + -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || : + +%if %{with clibrary} +%post libs -p /sbin/ldconfig +%endif + +%if %{with embedded} +%post embedded -p /sbin/ldconfig +%endif + +%if %{with galera} +%post server-galera +semanage port -a -t mysqld_port_t -p tcp 4568 >/dev/null 2>&1 || : +semodule -i %{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp >/dev/null 2>&1 || : +%endif + +%post server +%if %{with init_systemd} +%systemd_post %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 = 1 ]; then + /sbin/chkconfig --add %{daemon_name} +fi +%endif + +%preun server +%if %{with init_systemd} +%systemd_preun %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 = 0 ]; then + /sbin/service %{daemon_name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{daemon_name} +fi +%endif + +%if %{with clibrary} +%postun libs -p /sbin/ldconfig +%endif + +%if %{with embedded} +%postun embedded -p /sbin/ldconfig +%endif + +%if %{with galera} +%postun server-galera +if [ $1 -eq 0 ]; then + semodule -r %{name}-server-galera 2>/dev/null || : +fi +%endif + +%postun server +%if %{with init_systemd} +%systemd_postun_with_restart %{daemon_name}.service +%endif +%if %{with init_sysv} +if [ $1 -ge 1 ]; then + /sbin/service %{daemon_name} condrestart >/dev/null 2>&1 || : +fi +%endif + +%if %{with client} +%files +%{_bindir}/msql2mysql +%{_bindir}/mysql +%{_bindir}/mysql_find_rows +%{_bindir}/mysql_plugin +%{_bindir}/mysql_waitpid +%{_bindir}/mysqlaccess +%{_bindir}/mysqladmin +%{_bindir}/mysqlbinlog +%{_bindir}/mysqlcheck +%{_bindir}/mysqldump +%{_bindir}/mysqlimport +%{_bindir}/mysqlshow +%{_bindir}/mysqlslap +%{_bindir}/my_print_defaults + +%{_mandir}/man1/msql2mysql.1* +%{_mandir}/man1/mysql.1* +%{_mandir}/man1/mysql_find_rows.1* +%{_mandir}/man1/mysql_plugin.1* +%{_mandir}/man1/mysql_waitpid.1* +%{_mandir}/man1/mysqlaccess.1* +%{_mandir}/man1/mysqladmin.1* +%{_mandir}/man1/mysqlbinlog.1* +%{_mandir}/man1/mysqlcheck.1* +%{_mandir}/man1/mysqldump.1* +%{_mandir}/man1/mysqlimport.1* +%{_mandir}/man1/mysqlshow.1* +%{_mandir}/man1/mysqlslap.1* +%{_mandir}/man1/my_print_defaults.1* +%endif + +%if %{with clibrary} +%files libs +%{_libdir}/mysql/libmysqlclient.so.* +%{_sysconfdir}/ld.so.conf.d/* +%config(noreplace) %{_sysconfdir}/my.cnf.d/client.cnf +%endif + +%if %{with config} +%files config +# although the default my.cnf contains only server settings, we put it in the +# common package because it can be used for client settings too. +%dir %{_sysconfdir}/my.cnf.d +%config(noreplace) %{_sysconfdir}/my.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/mysql-clients.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/enable_encryption.preset +%endif + +%if %{with common} +%files common +%license COPYING COPYING.LESSER +%license storage/innobase/COPYING.Percona storage/innobase/COPYING.Google +%doc README README.mysql-license README.mysql-docs +%dir %{_libdir}/mysql +%dir %{_libdir}/mysql/plugin +%dir %{_datadir}/%{pkg_name} +%{_libdir}/mysql/plugin/dialog.so +%{_libdir}/mysql/plugin/mysql_clear_password.so +%{_datadir}/%{pkg_name}/charsets +%endif + +%if %{with errmsg} +%files errmsg +%{_datadir}/%{pkg_name}/errmsg-utf8.txt +%{_datadir}/%{pkg_name}/english +%lang(cs) %{_datadir}/%{pkg_name}/czech +%lang(da) %{_datadir}/%{pkg_name}/danish +%lang(nl) %{_datadir}/%{pkg_name}/dutch +%lang(et) %{_datadir}/%{pkg_name}/estonian +%lang(fr) %{_datadir}/%{pkg_name}/french +%lang(de) %{_datadir}/%{pkg_name}/german +%lang(el) %{_datadir}/%{pkg_name}/greek +%lang(hu) %{_datadir}/%{pkg_name}/hungarian +%lang(it) %{_datadir}/%{pkg_name}/italian +%lang(ja) %{_datadir}/%{pkg_name}/japanese +%lang(ko) %{_datadir}/%{pkg_name}/korean +%lang(no) %{_datadir}/%{pkg_name}/norwegian +%lang(no) %{_datadir}/%{pkg_name}/norwegian-ny +%lang(pl) %{_datadir}/%{pkg_name}/polish +%lang(pt) %{_datadir}/%{pkg_name}/portuguese +%lang(ro) %{_datadir}/%{pkg_name}/romanian +%lang(ru) %{_datadir}/%{pkg_name}/russian +%lang(sr) %{_datadir}/%{pkg_name}/serbian +%lang(sk) %{_datadir}/%{pkg_name}/slovak +%lang(es) %{_datadir}/%{pkg_name}/spanish +%lang(sv) %{_datadir}/%{pkg_name}/swedish +%lang(uk) %{_datadir}/%{pkg_name}/ukrainian +%endif + +%if %{with galera} +%files server-galera +%doc Docs/README.wsrep +%license LICENSE.clustercheck +%{_bindir}/clustercheck +%if %{with init_systemd} +%{_bindir}/galera_new_cluster +%{_bindir}/galera_recovery +%{_datadir}/%{pkg_name}/systemd/use_galera_new_cluster.conf +%endif +%config(noreplace) %{_sysconfdir}/my.cnf.d/galera.cnf +%attr(0640,root,root) %ghost %config(noreplace) %{_sysconfdir}/sysconfig/clustercheck +%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif + +%files server +%doc README.mysql-cnf + +%{_bindir}/aria_chk +%{_bindir}/aria_dump_log +%{_bindir}/aria_ftdump +%{_bindir}/aria_pack +%{_bindir}/aria_read_log +%{_bindir}/mariadb-service-convert +%{_bindir}/myisamchk +%{_bindir}/myisam_ftdump +%{_bindir}/myisamlog +%{_bindir}/myisampack +%{_bindir}/mysql_convert_table_format +%{_bindir}/mysql_fix_extensions +%{_bindir}/mysql_install_db +%{_bindir}/mysql_secure_installation +%{_bindir}/mysql_setpermission +%{_bindir}/mysql_tzinfo_to_sql +%{_bindir}/mysql_upgrade +%{_bindir}/mysql_zap +%{_bindir}/mysqlbug +%{_bindir}/mysqldumpslow +%{_bindir}/mysqld_multi +%{_bindir}/mysqld_safe +%{_bindir}/mysqlhotcopy +%{_bindir}/mysqltest +%{_bindir}/innochecksum +%{_bindir}/perror +%{_bindir}/replace +%{_bindir}/resolve_stack_dump +%{_bindir}/resolveip +%{_bindir}/wsrep_sst_common +%{_bindir}/wsrep_sst_mysqldump +%{_bindir}/wsrep_sst_rsync +%{_bindir}/wsrep_sst_xtrabackup +%{_bindir}/wsrep_sst_xtrabackup-v2 +%{?with_tokudb:%{_bindir}/tokuftdump} +%{?with_tokudb:%{_bindir}/tokuft_logprint} + +%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/auth_gssapi.cnf +%{?with_tokudb:%config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf} + +%{_libexecdir}/mysqld + +%{_libdir}/mysql/INFO_SRC +%{_libdir}/mysql/INFO_BIN +%if %{without common} +%dir %{_datadir}/%{pkg_name} +%endif + +%{_libdir}/mysql/plugin/* +%{?with_oqgraph:%exclude %{_libdir}/mysql/plugin/ha_oqgraph.so} +%{?with_connect:%exclude %{_libdir}/mysql/plugin/ha_connect.so} +%exclude %{_libdir}/mysql/plugin/dialog.so +%exclude %{_libdir}/mysql/plugin/mysql_clear_password.so + +%{_mandir}/man1/aria_chk.1* +%{_mandir}/man1/aria_dump_log.1* +%{_mandir}/man1/aria_ftdump.1* +%{_mandir}/man1/aria_pack.1* +%{_mandir}/man1/aria_read_log.1* +%{_mandir}/man1/myisamchk.1* +%{_mandir}/man1/myisamlog.1* +%{_mandir}/man1/myisampack.1* +%{_mandir}/man1/mysql_convert_table_format.1* +%{_mandir}/man1/myisam_ftdump.1* +%{_mandir}/man1/mysql.server.1* +%{_mandir}/man1/mysql_fix_extensions.1* +%{_mandir}/man1/mysql_install_db.1* +%{_mandir}/man1/mysql_secure_installation.1* +%{_mandir}/man1/mysql_upgrade.1* +%{_mandir}/man1/mysql_zap.1* +%{_mandir}/man1/mysqlbug.1* +%{_mandir}/man1/mysqldumpslow.1* +%{_mandir}/man1/mysqld_multi.1* +%{_mandir}/man1/mysqld_safe.1* +%{_mandir}/man1/mysqlhotcopy.1* +%{_mandir}/man1/mysql_setpermission.1* +%{_mandir}/man1/mysqltest.1* +%{_mandir}/man1/innochecksum.1* +%{_mandir}/man1/perror.1* +%{_mandir}/man1/replace.1* +%{_mandir}/man1/resolve_stack_dump.1* +%{_mandir}/man1/resolveip.1* +%{_mandir}/man1/mysql_tzinfo_to_sql.1* +%{_mandir}/man8/mysqld.8* + +%{_datadir}/%{pkg_name}/fill_help_tables.sql +%{_datadir}/%{pkg_name}/install_spider.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp_bootstrap.sql +%{_datadir}/%{pkg_name}/mysql_system_tables.sql +%{_datadir}/%{pkg_name}/mysql_system_tables_data.sql +%{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql +%{_datadir}/%{pkg_name}/mysql_to_mariadb.sql +%{_datadir}/%{pkg_name}/mysql_performance_tables.sql +%{?with_mroonga:%{_datadir}/%{pkg_name}/mroonga/install.sql} +%{?with_mroonga:%{_datadir}/%{pkg_name}/mroonga/uninstall.sql} +%{_datadir}/%{pkg_name}/my-*.cnf +%{_datadir}/%{pkg_name}/wsrep.cnf +%{_datadir}/%{pkg_name}/wsrep_notify +%dir %{_datadir}/%{pkg_name}/policy +%dir %{_datadir}/%{pkg_name}/policy/apparmor +%dir %{_datadir}/%{pkg_name}/policy/selinux +%{_datadir}/%{pkg_name}/policy/apparmor/README +%{_datadir}/%{pkg_name}/policy/apparmor/usr.sbin.mysqld* +%{_datadir}/%{pkg_name}/policy/selinux/README +%{_datadir}/%{pkg_name}/policy/selinux/mariadb-server.* +%{_datadir}/%{pkg_name}/systemd/mariadb.service +# mariadb@ is installed only when we have cmake newer than 3.3 +%if 0%{?fedora} > 22 || 0%{?rhel} > 6 +%{_datadir}/%{pkg_name}/systemd/mariadb@.service +%endif + +%{daemondir}/%{daemon_name}* +%{_libexecdir}/mysql-prepare-db-dir +%{_libexecdir}/mysql-wait-ready +%{_libexecdir}/mysql-wait-stop +%{_libexecdir}/mysql-check-socket +%{_libexecdir}/mysql-check-upgrade +%{_libexecdir}/mysql-scripts-common + +%{?with_init_systemd:%{_tmpfilesdir}/%{name}.conf} +%attr(0755,mysql,mysql) %dir %{pidfiledir} +%attr(0755,mysql,mysql) %dir %{dbdatadir} +%attr(0750,mysql,mysql) %dir %{logfiledir} +%attr(0640,mysql,mysql) %config %ghost %verify(not md5 size mtime) %{logfile} +%config(noreplace) %{logrotateddir}/%{daemon_name} + +%if %{with oqgraph} +%files oqgraph-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/oqgraph.cnf +%{_libdir}/mysql/plugin/ha_oqgraph.so +%endif + +%if %{with connect} +%files connect-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/connect.cnf +%{_libdir}/mysql/plugin/ha_connect.so +%endif + +%if %{with devel} +%files devel +%{_bindir}/mysql_config* +%{_includedir}/mysql +%{_datadir}/aclocal/mysql.m4 +%{_libdir}/pkgconfig/mariadb.pc +%if %{with clibrary} +%{_libdir}/mysql/libmysqlclient.so +%{_libdir}/mysql/libmysqlclient_r.so +%endif +%{_mandir}/man1/mysql_config.1* +%endif + +%if %{with embedded} +%files embedded +%{_libdir}/mysql/libmysqld.so.* + +%files embedded-devel +%{_libdir}/mysql/libmysqld.so +%{_bindir}/mysql_client_test_embedded +%{_bindir}/mysqltest_embedded +%{_mandir}/man1/mysql_client_test_embedded.1* +%{_mandir}/man1/mysqltest_embedded.1* +%endif + +%if %{with bench} +%files bench +%{_datadir}/sql-bench +%endif + +%if %{with test} +%files test +%{_bindir}/mysql_client_test +%{_bindir}/my_safe_process +%attr(-,mysql,mysql) %{_datadir}/mysql-test +%{_mandir}/man1/mysql_client_test.1* +%endif + +%changelog +* Tue Jan 10 2017 Michael Bayer - 3:10.1.20-1 +- Update to version 10.1.20 +- Add explicit EVR requirement in main package for -libs + Related: #1406320 +- Use correct macro when removing doc files + Resolves: #1400981 +- JdbcMariaDB.jar test removed +- PCRE version check added + Related: #1382988, #1396945, #1096787 +- added temporary support to build with OpenSSL 1.0 on Fedora >= 26 +- added krb5-devel pkg as Buldrquires to prevent gssapi failure + +* Thu Nov 03 2016 Michele Baldessari - 3:10.1.18-3 +- Actually apply the revert added as patch in the previous release + +* Thu Nov 03 2016 Michele Baldessari - 3:10.1.18-2 +- Back out upstream commit 7497ebf8a49bfe30bb4110f2ac20a30f804b7946 as it + breaks the resource agent + +* Tue Oct 4 2016 Jakub Dorňák - 3:10.1.18-1 +- Update to 10.1.18 + +* Wed Aug 31 2016 Jakub Dorňák - 3:10.1.17-1 +- Update to 10.1.17 + +* Mon Aug 29 2016 Jakub Dorňák - 3:10.1.16-2 +- Fixed galera replication + Resolves: #1352946 + +* Tue Jul 19 2016 Jakub Dorňák - 3:10.1.16-1 +- Update to 10.1.16 + +* Fri Jul 15 2016 Honza Horak - 3:10.1.14-5 +- Fail build when test-suite fails +- Use license macro for inclusion of licenses + +* Thu Jul 14 2016 Honza Horak - 3:10.1.14-4 +- Revert Update to 10.1.15, this release is broken + https://lists.launchpad.net/maria-discuss/msg03691.html + +* Thu Jul 14 2016 Honza Horak - 2:10.1.15-3 +- Check datadir more carefully to avoid unwanted data corruption + Related: #1335849 + +* Thu Jul 7 2016 Jakub Dorňák - 2:10.1.15-2 +- Bump epoch + (related to the downgrade from the pre-release version) + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.15-1 +- Update to 10.1.15 + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.14-3 + Revert "Update to 10.2.0" + It is possible that MariaDB 10.2.0 won't be stable till f25 GA. + +* Tue Jun 21 2016 Pavel Raiskup - 1:10.1.14-3 +- BR multilib-rpm-config and use it for multilib workarounds +- install architecture dependant pc file to arch-dependant location + +* Thu May 26 2016 Jakub Dorňák - 1:10.2.0-2 +- Fix mysql-prepare-db-dir + Resolves: #1335849 + +* Thu May 12 2016 Jakub Dorňák - 1:10.2.0-1 +- Update to 10.2.0 + +* Thu May 12 2016 Jakub Dorňák - 1:10.1.14-1 +- Add selinux policy +- Update to 10.1.14 (includes various bug fixes) +- Add -h and --help options to galera_new_cluster + +* Thu Apr 7 2016 Jakub Dorňák - 1:10.1.13-3 +- wsrep_on in galera.cnf + +* Tue Apr 5 2016 Jakub Dorňák - 1:10.1.13-2 +- Moved /etc/sysconfig/clustercheck + and /usr/share/mariadb/systemd/use_galera_new_cluster.conf + to mariadb-server-galera + +* Tue Mar 29 2016 Jakub Dorňák - 1:10.1.13-1 +- Update to 10.1.13 + +* Wed Mar 23 2016 Jakub Dorňák - 1:10.1.12-4 +- Fixed conflict with mariadb-galera-server + +* Tue Mar 22 2016 Jakub Dorňák - 1:10.1.12-3 +- Add subpackage mariadb-server-galera + Resolves: 1310622 + +* Tue Mar 01 2016 Honza Horak - 1:10.1.12-2 +- Rebuild for BZ#1309199 (symbol versioning) + +* Mon Feb 29 2016 Jakub Dorňák - 1:10.1.12-1 +- Update to 10.1.12 + +* Tue Feb 16 2016 Honza Horak - 1:10.1.11-9 +- Remove dangling symlink to /etc/init.d/mysql + +* Sat Feb 13 2016 Honza Horak - 1:10.1.11-8 +- Use epoch for obsoleting mariadb-galera-server + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-7 +- Add Provides: bundled(pcre) in case we build with bundled pcre + Related: #1302296 +- embedded-devel should require libaio-devel + Resolves: #1290517 + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-6 +- Fix typo s/obsolate/obsolete/ + +* Thu Feb 11 2016 Honza Horak - 1:10.1.11-5 +- Add missing requirements for proper wsrep functionality +- Obsolate mariadb-galera & mariadb-galera-server (thanks Tomas Repik) + Resolves: #1279753 +- Re-enable using libedit, which should be now fixed + Related: #1201988 +- Remove mariadb-wait-ready call from systemd unit, we have now systemd notify support +- Make mariadb@.service similar to mariadb.service + +* Mon Feb 08 2016 Honza Horak - 1:10.1.11-4 +- Use systemd unit file more compatible with upstream + +* Sun Feb 07 2016 Honza Horak - 1:10.1.11-3 +- Temporarily disabling oqgraph for + https://mariadb.atlassian.net/browse/MDEV-9479 + +* Thu Feb 04 2016 Fedora Release Engineering - 1:10.1.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Feb 3 2016 Jakub Dorňák - 1:10.1.11-1 +- Update to 10.1.11 + +* Tue Jan 19 2016 Jakub Dorňák - 1:10.1.10-1 +- Update to 10.1.10 + +* Mon Dec 07 2015 Dan Horák - 1:10.1.8-3 +- rebuilt for s390(x) + +* Tue Nov 03 2015 Honza Horak - 1:10.1.8-2 +- Expand variables in server.cnf + +* Thu Oct 22 2015 Jakub Dorňák - 1:10.1.8-1 +- Update to 10.1.8 + +* Thu Aug 27 2015 Jonathan Wakely - 1:10.0.21-2 +- Rebuilt for Boost 1.59 + +* Mon Aug 10 2015 Jakub Dorňák - 1:10.0.21-1 +- Update to 10.0.21 + +* Wed Jul 29 2015 Fedora Release Engineering - 1:10.0.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 + +* Wed Jul 22 2015 David Tardon - 1:10.0.20-2 +- rebuild for Boost 1.58 + +* Tue Jun 23 2015 Honza Horak - 1:10.0.20-1 +- Update to 10.0.20 + +* Wed Jun 17 2015 Fedora Release Engineering - 1:10.0.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Dan Horák - 1:10.0.19-2 +- Update lists of failing tests (jdornak) + Related: #1149647 + +* Mon May 11 2015 Honza Horak - 1:10.0.19-1 +- Update to 10.0.19 + +* Thu May 07 2015 Honza Horak - 1:10.0.18-1 +- Update to 10.0.18 + +* Thu May 07 2015 Honza Horak - 1:10.0.17-4 +- Include client plugins into -common package since they are used by both -libs + and base packages. +- Do not use libedit + Related: #1201988 +- Let plugin dir to be owned by -common +- Use correct comment in the init script + Related: #1184604 +- Add openssl as BuildRequires to run some openssl tests during build + Related: #1189180 +- Fail in case any command in check fails + Related: #1124791 +- Fix mysqladmin crash if run with -u root -p + Resolves: #1207170 + +* Sat May 02 2015 Kalev Lember - 1:10.0.17-3 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Mar 06 2015 Honza Horak - 1:10.0.17-2 +- Wait for daemon ends + Resolves: #1072958 +- Do not include symlink to libmysqlclient if not shipping the library +- Do not use scl prefix more than once in paths + Based on https://www.redhat.com/archives/sclorg/2015-February/msg00038.html + +* Wed Mar 04 2015 Honza Horak - 1:10.0.17-1 +- Rebase to version 10.0.17 +- Added variable for turn off skipping some tests + +* Tue Mar 03 2015 Honza Horak - 1:10.0.16-6 +- Check permissions when starting service on RHEL-6 + Resolves: #1194699 +- Do not create test database by default + Related: #1194611 + +* Fri Feb 13 2015 Matej Muzila - 1:10.0.16-4 +- Enable tokudb + +* Tue Feb 10 2015 Honza Horak - 1:10.0.16-3 +- Fix openssl_1 test + +* Wed Feb 4 2015 Jakub Dorňák - 1:10.0.16-2 +- Include new certificate for tests +- Update lists of failing tests + Related: #1186110 + +* Tue Feb 3 2015 Jakub Dorňák - 1:10.0.16-9 +- Rebase to version 10.0.16 + Resolves: #1187895 + +* Tue Jan 27 2015 Petr Machata - 1:10.0.15-9 +- Rebuild for boost 1.57.0 + +* Mon Jan 26 2015 Honza Horak - 1:10.0.15-8 +- Fix typo in the config file + +* Sun Jan 25 2015 Honza Horak - 1:10.0.15-7 +- Do not create log file in post script + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-6 +- Move server settings to config file under my.cnf.d dir + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-5 +- Fix path for sysconfig file + Filter provides in el6 properly + Fix initscript file location + +* Tue Jan 06 2015 Honza Horak - 1:10.0.15-4 +- Disable failing tests connect.mrr, connect.updelx2 on ppc and s390 + +* Mon Dec 22 2014 Honza Horak - 1:10.0.15-3 +- Fix macros paths in my.cnf +- Create old location for pid file if it remained in my.cnf + +* Fri Dec 05 2014 Honza Horak - 1:10.0.15-2 +- Rework usage of macros and remove some compatibility artefacts + +* Thu Nov 27 2014 Jakub Dorňák - 1:10.0.15-1 +- Update to 10.0.15 + +* Thu Nov 20 2014 Jan Stanek - 1:10.0.14-8 +- Applied upstream fix for mysql_config --cflags output. + Resolves: #1160845 + +* Fri Oct 24 2014 Jan Stanek - 1:10.0.14-7 +- Fixed compat service file. + Resolves: #1155700 + +* Mon Oct 13 2014 Honza Horak - 1:10.0.14-6 +- Remove bundled cmd-line-utils + Related: #1079637 +- Move mysqlimport man page to proper package +- Disable main.key_cache test on s390 + Releated: #1149647 + +* Wed Oct 08 2014 Honza Horak - 1:10.0.14-5 +- Disable tests connect.part_file, connect.part_table + and connect.updelx + Related: #1149647 + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-4 +- Add bcond_without mysql_names + Use more correct path when deleting mysql logrotate script + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-3 +- Build with system libedit + Resolves: #1079637 + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-2 +- Add with_debug option + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-1 +- Update to 10.0.14 + +* Wed Sep 24 2014 Honza Horak - 1:10.0.13-8 +- Move connect engine to a separate package + Rename oqgraph engine to align with upstream packages +- Move some files to correspond with MariaDB upstream packages + client.cnf into -libs, mysql_plugin and msql2mysql into base, + tokuftdump and aria_* into -server, errmsg-utf8.txt into -errmsg +- Remove duplicate cnf files packaged using %%doc +- Check upgrade script added to warn about need for mysql_upgrade + +* Wed Sep 24 2014 Matej Muzila - 1:10.0.13-7 +- Client related libraries moved from mariadb-server to mariadb-libs + Related: #1138843 + +* Mon Sep 08 2014 Honza Horak - 1:10.0.13-6 +- Disable vcol_supported_sql_funcs_myisam test on all arches + Related: #1096787 +- Install systemd service file on RHEL-7+ + Server requires any mysql package, so it should be fine with older client + +* Thu Sep 04 2014 Honza Horak - 1:10.0.13-5 +- Fix paths in mysql_install_db script + Resolves: #1134328 +- Use %%cmake macro + +* Tue Aug 19 2014 Honza Horak - 1:10.0.13-4 +- Build config subpackage everytime +- Disable failing tests: innodb_simulate_comp_failures_small, key_cache + rhbz#1096787 + +* Sun Aug 17 2014 Fedora Release Engineering - 1:10.0.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Honza Horak - 1:10.0.13-2 +- Include mysqld_unit only if required; enable tokudb in f20- + +* Wed Aug 13 2014 Honza Horak - 1:10.0.13-1 +- Rebase to version 10.0.13 + +* Tue Aug 12 2014 Honza Horak - 1:10.0.12-8 +- Introduce -config subpackage and ship base config files here + +* Tue Aug 5 2014 Honza Horak - 1:10.0.12-7 +- Adopt changes from mysql, thanks Bjorn Munch + +* Mon Jul 28 2014 Honza Horak - 1:10.0.12-6 +- Use explicit sysconfdir +- Absolut path for default value for pid file and error log + +* Tue Jul 22 2014 Honza Horak - 1:10.0.12-5 +- Hardcoded paths removed to work fine in chroot +- Spec rewrite to be more similar to oterh MySQL implementations +- Use variable for daemon unit name +- Include SysV init script if built on older system +- Add possibility to not ship some sub-packages + +* Mon Jul 21 2014 Honza Horak - 1:10.0.12-4 +- Reformating spec and removing unnecessary snippets + +* Tue Jul 15 2014 Honza Horak - 1:10.0.12-3 +- Enable OQGRAPH engine and package it as a sub-package +- Add support for TokuDB engine for x86_64 (currently still disabled) +- Re-enable tokudb_innodb_xa_crash again, seems to be fixed now +- Drop superfluous -libs and -embedded ldconfig deps (thanks Ville Skyttä) +- Separate -lib and -common sub-packages +- Require /etc/my.cnf instead of shipping it +- Include README.mysql-cnf +- Multilib support re-worked +- Introduce new option with_mysqld_unit +- Removed obsolete mysql-cluster, the package should already be removed +- Improve error message when log file is not writable +- Compile all binaries with full RELRO (RHBZ#1092548) +- Use modern symbol filtering with compatible backup +- Add more groupnames for server's my.cnf +- Error messages now provided by a separate package (thanks Alexander Barkov) +- Expand paths in helper scripts using cmake + +* Wed Jun 18 2014 Mikko Tiihonen - 1:10.0.12-2 +- Use -fno-delete-null-pointer-checks to avoid segfaults with gcc 4.9 + +* Tue Jun 17 2014 Jakub Dorňák - 1:10.0.12-1 +- Rebase to version 10.0.12 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:10.0.11-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jun 3 2014 Jakub Dorňák - 1:10.0.11-4 +- rebuild with tests failing on different arches disabled (#1096787) + +* Thu May 29 2014 Dan Horák - 1:10.0.11-2 +- rebuild with tests failing on big endian arches disabled (#1096787) + +* Wed May 14 2014 Jakub Dorňák - 1:10.0.11-1 +- Rebase to version 10.0.11 + +* Mon May 05 2014 Honza Horak - 1:10.0.10-3 +- Script for socket check enhanced + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-2 +- use system pcre library + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-1 +- Rebase to version 10.0.10 + +* Wed Mar 12 2014 Honza Horak - 1:5.5.36-2 +- Server crashes on SQL select containing more group by and left join statements using innodb tables + Resolves: #1065676 +- Fix paths in helper scripts +- Move language files into mariadb directory + +* Thu Mar 06 2014 Honza Horak - 1:5.5.36-1 +- Rebase to 5.5.36 + https://kb.askmonty.org/en/mariadb-5536-changelog/ + +* Tue Feb 25 2014 Honza Horak 1:5.5.35-5 +- Daemon helper scripts sanity changes and spec files clean-up + +* Tue Feb 11 2014 Honza Horak 1:5.5.35-4 +- Fix typo in mysqld.service + Resolves: #1063981 + +* Wed Feb 5 2014 Honza Horak 1:5.5.35-3 +- Do not touch the log file in post script, so it does not get wrong owner + Resolves: #1061045 + +* Thu Jan 30 2014 Honza Horak 1:5.5.35-1 +- Rebase to 5.5.35 + https://kb.askmonty.org/en/mariadb-5535-changelog/ + Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, + CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, + CVE-2014-0402 + Resolves: #1054043 + Resolves: #1059546 + +* Tue Jan 14 2014 Honza Horak - 1:5.5.34-9 +- Adopt compatible system versioning + Related: #1045013 +- Use compatibility mysqld.service instead of link + Related: #1014311 + +* Mon Jan 13 2014 Rex Dieter 1:5.5.34-8 +- move mysql_config alternatives scriptlets to -devel too + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-7 +- Build with -O3 on ppc64 + Related: #1051069 +- Move mysql_config to -devel sub-package and remove Require: mariadb + Related: #1050920 + +* Fri Jan 10 2014 Marcin Juszkiewicz 1:5.5.34-6 +- Disable main.gis-precise test also for AArch64 +- Disable perfschema.func_file_io and perfschema.func_mutex for AArch64 + (like it is done for 32-bit ARM) + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-5 +- Clean all non-needed doc files properly + +* Wed Jan 8 2014 Honza Horak 1:5.5.34-4 +- Read socketfile location in mariadb-prepare-db-dir script + +* Mon Jan 6 2014 Honza Horak 1:5.5.34-3 +- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl + which now makes mariadb/mysql FTBFS because openssl_1 test fails + Related: #1044565 +- Use upstream's layout for symbols version in client library + Related: #1045013 +- Check if socket file is not being used by another process at a time + of starting the service + Related: #1045435 +- Use %%ghost directive for the log file + Related: 1043501 + +* Wed Nov 27 2013 Honza Horak 1:5.5.34-2 +- Fix mariadb-wait-ready script + +* Fri Nov 22 2013 Honza Horak 1:5.5.34-1 +- Rebase to 5.5.34 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-4 +- Fix spec file to be ready for backport by Oden Eriksson + Resolves: #1026404 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-3 +- Add pam-devel to build-requires in order to build + Related: #1019945 +- Check if correct process is running in mysql-wait-ready script + Related: #1026313 + +* Mon Oct 14 2013 Honza Horak 1:5.5.33a-2 +- Turn on test suite + +* Thu Oct 10 2013 Honza Horak 1:5.5.33a-1 +- Rebase to 5.5.33a + https://kb.askmonty.org/en/mariadb-5533-changelog/ + https://kb.askmonty.org/en/mariadb-5533a-changelog/ +- Enable outfile_loaddata test +- Disable tokudb_innodb_xa_crash test + +* Mon Sep 2 2013 Honza Horak - 1:5.5.32-12 +- Re-organize my.cnf to include only generic settings + Resolves: #1003115 +- Move pid file location to /var/run/mariadb +- Make mysqld a symlink to mariadb unit file rather than the opposite way + Related: #999589 + +* Thu Aug 29 2013 Honza Horak - 1:5.5.32-11 +- Move log file into /var/log/mariadb/mariadb.log +- Rename logrotate script to mariadb +- Resolves: #999589 + +* Wed Aug 14 2013 Rex Dieter 1:5.5.32-10 +- fix alternatives usage + +* Tue Aug 13 2013 Honza Horak - 1:5.5.32-9 +- Multilib issues solved by alternatives + Resolves: #986959 + +* Sat Aug 03 2013 Petr Pisar - 1:5.5.32-8 +- Perl 5.18 rebuild + +* Wed Jul 31 2013 Honza Horak - 1:5.5.32-7 +- Do not use login shell for mysql user + +* Tue Jul 30 2013 Honza Horak - 1:5.5.32-6 +- Remove unneeded systemd-sysv requires +- Provide mysql-compat-server symbol +- Create mariadb.service symlink +- Fix multilib header location for arm +- Enhance documentation in the unit file +- Use scriptstub instead of links to avoid multilib conflicts +- Add condition for doc placement in F20+ + +* Sun Jul 28 2013 Dennis Gilmore - 1:5.5.32-5 +- remove "Requires(pretrans): systemd" since its not possible +- when installing mariadb and systemd at the same time. as in a new install + +* Sat Jul 27 2013 Kevin Fenzi 1:5.5.32-4 +- Set rpm doc macro to install docs in unversioned dir + +* Fri Jul 26 2013 Dennis Gilmore 1:5.5.32-3 +- add Requires(pre) on systemd for the server package + +* Tue Jul 23 2013 Dennis Gilmore 1:5.5.32-2 +- replace systemd-units requires with systemd +- remove solaris files + +* Fri Jul 19 2013 Honza Horak 1:5.5.32-1 +- Rebase to 5.5.32 + https://kb.askmonty.org/en/mariadb-5532-changelog/ +- Clean-up un-necessary systemd snippets + +* Wed Jul 17 2013 Petr Pisar - 1:5.5.31-7 +- Perl 5.18 rebuild + +* Mon Jul 1 2013 Honza Horak 1:5.5.31-6 +- Test suite params enhanced to decrease server condition influence +- Fix misleading error message when uninstalling built-in plugins + Related: #966873 + +* Thu Jun 27 2013 Honza Horak 1:5.5.31-5 +- Apply fixes found by Coverity static analysis tool + +* Wed Jun 19 2013 Honza Horak 1:5.5.31-4 +- Do not use pretrans scriptlet, which doesn't work in anaconda + Resolves: #975348 + +* Fri Jun 14 2013 Honza Horak 1:5.5.31-3 +- Explicitly enable mysqld if it was enabled in the beginning + of the transaction. + +* Thu Jun 13 2013 Honza Horak 1:5.5.31-2 +- Apply man page fix from Jan Stanek + +* Fri May 24 2013 Honza Horak 1:5.5.31-1 +- Rebase to 5.5.31 + https://kb.askmonty.org/en/mariadb-5531-changelog/ +- Preserve time-stamps in case of installed files +- Use /var/tmp instead of /tmp, since the later is using tmpfs, + which can cause problems + Resolves: #962087 +- Fix test suite requirements + +* Sun May 5 2013 Honza Horak 1:5.5.30-2 +- Remove mytop utility, which is packaged separately +- Resolve multilib conflicts in mysql/private/config.h + +* Fri Mar 22 2013 Honza Horak 1:5.5.30-1 +- Rebase to 5.5.30 + https://kb.askmonty.org/en/mariadb-5530-changelog/ + +* Fri Mar 22 2013 Honza Horak 1:5.5.29-11 +- Obsolete MySQL since it is now renamed to community-mysql +- Remove real- virtual names + +* Thu Mar 21 2013 Honza Horak 1:5.5.29-10 +- Adding epoch to have higher priority than other mysql implementations + when comes to provider comparison + +* Wed Mar 13 2013 Honza Horak 5.5.29-9 +- Let mariadb-embedded-devel conflict with MySQL-embedded-devel +- Adjust mariadb-sortbuffer.patch to correspond with upstream patch + +* Mon Mar 4 2013 Honza Horak 5.5.29-8 +- Mask expected warnings about setrlimit in test suite + +* Thu Feb 28 2013 Honza Horak 5.5.29-7 +- Use configured prefix value instead of guessing basedir + in mysql_config +Resolves: #916189 +- Export dynamic columns and non-blocking API functions documented + by upstream + +* Wed Feb 27 2013 Honza Horak 5.5.29-6 +- Fix sort_buffer_length option type + +* Wed Feb 13 2013 Honza Horak 5.5.29-5 +- Suppress warnings in tests and skip tests also on ppc64p7 + +* Tue Feb 12 2013 Honza Horak 5.5.29-4 +- Suppress warning in tests on ppc +- Enable fixed index_merge_myisam test case + +* Thu Feb 07 2013 Honza Horak 5.5.29-3 +- Packages need to provide also %%_isa version of mysql package +- Provide own symbols with real- prefix to distinguish from mysql + unambiguously +- Fix format for buffer size in error messages (MDEV-4156) +- Disable some tests that fail on ppc and s390 +- Conflict only with real-mysql, otherwise mariadb conflicts with ourself + +* Tue Feb 05 2013 Honza Horak 5.5.29-2 +- Let mariadb-libs to own /etc/my.cnf.d + +* Thu Jan 31 2013 Honza Horak 5.5.29-1 +- Rebase to 5.5.29 + https://kb.askmonty.org/en/mariadb-5529-changelog/ +- Fix inaccurate default for socket location in mysqld-wait-ready + Resolves: #890535 + +* Thu Jan 31 2013 Honza Horak 5.5.28a-8 +- Enable obsoleting mysql + +* Wed Jan 30 2013 Honza Horak 5.5.28a-7 +- Adding necessary hacks for perl dependency checking, rpm is still + not wise enough +- Namespace sanity re-added for symbol default_charset_info + +* Mon Jan 28 2013 Honza Horak 5.5.28a-6 +- Removed %%{_isa} from provides/obsoletes, which doesn't allow + proper obsoleting +- Do not obsolete mysql at the time of testing + +* Thu Jan 10 2013 Honza Horak 5.5.28a-5 +- Added licenses LGPLv2 and BSD +- Removed wrong usage of %%{epoch} +- Test-suite is run in %%check +- Removed perl dependency checking adjustment, rpm seems to be smart enough +- Other minor spec file fixes + +* Tue Dec 18 2012 Honza Horak 5.5.28a-4 +- Packaging of MariaDB based on MySQL package + diff --git a/mwa-gplv2.map b/mwa-gplv2.map new file mode 100644 index 0000000..265e5b0 --- /dev/null +++ b/mwa-gplv2.map @@ -0,0 +1,23 @@ +cgcs/middleware/recipes-common/dpkg|dpkg +cgcs/recipes-base/cgcs-users|cgcs-users +cgcs/recipes-cgl/cluster-resource-agents|cluster-resource-agents +cgcs/recipes-devtools/libfdt|libfdt +cgcs/recipes-devtools/rpm|rpm +cgcs/recipes-extended/bash|bash +cgcs/recipes-extended/haproxy|haproxy +cgcs/recipes-extended/iptables|iptables +cgcs/recipes-extended/iscsi-initiator-utils|iscsi-initiator-utils +cgcs/recipes-extended/ldapscripts|ldapscripts +cgcs/recipes-extended/mariadb|mariadb +cgcs/recipes-extended/netpbm|netpbm +cgcs/recipes-extended/net-tools|net-tools +cgcs/recipes-kernel/drbd|drbd +cgcs/recipes-kernel/drbd-tools|drbd-tools +cgcs/recipes-kernel/integrity|integrity +cgcs/recipes-kernel/intel-e1000e|intel-e1000e +cgcs/recipes-kernel/intel-i40e|intel-i40e +cgcs/recipes-kernel/intel-i40evf|intel-i40evf +cgcs/recipes-kernel/intel-ixgbe|intel-ixgbe +cgcs/recipes-kernel/intel-ixgbevf|intel-ixgbevf +cgcs/recipes-kernel/quickassist/qat17|qat17 +cgcs/recipes-kernel/tpmdd|tpmdd diff --git a/net-tools/centos/build_srpm.data b/net-tools/centos/build_srpm.data new file mode 100644 index 0000000..112ca54 --- /dev/null +++ b/net-tools/centos/build_srpm.data @@ -0,0 +1,2 @@ +COPY_LIST="files/*" +TIS_PATCH_VER=2 diff --git a/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..d0f7cf6 --- /dev/null +++ b/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,27 @@ +From 27b9c7a5281c84da9f9029deeb31442cf17f5755 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:42:22 -0400 +Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch + +Conflicts: + SPECS/net-tools.spec +--- + SPECS/net-tools.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/net-tools.spec b/SPECS/net-tools.spec +index 2f09372..c8b94cd 100644 +--- a/SPECS/net-tools.spec ++++ b/SPECS/net-tools.spec +@@ -3,7 +3,7 @@ + Summary: Basic networking tools + Name: net-tools + Version: 2.0 +-Release: 0.22.%{checkout}%{?dist} ++Release: 0.22.20131004git.el7%{?_tis_dist}.%{tis_patch_ver} + License: GPLv2+ + Group: System Environment/Base + URL: http://sourceforge.net/projects/net-tools/ +-- +1.9.1 + diff --git a/net-tools/centos/meta_patches/PATCH_ORDER b/net-tools/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..4d63f54 --- /dev/null +++ b/net-tools/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,2 @@ +spec-to-include-TiS-patches.patch +0001-Update-package-versioning-for-TIS-format.patch diff --git a/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch b/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch new file mode 100644 index 0000000..eccb7cc --- /dev/null +++ b/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch @@ -0,0 +1,39 @@ +From 24d92c7a7730e71bac4182df53d5fd6f4d7d6957 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:42:22 -0400 +Subject: [PATCH 1/2] WRS: spec-to-include-TiS-patches.patch + +Conflicts: + SPECS/net-tools.spec +--- + SPECS/net-tools.spec | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/SPECS/net-tools.spec b/SPECS/net-tools.spec +index 2ee770e..2f09372 100644 +--- a/SPECS/net-tools.spec ++++ b/SPECS/net-tools.spec +@@ -65,6 +65,10 @@ Patch23: net-tools-ifconfig-EiB.patch + # sctp was not documented in help and manpage + Patch24: net-tools-netstat-sctp-man.patch + ++# WindRiver patches ++Patch100: net-tools-hostname-ipv6-shortname.patch ++Patch101: net-tools-ifconfig-no-ifstate-on-flush.patch ++ + BuildRequires: gettext, libselinux + BuildRequires: libselinux-devel + BuildRequires: systemd-units +@@ -103,6 +107,9 @@ cp %SOURCE8 ./man/en_US + %patch23 -p1 -b .round-EiB + %patch24 -p1 -b .sctp-man + ++%patch100 -p1 -b .hostname-ipv6 ++%patch101 -p1 -b .ifconfig-no-ifstate-on-flush ++ + touch ./config.h + + %build +-- +1.9.1 + diff --git a/net-tools/centos/srpm_path b/net-tools/centos/srpm_path new file mode 100644 index 0000000..cc279a7 --- /dev/null +++ b/net-tools/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/net-tools-2.0-0.22.20131004git.el7.src.rpm diff --git a/net-tools/files/net-tools-hostname-ipv6-shortname.patch b/net-tools/files/net-tools-hostname-ipv6-shortname.patch new file mode 100644 index 0000000..612e063 --- /dev/null +++ b/net-tools/files/net-tools-hostname-ipv6-shortname.patch @@ -0,0 +1,31 @@ +From e1aab6b4103e7d6f625de7b2e4d842826f3a3615 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:42:24 -0400 +Subject: [PATCH 1/2] WRS: Patch22: net-tools-hostname-ipv6-shortname.patch + +--- + hostname.c | 7 +- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/hostname.c b/hostname.c +index ae98ca6..56aeb06 100644 +--- a/hostname.c ++++ b/hostname.c +@@ -356,8 +356,13 @@ int main(int argc, char **argv) + break; + case 'a': + case 'f': +- case 'i': + case 's': ++ /* ++ * These are not supported for IPv6 so just consume the option ++ * and return the default hostname value ++ */ ++ break; ++ case 'i': + what = 1; + type = c; + break; +-- +1.9.1 + diff --git a/net-tools/files/net-tools-ifconfig-no-ifstate-on-flush.patch b/net-tools/files/net-tools-ifconfig-no-ifstate-on-flush.patch new file mode 100644 index 0000000..02a03a1 --- /dev/null +++ b/net-tools/files/net-tools-ifconfig-no-ifstate-on-flush.patch @@ -0,0 +1,29 @@ +From c8c0e58c037b4183672666be22782d96d0fc3267 Mon Sep 17 00:00:00 2001 +From: Scott Little +Date: Mon, 2 Oct 2017 16:42:25 -0400 +Subject: [PATCH 2/2] WRS: Patch23: + net-tools-ifconfig-no-ifstate-on-flush.patch + +--- + ifconfig.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/ifconfig.c b/ifconfig.c +index df9793a..ebdc1a1 100644 +--- a/ifconfig.c ++++ b/ifconfig.c +@@ -982,6 +982,11 @@ int main(int argc, char **argv) + exit(1); + } + r = ioctl(fd, SIOCSIFADDR, &ifr); ++ if (((struct sockaddr_in*)&sa)->sin_addr.s_addr == INADDR_ANY) { ++ /* do not continue to change interface state if only flushing addresses */ ++ spp++; ++ continue; ++ } + break; + #endif + #if HAVE_AFECONET +-- +1.9.1 + diff --git a/netpbm/centos/build_srpm.data b/netpbm/centos/build_srpm.data new file mode 100644 index 0000000..d189335 --- /dev/null +++ b/netpbm/centos/build_srpm.data @@ -0,0 +1,2 @@ +TIS_PATCH_VER=2 +BUILD_IS_SLOW=3 diff --git a/netpbm/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/netpbm/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch new file mode 100644 index 0000000..cd6e5c8 --- /dev/null +++ b/netpbm/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -0,0 +1,25 @@ +From 55b381fed1b1bae9bd0bdfabd07246f40805252e Mon Sep 17 00:00:00 2001 +From: Don Penney +Date: Tue, 27 Sep 2016 21:23:24 -0400 +Subject: [PATCH] Update package versioning for TIS format + +--- + SPECS/netpbm.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec +index c10c448..74c13eb 100644 +--- a/SPECS/netpbm.spec ++++ b/SPECS/netpbm.spec +@@ -1,7 +1,7 @@ + Summary: A library for handling different graphics file formats + Name: netpbm + Version: 10.61.02 +-Release: 9%{?dist} ++Release: 9.el7%{?_tis_dist}.%{tis_patch_ver} + # See copyright_summary for details + License: BSD and GPLv2 and IJG and MIT and Public Domain + Group: System Environment/Libraries +-- +1.8.3.1 + diff --git a/netpbm/centos/meta_patches/0001-remove-ghostscript.patch b/netpbm/centos/meta_patches/0001-remove-ghostscript.patch new file mode 100644 index 0000000..59234fc --- /dev/null +++ b/netpbm/centos/meta_patches/0001-remove-ghostscript.patch @@ -0,0 +1,29 @@ +diff --git a/SPECS/netpbm.spec b/SPECS/netpbm.spec +index c0a2d27..c10c448 100644 +--- a/SPECS/netpbm.spec ++++ b/SPECS/netpbm.spec +@@ -40,6 +40,7 @@ Patch28: netpbm-compare-same-images.patch + Patch29: netpbm-manual-pages.patch + Patch30: netpbm-pnmtops-hangs.patch + Patch31: netpbm-pgmtexture-fault.patch ++Patch32: remove-pstopnm.patch + BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex + BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel + +@@ -66,7 +67,6 @@ to have the netpbm package installed. + %package progs + Summary: Tools for manipulating graphics files in netpbm supported formats + Group: Applications/Multimedia +-Requires: ghostscript + Requires: netpbm = %{version}-%{release} + + %description progs + +@@ -120,6 +120,7 @@ netpbm-doc. You'll also need to install the netpbm-progs package. + %patch29 -p1 -b .manual-pages + %patch30 -p1 -b .pnmtops-hangs + %patch31 -p1 -b .pgmtexture-fault ++%patch32 -p1 + + sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in + rm -rf converter/other/jpeg2000/libjasper/ diff --git a/netpbm/centos/meta_patches/PATCH_ORDER b/netpbm/centos/meta_patches/PATCH_ORDER new file mode 100644 index 0000000..b0754a0 --- /dev/null +++ b/netpbm/centos/meta_patches/PATCH_ORDER @@ -0,0 +1,2 @@ +0001-remove-ghostscript.patch +0001-Update-package-versioning-for-TIS-format.patch diff --git a/netpbm/centos/patches/remove-pstopnm.patch b/netpbm/centos/patches/remove-pstopnm.patch new file mode 100644 index 0000000..5c4cb89 --- /dev/null +++ b/netpbm/centos/patches/remove-pstopnm.patch @@ -0,0 +1,25 @@ +diff --git a/netpbm-10.61.02/converter/other/Makefile b/netpbm-10.61.02/converter/other/Makefile +index 746db87..02c66b4 100644 +--- a/netpbm-10.61.02/converter/other/Makefile ++++ b/netpbm-10.61.02/converter/other/Makefile +@@ -7,6 +7,7 @@ VPATH=.:$(SRCDIR)/$(SUBDIR) + + include $(BUILDDIR)/config.mk + ++USE_GHOSTSCRIPT=N + TEST_PKGCONFIG_LIBXML2 = if pkg-config libxml-2.0; then echo exists; fi + + ifneq ($(shell $(TEST_PKGCONFIG_LIBXML2)),) +@@ -134,10 +135,12 @@ BINARIES = \ + rasttopnm \ + srftopam \ + ++ifneq ($(USE_GHOSTSCRIPT),N) + ifneq ($(DONT_HAVE_PROCESS_MGMT),Y) + PORTBINARIES += pstopnm + BINARIES += pnmtops + endif ++endif + + ifeq ($(HAVE_PNGLIB),Y) + BINARIES += pnmtopng pngtopam pamrgbatopng diff --git a/netpbm/centos/srpm_path b/netpbm/centos/srpm_path new file mode 100644 index 0000000..4349e3d --- /dev/null +++ b/netpbm/centos/srpm_path @@ -0,0 +1 @@ +mirror:Source/netpbm-10.61.02-9.el7.src.rpm diff --git a/qat17/PKG-INFO b/qat17/PKG-INFO new file mode 100644 index 0000000..bc5b2fa --- /dev/null +++ b/qat17/PKG-INFO @@ -0,0 +1,13 @@ +Metadata-Version: 1.1 +Name: qat17 +Version: 1.0 +Summary: Intel(r) QuickAssist Technology API +Home-page: https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches +Author: +Author-email: +License: GPLv2 + +Description: Intel(r) QuickAssist Technology API + + +Platform: UNKNOWN diff --git a/qat17/centos/build_srpm.data b/qat17/centos/build_srpm.data new file mode 100644 index 0000000..fae30f9 --- /dev/null +++ b/qat17/centos/build_srpm.data @@ -0,0 +1,6 @@ +COPY_LIST=" \ + $CGCS_BASE/mwa-gplv2/qat17/files/* \ + $CGCS_BASE/downloads/qat1.7.upstream.l.1.0.3-42.tar.gz \ +" +TIS_PATCH_VER=4 +BUILD_IS_SLOW=3 diff --git a/qat17/centos/qat17.spec b/qat17/centos/qat17.spec new file mode 100644 index 0000000..a96458f --- /dev/null +++ b/qat17/centos/qat17.spec @@ -0,0 +1,134 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +Summary: Intel(r) QuickAssist Technology API +%define pkgname qat17 +Name: %{pkgname}%{?bt_ext} +Version: 1.0.3 +%define upstream_release 42 +Release: %{upstream_release}%{?_tis_dist}.%{tis_patch_ver} +License: GPLv2 +Group: base +Packager: Wind River +URL: https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches + +BuildRequires: kernel%{?bt_ext}-devel +BuildRequires: zlib-devel +BuildRequires: openssl-devel +BuildRequires: pciutils +BuildRequires: libudev-devel +BuildRequires: boost-devel +BuildRequires: perl +BuildRequires: openssl + +%define icp_tools accelcomp +%define kernel_version %(rpm -q kernel%{?bt_ext}-devel | sed 's/kernel%{?bt_ext}-devel-//') +%define staging_kernel_dir /usr/src/kernels/%{kernel_version}/ +%define qat_unpack_dir %{_builddir}/%{name}-%{version} +%define qat_src_dir %{qat_unpack_dir} + +Source: qat1.7.upstream.l.%{version}-%{upstream_release}.tar.gz +Source1: qat +# Use our own service script rather than massively patching theirs +Source2: qat_service + +Patch1: 0001-Install-config-file-for-each-VF.patch +Patch2: Get-and-report-the-return-code-on-firmware-load-fail.patch + +%description +Intel(r) QuickAssist Technology API + +%prep +rm -rf %{qat_unpack_dir} +mkdir -p %{qat_unpack_dir} +cd %{qat_unpack_dir} + +gzip -dc %{_sourcedir}/qat1.7.upstream.l.%{version}-%{upstream_release}.tar.gz | tar -xvvf - +if [ $? -ne 0 ]; then + exit $? +fi + +%patch1 -p1 +%patch2 -p1 + +%build + +ICP_ROOT=%{qat_src_dir} +KERNEL_SOURCE_ROOT=%{staging_kernel_dir} +mkdir -p %{qat_src_dir}/build +ICP_BUILD_OUTPUT=%{qat_src_dir}/build +export ICP_ROOT KERNEL_SOURCE_ROOT ICP_BUILD_OUTPUT + +cd %{qat_src_dir} +%configure + +make -C %{qat_src_dir}/ + +# intel test sample +make -C %{qat_src_dir}/ sample-all + +%install + +%{__install} -d %{buildroot}%{_sysconfdir}/default +%{__install} -m 750 %SOURCE1 %{buildroot}%{_sysconfdir}/default + +%{__install} -d %{buildroot}%{_sysconfdir}/modprobe.d + +%{__install} -d %{buildroot}%{_sysconfdir}/qat/conf_files +%{__install} -m 640 %{qat_src_dir}/build/*.conf %{buildroot}%{_sysconfdir}/qat/conf_files +%{__install} -m 640 %{qat_src_dir}/build/*.vm %{buildroot}%{_sysconfdir}/qat/conf_files + +%{__install} -d %{buildroot}%{_sbindir} +%{__install} -m 750 %{qat_src_dir}/build/adf_ctl %{buildroot}%{_sbindir} + +%{__install} -d %{buildroot}%{_sysconfdir}/init.d +%{__install} -m 750 %SOURCE2 %{buildroot}%{_sysconfdir}/init.d/qat_service + +%{__install} -d %{buildroot}%{_libdir} +%{__install} -m 750 %{qat_src_dir}/build/*.so %{buildroot}%{_libdir} + +%{__install} -d %{buildroot}/lib/modules/%{kernel_version}/kernel/drivers/crypto/qat/ +%{__install} -m 750 %{qat_src_dir}/build/*qat*.ko %{buildroot}/lib/modules/%{kernel_version}/kernel/drivers/crypto/qat/ +%{__install} -m 750 %{qat_src_dir}/build/usdm_drv.ko %{buildroot}/lib/modules/%{kernel_version}/kernel/drivers/crypto/qat + +# intel test sample +%{__install} -d %{buildroot}/usr/lib/firmware +%{__install} -m 750 %{qat_src_dir}/build/cpa_sample_code %{buildroot}%{_sbindir}/cpa_sample_code +%{__install} -m 640 %{qat_src_dir}/quickassist/lookaside/access_layer/src/sample_code/performance/compression/calgary %{buildroot}/usr/lib/firmware +%{__install} -m 640 %{qat_src_dir}/quickassist/lookaside/access_layer/src/sample_code/performance/compression/calgary32 %{buildroot}/usr/lib/firmware +%{__install} -m 640 %{qat_src_dir}/quickassist/lookaside/access_layer/src/sample_code/performance/compression/canterbury %{buildroot}/usr/lib/firmware + +# device firmware +# install to the updates directory so this firmware will get grabbed ahead of +# anything supplied by the linux-firmware package +%{__install} -d %{buildroot}/usr/lib/firmware/updates +%{__install} -m 640 %{qat_src_dir}/build/*.bin %{buildroot}/usr/lib/firmware/updates + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kernel_version}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kernel_version}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kernel_version}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%files +"%{_sbindir}/*" +"%{_sysconfdir}/default/qat" +"%{_sysconfdir}/init.d/qat_service" +"/lib/modules/%{kernel_version}/kernel/drivers/crypto/qat/*.ko" +"%{_libdir}/*.so" +"/usr/lib/firmware/*" +"/usr/lib/firmware/updates/*" +"%{_sysconfdir}/qat/*" +"%{_sysconfdir}/qat/conf_files/*" diff --git a/qat17/files/0001-Install-config-file-for-each-VF.patch b/qat17/files/0001-Install-config-file-for-each-VF.patch new file mode 100644 index 0000000..2ae8686 --- /dev/null +++ b/qat17/files/0001-Install-config-file-for-each-VF.patch @@ -0,0 +1,118 @@ +From ab216edc24f2fb9d8c28662f069b027c6479d277 Mon Sep 17 00:00:00 2001 +From: eric zhang +Date: Fri, 17 Nov 2017 15:41:35 -0500 +Subject: [PATCH 1/1] Install config file for each VF + +Signed-off-by: eric zhang +--- + quickassist/build_system/build_files/qat_service | 60 +++++++++++++++++++++--- + 1 file changed, 54 insertions(+), 6 deletions(-) + +diff --git a/quickassist/build_system/build_files/qat_service b/quickassist/build_system/build_files/qat_service +index 168413b..8e2b838 100755 +--- a/quickassist/build_system/build_files/qat_service ++++ b/quickassist/build_system/build_files/qat_service +@@ -65,6 +65,12 @@ C3XX_DEVICE_PCI_ID_VM="19e3" + D15XX_DEVICE_PCI_ID="6f54" + D15XX_DEVICE_PCI_ID_VM="6f55" + ++QAT_DH895XCC_NUM_VFS=32 ++QAT_DHC62X_NUM_VFS=16 ++QAT_DHD15XX_NUM_VFS=16 ++QAT_DHC3XXX_NUM_VFS=16 ++ ++ + usage() { + echo + echo -------------------------------------------------------- +@@ -84,7 +90,7 @@ echo -------------------------------------------------------- + exit 1 + } + +-ADF_CTL=/usr/sbin/adf_ctl ++ADF_CTL=/usr/bin/adf_ctl + + # store the total number of each type of device + numDh895xDevicesPF=$(lspci -n | egrep -c "$INTEL_VENDORID:$DH895_DEVICE_PCI_ID") +@@ -193,15 +199,57 @@ case $1 in + + if [ $DO_ENABLE_SRIOV == 1 ]; then + echo enable sriov ++ ++ if [ $numDh895xDevicesPF != 0 ];then ++ for (( dev=0; dev<$numDh895xDevicesPF; dev++ )) ++ do ++ for (( vf_dev = 0; vf_dev < $QAT_DH895XCC_NUM_VFS; vf_dev++ )) ++ do ++ vf_dev_num=$(($dev * $numDh895xDevicesPF + $vf_dev)) ++ cp /etc/qat/dh895xccvf_dev0.conf.vm /etc/dh895xccvf_dev$vf_dev_num.conf ++ done ++ done ++ fi ++ if [ $numC62xDevicesPF != 0 ];then ++ for (( dev=0; dev<$numC62xDevicesPF; dev++ )) ++ do ++ for (( vf_dev = 0; vf_dev<$QAT_DHC62X_NUM_VFS; vf_dev++ )) ++ do ++ vf_dev_num=$(($dev * $numC62xDevicesPF + $vf_dev)) ++ cp /etc/qat/c6xxvf_dev0.conf.vm /etc/c6xxvf_dev$vf_dev_num.conf ++ done ++ done ++ fi ++ if [ $numC3xxDevicesPF != 0 ];then ++ for (( dev=0; dev<$numC3xxDevicesPF; dev++ )) ++ do ++ for (( vf_dev = 0; vf_dev<$QAT_DHC3XXX_NUM_VFS; vf_dev++ )) ++ do ++ vf_dev_num=$(($dev * $numC3xxDevicesPF + $vf_dev)) ++ cp /etc/qat/c3xxvf_dev0.conf.vm /etc/c3xxvf_dev$vf_dev_num.conf ++ done ++ done ++ fi ++ if [ $numD15xxDevicesPF != 0 ];then ++ for (( dev=0; dev<$numD15xxDevicesPF; dev++ )) ++ do ++ for (( vf_dev = 0; vf_dev<$QAT_DHD15XX_NUM_VFS; vf_dev++ )) ++ do ++ vf_dev_num=$(($dev * $numD15xxDevicesPF + $vf_dev)) ++ cp /etc/qat/D15xxvf_dev0.conf.vm /etc/D15xxvf_dev$vf_dev_num.conf ++ done ++ done ++ fi ++ + enable_sriov $2 + fi + + # Show device status +- /usr/sbin/adf_ctl $2 status ++ /usr/bin/adf_ctl $2 status + ;; + + Shutdown|shutdown) +- /usr/sbin/adf_ctl down ++ /usr/bin/adf_ctl down + modprobe -q -r usdm_drv + modprobe -q -r qat_dh895xccvf + modprobe -q -r qat_c62xvf +@@ -215,15 +263,15 @@ case $1 in + ;; + + Stop|stop) +- /usr/sbin/adf_ctl $2 down ++ /usr/bin/adf_ctl $2 down + ;; + + Restart|restart) +- /usr/sbin/adf_ctl $2 down && /usr/sbin/adf_ctl $2 up ++ /usr/bin/adf_ctl $2 down && /usr/bin/adf_ctl $2 up + ;; + + Status|status) +- /usr/sbin/adf_ctl status ++ /usr/bin/adf_ctl status + if [ "$?" -ne 0 ] + then + echo "No devices found. Please start the driver using:" +-- +1.8.3.1 + diff --git a/qat17/files/Get-and-report-the-return-code-on-firmware-load-fail.patch b/qat17/files/Get-and-report-the-return-code-on-firmware-load-fail.patch new file mode 100644 index 0000000..0fa7bb2 --- /dev/null +++ b/qat17/files/Get-and-report-the-return-code-on-firmware-load-fail.patch @@ -0,0 +1,42 @@ +From 996bdb87cbaab4d8f498ec7897c38bc9d19e29e7 Mon Sep 17 00:00:00 2001 +Message-Id: <996bdb87cbaab4d8f498ec7897c38bc9d19e29e7.1511969785.git.Jim.Somerville@windriver.com> +From: Jim Somerville +Date: Wed, 29 Nov 2017 10:36:12 -0500 +Subject: [PATCH 1/1] Get and report the return code on firmware load failure + +Signed-off-by: Jim Somerville +--- + .../qat/drivers/crypto/qat/qat_common/adf_accel_engine.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/quickassist/qat/drivers/crypto/qat/qat_common/adf_accel_engine.c b/quickassist/qat/drivers/crypto/qat/qat_common/adf_accel_engine.c +index 6d96fd6..522cbf0 100644 +--- a/quickassist/qat/drivers/crypto/qat/qat_common/adf_accel_engine.c ++++ b/quickassist/qat/drivers/crypto/qat/qat_common/adf_accel_engine.c +@@ -57,6 +57,7 @@ int adf_ae_fw_load(struct adf_accel_dev *accel_dev) + struct adf_hw_device_data *hw_device = accel_dev->hw_device; + void *uof_addr, *mmp_addr; + u32 uof_size, mmp_size; ++ int rc; + #ifdef QAT_UIO + struct adf_accel_pci *pci_info = &accel_dev->accel_pci_dev; + unsigned long storage_enabled = 0; +@@ -72,10 +73,11 @@ int adf_ae_fw_load(struct adf_accel_dev *accel_dev) + if (!hw_device->fw_name) + return 0; + +- if (request_firmware(&loader_data->mmp_fw, hw_device->fw_mmp_name, +- &accel_dev->accel_pci_dev.pci_dev->dev)) { +- dev_err(&GET_DEV(accel_dev), "Failed to load MMP firmware %s\n", +- hw_device->fw_mmp_name); ++ rc = request_firmware(&loader_data->mmp_fw, hw_device->fw_mmp_name, ++ &accel_dev->accel_pci_dev.pci_dev->dev); ++ if (rc) { ++ dev_err(&GET_DEV(accel_dev), "Failed to load MMP firmware %s rc=%d\n", ++ hw_device->fw_mmp_name, rc); + return -EFAULT; + } + if (request_firmware(&loader_data->uof_fw, hw_device->fw_name, +-- +1.8.3.1 + diff --git a/qat17/files/qat b/qat17/files/qat new file mode 100644 index 0000000..e2447c0 --- /dev/null +++ b/qat17/files/qat @@ -0,0 +1 @@ +SRIOV_ENABLE=1 diff --git a/qat17/files/qat_service b/qat17/files/qat_service new file mode 100755 index 0000000..49a1c03 --- /dev/null +++ b/qat17/files/qat_service @@ -0,0 +1,320 @@ +#!/bin/bash +################################################################# +# +# BSD LICENSE +# +# Copyright(c) 2007-2016 Intel Corporation. All rights reserved. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# version: QAT1.7.Upstream.L.1.0.3-42 +# +################################################################# +# +### BEGIN INIT INFO +# Provides: QAT +# Required-Start: $ALL +# Required-Stop: +# Default-Start: 2 3 5 +# Default-Stop: 0 1 4 6 +# Description: Intel QAT service +### END INIT INFO +# +# qat_service Start/Stop the Intel QAT. +# +# chkconfig: 345 99 99 +# description: modprobe the QAT modules, which loads dependant \ +# modules, before calling the user space \ +# utility to pass configuration parameters + +usage() { +echo +echo -------------------------------------------------------- +echo USAGE: +echo -------------------------------------------------------- +echo "# $0 start||stop||status||restart||shutdown" +echo -------------------------------------------------------- +echo " Note: If there is more devices in the system" +echo " you can start, stop or restart separate device by " +echo " passing the dev to be restarted or stopped as a" +echo " parameter for instance: " +echo " $0 stop qat_dev" +echo " where N is device number." +echo " To see all devices in the system use:" +echo " $0 status" +echo -------------------------------------------------------- +exit 1 +} + +inventory_the_devices() { + # dynamically inventory the devices by looking at the pci bus + # store the total number of each type of device seen + numDh895xDevicesPF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${DH895_DEVICE_PCI_ID}") + numDh895xDevicesVF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${DH895_DEVICE_PCI_ID_VM}") + numC62xDevicesPF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${C62X_DEVICE_PCI_ID}") + numC62xDevicesVF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${C62X_DEVICE_PCI_ID_VM}") + numC3xxDevicesPF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${C3XX_DEVICE_PCI_ID}") + numC3xxDevicesVF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${C3XX_DEVICE_PCI_ID_VM}") + numD15xxDevicesPF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${D15XX_DEVICE_PCI_ID}") + numD15xxDevicesVF=$(lspci -n | egrep -c "${INTEL_VENDORID}:${D15XX_DEVICE_PCI_ID_VM}") +} + +enable_sriov() { + PF_LIST=`${ADF_CTL} $1 status | grep -e "^ *qat_dev" | grep -v "vf," | awk '{print $1}'` + + for PF_DEV in ${PF_LIST} + do + # Extract the BSF to build the path to /sys/bus/.../sriov)_numvfs + BSF=`${ADF_CTL} ${PF_DEV} status | tail -1 | awk '{print $8}' | awk 'BEGIN{FS=","}{print $1}'` + B=`echo ${BSF} | awk 'BEGIN{FS=":"}{print $1}'` + SF=`echo ${BSF} | awk 'BEGIN{FS=":"}{print $2}'` + S=`echo ${SF} | awk 'BEGIN{FS="."}{print $1}'` + F=`echo ${SF} | awk 'BEGIN{FS="."}{print $2}'` + SYSFS_DIR=/sys/bus/pci/devices/0000:${B}:${S}.${F} + + if [ ! -e ${SYSFS_DIR}/sriov_numvfs ]; then + echo "Cannot enable SRIOV for ${PF_DEV}. No sriov_numvs file" + exit 1 + fi + + NUMVFS=`cat ${SYSFS_DIR}/sriov_numvfs` + if [ ${NUMVFS} != 0 ]; then + echo "SRIOV is already enabled for ${PF_DEV}" + exit 1 + fi + + cat ${SYSFS_DIR}/sriov_totalvfs > ${SYSFS_DIR}/sriov_numvfs + if [ $? != 0 ]; then + echo "Could not enable SRIOV for ${PF_DEV}" + exit 1; + fi + + # Get a list of all the VFs for this PF and bring then down + VF_LIST=`${ADF_CTL} status | grep "bsf: ${B}" | grep "vf," | awk '{print $1}'` + for VF_DEV in ${VF_LIST} + do + ${ADF_CTL} ${VF_DEV} down + done + done + + ${ADF_CTL} up +} + +load_the_required_modules() { + # Using the collected inventory, install the modules. No harm done if already installed. + if [ ${numDh895xDevicesPF} != 0 ]; then + modprobe qat_dh895xcc + fi + if [ ${numC62xDevicesPF} != 0 ]; then + modprobe qat_c62x + fi + if [ ${numC3xxDevicesPF} != 0 ]; then + modprobe qat_c3xxx + fi + if [ ${numD15xxDevicesPF} != 0 ]; then + modprobe qat_d15xx + fi + if [ `lsmod | grep "usdm_drv" | wc -l` == "0" ]; then + modprobe usdm_drv + fi + # Loading VF drivers as necessary + # The VF devices only appear after SRIOV is enabled on the PF, + # therefore we can't use lspci to determine that the VF driver should be loaded. + # Instead, if we want SRIOV, and we have a specific PF device, then load the driver. + if [ ${SRIOV_ENABLE} == 1 ]; then + if [ ${numDh895xDevicesPF} != 0 -o ${numDh895xDevicesVF} != 0 ]; then + modprobe qat_dh895xccvf + fi + if [ ${numC62xDevicesPF} != 0 -o ${numC62xDevicesVF} != 0 ]; then + modprobe qat_c62xvf + fi + if [ ${numC3xxDevicesPF} != 0 -o ${numC3xxDevicesVF} != 0 ]; then + modprobe qat_c3xxxvf + fi + if [ ${numD15xxDevicesPF} != 0 -o ${numD15xxDevicesVF} != 0 ]; then + modprobe qat_d15xxvf + fi + fi +} + +copy_in_config_files() { + local num_devices=${1} + local device_file_prefix=${2} + local source_file_suffix="${3}" + + if [ ${num_devices} != 0 ]; then + for (( dev=0; dev<${num_devices}; dev++ )) + do + if [ -e /etc/qat/conf_files/${device_file_prefix}_dev${dev}.conf${source_file_suffix} ]; then + cp /etc/qat/conf_files/${device_file_prefix}_dev${dev}.conf${source_file_suffix} /etc/${device_file_prefix}_dev${dev}.conf + else + echo "QAT: ${device_file_prefix}: using dev0 device config for device ${dev}, settings may be suboptimal" + cp /etc/qat/conf_files/${device_file_prefix}_dev0.conf${source_file_suffix} /etc/${device_file_prefix}_dev${dev}.conf + fi + done + fi +} + +establish_the_device_PF_config_files() { + copy_in_config_files ${numDh895xDevicesPF} 'dh895xcc' '' + copy_in_config_files ${numC62xDevicesPF} 'c6xx' '' + copy_in_config_files ${numC3xxDevicesPF} 'c3xxx' '' + copy_in_config_files ${numD15xxDevicesPF} 'd15xx' '' +} + +establish_the_device_VF_config_files() { + copy_in_config_files $(( ${numDh895xDevicesPF} * ${QAT_DH895XCC_NUM_VFS} )) 'dh895xccvf' '.vm' + copy_in_config_files $(( ${numC62xDevicesPF} * ${QAT_DHC62X_NUM_VFS} )) 'c6xxvf' '.vm' + copy_in_config_files $(( ${numC3xxDevicesPF} * ${QAT_DHC3XXX_NUM_VFS} )) 'c3xxxvf' '.vm' + copy_in_config_files $(( ${numD15xxDevicesPF} * ${QAT_DHD15XX_NUM_VFS} )) 'd15xxvf' '.vm' +} + +establish_the_guest_VF_config_files() { + copy_in_config_files ${numDh895xDevicesVF} 'dh895xccvf' '.vm' + copy_in_config_files ${numC62xDevicesVF} 'c6xxvf' '.vm' + copy_in_config_files ${numC3xxDevicesVF} 'c3xxxvf' '.vm' + copy_in_config_files ${numD15xxDevicesVF} 'd15xxvf' '.vm' +} + +############### Mainline Begins ################ + +# Set the SRIOV_ENABLE variable by sourcing the qat file +test -f /etc/default/qat && . /etc/default/qat + +INTEL_VENDORID="8086" +DH895_DEVICE_PCI_ID="0435" +DH895_DEVICE_PCI_ID_VM="0443" +C62X_DEVICE_PCI_ID="37c8" +C62X_DEVICE_PCI_ID_VM="37c9" +C3XX_DEVICE_PCI_ID="19e2" +C3XX_DEVICE_PCI_ID_VM="19e3" +D15XX_DEVICE_PCI_ID="6f54" +D15XX_DEVICE_PCI_ID_VM="6f55" + +QAT_DH895XCC_NUM_VFS=32 +QAT_DHC62X_NUM_VFS=16 +QAT_DHD15XX_NUM_VFS=16 +QAT_DHC3XXX_NUM_VFS=16 + +ADF_CTL=/usr/sbin/adf_ctl + +inventory_the_devices + +case $1 in + Start|start) + + load_the_required_modules + + # Make sure the devices are off + ${ADF_CTL} $2 down + + establish_the_device_PF_config_files + + ${ADF_CTL} $2 status | grep -e "^ *qat_dev" | grep -v vf > /dev/null + if [ $? == 0 ]; then + PHYS_FUNCTIONS=1 + else + PHYS_FUNCTIONS=0 + fi + ${ADF_CTL} $2 status | grep -e "^ *qat_dev" | grep vf > /dev/null + if [ $? == 0 ]; then + VIRT_FUNCTIONS=1 + else + VIRT_FUNCTIONS=0 + fi + # Check if sriov should be enabled. + if [ ${SRIOV_ENABLE} == 1 ]; then + if [ ${PHYS_FUNCTIONS} == 1 ]; then + # We have physical functions + DO_ENABLE_SRIOV=1 + else + # No physical functions + DO_ENABLE_SRIOV=0 + fi + else + DO_ENABLE_SRIOV=0 + fi + + if [ ${DO_ENABLE_SRIOV} == 1 ]; then + echo "enabling sriov" + + establish_the_device_VF_config_files + + enable_sriov $2 + else + if [ ${PHYS_FUNCTIONS} == 0 ]; then + if [ ${VIRT_FUNCTIONS} == 1 ]; then + establish_the_guest_VF_config_files + fi + fi + fi + + # Turn the devices on + ${ADF_CTL} $2 up + + # Show device status + ${ADF_CTL} $2 status + ;; + + Shutdown|shutdown) + ${ADF_CTL} down + modprobe -q -r usdm_drv + modprobe -q -r qat_dh895xccvf + modprobe -q -r qat_c62xvf + modprobe -q -r qat_c3xxxvf + modprobe -q -r qat_dh895xcc + modprobe -q -r qat_c62x + modprobe -q -r qat_c3xxx + modprobe -q -r qat_d15xx + modprobe -q -r qat_d15xxvf + modprobe -q -r intel_qat + ;; + + Stop|stop) + ${ADF_CTL} $2 down + ;; + + Restart|restart) + ${ADF_CTL} $2 down && ${ADF_CTL} $2 up + ;; + + Status|status) + ${ADF_CTL} status + if [ "$?" -ne 0 ] + then + echo "No devices found. Please start the driver using:" + echo "$0 start" + fi + ;; + + *) + usage + ;; + +esac +exit 0 diff --git a/rpm/centos/build_srpm.data b/rpm/centos/build_srpm.data new file mode 100644 index 0000000..657af79 --- /dev/null +++ b/rpm/centos/build_srpm.data @@ -0,0 +1,5 @@ +TAR_NAME=rpm +VERSION=4.14.0 +TIS_PATCH_VER=1 + +COPY_LIST="$CGCS_BASE/downloads/$TAR_NAME-$VERSION.tar.bz2 patches/*" diff --git a/rpm/centos/rpm.spec b/rpm/centos/rpm.spec new file mode 100644 index 0000000..8478fe7 --- /dev/null +++ b/rpm/centos/rpm.spec @@ -0,0 +1,1362 @@ +# build against xz? +%bcond_without xz +# just for giggles, option to build with internal Berkeley DB +%bcond_with int_bdb +# run internal testsuite? +%bcond_with check +# disable plugins initially +%bcond_without plugins + +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} + +%define rpmhome /usr/lib/rpm + +%define rpmver 4.14.0 +%define srcver %{rpmver}%{?snapver:-%{snapver}} + +%define bdbname libdb +%define bdbver 5.3.15 +%define dbprefix db + +Summary: The RPM package management system +Name: rpm +Version: %{rpmver} +Release: 1%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Base +Url: http://www.rpm.org/ +Source0: %{name}-%{version}%{?snapver:-%{snapver}}.tar.bz2 +%if %{with int_bdb} +Source1: db-%{bdbver}.tar.gz +%else +BuildRequires: libdb-devel +%endif + +Patch1: 0001-sign-files-only.patch + +# Partially GPL/LGPL dual-licensed and some bits with BSD +# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD +License: GPLv2+ + +Requires: coreutils +%if %{without int_bdb} +# db recovery tools, rpmdb_util symlinks +Requires: %{_bindir}/%{dbprefix}_stat +%endif +Requires: popt%{_isa} >= 1.10.2.1 +Requires: curl + +%if %{without int_bdb} +BuildRequires: %{bdbname}-devel +%endif + +%if %{with check} +BuildRequires: fakechroot +%endif + +# XXX generally assumed to be installed but make it explicit as rpm +# is a bit special... +BuildRequires: redhat-rpm-config +BuildRequires: gawk +BuildRequires: elfutils-devel >= 0.112 +BuildRequires: elfutils-libelf-devel +BuildRequires: readline-devel zlib-devel +BuildRequires: nss-devel +BuildRequires: nss-softokn-freebl-devel +# The popt version here just documents an older known-good version +BuildRequires: popt-devel >= 1.10.2 +BuildRequires: file-devel +BuildRequires: gettext-devel +BuildRequires: libselinux-devel +# XXX semanage is only used by sepolicy plugin but configure requires it... +BuildRequires: libsemanage-devel +BuildRequires: ncurses-devel +BuildRequires: bzip2-devel >= 0.9.0c-2 +BuildRequires: python-devel >= 2.6 +BuildRequires: lua-devel >= 5.1 +BuildRequires: libcap-devel +BuildRequires: libacl-devel +%if ! %{without xz} +BuildRequires: xz-devel >= 4.999.8 +%endif +%if %{with plugins} +# Required for systemd-inhibit plugin +BuildRequires: dbus-devel +%endif + +# Only required by sepdebugcrcfix patch +BuildRequires: binutils-devel +# Also required as sepdebugcrcfix messes with all the make files +BuildRequires: automake + +BuildRequires: libtool +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gettext-devel +BuildRequires: openssl-devel +BuildRequires: libattr-devel +BuildRequires: nss-devel +BuildRequires: file-devel +BuildRequires: libarchive-devel +BuildRequires: popt-devel +BuildRequires: ima-evm-utils +BuildRequires: ima-evm-utils-devel +BuildRequires: lua-devel +BuildRequires: zlib-devel +BuildRequires: nspr-devel +BuildRequires: libdb-devel + + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root + +%description +The RPM Package Manager (RPM) is a powerful command line driven +package management system capable of installing, uninstalling, +verifying, querying, and updating software packages. Each software +package consists of an archive of files along with information about +the package like its version, a description, etc. + +%package libs +Summary: Libraries for manipulating RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: rpm = %{version}-%{release} +Provides: librpm.so.3()(64bit) librpmio.so.3()(64bit) +Provides: librpm.so.7()(64bit) librpmio.so.7()(64bit) +# librpm uses cap_compare, introduced sometimes between libcap 2.10 and 2.16. +# A manual require is needed, see #505596 +Requires: libcap%{_isa} >= 2.16 + +%description libs +This package contains the RPM shared libraries. + +%package build-libs +Summary: Libraries for building and signing RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: rpm-libs%{_isa} = %{version}-%{release} +Requires: %{_bindir}/gpg2 + +%description build-libs +This package contains the RPM shared libraries for building and signing +packages. + +%package devel +Summary: Development files for manipulating RPM packages +Group: Development/Libraries +License: GPLv2+ and LGPLv2+ with exceptions +Requires: rpm = %{version}-%{release} +Requires: rpm-libs%{_isa} = %{version}-%{release} +Requires: rpm-build-libs%{_isa} = %{version}-%{release} +Requires: popt-devel%{_isa} + +%description devel +This package contains the RPM C library and header files. These +development files will simplify the process of writing programs that +manipulate RPM packages and databases. These files are intended to +simplify the process of creating graphical package managers or any +other tools that need an intimate knowledge of RPM packages in order +to function. + +This package should be installed if you want to develop programs that +will manipulate RPM packages and databases. + +%package build +Summary: Scripts and executable programs used to build packages +Group: Development/Tools +Requires: rpm = %{version}-%{release} +Requires: elfutils >= 0.128 binutils +Requires: findutils sed grep gawk diffutils file patch >= 2.5 +Requires: unzip gzip bzip2 cpio xz tar +Requires: pkgconfig >= 1:0.24 +Requires: /usr/bin/gdb-add-index +# Technically rpmbuild doesn't require any external configuration, but +# creating distro-compatible packages does. To make the common case +# "just work" while allowing for alternatives, depend on a virtual +# provide, typically coming from redhat-rpm-config. +Requires: system-rpm-config +Conflicts: ocaml-runtime < 3.11.1-7 + +%description build +The rpm-build package contains the scripts and executable programs +that are used to build packages using the RPM Package Manager. + +%package sign +Summary: Package signing support +Group: System Environment/Base +Requires: rpm-build-libs%{_isa} = %{version}-%{release} + +%description sign +This package contains support for digitally signing RPM packages. + +%package python +Summary: Python bindings for apps which will manipulate RPM packages +Group: Development/Libraries +Requires: rpm = %{version}-%{release} + +%description python +The rpm-python package contains a module that permits applications +written in the Python programming language to use the interface +supplied by RPM Package Manager libraries. + +This package should be installed if you want to develop Python +programs that will manipulate RPM packages and databases. + +%package apidocs +Summary: API documentation for RPM libraries +Group: Documentation +BuildArch: noarch + +%description apidocs +This package contains API documentation for developing applications +that will manipulate RPM packages and databases. + +%package cron +Summary: Create daily logs of installed packages. +Group: System Environment/Base +BuildArch: noarch +Requires: crontabs logrotate rpm = %{version}-%{release} + +%description cron +This package contains a cron job which creates daily logs of installed +packages on a system. + +%if %{with plugins} +%package plugin-systemd-inhibit +Summary: Rpm plugin for systemd inhibit functionality +Group: System Environment/Base +Requires: rpm-libs%{_isa} = %{version}-%{release} + +%description plugin-systemd-inhibit +%{summary} +%endif + + +%prep +%setup -q -n %{name}-%{srcver} %{?with_int_bdb:-a 1} + +%patch1 -p1 + +%if %{with int_bdb} +ln -s db-%{bdbver} db +%endif + +%build + +# Using configure macro has some unwanted side-effects on rpm platform +# setup, use the old-fashioned way for now only defining minimal paths. +./autogen.sh \ + --prefix=%{_usr} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_var} \ + --sharedstatedir=%{_var}/lib \ + --libdir=%{_libdir} \ + %{!?with_int_bdb: --with-external-db} \ + %{!?with_plugins: --disable-plugins} \ + --with-lua \ + --with-cap \ + --with-acl \ + --enable-python \ + --with-vendor=redhat \ + --with-imaevm + +make %{?_smp_mflags} +ls %{_libdir} + +%install +rm -rf $RPM_BUILD_ROOT + +make DESTDIR="$RPM_BUILD_ROOT" install + +ln -s ./librpmio.so.7 ${RPM_BUILD_ROOT}%{_libdir}/librpmio.so.3 +ln -s ./librpm.so.7 ${RPM_BUILD_ROOT}%{_libdir}/librpm.so.3 +ls -l ${RPM_BUILD_ROOT}%{_libdir} + +# remove all plugins except systemd_inhibit +rm -f ${RPM_BUILD_ROOT}%{_libdir}/rpm-plugins/{exec.so,sepolicy.so} + +# Save list of packages through cron +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily +install -m 755 scripts/rpm.daily ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/rpm + +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d +install -m 644 scripts/rpm.log ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/rpm + +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d +echo "r /var/lib/rpm/__db.*" > ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/rpm.conf + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm +mkdir -p $RPM_BUILD_ROOT%{rpmhome}/macros.d + +mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/bash-completion/completions/rpm + + +mkdir -p $RPM_BUILD_ROOT/var/lib/rpm +for dbi in \ + Basenames Conflictname Dirnames Group Installtid Name Obsoletename \ + Packages Providename Requirename Triggername Sha1header Sigmd5 \ + __db.001 __db.002 __db.003 __db.004 __db.005 __db.006 __db.007 \ + __db.008 __db.009 +do + touch $RPM_BUILD_ROOT/var/lib/rpm/$dbi +done + +# plant links to relevant db utils as rpmdb_foo for documention compatibility +%if %{without int_bdb} +for dbutil in dump load recover stat upgrade verify +do + ln -s ../../bin/%{dbprefix}_${dbutil} $RPM_BUILD_ROOT/%{rpmhome}/rpmdb_${dbutil} +done +%endif + +%find_lang %{name} + +find $RPM_BUILD_ROOT -name "*.la"|xargs rm -f + +%clean +rm -rf $RPM_BUILD_ROOT + +%if %{with check} +%check +make check +[ "$(ls -A tests/rpmtests.dir)" ] && cat tests/rpmtests.log +%endif + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%post build-libs -p /sbin/ldconfig +%postun build-libs -p /sbin/ldconfig + +%posttrans +# XXX this is klunky and ugly, rpm itself should handle this +dbstat=/usr/lib/rpm/rpmdb_stat +if [ -x "$dbstat" ]; then + if "$dbstat" -e -h /var/lib/rpm 2>&1 | grep -q "doesn't match library version \| Invalid argument"; then + rm -f /var/lib/rpm/__db.* + fi +fi +exit 0 + +%files -f %{name}.lang +%defattr(-,root,root,-) + +/usr/lib/tmpfiles.d/rpm.conf +%dir %{_sysconfdir}/rpm + +%attr(0755, root, root) %dir /var/lib/rpm +%attr(0644, root, root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/rpm/* + +%{_bindir}/rpm +%{_bindir}/rpm2cpio +%{_bindir}/rpmdb +%{_bindir}/rpmkeys +%{_bindir}/rpmquery +%{_bindir}/rpmverify + +%{_mandir}/man8/rpm.8* +%{_mandir}/man8/rpmdb.8* +%{_mandir}/man8/rpmkeys.8* +%{_mandir}/man8/rpm2cpio.8* + +%{_datadir}/bash-completion/completions/rpm + +# XXX this places translated manuals to wrong package wrt eg rpmbuild +%lang(fr) %{_mandir}/fr/man[18]/*.[18]* +%lang(ko) %{_mandir}/ko/man[18]/*.[18]* +%lang(ja) %{_mandir}/ja/man[18]/*.[18]* +%lang(pl) %{_mandir}/pl/man[18]/*.[18]* +%lang(ru) %{_mandir}/ru/man[18]/*.[18]* +%lang(sk) %{_mandir}/sk/man[18]/*.[18]* + +%attr(0755, root, root) %dir %{rpmhome} +%{rpmhome}/macros +%{rpmhome}/macros.d +%{rpmhome}/rpmpopt* +%{rpmhome}/rpmrc + +%{rpmhome}/rpmdb_* +%{rpmhome}/rpm.daily +%{rpmhome}/rpm.log +%{rpmhome}/rpm.supp +%{rpmhome}/rpm2cpio.sh +%{rpmhome}/tgpg + +%{rpmhome}/platform + +%files libs +%defattr(-,root,root) +%{_libdir}/librpmio.so.* +%{_libdir}/librpm.so.* + +%if %{with plugins} +%files plugin-systemd-inhibit +%{_libdir}/rpm-plugins +%endif + +%files build-libs +%defattr(-,root,root) +%{_libdir}/librpmbuild.so.* +%{_libdir}/librpmsign.so.* + +%files build +%defattr(-,root,root) +%{_bindir}/rpmbuild +%{_bindir}/gendiff +%{_bindir}/rpmspec +%{_bindir}/rpm2archive + +%{_mandir}/man1/gendiff.1* +%{_mandir}/man8/rpmbuild.8* +%{_mandir}/man8/rpmdeps.8* +%{_mandir}/man8/rpmspec.8* + +%{rpmhome}/brp-* +%{rpmhome}/check-* +%{rpmhome}/debugedit +%{rpmhome}/sepdebugcrcfix +%{rpmhome}/find-debuginfo.sh +%{rpmhome}/find-lang.sh +%{rpmhome}/*provides* +%{rpmhome}/*requires* +%{rpmhome}/*deps* +%{rpmhome}/*.prov +%{rpmhome}/*.req +%{rpmhome}/config.* +%{rpmhome}/mkinstalldirs +%{rpmhome}/macros.p* +%{rpmhome}/fileattrs + +%files sign +%defattr(-,root,root) +%{_bindir}/rpmsign +%{_mandir}/man8/rpmsign.8* + +%files python +%defattr(-,root,root) +%{python_sitearch}/rpm + +%files devel +%defattr(-,root,root) +%{_mandir}/man8/* +%{_bindir}/rpmgraph +%{_libdir}/librp*[a-z].so +%{_libdir}/pkgconfig/rpm.pc +%{_includedir}/rpm + +%files cron +%defattr(-,root,root) +%{_sysconfdir}/cron.daily/rpm +%config(noreplace) %{_sysconfdir}/logrotate.d/rpm + +%files apidocs +%defattr(-,root,root) + +%changelog +* Tue Jul 26 2016 Florian Festi - 4.11.3-21 +- Fix --sign for rpmbuild with --quiet (#1293483) +- Adjusted fix for --noplugins option (#1264031) + +* Thu Jul 14 2016 Florian Festi - 4.11.3-20 +- Removed broken fix for #1293483 + +* Thu Apr 21 2016 Florian Festi - 4.11.3-18 +- Fixed failing upstream test 257 on big endian systems (#1264463) +- Fixed problems with perl.req script (#1320214, #1275551) +- Fixed race condition in rpm file deployment when updating an existing file + (#1320181) +- Move bdb warnings from stdin to stdout (#1297793) +- Add --justdb to the erase section of the man page, too (#1310561) +- Backport support for multi threaded xz compression (#1278924) +- Update config.guess (#1291377) +- Add --noplugins option (#1264031) +- Overwrite a file if it is not marked as config any more (#1290463) +- Add man page for systemd-inhibit plugin (#1265578) + +* Tue Dec 01 2015 Pavol Babincak - 4.11.3-17.2 +- Remove one more %%{_isa} from BuildRequires (#1286805) + +* Tue Dec 01 2015 Pavol Babincak - 4.11.3-17.1 +- Remove %%{_isa} from BuildRequires (#1286805) + +* Fri Sep 11 2015 Florian Festi - 4.11.3-17 +- Detect plugins by DSO file name. Needed for #1160401 + +* Thu Aug 20 2015 Florian Festi - 4.11.3-16 +- Add fix for the fix for #1225118 + +* Wed Aug 19 2015 Florian Festi - 4.11.3-15 +- Remove incompatible check for multiple separators in version or release + (#1250538) + +* Wed Aug 19 2015 Florian Festi - 4.11.3-14 +- Enable plugin system but disable collection plugins. Needed for + systemd-inhibit plugin (#1160401) +- Move systemd-inhibit plugin into its own sub packge + +* Tue Jul 21 2015 Florian Festi - 4.11.3-13 +- Don't show error message if log function fails because of broken pipe + (#1244687) + +* Wed Jul 08 2015 Florian Festi - 4.11.3-12 +- Dont eat newlines on parametrized macro invocations (#1225118) + +* Tue Jul 07 2015 Florian Festi - 4.11.3-11 +- Back port rpm-plugin-systemd-inhibit (#1160401) + +* Thu Jul 02 2015 Florian Festi - 4.11.3-10 +- Fix stripping and debuginfo creation of binaries for changed file output. + (#1206312) + +* Tue Jun 30 2015 Florian Festi - 4.11.3-9 +- Fix color skipping of multiple files with the same content (#1170119) + +* Mon Jun 29 2015 Florian Festi - 4.11.3-8 +- Add %make_build macro for hiding parallel-build magic from specs (#1221357) + +* Fri Jun 26 2015 Florian Festi - 4.11.3-7 +- Add deprecation warning to description of --addsign (#1165414) + +* Fri Jun 26 2015 Florian Festi - 4.11.3-6 +- Add bash completion (#1183032) + +* Fri Jun 26 2015 Florian Festi - 4.11.3-5 +- Fix producing bogus dependencies by perl.req (#1191121) + +* Thu Jun 25 2015 Florian Festi - 4.11.3-4 +- Clearly state that --setperms and --setugids are mutually exclusive + (#1192000) + +* Thu Jun 25 2015 Florian Festi - 4.11.3-3 +- If an error occurs during printing log message then print the error on stderr + (#1202753) + +* Thu Jun 25 2015 Florian Festi - 4.11.3-2 +- File mode from %%defattr is applied to directories with warning (#1204674) + +* Fri Jun 19 2015 Florian Festi - 4.11.3-1 +- Rebase to upstream release 4.11.3 (#1145970) + +* Mon Jan 12 2015 Florian Festi - 4.11.1-25 +- Check for malicious CPIO file name size (#1163061) +- Fixes CVE-2014-8118 + +* Thu Nov 13 2014 Florian Festi - 4.11.1-24 +- Fix race condidition where unchecked data is exposed in the file system + (#1163061) + +* Fri Oct 10 2014 Panu matilainen - 4.11.1-23 +- Really fix brp-python-bytecompile (#1083052) + +* Mon Sep 29 2014 Panu matilainen - 4.11.1-22 +- Actually apply the dirlink patch, doh. + +* Mon Sep 29 2014 Panu matilainen - 4.11.1-21 +- Handle directory replaced with a symlink to one in verify (#1101861) + +* Thu Sep 25 2014 Panu matilainen - 4.11.1-20 +- Byte-compile versioned python libdirs in non-root prefix too (#1083052) + +* Fri Apr 25 2014 Aldy Hernandez - 4.11.1-19 +- Handle ppc64le in libtool.m4. + +* Fri Apr 25 2014 Aldy Hernandez - 4.11.1-18 +- Import from rawhide: + * Wed Jan 15 2013 Panu Matilainen - 4.11.1-12 + - include ppc64le in %%power64 macro (#1052930) + +* Fri Apr 25 2014 Aldy Hernandez - 4.11.1-17 +- Import from rawhide: + * Tue Oct 01 2013 Panu Matilainen - 4.11.1-8 + - add support for ppc64le architecture + +* Mon Mar 24 2014 Panu Matilainen - 4.11.1-16 +- Fully reset file actions between rpmtsRun() calls (#1076552) + +* Wed Feb 19 2014 Panu Matilainen - 4.11.1-15 +- Make room for SHA224 in digest bundles (#1066494) + +* Tue Feb 18 2014 Panu Matilainen - 4.11.1-14 +- Fix incorrect header sort state on export bloating headers (#1061730) + +* Fri Jan 24 2014 Daniel Mach - 4.11.1-13 +- Mass rebuild 2014-01-24 + +* Thu Jan 16 2014 Panu Matilainen - 4.11.1-12 +- Make rpm-build depend on virtual system-rpm-config provide (#1048514) + +* Thu Jan 16 2014 Panu Matilainen - 4.11.1-11 +- Fix minidebuginfo generation on ppc64 (#1052415) + +* Fri Dec 27 2013 Daniel Mach - 4.11.1-10 +- Mass rebuild 2013-12-27 + +* Mon Sep 30 2013 Florian Festi - 4.11.1-9 + - Fix byteorder for 64 bit tags on big endian machines (#1012946) + - Better RPMSIGTAG_SIZE vs PMSIGTAG_LONGSIZE detection (#1012595) + +* Wed Sep 11 2013 Panu Matilainen - 4.11.1-8 +- Fix segfault on empty -p scriptlet body (#1004062) +- Add missing dependency on tar to rpm-build (#986539) + +* Thu Aug 29 2013 Panu Matilainen - 4.11.1-7 +- Fix relocation regression wrt unowned directories (#1001553) +- Fix build-time double-free wrt %%caps() on wildcard file entry (#1002089) +- Fix source URL in spec + +* Fri Aug 02 2013 Florian Festi - 4.11.1-6 + - Disable test suite as fakechroot is not longer in the distribution + +* Fri Aug 02 2013 Florian Festi - 4.11.1-5 +- Revert: Clarify man page about mutually exclusive options (#969505) +- Revert: Move translated rpmgraph man pages to devel sub package (#948861) + +* Thu Aug 01 2013 Florian Festi - 4.11.1-4 +- Clarify man page about mutually exclusive options (#969505) +- Move translated rpmgraph man pages to devel sub package (#948861) + +* Tue Jul 30 2013 Florian Festi - 4.11.1-3 +- Do not filter out lib64.* dependencies (#988373) + +* Fri Jul 05 2013 Panu Matilainen - 4.11.1-2 +- filter out non-library soname dependencies by default + +* Fri Jul 05 2013 Panu Matilainen - 4.11.1-1 +- update to 4.11.1 (http://rpm.org/wiki/Releases/4.11.1) +- drop upstreamed patches +- fix .gnu_debuglink CRC32 after dwz, buildrequire binutils-devel (#971119) +- ensure relocatable packages always get install-prefix(es) set (#979443) + +* Tue May 28 2013 Panu Matilainen - 4.11.0.1-2 +- check for stale locks when opening write-cursors (#860500, #962750...) +- serialize BDB environment open/close (#924417) + +* Mon Feb 04 2013 Panu Matilainen - 4.11.0.1-1 +- update to 4.11.0.1 (http://rpm.org/wiki/Releases/4.11.0.1) + +* Tue Jan 29 2013 Panu Matilainen - 4.11.0-0.beta1.3 +- revert yesterdays ghost-fix, it eats rpmdb's on upgrades + +* Mon Jan 28 2013 Panu Matilainen - 4.11.0-0.beta1.2 +- armv7hl and armv7hnl should not have -mthumb (#901901) +- fix duplicate directory ownership between rpm and rpm-build (#894201) +- fix regression on paths shared between a real file/dir and a ghost + +* Mon Dec 10 2012 Panu Matilainen - 4.11.0-0.beta1.1 +- update to 4.11 beta + +* Mon Nov 19 2012 Panu Matilainen - 4.10.90-0.git11989.3 +- package /usr/lib/rpm/macros.d directory (related to #846679) +- fixup a bunch of old incorrect dates in spec changelog + +* Sat Nov 17 2012 Panu Matilainen - 4.10.90-0.git11989.2 +- fix double-free on %caps in spec (#877512) + +* Thu Nov 15 2012 Panu Matilainen - 4.10.90-0.git11989.1 +- update to 4.11 (http://rpm.org/wiki/Releases/4.11.0) post-alpha snapshot +- drop/adjust patches as necessary + +* Thu Oct 11 2012 Panu Matilainen - 4.10.1-3 +- fix noarch __isa_* macro filter in installplatform (#865436) + +* Wed Oct 10 2012 Panu Matilainen - 4.10.1-2 +- account for intentionally skipped files when verifying hardlinks (#864622) + +* Wed Oct 03 2012 Panu Matilainen - 4.10.1-1 +- update to 4.10.1 ((http://rpm.org/wiki/Releases/4.10.1) + +* Mon Jul 30 2012 Panu Matilainen - 4.10.0-6 +- move our tmpfiles config to more politically correct location (#840192) + +* Sat Jul 21 2012 Fedora Release Engineering - 4.10.0-5.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 02 2012 Panu Matilainen - 4.10.0-5 +- force _host_vendor to redhat to better match toolchain etc (#485203) + +* Thu Jun 28 2012 Panu Matilainen - 4.10.0-4 +- merge ppc64p7 related fixes that only went into f17 (#835978) + +* Wed Jun 27 2012 Panu Matilainen - 4.10.0-3 +- add support for minidebuginfo generation (#834073) + +* Mon Jun 25 2012 Panu Matilainen - 4.10.0-2 +- add dwarf compression support to debuginfo generation (#833311) + +* Thu May 24 2012 Panu Matilainen - 4.10.0-1 +- update to 4.10.0 final + +* Mon Apr 23 2012 Panu Matilainen - 4.10.0-0.beta1.1 +- update to 4.10.0-beta1 + +* Mon Apr 16 2012 Panu Matilainen - 4.9.90-0.git11536.1 +- newer git snapshot (#809402, #808750) +- adjust posttrans script wrt bdb string change (#803866, #805613) + +* Thu Apr 05 2012 Panu Matilainen - 4.9.90-0.git11519.1 +- newer git snapshot to keep patch-count down +- fixes CVE-2012-0060, CVE-2012-0061 and CVE-2012-0815 +- fix obsoletes in installing set getting matched on provides (#810077) + +* Wed Apr 04 2012 Jindrich Novy - 4.9.90-0.git11505.12 +- rebuild against new libdb + +* Tue Apr 03 2012 Jindrich Novy - 4.9.90-0.git11505.11 +- build with internal libdb to allow libdb build with higher soname + +* Fri Mar 30 2012 Panu Matilainen - 4.9.90-0.git11505.10 +- fix base arch macro generation (#808250) + +* Thu Mar 29 2012 Panu Matilainen - 4.9.90-0.git11505.9 +- accept files as command line arguments to rpmdeps again (#807767) + +* Mon Mar 26 2012 Panu Matilainen - 4.9.90-0.git11505.8 +- remove fake library provide hacks now that deltarpm got rebuilt + +* Fri Mar 23 2012 Panu Matilainen - 4.9.90-0.git11505.7 +- fix header data length calculation breakage + +* Thu Mar 22 2012 Panu Matilainen - 4.9.90-0.git11505.6 +- fix keyid size bogosity causing breakage on 32bit systems + +* Wed Mar 21 2012 Panu Matilainen - 4.9.90-0.git11505.5 +- add temporary fake library provides to get around deltarpm "bootstrap" + dependency (yes its dirty) + +* Wed Mar 21 2012 Panu Matilainen - 4.9.90-0.git11505.4 +- fix overzealous sanity check breaking posttrans scripts + +* Tue Mar 20 2012 Panu Matilainen - 4.9.90-0.git11505.3 +- fix bad interaction with yum's test-transaction and pretrans scripts + +* Tue Mar 20 2012 Jindrich Novy - 4.9.90-0.git11505.2 +- rebuild + +* Tue Mar 20 2012 Panu Matilainen - 4.9.90-0.git11505.1 +- update to 4.10.0 alpha (http://rpm.org/wiki/Releases/4.10.0) +- drop/adjust patches as necessary + +* Wed Mar 07 2012 Panu Matilainen - 4.9.1.2-14 +- fix backport thinko in the exclude patch + +* Wed Mar 07 2012 Panu Matilainen - 4.9.1.2-13 +- fix memory corruption on rpmdb size estimation (#766260) +- fix couple of memleaks in python bindings (#782147) +- fix regression in verify output formatting (#797964) +- dont process spec include in false branch of if (#782970) +- only warn on missing excluded files on build (#745629) +- dont free up file info sets on test transactions + +* Thu Feb 09 2012 Panu Matilainen - 4.9.1.2-12 +- switch back to smaller BDB cache default (#752897) + +* Sun Jan 15 2012 Dennis Gilmore - 4.9.1.2-11 +- always apply arm hfp macros, conditionally apply the logic to detect hfp + +* Tue Jan 10 2012 Panu Matilainen - 4.9.1.2-10 +- adjust perl and python detection rules for libmagic change (#772699) + +* Mon Jan 09 2012 Jindrich Novy - 4.9.1.2-9 +- recognize perl script as perl code (#772632) + +* Tue Dec 20 2011 Kay Sievers - 4.9.1.2-8 +- add temporary rpmlib patch to support filesystem transition + https://fedoraproject.org/wiki/Features/UsrMove + +* Fri Dec 02 2011 Panu Matilainen - 4.9.1.2-7 +- switch over to libdb, aka Berkeley DB 5.x + +* Thu Dec 01 2011 Panu Matilainen - 4.9.1.2-6 +- fix classification of ELF binaries with setuid/setgid bit (#758251) + +* Fri Nov 25 2011 Panu Matilainen - 4.9.1.2-5 +- adjust font detection rules for libmagic change (#757105) + +* Wed Nov 09 2011 Dennis Gilmore - 4.9.1.2-4 +- conditionally apply arm patch for hardfp on all arches but arm softfp ones + +* Fri Oct 28 2011 Panu Matilainen - 4.9.1.2-3 +- adjust db util prefix & dependency due to #749293 +- warn but dont fail the build if STABS encountered by debugedit (#725378) + +* Wed Oct 12 2011 Panu Matilainen - 4.9.1.2-2 +- try teaching find-lang about the new gnome help layout (#736523) + +* Thu Sep 29 2011 Panu Matilainen - 4.9.1.2-1 +- update to 4.9.1.2 (CVE-2011-3378) +- drop upstreamed rpmdb signal patch + +* Mon Sep 19 2011 Panu Matilainen - 4.9.1.1-3 +- fix signal blocking/unblocking regression on rpmdb open/close (#739492) + +* Mon Aug 08 2011 Adam Jackson 4.9.1.1-2 +- Add RPM_LD_FLAGS to build environment (#728974) + +* Tue Aug 02 2011 Panu Matilainen - 4.9.1.1-1 +- update to 4.9.1.1 + +* Tue Jul 19 2011 Panu Matilainen - 4.9.1-2 +- fix recursion of directories with trailing slash in file list (#722474) + +* Fri Jul 15 2011 Panu Matilainen - 4.9.1-1 +- update to 4.9.1 (http://rpm.org/wiki/Releases/4.9.1) +- drop no longer needed patches + +* Thu Jun 16 2011 Panu Matilainen - 4.9.0-10 +- rebuild to fix a missing interpreter dependency due to bug #712251 + +* Fri Jun 10 2011 Panu Matilainen - 4.9.0-9 +- fix crash if prep or changelog section in spec is empty (#706959) +- fix crash on macro which undefines itself +- fix script dependency generation with file 5.07 string changes (#712251) + +* Thu May 26 2011 Panu Matilainen - 4.9.0-8 +- add dwarf-4 support to debugedit (#707677) +- generate build-id symlinks for all filenames sharing a build-id (#641377) + +* Thu Apr 07 2011 Panu Matilainen - 4.9.0-7 +- add missing ldconfig calls to build-libs sub-package +- fix source url + +* Thu Apr 07 2011 Panu Matilainen - 4.9.0-6 +- revert the spec query change (#693338) for now, it breaks fedpkg + +* Tue Apr 05 2011 Panu Matilainen - 4.9.0-5 +- verify some properties of replaced and wrong-colored files (#528383) +- only list packages that would be generated on spec query (#693338) +- preferred color packages should be erased last (#680261) +- fix leaks when freeing a populated transaction set +- take file state into account for file dependencies + +* Tue Mar 22 2011 Panu Matilainen - 4.9.0-4 +- fix classification of elf executables with sticky bit set (#689182) + +* Wed Mar 16 2011 Jindirch Novy - 4.9.0-3 +- fix crash in package manifest check (#688091) + +* Fri Mar 04 2011 Panu Matilainen - 4.9.0-2 +- fix duplicate rpmsign binary in rpm main package dragging in build-libs + +* Wed Mar 02 2011 Panu Matilainen - 4.9.0-1 +- update to 4.9.0 final +- drop upstreamed patches + +* Tue Mar 01 2011 Panu Matilainen - 4.9.0-0.rc1.4 +- spec cosmetics clean up extra whitespace + group more logically +- wipe out BDB environment at boot via tmpfiles.d + +* Mon Feb 21 2011 Panu Matilainen - 4.9.0-0.rc1.3 +- fix erronous double cursor open, causing yum reinstall hang (#678644) + +* Mon Feb 21 2011 Panu Matilainen - 4.9.0-0.rc1.2 +- fix broken logic in depgen collector, hopefully curing #675002 + +* Tue Feb 15 2011 Panu Matilainen - 4.9.0-0.rc1.1 +- update to 4.9.0-rc1 +- drop upstream patches +- nss packaging has changed, buildrequire nss-softokn-freebl-devel + +* Wed Feb 09 2011 Fedora Release Engineering - 4.9.0-0.beta1.7.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Feb 07 2011 Panu Matilainen - 4.9.0-0.beta1.7 +- fix segfault when building more than one package at a time (#675565) + +* Sun Feb 06 2011 Panu Matilainen - 4.9.0-0.beta1.6 +- adjust ocaml rule for libmagic string change + +* Mon Jan 31 2011 Panu Matilainen - 4.9.0-0.beta1.5 +- dont try to remove environment files if private env used (related to #671200) +- unbreak mono dependency extraction (#673663) +- complain instead of silent abort if cwd is not readable (#672576) + +* Tue Jan 25 2011 Panu Matilainen - 4.9.0-0.beta1.4 +- add support for Requires(posttrans) dependencies + +* Fri Jan 21 2011 Panu Matilainen - 4.9.0-0.beta1.3 +- avoid division by zero in rpmdb size calculation (#671056) +- fix secondary index iteration returing duplicate at end (#671149) +- fix rebuilddb creating duplicate indexes for first header + +* Fri Jan 21 2011 Panu Matilainen - 4.9.0-0.beta1.2 +- permit queries from rpmdb on read-only media (#671200) + +* Tue Jan 18 2011 Panu Matilainen - 4.9.0-0.beta1.1 +- rpm 4.9.0-beta1 (http://rpm.org/wiki/Releases/4.9.0) + - drop no longer needed patches + - adjust requires + buildrequires to match current needs + - adjust rpmdb index ghosts to match the new release + - split librpmbuild and librpmsign to a separate rpm-build-libs package + - split rpmsign to its own package to allow signing without all the build goo + - build-conditionalize plugins, disabled for now + - gstreamer and printer dependency generation moving out + - handle .so symlink dependencies with fileattrs + - use gnupg2 for signing as that's what typically installed by default + +* Tue Jan 18 2011 Panu Matilainen - 4.8.1-7 +- bunch of spec tweaks, cleanups + corrections: + - shorten rpm-build filelist a bit with glob use, reorder for saner grouping + - missing isa in popt version dependency + - only add rpmdb_foo symlinks for actually relevant db_* utils + - drop no longer necessary file-devel dependency from rpm-devel + - drop sqlite backend build-conditional + - preliminaries for moving from db4 to libdb +- use gnupg2 for signing as that's more likely to be installed by default + +* Mon Oct 25 2010 Jindrich Novy - 4.8.1-6 +- rebuild with new xz-5.0.0 + +* Tue Aug 10 2010 Panu Matilainen - 4.8.1-5 +- create gdb index on debuginfo generation (#617166) +- rpm-build now requires /usr/bin/gdb-add-index for consistent index creation +- include COPYING in -apidocs for licensing guidelines compliance + +* Thu Jul 22 2010 David Malcolm - 4.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 02 2010 Panu Matilainen - 4.8.1-3 +- ugh, reversed condition braindamage in the font provide extractor "fix" + +* Wed Jun 30 2010 Panu Matilainen - 4.8.1-2 +- fix a potential getOutputFrom() error from font provide extraction +- debug-friendlier message to aid finding other similar cases (#565223) + +* Fri Jun 11 2010 Panu Matilainen - 4.8.1-1 +- update to 4.8.1 (http://rpm.org/wiki/Releases/4.8.1) +- drop no longer needed patches +- fix source url pointing to testing directory + +* Thu Jun 03 2010 Panu Matilainen - 4.8.0-19 +- also strip POSIX file capabilities from hardlinks on upgrade/erase (#598775) + +* Wed Jun 02 2010 Panu Matilainen - 4.8.0-18 +- remove s-bits on upgrade too (#598775) + +* Thu May 27 2010 Panu Matilainen - 4.8.0-17 +- fix segfault in spec parser (#597835) + +* Thu May 27 2010 Panu Matilainen - 4.8.0-16 +- adjust to new pkg-config behavior wrt private dependencies (#596433) +- rpm-build now requires pkgconfig >= 0.24 + +* Fri May 21 2010 Panu Matilainen - 4.8.0-15 +- handle non-existent dependency sets correctly in python (#593553) +- make find-lang look in all locale dirs (#584866) + +* Fri Apr 23 2010 Panu Matilainen - 4.8.0-14 +- lose dangling symlink to extinct (and useless) berkeley_db_svc (#585174) + +* Wed Mar 24 2010 Panu Matilainen - 4.8.0-13 +- fix python match iterator regression wrt boolean representation + +* Wed Mar 17 2010 Panu Matilainen - 4.8.0-12 +- unbreak find-lang --with-man from yesterdays braindamage + +* Tue Mar 16 2010 Panu Matilainen - 4.8.0-11 +- support single PPD providing driver for devices (#568351) +- merge the psdriver patch pile into one +- preserve empty lines in spec prep section (#573339) +- teach python bindings about RPMTRANS_FLAG_NOCONTEXTS (related to #573111) +- dont own localized man directories through find_lang (#569536) + +* Mon Feb 15 2010 Panu Matilainen - 4.8.0-10 +- drop bogus dependency on lzma, xz is used to handle the lzma format too + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-9 +- unbreak python(abi) requires generation (#562906) + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-8 +- more fixes to postscript provides extractor (#562228) +- avoid accessing unrelated mount points in disk space checking (#547548) +- fix disk space checking with erasures present in transaction (#561160) + +* Fri Feb 05 2010 Panu Matilainen - 4.8.0-7 +- couple of fixes to the postscript provides extractor (#538101) + +* Thu Feb 04 2010 Panu Matilainen - 4.8.0-6 +- extract provides for postscript printer drivers (#538101) + +* Wed Feb 03 2010 Panu Matilainen - 4.8.0-5 +- python byte-compilation fixes + improvements (#558997) + +* Sat Jan 30 2010 Panu Matilainen - 4.8.0-4 +- support parallel python versions in python dependency extractor (#532118) + +* Thu Jan 21 2010 Panu Matilainen - 4.8.0-3 +- fix segfault on failed url retrieval +- fix verification error code depending on verbosity level +- if anything in testsuite fails, dump out the log + +* Fri Jan 08 2010 Panu Matilainen - 4.8.0-2 +- put disttag back, accidentally nuked in 4.8.0 final update + +* Fri Jan 08 2010 Panu Matilainen - 4.8.0-1 +- update to 4.8.0 final (http://rpm.org/wiki/Releases/4.8.0) + +* Thu Jan 07 2010 Panu Matilainen - 4.8.0-0.beta1.6 +- pull out macro scoping "fix" for now, it breaks font package macros + +* Mon Jan 04 2010 Panu Matilainen - 4.8.0-0.beta1.5 +- always clear locally defined macros when they go out of scope + +* Thu Dec 17 2009 Panu Matilainen - 4.8.0-0.beta1.4 +- permit unexpanded macros when parsing spec (#547997) + +* Wed Dec 09 2009 Panu Matilainen - 4.8.0-0.beta1.3 +- fix a bunch of python refcount-errors causing major memory leaks + +* Mon Dec 07 2009 Panu Matilainen - 4.8.0-0.beta1.2 +- fix noise from python bytecompile on non-python packages (#539635) +- make all our -devel [build]requires isa-specific +- trim out superfluous -devel dependencies from rpm-devel + +* Mon Dec 07 2009 Panu Matilainen - 4.8.0-0.beta1.1 +- update to 4.8.0-beta1 (http://rpm.org/wiki/Releases/4.8.0) +- rpm-build conflicts with current ocaml-runtime + +* Fri Dec 04 2009 Panu Matilainen - 4.7.2-2 +- missing error exit code from signing password checking (#496754) +- dont fail build on unrecognized data files (#532489) +- dont try to parse subkeys and secret keys (#436812) +- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035) + +* Wed Nov 25 2009 Panu Matilainen - 4.7.2-1 +- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2) +- fixes #464750, #529214 + +* Wed Nov 18 2009 Jindrich Novy - 4.7.1-10 +- rebuild against BDB-4.8.24 + +* Wed Nov 18 2009 Jindrich Novy - 4.7.1-9 +- drop versioned dependency to BDB + +* Wed Oct 28 2009 Panu Matilainen - 4.7.1-8 +- support multiple python implementations in brp-python-bytecompile (#531117) +- make disk space problem reporting a bit saner (#517418) + +* Tue Oct 06 2009 Panu Matilainen - 4.7.1-7 +- fix build with BDB 4.8.x by removing XA "support" from BDB backend +- perl dep extractor heredoc parsing improvements (#524929) + +* Mon Sep 21 2009 Panu Matilainen - 4.7.1-6 +- use relative paths within db environment (related to #507309, #507309...) +- remove db environment on close in chrooted operation (related to above) +- initialize rpmlib earlier in rpm2cpio (#523260) +- fix file dependency tag extension formatting (#523282) + +* Tue Sep 15 2009 Panu Matilainen - 4.7.1-5 +- fix duplicate dependency filtering on build (#490378) +- permit absolute paths in file lists again (#521760) +- use permissions 444 for all .debug files (#522194) +- add support for optional bugurl tag (#512774) + +* Fri Aug 14 2009 Jesse Keating - 4.7.1-4 +- Patch to make geode appear as i686 (#517475) + +* Thu Aug 06 2009 Jindrich Novy - 4.7.1-3 +- rebuild because of the new xz + +* Sun Jul 26 2009 Fedora Release Engineering - 4.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 21 2009 Panu Matilainen - 4.7.1-1 +- update to 4.7.1 ((http://rpm.org/wiki/Releases/4.7.1) +- fix source url + +* Mon Jul 20 2009 Bill Nottingham - 4.7.0-9 +- enable XZ support + +* Thu Jun 18 2009 Panu Matilainen - 4.7.0-8 +- updated OSGi dependency extractor (#506471) +- fix segfault in symlink fingerprinting (#505777) +- fix invalid memory access causing bogus file dependency errors (#506323) + +* Tue Jun 16 2009 Panu Matilainen - 4.7.0-7 +- add dwarf-3 support to debugedit (#505774) + +* Fri Jun 12 2009 Stepan Kasal - 4.7.0-6 +- require libcap >= 2.16 (#505596) + +* Wed Jun 03 2009 Panu Matilainen - 4.7.0-5 +- don't mess up problem altNEVR in python ts.check() (#501068) +- fix hardlink size calculation on build (#503020) + +* Thu May 14 2009 Panu Matilainen - 4.7.0-4 +- split cron-job into a sub-package to avoid silly deps on core rpm (#500722) +- rpm requires coreutils but not in %%post +- build with libcap and libacl +- fix pgp pubkey signature tag parsing + +* Tue Apr 21 2009 Panu Matilainen - 4.7.0-3 +- couple of merge-review fixes (#226377) + - eliminate bogus leftover rpm:rpm rpmdb ownership + - unescaped macro in changelog +- fix find-lang --with-kde with KDE3 (#466009) +- switch back to default file digest algorithm + +* Fri Apr 17 2009 Panu Matilainen - 4.7.0-2 +- file classification tweaks for text files (#494817) + - disable libmagic text token checks, it's way too error-prone + - consistently classify all text as such and include description + +* Thu Apr 16 2009 Panu Matilainen - 4.7.0-1 +- update to 4.7.0 final (http://rpm.org/wiki/Releases/4.7.0) +- fixes #494049, #495429 +- dont permit test-suite failure anymore + +* Thu Apr 09 2009 Panu Matilainen - 4.7.0-0.rc1.1 +- update to 4.7.0-rc1 +- fixes #493157, #493777, #493696, #491388, #487597, #493162 + +* Fri Apr 03 2009 Panu Matilainen - 4.7.0-0.beta1.9 +- fix recorded file state of otherwise skipped files (#492947) +- compress ChangeLog, drop old CHANGES file (#492440) + +* Thu Apr 2 2009 Tom "spot" Callaway - 4.7.0-0.beta1.8 +- Fix sparcv9v and sparc64v targets + +* Tue Mar 24 2009 Panu Matilainen - 4.7.0-0.beta1.7 +- prefer more specific types over generic "text" in classification (#491349) + +* Mon Mar 23 2009 Panu Matilainen - 4.7.0-0.beta1.6 +- with the fd leak gone, let libmagic look into compressed files again (#491596) + +* Mon Mar 23 2009 Panu Matilainen - 4.7.0-0.beta1.5 +- fix font provide generation on filenames with whitespace (#491597) + +* Thu Mar 12 2009 Panu Matilainen - 4.7.0-0.beta1.4 +- handle RSA V4 signatures (#436812) +- add alpha arch ISA-bits +- enable internal testsuite on build + +* Mon Mar 09 2009 Panu Matilainen - 4.7.0-0.beta1.3 +- fix _install_langs behavior (#489235) +- fix recording of file states into rpmdb on install + +* Sun Mar 08 2009 Panu Matilainen - 4.7.0-0.beta1.2 +- load macros before creating directories on src.rpm install (#489104) + +* Fri Mar 06 2009 Panu Matilainen - 4.7.0-0.beta1.1 +- update to 4.7.0-beta1 (http://rpm.org/wiki/Releases/4.7.0) + +* Fri Feb 27 2009 Panu Matilainen - 4.6.0-11 +- build rpm itself with md5 file digests for now to ensure upgradability + +* Thu Feb 26 2009 Panu Matilainen - 4.6.0-10 +- handle NULL passed as EVR in rpmdsSingle() again (#485616) + +* Wed Feb 25 2009 Panu Matilainen - 4.6.0-9 +- pull out python byte-compile syntax check for now + +* Mon Feb 23 2009 Panu Matilainen - 4.6.0-8 +- make -apidocs sub-package noarch +- fix source URL + +* Sat Feb 21 2009 Panu Matilainen - 4.6.0-7 +- loosen up restrictions on dependency names (#455119) +- handle inter-dependent pkg-config files for requires too (#473814) +- error/warn on elf binaries in noarch package in build + +* Fri Feb 20 2009 Panu Matilainen - 4.6.0-6 +- error out on uncompilable python code (Tim Waugh) + +* Tue Feb 17 2009 Jindrich Novy - 4.6.0-5 +- remove two offending hunks from anyarch patch causing that + RPMTAG_BUILDARCHS isn't written to SRPMs + +* Mon Feb 16 2009 Jindrich Novy - 4.6.0-4 +- inherit group tag from the main package (#470714) +- ignore BuildArch tags for anyarch actions (#442105) +- don't check package BuildRequires when doing --rmsource (#452477) +- don't fail because of missing sources when only spec removal + is requested (#472427) + +* Mon Feb 16 2009 Panu Matilainen - 4.6.0-3 +- updated fontconfig provide script - fc-query does all the hard work now + +* Mon Feb 09 2009 Panu Matilainen - 4.6.0-2 +- build against db 4.7.x + +* Fri Feb 06 2009 Panu Matilainen - 4.6.0-1 +- update to 4.6.0 final +- revert libmagic looking into compressed files for now, breaks ooffice build + +* Fri Feb 06 2009 Panu Matilainen - 4.6.0-0.rc4.5 +- enable fontconfig provides generation + +* Thu Feb 05 2009 Panu Matilainen - 4.6.0-0.rc4.4 +- fixup rpm translation lookup to match Fedora specspo (#436941) + +* Wed Feb 04 2009 Panu Matilainen - 4.6.0-0.rc4.3 +- extract mimehandler provides from .desktop files +- preliminaries for extracting font provides (not enabled yet) +- dont classify font metrics data as fonts +- only run script dep extraction once per file, duh + +* Sat Jan 31 2009 Panu Matilainen - 4.6.0-0.rc4.2 +- change platform sharedstatedir to something more sensible (#185862) +- add rpmdb_foo links to db utils for documentation compatibility + +* Fri Jan 30 2009 Panu Matilainen - 4.6.0-0.rc4.1 +- update to 4.6.0-rc4 +- fixes #475582, #478907, #476737, #479869, #476201 + +* Fri Dec 12 2008 Panu Matilainen - 4.6.0-0.rc3.2 +- add back defaultdocdir patch which hadn't been applied on 4.6.x branch yet + +* Fri Dec 12 2008 Panu Matilainen - 4.6.0-0.rc3.1 +- add dist-tag, rebuild + +* Tue Dec 09 2008 Panu Matilainen - 4.6.0-0.rc3.1 +- update to rpm 4.6.0-rc3 +- fixes #475214, #474550, #473239 + +* Wed Dec 3 2008 Jeremy Katz - 4.6.0-0.rc2.9 +- I built into the wrong place + +* Wed Dec 3 2008 Jeremy Katz - 4.6.0-0.rc2.8 +- python 2.6 rebuild again + +* Wed Dec 03 2008 Panu Matilainen +- make rpm-build require pkgconfig (#473978) + +* Tue Dec 02 2008 Panu Matilainen +- fix pkg-config provide generation when pc's depend on each other (#473814) + +* Mon Dec 01 2008 Jindrich Novy +- include rpmfileutil.h from rpmmacro.h, unbreaks + net-snmp (#473420) + +* Sun Nov 30 2008 Panu Matilainen +- rebuild for python 2.6 + +* Sat Nov 29 2008 Panu Matilainen +- update to 4.6.0-rc2 +- fixes #471820, #473167, #469355, #468319, #472507, #247374, #426672, #444661 +- enable automatic generation of pkg-config and libtool dependencies #465377 + +* Fri Oct 31 2008 Panu Matilainen +- adjust find-debuginfo for "file" output change (#468129) + +* Tue Oct 28 2008 Panu Matilainen +- Florian's improved fingerprinting hash algorithm from upstream + +* Sat Oct 25 2008 Panu Matilainen +- Make noarch sub-packages actually work +- Fix defaultdocdir logic in installplatform to avoid hardwiring mandir + +* Fri Oct 24 2008 Jindrich Novy +- update compat-db dependencies (#459710) + +* Wed Oct 22 2008 Panu Matilainen +- never add identical NEVRA to transaction more than once (#467822) + +* Sun Oct 19 2008 Panu Matilainen +- permit tab as macro argument separator (#467567) + +* Thu Oct 16 2008 Panu Matilainen +- update to 4.6.0-rc1 +- fixes #465586, #466597, #465409, #216221, #466503, #466009, #463447... +- avoid using %%configure macro for now, it has unwanted side-effects on rpm + +* Wed Oct 01 2008 Panu Matilainen +- update to official 4.5.90 alpha tarball +- a big pile of misc bugfixes + translation updates +- isa-macro generation fix for ppc (#464754) +- avoid pulling in pile of perl dependencies for an unused script +- handle both "invalid argument" and clear env version mismatch on posttrans + +* Thu Sep 25 2008 Jindrich Novy +- don't treat %%patch numberless if -P parameter is present (#463942) + +* Thu Sep 11 2008 Panu Matilainen +- add hack to support extracting gstreamer plugin provides (#438225) +- fix another macro argument handling regression (#461180) + +* Thu Sep 11 2008 Jindrich Novy +- create directory structure for rpmbuild prior to build if it doesn't exist (#455387) +- create _topdir if it doesn't exist when installing SRPM +- don't generate broken cpio in case of hardlink pointing on softlink, + thanks to pixel@mandriva.com + +* Sat Sep 06 2008 Jindrich Novy +- fail hard if patch isn't found (#461347) + +* Mon Sep 01 2008 Jindrich Novy +- fix parsing of boolean expressions in spec (#456103) + (unbreaks pam, jpilot and maybe other builds) + +* Tue Aug 26 2008 Jindrich Novy +- add support for noarch subpackages +- fix segfault in case of insufficient disk space detected (#460146) + +* Wed Aug 13 2008 Panu Matilainen +- 4.5.90-0.git8461.2 +- fix archivesize tag generation on ppc (#458817) + +* Fri Aug 08 2008 Panu Matilainen +- 4.5.90-0.git8461.1 +- new snapshot from upstream +- fixes #68290, #455972, #446202, #453364, #456708, #456103, #456321, #456913, + #458260, #458261 +- partial fix for #457360 + +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8427.1 +- new snapshot from upstream + +* Thu Jul 31 2008 Florian Festi +- 4.5.90-0.git8426.10 +- rpm-4.5.90-posttrans.patch +- use header from rpmdb in posttrans to make anaconda happy + +* Sat Jul 19 2008 Panu Matilainen +- 4.5.90-0.git8426.9 +- fix regression in patch number handling (#455872) + +* Tue Jul 15 2008 Panu Matilainen +- 4.5.90-0.git8426.8 +- fix regression in macro argument handling (#455333) + +* Mon Jul 14 2008 Panu Matilainen +- 4.5.90-0.git8426.7 +- fix mono dependency extraction (adjust for libmagic string change) + +* Sat Jul 12 2008 Panu Matilainen +- 4.5.90-0.git8426.6 +- fix type mismatch causing funky breakage on ppc64 + +* Fri Jul 11 2008 Panu Matilainen +- 4.5.90-0.git8426.5 +- flip back to external bdb +- fix tab vs spaces complaints from rpmlint +- add dep for lzma and require unzip instead of zip in build (#310694) +- add pkgconfig dependency to rpm-devel +- drop ISA-dependencies for initial introduction +- new snapshot from upstream for documentation fixes + +* Thu Jul 10 2008 Panu Matilainen +- 4.5.90-0.git8424.4 +- handle int vs external db in posttrans too + +* Wed Jul 09 2008 Panu Matilainen +- 4.5.90-0.git8424.3 +- require curl as external url helper + +* Wed Jul 09 2008 Panu Matilainen +- 4.5.90-0.git8424.2 +- add support for building with or without internal db + +* Wed Jul 09 2008 Panu Matilainen +- rpm 4.5.90-0.git8424.1 (alpha snapshot) +- adjust to build against Berkeley DB 4.5.20 from compat-db for now +- add posttrans to clean up db environment mismatch after upgrade +- forward-port devel autodeps patch + +* Tue Jul 08 2008 Panu Matilainen +- adjust for rpmdb index name change +- drop unnecessary vendor-macro patch for real +- add ISA-dependencies among rpm subpackages +- make lzma and sqlite deps conditional and disabled by default for now + +* Fri Feb 01 2008 Panu Matilainen +- spec largely rewritten, truncating changelog diff --git a/rpm/patches/0001-sign-files-only.patch b/rpm/patches/0001-sign-files-only.patch new file mode 100644 index 0000000..eb4dda7 --- /dev/null +++ b/rpm/patches/0001-sign-files-only.patch @@ -0,0 +1,206 @@ +diff --git a/rpmsign.c b/rpmsign.c +index ae86f66..8855e01 100644 +--- a/rpmsign.c ++++ b/rpmsign.c +@@ -19,7 +19,7 @@ enum modes { + static int mode = MODE_NONE; + + #ifdef WITH_IMAEVM +-static int signfiles = 0, fskpass = 0; ++static int signfiles = 0, fskpass = 0, signpkg=0; + static char * fileSigningKey = NULL; + #endif + +@@ -97,9 +97,11 @@ static int doSign(poptContext optCon, struct rpmSignArgs *sargs) + int rc = EXIT_FAILURE; + char * name = rpmExpand("%{?_gpg_name}", NULL); + +- if (rstreq(name, "")) { +- fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n")); +- goto exit; ++ if (signpkg) { ++ if (rstreq(name, "")) { ++ fprintf(stderr, _("You must set \"%%_gpg_name\" in your macro file\n")); ++ goto exit; ++ } + } + + #ifdef WITH_IMAEVM +@@ -179,7 +181,11 @@ int main(int argc, char *argv[]) + } + break; + case MODE_NONE: +- printUsage(optCon, stderr, 0); ++ if (signfiles) { ++ ec = doSign(optCon, &sargs); ++ } else { ++ printUsage(optCon, stderr, 0); ++ } + break; + default: + argerror(_("only one major mode may be specified")); +diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c +index d29c178..66168d2 100644 +--- a/sign/rpmgensig.c ++++ b/sign/rpmgensig.c +@@ -507,7 +507,9 @@ static rpmRC replaceSigDigests(FD_t fd, const char *rpm, Header *sigp, + goto exit; + } + ++/* + headerFree(*sigp); ++*/ + rc = rpmReadSignature(fd, sigp, NULL); + if (rc != RPMRC_OK) { + rpmlog(RPMLOG_ERR, _("rpmReadSignature failed\n")); +@@ -519,6 +521,15 @@ exit: + } + #endif + ++static void *nullDigest(int algo, int ascii) ++{ ++ void *d = NULL; ++ DIGEST_CTX ctx = rpmDigestInit(algo, 0); ++ rpmDigestFinal(ctx, &d, NULL, ascii); ++ return d; ++} ++ ++ + static rpmRC includeFileSignatures(FD_t fd, const char *rpm, + Header *sigp, Header *hdrp, + off_t sigStart, off_t headerStart) +@@ -572,6 +583,27 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm, + goto exit; + } + ++ /* Generate and write a placeholder signature header */ ++ if (Fseek(fd, sigStart, SEEK_SET) < 0) { ++ rc = RPMRC_FAIL; ++ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"), ++ rpm, Fstrerror(fd)); ++ goto exit; ++ } ++ SHA1 = nullDigest(PGPHASHALGO_SHA1, 1); ++ SHA256 = nullDigest(PGPHASHALGO_SHA256, 1); ++ MD5 = nullDigest(PGPHASHALGO_MD5, 0); ++ replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA256, SHA1, MD5); ++ SHA1 = _free(SHA1); ++ SHA256 = _free(SHA256); ++ MD5 = _free(MD5); ++ SHA1 = NULL; ++ SHA256 = NULL; ++ MD5 = NULL; ++ ++ /* get new header start */ ++ headerStart = Ftell(fd); ++ + if (Fseek(fd, headerStart, SEEK_SET) < 0) { + rc = RPMRC_FAIL; + rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"), +@@ -590,9 +622,12 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm, + rpmlog(RPMLOG_ERR, _("headerWrite failed\n")); + goto exit; + } ++ + fdFiniDigest(fd, RPMSIGTAG_SHA1, (void **)&SHA1, NULL, 1); + /* Only add SHA256 if it was there to begin with */ ++/* + if (headerIsEntry(*sigp, RPMSIGTAG_SHA256)) ++*/ + fdFiniDigest(fd, RPMSIGTAG_SHA256, (void **)&SHA256, NULL, 1); + + /* Copy archive from temp file */ +@@ -621,8 +656,10 @@ static rpmRC includeFileSignatures(FD_t fd, const char *rpm, + rpmlog(RPMLOG_WARNING, + _("%s already contains identical file signatures\n"), + rpm); +- else ++ else { + replaceSigDigests(fd, rpm, sigp, sigStart, sigTargetSize, SHA256, SHA1, MD5); ++ rc = headerWrite(fd, *hdrp, HEADER_MAGIC_YES); ++ } + + exit: + free(trpm); +@@ -697,6 +734,22 @@ static int rpmSign(const char *rpm, int deleting, int signfiles) + + if (signfiles) { + includeFileSignatures(fd, rpm, &sigh, &h, sigStart, headerStart); ++ ++ if (Fseek(fd, sigStart, SEEK_SET) < 0) { ++ rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"), ++ rpm, Fstrerror(fd)); ++ goto exit; ++ } ++ ++ rc = rpmReadSignature(fd, &sigh, &msg); ++ if (rc != RPMRC_OK) { ++ rpmlog(RPMLOG_ERR, _("%s: rpmReadSignature failed: %s"), rpm, ++ (msg && *msg ? msg : "\n")); ++ goto exit; ++ } ++ ++ headerStart = Ftell(fd); ++ + } + + unloadImmutableRegion(&sigh, RPMTAG_HEADERSIGNATURES); +@@ -730,6 +783,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles) + } + + /* Try to make new signature smaller to have size of original signature */ ++/* + rpmtdReset(&utd); + if (headerGet(sigh, RPMSIGTAG_RESERVEDSPACE, &utd, HEADERGET_MINMEM)) { + int diff; +@@ -752,6 +806,7 @@ static int rpmSign(const char *rpm, int deleting, int signfiles) + insSig = 1; + } + } ++*/ + + /* Reallocate the signature into one contiguous region. */ + sigh = headerReload(sigh, RPMTAG_HEADERSIGNATURES); +@@ -794,12 +849,12 @@ static int rpmSign(const char *rpm, int deleting, int signfiles) + Fstrerror(ofd)); + goto exit; + } +- + if (Fseek(fd, headerStart, SEEK_SET) < 0) { + rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"), + rpm, Fstrerror(fd)); + goto exit; + } ++ + /* Append the header and archive from the temp file */ + if (copyFile(&fd, rpm, &ofd, trpm) == 0) { + struct stat st; +@@ -848,7 +903,7 @@ int rpmPkgSign(const char *path, const struct rpmSignArgs * args) + } + } + +- rc = rpmSign(path, 0, args ? args->signfiles : 0); ++ rc = rpmSign(path, args ? args->signfiles : 0, args ? args->signfiles : 0); + + if (args) { + if (args->hashalgo) { +diff --git a/sign/rpmsignfiles.c b/sign/rpmsignfiles.c +index 61b73bd..d6c593d 100644 +--- a/sign/rpmsignfiles.c ++++ b/sign/rpmsignfiles.c +@@ -126,10 +126,15 @@ rpmRC rpmSignFiles(Header h, const char *key, char *keypass) + rc = RPMRC_FAIL; + goto exit; + } ++/* + free(signature); ++*/ ++ + } + + exit: ++/* + rpmtdFreeData(&digests); ++*/ + return rc; + } diff --git a/tpmdd/PKG-INFO b/tpmdd/PKG-INFO new file mode 100644 index 0000000..f439004 --- /dev/null +++ b/tpmdd/PKG-INFO @@ -0,0 +1,13 @@ +Metadata-Version: 1.1 +Name: tpm-kmod +Version: 4.12 +Summary: TPM Linux* Base Driver and Kernel Module +Home-page: http://tpmdd.sourceforge.net/ +Author: +Author-email: +License: GPL +Description: +This package contains the Linux driver and modules for the TPM 1.2 and 2.0 +Family of devices. + +Platform: UNKNOWN diff --git a/tpmdd/centos/build_srpm.data b/tpmdd/centos/build_srpm.data new file mode 100644 index 0000000..cb44fe8 --- /dev/null +++ b/tpmdd/centos/build_srpm.data @@ -0,0 +1,5 @@ +COPY_LIST=" \ + $FILES_BASE/* \ + $CGCS_BASE/mwa-gplv2/tpmdd/patches/* \ + $CGCS_BASE/downloads/tpm-kmod-668a8270.tar.gz" +TIS_PATCH_VER=5 diff --git a/tpmdd/centos/files/COPYING b/tpmdd/centos/files/COPYING new file mode 100644 index 0000000..e2fed1b --- /dev/null +++ b/tpmdd/centos/files/COPYING @@ -0,0 +1,344 @@ + +"This software program is licensed subject to the GNU General Public License +(GPL). Version 2, June 1991, available at +" + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/tpmdd/centos/files/README b/tpmdd/centos/files/README new file mode 100644 index 0000000..9b1703a --- /dev/null +++ b/tpmdd/centos/files/README @@ -0,0 +1,184 @@ + +TPM Device Driver for CentOS 7 (Linux version 3.10) +=============================================================================== + +=============================================================================== + +Kam Nasim +Copyright (c) 2017 Wind River Systems, Inc. + +SPDX-License-Identifier: Apache-2.0 + + +April, 2017 + +=============================================================================== + +Contents +-------- + +- Overview +- Rebasing Guidelines +- Changesets + +================================================================================ + + +Important Notes +--------------- + +Out-of-tree tpmdd now supported for RT Kernel +---------------------------------------------- + +The RT Kernel also uses the TPM kernel module. The out of kernel +tpmdd (kmod-tpm) package is installed on the RT kernel + +Supports both TPM 1.2 and TPM 2.0 TCG Specifications +------------------------------------------------------------- + +The entire TPM device driver set is now built out of tree, and supports both +TPM v1.2 and v2.0 TCG version of the device + +IMA support disabled in Kernel +------------------------------------------------ + +TPM based Integrity Measurement Architecture (IMA) has been disabled in the Kernel, +since it requires the TPM driver to be built-in to the kernel so that it is available +during bootup to set up the PCR banks. Since the in-kernel TPM driver will trump our +out-of-tree TPM kernel modules, IMA support has been disabled and would require some +refactoring if it is to be used with this driver pack. + +No support for legacy STMicroelectronics ST33ZP24 TPM drivers +-------------------------------------------------------------- + +Owing to a large number of dependency issues in the v3.10 Kernel, this driver +pack excludes the STM (ST33ZP24) drivers. These are legacy drivers for the +TPM 1.2 specification only, and would not apply to TPM 2.0 devices. + + +Overview +-------- + +This driver pack build TPM kernel modules for the 3.10 kernel version. +If newer kernel version are to be supported in the future then the COMPAT +layer (kcompat.h) will need to be adjusted to address kernel-driver compatibility +issues. + +It supports Linux supported x86_64 systems. + +These drivers are only supported as a loadable module at this time. + + +Rebasing Guidelines +-------------------- + +On rebasing TiC software heed the following: +- always rebase the Kernel first before rebasing this package +- get the HEAD from the tpmdd repo and generate a tarball, the tarball +should follow the naming convention: tpm-kmod-; use the short-hand +form of the git commit ID (8 characters) +- update the tpm-kmod spec to Source the new tarball +- apply all existing patches against the new tarball, and adjust the kcompat +layer (kcompat.h and common.mk) accordingly + + +================================================================================ + + +Change Sets +------------------------- + +This driver is a fork from the tpmdd repo: +https://sourceforge.net/projects/tpmdd/ +http://git.infradead.org/users/jjs/linux-tpmdd.git/ + +Sync Head: 668a827057187403999b7ecfcf86b59979c8c3b2 + +COMPAT NOTES: + +1. In newer kernels, IDR has been re-implemented using Radix trees: + + commit 0a835c4f090af2c76fc2932c539c3b32fd21fbbb + Author: Matthew Wilcox + Date: Tue Dec 20 10:27:56 2016 -0500 + + Reimplement IDR and IDA using the radix tree + + The IDR is very similar to the radix tree. It has some functionality that + the radix tree did not have (alloc next free, cyclic allocation, a + callback-based for_each, destroy tree), which is readily implementable on + top of the radix tree. A few small changes were needed in order to use a + tag to represent nodes with free space below them. More extensive + changes were needed to support storing NULL as a valid entry in an IDR. + Plain radix trees still interpret NULL as a not-present entry. + + The IDA is reimplemented as a client of the newly enhanced radix tree. As + in the current implementation, it uses a bitmap at the last level of the + tree. + + Signed-off-by: Matthew Wilcox + Signed-off-by: Matthew Wilcox + Tested-by: Kirill A. Shutemov + Cc: Konstantin Khlebnikov + Cc: Ross Zwisler + Cc: Tejun Heo + Signed-off-by: Andrew Morton + + The compat layer therefore needs to redefine the idr_destroy() to + use the original idr.h based defination and not the one found in radix-trees.h + + +2. In newer kernels, a wrapper has been developed around inode mutex un/lock + + commit 5955102c9984fa081b2d570cfac75c97eecf8f3b + Author: Al Viro + Date: Fri Jan 22 15:40:57 2016 -0500 + + wrappers for ->i_mutex access + + parallel to mutex_{lock,unlock,trylock,is_locked,lock_nested}, + inode_foo(inode) being mutex_foo(&inode->i_mutex). + + Please, use those for access to ->i_mutex; over the coming cycle + ->i_mutex will become rwsem, with ->lookup() done with it held + only shared. + + Signed-off-by: Al Viro + + The compat layer needs to replace all instances of inode locking + with the underlying mutex locking/unlocking calls + + +3. In newer kernels, ACPI memory map cleanup routines have changed + + commit a238317ce8185519ed083e81e84260907fbbcf7f + Author: Lv Zheng + Date: Tue May 20 15:39:41 2014 +0800 + + ACPI: Clean up acpi_os_map/unmap_memory() to eliminate __iomem. + + ACPICA doesn't include protections around address space checking, Linux + build tests always complain increased sparse warnings around ACPICA + internal acpi_os_map/unmap_memory() invocations. This patch tries to fix + this issue permanently. + + The compat layer needs to replace all instances of ACPI iomem map/unmapping with + the legacy os memory mapping/unmapping calls + + +4. In newer kernels, Infineon PNP module loading/unloading ops have changed + + commit 1551660369d00a7e8cdfa12e9af132053eb67140 + Author: Peter Huewe + Date: Mon Mar 16 21:46:31 2015 +0100 + + PNP: tpm/tpm_infineon: Use module_pnp_driver to register driver + + Removing some boilerplate by using module_pnp_driver instead of calling + register and unregister in the otherwise empty init/exit functions + + Signed-off-by: Peter Huewe + Signed-off-by: Rafael J. Wysocki + + The compat layer needs to continue loading the PNP module the old way + using explicit init() and exit() functions diff --git a/tpmdd/centos/files/modules-load.conf b/tpmdd/centos/files/modules-load.conf new file mode 100644 index 0000000..298f940 --- /dev/null +++ b/tpmdd/centos/files/modules-load.conf @@ -0,0 +1,3 @@ +tpm +tpm_tis_core +tpm_tis diff --git a/tpmdd/centos/tpm-kmod.spec b/tpmdd/centos/tpm-kmod.spec new file mode 100644 index 0000000..65c9fd7 --- /dev/null +++ b/tpmdd/centos/tpm-kmod.spec @@ -0,0 +1,145 @@ +%if "%{?_tis_build_type}" == "rt" +%define bt_ext -rt +%else +%undefine bt_ext +%endif + +# Define the kmod package name here. +%define kmod_name tpm + +Name: %{kmod_name}-kmod%{?bt_ext} +# the version is the Kernel version from which +# this driver is extracted +Version: 4.12 +Release: 0%{?_tis_dist}.%{tis_patch_ver} +Group: System Environment/Kernel +License: GPLv2 +Summary: %{kmod_name}%{?bt_ext} kernel module(s) + +BuildRequires: kernel%{?bt_ext}-devel, redhat-rpm-config, perl, openssl +ExclusiveArch: x86_64 + +# Sources. +# the tpmdd is available as a tarball, with +# the git commit Id referenced in the name +Source0: %{kmod_name}-kmod-668a8270.tar.gz +Source1: modules-load.conf +Source2: COPYING +Source3: README + +# Patches +Patch01: 0001-disable-arm64-acpi-command.patch +Patch02: 0002-tpmdd-kcompat-support.patch +Patch03: UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch +Patch04: UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch +Patch05: UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch +Patch06: UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch +Patch07: UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch + +%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') + +%package -n kmod-tpm%{?bt_ext} +Summary: TPM kernel module(s) and drivers +Group: System Environment/Kernel +%global _use_internal_dependency_generator 0 +Provides: kernel-modules >= %{kversion} +Provides: tpm-kmod = %{?epoch:%{epoch}:}%{version}-%{release} +Requires(post): /usr/sbin/depmod +Requires(postun): /usr/sbin/depmod +%description -n kmod-tpm%{?bt_ext} +This package provides the %{version} TPM kernel module(s) and drivers built +for the Linux kernel using the %{_target_cpu} family of processors. + +%package symbols +Summary: Contains the Module.symvers file for this module +Group: Development/System +%description symbols +This package provides the Module.symvers file which will be used +by other dependant Kernel modules, if they use Kernel symbols that +this module exports +%files symbols +%defattr(-,root,root) +%{_usrsrc}/debug/tpm/Module.symvers + + +%post -n kmod-tpm%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(find /lib/modules/%{kversion}/kernel/drivers/char/tpm | grep '\.ko$') ) +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --add-modules +fi +echo "Done." + +%preun -n kmod-tpm%{?bt_ext} +rpm -ql kmod-tpm%{?bt_ext}-%{version}-%{release}.x86_64 | grep '\.ko$' > /var/run/rpm-kmod-tpm%{?bt_ext}-modules + +%postun -n kmod-tpm%{?bt_ext} +echo "Working. This may take some time ..." +if [ -e "/boot/System.map-%{kversion}" ]; then + /usr/sbin/depmod -aeF "/boot/System.map-%{kversion}" "%{kversion}" > /dev/null || : +fi +modules=( $(cat /var/run/rpm-kmod-tpm%{?bt_ext}-modules) ) +rm /var/run/rpm-kmod-tpm%{?bt_ext}-modules +if [ -x "/sbin/weak-modules" ]; then + printf '%s\n' "${modules[@]}" | /sbin/weak-modules --remove-modules +fi +echo "Done." + +%files -n kmod-tpm%{?bt_ext} +%defattr(644,root,root,755) +/lib/modules/%{kversion}/ +%doc /usr/share/doc/kmod-tpm/ +%{_sysconfdir}/modules-load.d/tpm_tis.conf + +# Disable the building of the debug package(s). +%define debug_package %{nil} + +%description +This package provides the %{kmod_name} kernel module(s). +It is built to depend upon the specific ABI provided by a range of releases +of the same variant of the Linux kernel and not on any one specific build. + +%prep +%autosetup -p 1 -n %{kmod_name} + +%build +# build out all the TPM kernel modules +%{__make} KSRC=%{_usrsrc}/kernels/%{kversion} + +%install +%{__install} -d %{buildroot}/lib/modules/%{kversion}/kernel/drivers/char/%{kmod_name}/ +%{__install} *.ko %{buildroot}/lib/modules/%{kversion}/kernel/drivers/char/%{kmod_name}/ + +# install the Module.symvers file +%{__install} -d %{buildroot}%{_usrsrc}/debug/%{kmod_name}/ +%{__install} Module.symvers %{buildroot}%{_usrsrc}/debug/%{kmod_name}/ + +%{__install} -d %{buildroot}%{_sysconfdir}/modules-load.d +%{__install} -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/modules-load.d/tpm_tis.conf + +%{__install} -d %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ +%{__install} %{SOURCE2} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ +%{__install} %{SOURCE3} %{buildroot}%{_defaultdocdir}/kmod-%{kmod_name}/ + +# Strip the modules(s). +find %{buildroot} -type f -name \*.ko -exec %{__strip} --strip-debug \{\} \; + +# Always Sign the modules(s). +# If the module signing keys are not defined, define them here. +%{!?privkey: %define privkey /usr/src/kernels/%{kversion}/signing_key.priv} +%{!?pubkey: %define pubkey /usr/src/kernels/%{kversion}/signing_key.x509} +for module in $(find %{buildroot} -type f -name \*.ko); +do %{__perl} /usr/src/kernels/%{kversion}/scripts/sign-file \ + sha256 %{privkey} %{pubkey} $module; +done + +%clean +%{__rm} -rf %{buildroot} + +%changelog +* Wed Apr 19 2017 Kam Nasim 4.12 +- Initial RPM package. + diff --git a/tpmdd/patches/0001-disable-arm64-acpi-command.patch b/tpmdd/patches/0001-disable-arm64-acpi-command.patch new file mode 100644 index 0000000..b6d5088 --- /dev/null +++ b/tpmdd/patches/0001-disable-arm64-acpi-command.patch @@ -0,0 +1,40 @@ +From: Kam Nasim +Date: Tue, 26 Apr 2017 12:23:03 -0400 +Subject: [PATCH] ARM64 based ACPI commands should not be compiled + +--- + tpm_crb.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/tpm_crb.c ++++ b/tpm_crb.c +@@ -531,7 +531,6 @@ static int crb_acpi_add(struct acpi_devi + struct crb_priv *priv; + struct tpm_chip *chip; + struct device *dev = &device->dev; +- struct tpm2_crb_smc *crb_smc; + acpi_status status; + u32 sm; + int rc; +@@ -564,6 +563,7 @@ static int crb_acpi_add(struct acpi_devi + sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) + priv->flags |= CRB_FL_ACPI_START; + ++#ifdef CONFIG_ARM64 + if (sm == ACPI_TPM2_COMMAND_BUFFER_WITH_SMC) { + if (buf->header.length < (sizeof(*buf) + sizeof(*crb_smc))) { + dev_err(dev, +@@ -572,11 +572,12 @@ static int crb_acpi_add(struct acpi_devi + ACPI_TPM2_COMMAND_BUFFER_WITH_SMC); + return -EINVAL; + } +- crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, ++ struct tpm2_crb_smc *crb_smc = ACPI_ADD_PTR(struct tpm2_crb_smc, buf, + ACPI_TPM2_START_METHOD_PARAMETER_OFFSET); + priv->smc_func_id = crb_smc->smc_func_id; + priv->flags |= CRB_FL_CRB_SMC_START; + } ++#endif + + rc = crb_map_io(device, priv, buf); + if (rc) diff --git a/tpmdd/patches/0002-tpmdd-kcompat-support.patch b/tpmdd/patches/0002-tpmdd-kcompat-support.patch new file mode 100644 index 0000000..4dab81f --- /dev/null +++ b/tpmdd/patches/0002-tpmdd-kcompat-support.patch @@ -0,0 +1,543 @@ +From 70386017de51483cfc9c0fc3e809d6f9867c4c5f Mon Sep 17 00:00:00 2001 +Message-Id: <70386017de51483cfc9c0fc3e809d6f9867c4c5f.1507751678.git.Jim.Somerville@windriver.com> +From: Kam Nasim +Date: Wed, 26 Apr 2017 12:23:03 -0400 +Subject: [PATCH 1/1] compat changes for building tpmdd out-of-tree + +Signed-off-by: Jim Somerville +--- + Makefile | 110 ++++++++++++++++++++- + common.mk | 332 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + kcompat.h | 39 ++++++++ + tpm.h | 3 + + 4 files changed, 482 insertions(+), 2 deletions(-) + create mode 100644 common.mk + create mode 100644 kcompat.h + +diff --git a/Makefile b/Makefile +index 23681f0..f3250cc 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,9 @@ +-# ++ ++ifneq ($(KERNELRELEASE),) ++# kbuild part of makefile + # Makefile for the kernel tpm device drivers. + # ++ + obj-$(CONFIG_TCG_TPM) += tpm.o + tpm-y := tpm-interface.o tpm-dev.o tpm-sysfs.o tpm-chip.o tpm2-cmd.o \ + tpm-dev-common.o tpmrm-dev.o tpm1_eventlog.o tpm2_eventlog.o \ +@@ -17,7 +20,110 @@ obj-$(CONFIG_TCG_NSC) += tpm_nsc.o + obj-$(CONFIG_TCG_ATMEL) += tpm_atmel.o + obj-$(CONFIG_TCG_INFINEON) += tpm_infineon.o + obj-$(CONFIG_TCG_IBMVTPM) += tpm_ibmvtpm.o +-obj-$(CONFIG_TCG_TIS_ST33ZP24) += st33zp24/ + obj-$(CONFIG_TCG_XEN) += xen-tpmfront.o + obj-$(CONFIG_TCG_CRB) += tpm_crb.o + obj-$(CONFIG_TCG_VTPM_PROXY) += tpm_vtpm_proxy.o ++ ++else # ifneq($(KERNELRELEASE),) ++# normal makefile ++ ++# driver will be provided by the spec file ++DRIVER= ++ ++ifeq (,$(wildcard common.mk)) ++ $(error Cannot find common.mk build rules) ++else ++ include common.mk ++endif ++ ++############### ++# Build rules # ++############### ++ ++# Standard compilation, with regular output ++default: ++ @+$(call kernelbuild,modules) ++ ++# Noisy output, for extra debugging ++noisy: ++ @+$(call kernelbuild,modules,V=1) ++ ++# Silence any output generated ++silent: ++ @+$(call kernelbuild,modules,>/dev/null) ++ ++# Enable higher warning level ++checkwarnings: clean ++ @+$(call kernelbuild,modules,W=1) ++ ++# Run sparse static analyzer ++sparse: clean ++ @+$(call kernelbuild,modules,C=2 CF="-D__CHECK_ENDIAN__ -Wbitwise -Wcontext") ++ ++# Run coccicheck static analyzer ++ccc: clean ++ @+$(call kernelbuild,modules,coccicheck MODE=report) ++ ++# Clean the module subdirectories ++clean: ++ @+$(call kernelbuild,clean) ++ @-rm -rf *.ko ++ ++# Install the modules ++install: default ++ @echo "Installing modules..." ++ @+$(call kernelbuild,modules_install) ++ @echo "Running depmod..." ++ @$(call cmd_depmod) ++ifeq (${cmd_initrd},) ++ @echo "Unable to update initrd. You may need to do this manually." ++else ++ @echo "Updating initrd..." ++ -@$(call cmd_initrd) ++endif ++ ++# Target used by rpmbuild spec file ++rpm: default ++ @install -D -m 644 ${DRIVER}.ko ${INSTALL_MOD_PATH}/lib/modules/${KVER}/${INSTALL_MOD_DIR}/${DRIVER}.ko ++ ++uninstall: ++ rm -f ${INSTALL_MOD_PATH}/lib/modules/${KVER}/${INSTALL_MOD_DIR}/${DRIVER}.ko; ++ $(call cmd_depmod) ++ifeq (${cmd_initrd},) ++ @echo "Unable to update initrd. You may need to do this manually." ++else ++ @echo "Updating initrd..." ++ -@$(call cmd_initrd) ++endif ++ ++######## ++# Help # ++######## ++help: ++ @echo 'Cleaning targets:' ++ @echo ' clean - Clean files generated by kernel module build' ++ @echo 'Build targets:' ++ @echo ' default - Build module(s) with standard verbosity' ++ @echo ' noisy - Build module(s) with V=1 verbosity -- very noisy' ++ @echo ' silent - Build module(s), squelching all output' ++ @echo 'Static Analysis:' ++ @echo ' checkwarnings - Clean, then build module(s) with W=1 warnings enabled' ++ @echo ' sparse - Clean, then check module(s) using sparse' ++ @echo ' ccc - Clean, then check module(s) using coccicheck' ++ @echo 'Other targets:' ++ @echo ' install - Build then install the module(s)' ++ @echo ' uninstall - Uninstall the module(s)' ++ @echo ' help - Display this help message' ++ @echo 'Variables:' ++ @echo ' LINUX_VERSION - Debug tool to force kernel LINUX_VERSION_CODE. Use at your own risk.' ++ @echo ' W=N - Kernel variable for setting warning levels' ++ @echo ' V=N - Kernel variable for setting output verbosity' ++ @echo ' INSTALL_MOD_PATH - Add prefix for the module and manpage installation path' ++ @echo ' INSTALL_MOD_DIR - Use module directory other than updates/drivers/char/tpm/${DRIVER}' ++ @echo ' KSRC - Specifies the full path to the kernel tree to build against' ++ @echo ' Other variables may be available for tuning make process, see' ++ @echo ' Kernel Kbuild documentation for more information' ++ ++.PHONY: default noisy clean silent sparse ccc install uninstall help ++ ++endif # ifneq($(KERNELRELEASE),) +diff --git a/common.mk b/common.mk +new file mode 100644 +index 0000000..671ca33 +--- /dev/null ++++ b/common.mk +@@ -0,0 +1,332 @@ ++################################################################################ ++# ++# Linux TPM Driver ++# Copyright(c) 2013 - 2017 Intel Corporation. ++# Copyright (c) 2017 Wind River Systems, Inc. ++# ++# This program is free software; you can redistribute it and/or modify it ++# under the terms and conditions of the GNU General Public License, ++# version 2, as published by the Free Software Foundation. ++# ++# This program is distributed in the hope it will be useful, but WITHOUT ++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for ++# more details. ++# ++# The full GNU General Public License is included in this distribution in ++# the file called "COPYING". ++# ++# Contact Information: ++# e1000-devel Mailing List ++# Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 ++################################################################################ ++ ++ ++# common Makefile rules useful for out-of-tree Linux driver builds ++# ++# Usage: include common.mk ++# ++# After including, you probably want to add a minimum_kver_check call ++# ++# Required Variables: ++# DRIVER ++# -- Set to the lowercase driver name ++ ++##################### ++# Helpful functions # ++##################### ++ ++readlink = $(shell readlink -f ${1}) ++ ++# helper functions for converting kernel version to version codes ++get_kver = $(or $(word ${2},$(subst ., ,${1})),0) ++get_kvercode = $(shell [ "${1}" -ge 0 -a "${1}" -le 255 2>/dev/null ] && \ ++ [ "${2}" -ge 0 -a "${2}" -le 255 2>/dev/null ] && \ ++ [ "${3}" -ge 0 -a "${3}" -le 255 2>/dev/null ] && \ ++ printf %d $$(( ( ${1} << 16 ) + ( ${2} << 8 ) + ( ${3} ) )) ) ++ ++################ ++# depmod Macro # ++################ ++ ++cmd_depmod = /sbin/depmod $(if ${SYSTEM_MAP_FILE},-e -F ${SYSTEM_MAP_FILE}) \ ++ $(if $(strip ${INSTALL_MOD_PATH}),-b ${INSTALL_MOD_PATH}) \ ++ -a ${KVER} ++ ++################ ++# dracut Macro # ++################ ++ ++cmd_initrd := $(shell \ ++ if which dracut > /dev/null 2>&1 ; then \ ++ echo "dracut --force"; \ ++ elif which update-initramfs > /dev/null 2>&1 ; then \ ++ echo "update-initramfs -u"; \ ++ fi ) ++ ++##################### ++# Environment tests # ++##################### ++ ++DRIVER_UPPERCASE := $(shell echo ${DRIVER} | tr "[:lower:]" "[:upper:]" | tr "TPM" "TCG") ++ ++ifeq (,${BUILD_KERNEL}) ++BUILD_KERNEL=$(shell uname -r) ++endif ++ ++# Kernel Search Path ++# All the places we look for kernel source ++KSP := /lib/modules/${BUILD_KERNEL}/source \ ++ /lib/modules/${BUILD_KERNEL}/build \ ++ /usr/src/linux-${BUILD_KERNEL} \ ++ /usr/src/linux-$(${BUILD_KERNEL} | sed 's/-.*//') \ ++ /usr/src/kernel-headers-${BUILD_KERNEL} \ ++ /usr/src/kernel-source-${BUILD_KERNEL} \ ++ /usr/src/linux-$(${BUILD_KERNEL} | sed 's/\([0-9]*\.[0-9]*\)\..*/\1/') \ ++ /usr/src/linux \ ++ /usr/src/kernels/${BUILD_KERNEL} \ ++ /usr/src/kernels ++ ++# prune the list down to only values that exist and have an include/linux ++# sub-directory. We can't use include/config because some older kernels don't ++# have this. ++test_dir = $(shell [ -e ${dir}/include/linux ] && echo ${dir}) ++KSP := $(foreach dir, ${KSP}, ${test_dir}) ++ ++# we will use this first valid entry in the search path ++ifeq (,${KSRC}) ++ KSRC := $(firstword ${KSP}) ++endif ++ ++ifeq (,${KSRC}) ++ $(warning *** Kernel header files not in any of the expected locations.) ++ $(warning *** Install the appropriate kernel development package, e.g.) ++ $(error kernel-devel, for building kernel modules and try again) ++else ++ifeq (/lib/modules/${BUILD_KERNEL}/source, ${KSRC}) ++ KOBJ := /lib/modules/${BUILD_KERNEL}/build ++else ++ KOBJ := ${KSRC} ++endif ++endif ++ ++# Version file Search Path ++VSP := ${KOBJ}/include/generated/utsrelease.h \ ++ ${KOBJ}/include/linux/utsrelease.h \ ++ ${KOBJ}/include/linux/version.h \ ++ ${KOBJ}/include/generated/uapi/linux/version.h \ ++ /boot/vmlinuz.version.h ++ ++# Config file Search Path ++CSP := ${KOBJ}/include/generated/autoconf.h \ ++ ${KOBJ}/include/linux/autoconf.h \ ++ /boot/vmlinuz.autoconf.h ++ ++# System.map Search Path (for depmod) ++MSP := ${KSRC}/System.map \ ++ /boot/System.map-${BUILD_KERNEL} ++ ++# prune the lists down to only files that exist ++test_file = $(shell [ -f ${file} ] && echo ${file}) ++VSP := $(foreach file, ${VSP}, ${test_file}) ++CSP := $(foreach file, ${CSP}, ${test_file}) ++MSP := $(foreach file, ${MSP}, ${test_file}) ++ ++ ++# and use the first valid entry in the Search Paths ++ifeq (,${VERSION_FILE}) ++ VERSION_FILE := $(firstword ${VSP}) ++endif ++ ++ifeq (,${CONFIG_FILE}) ++ CONFIG_FILE := $(firstword ${CSP}) ++endif ++ ++ifeq (,${SYSTEM_MAP_FILE}) ++ SYSTEM_MAP_FILE := $(firstword ${MSP}) ++endif ++ ++ifeq (,$(wildcard ${VERSION_FILE})) ++ $(error Linux kernel source not configured - missing version header file) ++endif ++ ++ifeq (,$(wildcard ${CONFIG_FILE})) ++ $(error Linux kernel source not configured - missing autoconf.h) ++endif ++ ++ifeq (,$(wildcard ${SYSTEM_MAP_FILE})) ++ $(warning Missing System.map file - depmod will not check for missing symbols) ++endif ++ ++####################### ++# Linux Version Setup # ++####################### ++ ++# The following command line parameter is intended for development of KCOMPAT ++# against upstream kernels such as net-next which have broken or non-updated ++# version codes in their Makefile. They are intended for debugging and ++# development purpose only so that we can easily test new KCOMPAT early. If you ++# don't know what this means, you do not need to set this flag. There is no ++# arcane magic here. ++ ++# Convert LINUX_VERSION into LINUX_VERSION_CODE ++ifneq (${LINUX_VERSION},) ++ LINUX_VERSION_CODE=$(call get_kvercode,$(call get_kver,${LINUX_VERSION},1),$(call get_kver,${LINUX_VERSION},2),$(call get_kver,${LINUX_VERSION},3)) ++endif ++ ++# Honor LINUX_VERSION_CODE ++ifneq (${LINUX_VERSION_CODE},) ++ $(warning Forcing target kernel to build with LINUX_VERSION_CODE of ${LINUX_VERSION_CODE}$(if ${LINUX_VERSION}, from LINUX_VERSION=${LINUX_VERSION}). Do this at your own risk.) ++ KVER_CODE := ${LINUX_VERSION_CODE} ++ EXTRA_CFLAGS += -DLINUX_VERSION_CODE=${LINUX_VERSION_CODE} ++endif ++ ++# Determine SLE_LOCALVERSION_CODE for SuSE SLE >= 11 (needed by kcompat) ++# This assumes SuSE will continue setting CONFIG_LOCALVERSION to the string ++# appended to the stable kernel version on which their kernel is based with ++# additional versioning information (up to 3 numbers), a possible abbreviated ++# git SHA1 commit id and a kernel type, e.g. CONFIG_LOCALVERSION=-1.2.3-default ++# or CONFIG_LOCALVERSION=-999.gdeadbee-default ++ifeq (1,$(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_SUSE_KERNEL | awk '{ print $$3 }')) ++ ++ifneq (10,$(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_SLE_VERSION | awk '{ print $$3 }')) ++ ++ LOCALVERSION := $(shell ${CC} -E -dM ${CONFIG_FILE} 2> /dev/null |\ ++ grep -m 1 CONFIG_LOCALVERSION | awk '{ print $$3 }' |\ ++ cut -d'-' -f2 | sed 's/\.g[[:xdigit:]]\{7\}//') ++ LOCALVER_A := $(shell echo ${LOCALVERSION} | cut -d'.' -f1) ++ LOCALVER_B := $(shell echo ${LOCALVERSION} | cut -s -d'.' -f2) ++ LOCALVER_C := $(shell echo ${LOCALVERSION} | cut -s -d'.' -f3) ++ SLE_LOCALVERSION_CODE := $(shell expr ${LOCALVER_A} \* 65536 + \ ++ 0${LOCALVER_B} \* 256 + 0${LOCALVER_C}) ++ EXTRA_CFLAGS += -DSLE_LOCALVERSION_CODE=${SLE_LOCALVERSION_CODE} ++endif ++endif ++ ++EXTRA_CFLAGS += ${CFLAGS_EXTRA} ++ ++# get the kernel version - we use this to find the correct install path ++KVER := $(shell ${CC} ${EXTRA_CFLAGS} -E -dM ${VERSION_FILE} | grep UTS_RELEASE | \ ++ awk '{ print $$3 }' | sed 's/\"//g') ++ ++# assume source symlink is the same as build, otherwise adjust KOBJ ++ifneq (,$(wildcard /lib/modules/${KVER}/build)) ++ ifneq (${KSRC},$(call readlink,/lib/modules/${KVER}/build)) ++ KOBJ=/lib/modules/${KVER}/build ++ endif ++endif ++ ++ifeq (${KVER_CODE},) ++ KVER_CODE := $(shell ${CC} ${EXTRA_CFLAGS} -E -dM ${VSP} 2> /dev/null |\ ++ grep -m 1 LINUX_VERSION_CODE | awk '{ print $$3 }' | sed 's/\"//g') ++endif ++ ++# minimum_kver_check ++# ++# helper function to provide uniform output for different drivers to abort the ++# build based on kernel version check. Usage: "$(call minimum_kver_check,2,6,XX)". ++define _minimum_kver_check ++ifeq (0,$(shell [ ${KVER_CODE} -lt $(call get_kvercode,${1},${2},${3}) ]; echo "$$?")) ++ $$(warning *** Aborting the build.) ++ $$(error This driver is not supported on kernel versions older than ${1}.${2}.${3}) ++endif ++endef ++minimum_kver_check = $(eval $(call _minimum_kver_check,${1},${2},${3})) ++ ++################ ++# Manual Pages # ++################ ++ ++MANSECTION = 7 ++ ++ifeq (,${MANDIR}) ++ # find the best place to install the man page ++ MANPATH := $(shell (manpath 2>/dev/null || echo $MANPATH) | sed 's/:/ /g') ++ ifneq (,${MANPATH}) ++ # test based on inclusion in MANPATH ++ test_dir = $(findstring ${dir}, ${MANPATH}) ++ else ++ # no MANPATH, test based on directory existence ++ test_dir = $(shell [ -e ${dir} ] && echo ${dir}) ++ endif ++ # our preferred install path ++ # should /usr/local/man be in here ? ++ MANDIR := /usr/share/man /usr/man ++ MANDIR := $(foreach dir, ${MANDIR}, ${test_dir}) ++ MANDIR := $(firstword ${MANDIR}) ++endif ++ifeq (,${MANDIR}) ++ # fallback to /usr/man ++ MANDIR := /usr/man ++endif ++ ++#################### ++# CCFLAGS variable # ++#################### ++ ++# set correct CCFLAGS variable for kernels older than 2.6.24 ++ifeq (0,$(shell [ ${KVER_CODE} -lt $(call get_kvercode,2,6,24) ]; echo $$?)) ++CCFLAGS_VAR := EXTRA_CFLAGS ++else ++CCFLAGS_VAR := ccflags-y ++endif ++ ++################# ++# KBUILD_OUTPUT # ++################# ++ ++# Only set KBUILD_OUTPUT if KOBJ differs from KSRC ++ifneq (${KSRC},${KOBJ}) ++export KBUILD_OUTPUT ?= ${KOBJ} ++endif ++ ++############################ ++# Module Install Directory # ++############################ ++ ++# Default to using updates/drivers/char/tpm/ path, since depmod since ++# v3.1 defaults to checking updates folder first, and only checking kernels/ ++# and extra afterwards. We use updates instead of kernel/* due to desire to ++# prevent over-writing built-in modules files. ++export INSTALL_MOD_DIR ?= updates/drivers/char/tpm/ ++ ++ ++###################### ++# Kernel Build Macro # ++###################### ++ ++# kernel build function ++# ${1} is the kernel build target ++# ${2} may contain any extra rules to pass directly to the sub-make process ++# ++# This function is expected to be executed by ++# @+$(call kernelbuild,,) ++# from within a Makefile recipe. ++# ++# The following variables are expected to be defined for its use: ++# GCC_I_SYS -- if set it will enable use of gcc-i-sys.sh wrapper to use -isystem ++# CCFLAGS_VAR -- the CCFLAGS variable to set extra CFLAGS ++# EXTRA_CFLAGS -- a set of extra CFLAGS to pass into the ccflags-y variable ++# KSRC -- the location of the kernel source tree to build against ++# DRIVER_UPPERCASE -- the uppercase name of the kernel module, set from DRIVER ++# ++kernelbuild = ${MAKE} $(if ${GCC_I_SYS},CC="${GCC_I_SYS}") \ ++ ${CCFLAGS_VAR}="${EXTRA_CFLAGS}" \ ++ -C "${KSRC}" \ ++ CONFIG_TCG_TPM=m \ ++ CONFIG_ACPI=y \ ++ CONFIG_TCG_TIS_CORE=m \ ++ CONFIG_TCG_TIS=m \ ++ CONFIG_TCG_TIS_I2C_ATMEL=m \ ++ CONFIG_TCG_TIS_I2C_INFINEON=m \ ++ CONFIG_TCG_TIS_I2C_NUVOTON=m \ ++ CONFIG_TCG_NSC=m \ ++ CONFIG_TCG_ATMEL=m \ ++ CONFIG_TCG_INFINEON=m \ ++ CONFIG_TCG_CRB=m \ ++ CONFIG_${DRIVER_UPPERCASE}=m \ ++ modules \ ++ M="${CURDIR}" \ ++ ${2} ${1} +diff --git a/kcompat.h b/kcompat.h +new file mode 100644 +index 0000000..cd9578a +--- /dev/null ++++ b/kcompat.h +@@ -0,0 +1,39 @@ ++/********************************************************************** ++ * ++ * Copyright (c) 2017 Wind River Systems, Inc. ++* SPDX-License-Identifier: Apache-2.0 ++* ++* ++* ++ **********************************************************************/ ++ ++#ifndef _KCOMPAT_H_ ++#define _KCOMPAT_H_ ++ ++#ifndef LINUX_VERSION_CODE ++#include ++#else ++#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c)) ++#endif ++#include ++#include ++ ++#if ( LINUX_VERSION_CODE <= KERNEL_VERSION(3,10,0) ) ++#include ++#include ++ ++// would normally be passed in from the Kernel, had ++// we set CONFIG_TCG_TPM=y in the KConfig, however ++// that has the added disadvantage of building the ++// TPM driver in-kernel. ++#define CONFIG_TCG_TPM_MODULE 1 ++ ++#define acpi_os_map_iomem(x, y) acpi_os_map_memory(x, y) ++#define acpi_os_unmap_iomem(x, y) acpi_os_unmap_memory(x, y) ++ ++#define module_pnp_driver(__pnp_driver) \ ++ module_driver(__pnp_driver, pnp_register_driver, \ ++ pnp_unregister_driver) ++ ++#endif ++#endif +diff --git a/tpm.h b/tpm.h +index 4b4c8de..b744e2f 100644 +--- a/tpm.h ++++ b/tpm.h +@@ -23,6 +23,9 @@ + #ifndef __TPM_H__ + #define __TPM_H__ + ++// WRS: the kernel compat layer ++#include "kcompat.h" ++ + #include + #include + #include +-- +1.8.3.1 + diff --git a/tpmdd/patches/UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch b/tpmdd/patches/UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch new file mode 100644 index 0000000..ac9b453 --- /dev/null +++ b/tpmdd/patches/UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch @@ -0,0 +1,200 @@ +From 9f3fc7bcddcb51234e23494531f93ab60475e1c3 Mon Sep 17 00:00:00 2001 +From: Hamza Attak +Date: Mon, 14 Aug 2017 19:09:16 +0100 +Subject: [PATCH] tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 + generic drivers + +The patch simply replaces all msleep function calls with usleep_range calls +in the generic drivers. + +Tested with an Infineon TPM 1.2, using the generic tpm-tis module, for a +thousand PCR extends, we see results going from 1m57s unpatched to 40s +with the new patch. We obtain similar results when using the original and +patched tpm_infineon driver, which is also part of the patch. +Similarly with a STM TPM 2.0, using the CRB driver, it takes about 20ms per +extend unpatched and around 7ms with the new patch. + +Note that the PCR consistency is untouched with this patch, each TPM has +been tested with 10 million extends and the aggregated PCR value is +continuously verified to be correct. + +As an extension of this work, this could potentially and easily be applied +to other vendor's drivers. Still, these changes are not included in the +proposed patch as they are untested. + +Signed-off-by: Hamza Attak +Reviewed-by: Jarkko Sakkinen +Tested-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: James Morris +--- +tpm-interface.c | 10 +++++----- +tpm.h | 9 ++++++++- +tpm2-cmd.c | 2 +- +tpm_infineon.c | 6 +++--- +tpm_tis_core.c | 8 ++++---- + 5 files changed, 21 insertions(+), 14 deletions(-) + +diff --git a/tpm-interface.c b/tpm-interface.c +index fe597e6..1d6729b 100644 +--- a/tpm-interface.c ++++ b/tpm-interface.c +@@ -455,7 +455,7 @@ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, + goto out; + } + +- msleep(TPM_TIMEOUT); /* CHECK */ ++ tpm_msleep(TPM_TIMEOUT); + rmb(); + } while (time_before(jiffies, stop)); + +@@ -970,7 +970,7 @@ int tpm_do_selftest(struct tpm_chip *chip) + dev_info( + &chip->dev, HW_ERR + "TPM command timed out during continue self test"); +- msleep(delay_msec); ++ tpm_msleep(delay_msec); + continue; + } + +@@ -985,7 +985,7 @@ int tpm_do_selftest(struct tpm_chip *chip) + } + if (rc != TPM_WARN_DOING_SELFTEST) + return rc; +- msleep(delay_msec); ++ tpm_msleep(delay_msec); + } while (--loops > 0); + + return rc; +@@ -1085,7 +1085,7 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, + } + } else { + do { +- msleep(TPM_TIMEOUT); ++ tpm_msleep(TPM_TIMEOUT); + status = chip->ops->status(chip); + if ((status & mask) == mask) + return 0; +@@ -1150,7 +1150,7 @@ int tpm_pm_suspend(struct device *dev) + */ + if (rc != TPM_WARN_RETRY) + break; +- msleep(TPM_TIMEOUT_RETRY); ++ tpm_msleep(TPM_TIMEOUT_RETRY); + } + + if (rc) +diff --git a/tpm.h b/tpm.h +index 04fbff2..2d5466a 100644 +--- a/tpm.h ++++ b/tpm.h +@@ -50,7 +50,8 @@ enum tpm_const { + + enum tpm_timeout { + TPM_TIMEOUT = 5, /* msecs */ +- TPM_TIMEOUT_RETRY = 100 /* msecs */ ++ TPM_TIMEOUT_RETRY = 100, /* msecs */ ++ TPM_TIMEOUT_RANGE_US = 300 /* usecs */ + }; + + /* TPM addresses */ +@@ -527,6 +528,12 @@ ssize_t tpm_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap, + int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, + wait_queue_head_t *queue, bool check_cancel); + ++static inline void tpm_msleep(unsigned int delay_msec) ++{ ++ usleep_range(delay_msec * 1000, ++ (delay_msec * 1000) + TPM_TIMEOUT_RANGE_US); ++}; ++ + struct tpm_chip *tpm_chip_find_get(int chip_num); + __must_check int tpm_try_get_ops(struct tpm_chip *chip); + void tpm_put_ops(struct tpm_chip *chip); +diff --git a/tpm2-cmd.c b/tpm2-cmd.c +index f7f34b2a..e1a41b7 100644 +--- a/tpm2-cmd.c ++++ b/tpm2-cmd.c +@@ -899,7 +899,7 @@ static int tpm2_do_selftest(struct tpm_chip *chip) + if (rc != TPM2_RC_TESTING) + break; + +- msleep(delay_msec); ++ tpm_msleep(delay_msec); + } + + return rc; +diff --git a/tpm_infineon.c b/tpm_infineon.c +index 3b1b9f9..d8f1004 100644 +--- a/tpm_infineon.c ++++ b/tpm_infineon.c +@@ -191,7 +191,7 @@ static int wait(struct tpm_chip *chip, int wait_for_bit) + /* check the status-register if wait_for_bit is set */ + if (status & 1 << wait_for_bit) + break; +- msleep(TPM_MSLEEP_TIME); ++ tpm_msleep(TPM_MSLEEP_TIME); + } + if (i == TPM_MAX_TRIES) { /* timeout occurs */ + if (wait_for_bit == STAT_XFE) +@@ -226,7 +226,7 @@ static void tpm_wtx(struct tpm_chip *chip) + wait_and_send(chip, TPM_CTRL_WTX); + wait_and_send(chip, 0x00); + wait_and_send(chip, 0x00); +- msleep(TPM_WTX_MSLEEP_TIME); ++ tpm_msleep(TPM_WTX_MSLEEP_TIME); + } + + static void tpm_wtx_abort(struct tpm_chip *chip) +@@ -237,7 +237,7 @@ static void tpm_wtx_abort(struct tpm_chip *chip) + wait_and_send(chip, 0x00); + wait_and_send(chip, 0x00); + number_of_wtx = 0; +- msleep(TPM_WTX_MSLEEP_TIME); ++ tpm_msleep(TPM_WTX_MSLEEP_TIME); + } + + static int tpm_inf_recv(struct tpm_chip *chip, u8 * buf, size_t count) +diff --git a/tpm_tis_core.c b/tpm_tis_core.c +index b617b2e..63bc6c3 100644 +--- a/tpm_tis_core.c ++++ b/tpm_tis_core.c +@@ -51,7 +51,7 @@ static int wait_startup(struct tpm_chip *chip, int l) + + if (access & TPM_ACCESS_VALID) + return 0; +- msleep(TPM_TIMEOUT); ++ tpm_msleep(TPM_TIMEOUT); + } while (time_before(jiffies, stop)); + return -1; + } +@@ -117,7 +117,7 @@ static int request_locality(struct tpm_chip *chip, int l) + do { + if (check_locality(chip, l)) + return l; +- msleep(TPM_TIMEOUT); ++ tpm_msleep(TPM_TIMEOUT); + } while (time_before(jiffies, stop)); + } + return -1; +@@ -164,7 +164,7 @@ static int get_burstcount(struct tpm_chip *chip) + burstcnt = (value >> 8) & 0xFFFF; + if (burstcnt) + return burstcnt; +- msleep(TPM_TIMEOUT); ++ tpm_msleep(TPM_TIMEOUT); + } while (time_before(jiffies, stop)); + return -EBUSY; + } +@@ -396,7 +396,7 @@ static int tpm_tis_send(struct tpm_chip *chip, u8 *buf, size_t len) + priv->irq = irq; + chip->flags |= TPM_CHIP_FLAG_IRQ; + if (!priv->irq_tested) +- msleep(1); ++ tpm_msleep(1); + if (!priv->irq_tested) + disable_interrupts(chip); + priv->irq_tested = true; +-- +1.8.3.1 + diff --git a/tpmdd/patches/UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch b/tpmdd/patches/UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch new file mode 100644 index 0000000..dc12fb7 --- /dev/null +++ b/tpmdd/patches/UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch @@ -0,0 +1,59 @@ +From 19b460f3fe98b0513bf5a52f63e19bc120bd8093 Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Fri, 10 Nov 2017 16:33:06 -0500 +Subject: [PATCH] =?UTF-8?q?tpm:=20reduce=C2=A0tpm=C2=A0polling=C2=A0delay?= + =?UTF-8?q?=C2=A0in=C2=A0tpm=5Ftis=5Fcore?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The existing wait_for_tpm_stat() polls for the chip status after +5msec sleep. As per TCG ddwg input, it is expected that tpm might +return status in few usec. So, reducing the delay in polling to +1msec. +Similarly, get_burstcount() function sleeps for 5msec before +retrying for next query to burstcount in a loop. If it takes +lesser time for TPM to return, this 5msec delay is longer than +necessary. + +After this change, performance on a TPM 1.2 with an 8 byte +burstcount for 1000 extends improved from ~14sec to ~9sec. + +Signed-off-by: Nayna Jain +Reviewed-by: Jarkko Sakkinen +Tested-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +--- + tpm-interface.c | 2 +- + tpm_tis_core.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tpm-interface.c b/tpm-interface.c +index 66d671b..9971422 100644 +--- a/tpm-interface.c ++++ b/tpm-interface.c +@@ -1050,7 +1050,7 @@ again: + } + } else { + do { +- tpm_msleep(TPM_TIMEOUT); ++ tpm_msleep(1); + status = chip->ops->status(chip); + if ((status & mask) == mask) + return 0; +diff --git a/tpm_tis_core.c b/tpm_tis_core.c +index 63bc6c3..d87255f 100644 +--- a/tpm_tis_core.c ++++ b/tpm_tis_core.c +@@ -164,7 +164,7 @@ static int get_burstcount(struct tpm_chip *chip) + burstcnt = (value >> 8) & 0xFFFF; + if (burstcnt) + return burstcnt; +- tpm_msleep(TPM_TIMEOUT); ++ tpm_msleep(1); + } while (time_before(jiffies, stop)); + return -EBUSY; + } +-- +1.8.3.1 + diff --git a/tpmdd/patches/UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch b/tpmdd/patches/UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch new file mode 100644 index 0000000..06022b5 --- /dev/null +++ b/tpmdd/patches/UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch @@ -0,0 +1,37 @@ +From 86d94390d9b97639fecb3e032120b93004a3036d Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Fri, 10 Nov 2017 16:42:19 -0500 +Subject: [PATCH] tpm: use tpm_msleep() value as max delay + +Currently, tpm_msleep() uses delay_msec as the minimum value in +usleep_range. However, that is the maximum time we want to wait. +The function is modified to use the delay_msec as the maximum +value, not the minimum value. + +After this change, performance on a TPM 1.2 with an 8 byte +burstcount for 1000 extends improved from ~9sec to ~8sec. + +Signed-off-by: Nayna Jain +Acked-by: Mimi Zohar +--- + tpm.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tpm.h b/tpm.h +index d9c3659..6f3297e 100644 +--- a/tpm.h ++++ b/tpm.h +@@ -550,8 +550,8 @@ int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, + + static inline void tpm_msleep(unsigned int delay_msec) + { +- usleep_range(delay_msec * 1000, +- (delay_msec * 1000) + TPM_TIMEOUT_RANGE_US); ++ usleep_range((delay_msec * 1000) - TPM_TIMEOUT_RANGE_US, ++ delay_msec * 1000); + }; + + struct tpm_chip *tpm_chip_find_get(int chip_num); +-- +1.8.3.1 + diff --git a/tpmdd/patches/UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch b/tpmdd/patches/UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch new file mode 100644 index 0000000..2ea33cc --- /dev/null +++ b/tpmdd/patches/UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch @@ -0,0 +1,123 @@ +From 2e23fe68b72638a1185f6243528f05f7dc665a3a Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Tue, 14 Nov 2017 11:01:56 -0500 +Subject: [PATCH] tpm: define __wait_for_tpm_stat to specify variable polling + sleep time + +The existing wait_for_tpm_stat() checks the chip status before +sleeping for 5 msec in a polling loop. For some functions although +the status isn't ready immediately, the status returns extremely +quickly. Waiting for 5 msec causes an unnecessary delay. An +example is the send() call in the tpms_tis driver. + +This patch defines __wait_for_tpm_stat(), allowing the caller +to specify the polling sleep timeout value within the loop. +The existing wait_for_tpm_stat() becomes a wrapper for this +function. + +After this change, performance on a TPM 1.2 with an 8 byte +burstcount for 1000 extends improved from ~14sec to ~10sec. + +Signed-off-by: Nayna Jain +Acked-by: Mimi Zohar +--- + tpm-interface.c | 15 ++++++++++++--- + tpm.h | 3 +++ + tpm_tis_core.c | 13 +++++++------ + 3 files changed, 22 insertions(+), 9 deletions(-) + +diff --git a/tpm-interface.c b/tpm-interface.c +index 9971422..69041ec 100644 +--- a/tpm-interface.c ++++ b/tpm-interface.c +@@ -1015,8 +1015,9 @@ static bool wait_for_tpm_stat_cond(struct tpm_chip *chip, u8 mask, + return false; + } + +-int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, +- wait_queue_head_t *queue, bool check_cancel) ++int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, ++ unsigned int poll_sleep, wait_queue_head_t *queue, ++ bool check_cancel) + { + unsigned long stop; + long rc; +@@ -1050,7 +1051,7 @@ again: + } + } else { + do { +- tpm_msleep(1); ++ tpm_msleep(poll_sleep); + status = chip->ops->status(chip); + if ((status & mask) == mask) + return 0; +@@ -1058,6 +1059,14 @@ again: + } + return -ETIME; + } ++EXPORT_SYMBOL_GPL(__wait_for_tpm_stat); ++ ++int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, ++ wait_queue_head_t *queue, bool check_cancel) ++{ ++ return __wait_for_tpm_stat(chip, mask, timeout, TPM_TIMEOUT, ++ queue, check_cancel); ++} + EXPORT_SYMBOL_GPL(wait_for_tpm_stat); + + #define TPM_ORD_SAVESTATE cpu_to_be32(152) +diff --git a/tpm.h b/tpm.h +index 6f3297e..e2c9f06 100644 +--- a/tpm.h ++++ b/tpm.h +@@ -545,6 +545,9 @@ int tpm_do_selftest(struct tpm_chip *chip); + unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal); + int tpm_pm_suspend(struct device *dev); + int tpm_pm_resume(struct device *dev); ++int __wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, ++ unsigned long timeout, unsigned int poll_sleep, ++ wait_queue_head_t *queue, bool check_cancel); + int wait_for_tpm_stat(struct tpm_chip *chip, u8 mask, unsigned long timeout, + wait_queue_head_t *queue, bool check_cancel); + +diff --git a/tpm_tis_core.c b/tpm_tis_core.c +index d87255f..330b1a7 100644 +--- a/tpm_tis_core.c ++++ b/tpm_tis_core.c +@@ -262,9 +262,9 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len) + status = tpm_tis_status(chip); + if ((status & TPM_STS_COMMAND_READY) == 0) { + tpm_tis_ready(chip); +- if (wait_for_tpm_stat +- (chip, TPM_STS_COMMAND_READY, chip->timeout_b, +- &priv->int_queue, false) < 0) { ++ if (__wait_for_tpm_stat ++ (chip, TPM_STS_COMMAND_READY, chip->timeout_b, 1, ++ &priv->int_queue, false) < 0) { + rc = -ETIME; + goto out_err; + } +@@ -285,7 +285,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len) + + count += burstcnt; + +- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, ++ if (__wait_for_tpm_stat(chip, TPM_STS_VALID, ++ chip->timeout_c, 1, + &priv->int_queue, false) < 0) { + rc = -ETIME; + goto out_err; +@@ -302,8 +303,8 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len) + if (rc < 0) + goto out_err; + +- if (wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, +- &priv->int_queue, false) < 0) { ++ if (__wait_for_tpm_stat(chip, TPM_STS_VALID, chip->timeout_c, ++ 1, &priv->int_queue, false) < 0) { + rc = -ETIME; + goto out_err; + } +-- +1.8.3.1 + diff --git a/tpmdd/patches/UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch b/tpmdd/patches/UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch new file mode 100644 index 0000000..bf030b9 --- /dev/null +++ b/tpmdd/patches/UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch @@ -0,0 +1,97 @@ +From e82060f0cf390ba8e4f79a54e68cef9a38088104 Mon Sep 17 00:00:00 2001 +From: Nayna Jain +Date: Fri, 10 Nov 2017 17:16:35 -0500 +Subject: [PATCH] tpm: ignore burstcount to improve tpm_tis send() performance +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The TPM burstcount status indicates the number of bytes that can +be sent to the TPM without causing bus wait states.  Effectively, +it is the number of empty bytes in the command FIFO. + +This patch optimizes the tpm_tis_send_data() function by checking +the burstcount only once. And if the burstcount is valid, it writes +all the bytes at once, permitting wait state. + +After this change, performance on a TPM 1.2 with an 8 byte +burstcount for 1000 extends improved from ~41sec to ~14sec. + +Suggested-by: Ken Goldman in +conjunction with the TPM Device Driver work group. +Signed-off-by: Nayna Jain +Acked-by: Mimi Zohar +Reviewed-by: Jarkko Sakkinen +Tested-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +--- + tpm_tis_core.c | 42 +++++++++++++++--------------------------- + 1 file changed, 15 insertions(+), 27 deletions(-) + +diff --git a/tpm_tis_core.c b/tpm_tis_core.c +index a338701..a6b4149 100644 +--- a/tpm_tis_core.c ++++ b/tpm_tis_core.c +@@ -256,7 +256,6 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len) + { + struct tpm_tis_data *priv = dev_get_drvdata(&chip->dev); + int rc, status, burstcnt; +- size_t count = 0; + bool itpm = priv->flags & TPM_TIS_ITPM_WORKAROUND; + + status = tpm_tis_status(chip); +@@ -270,36 +269,25 @@ static int tpm_tis_send_data(struct tpm_chip *chip, u8 *buf, size_t len) + } + } + +- while (count < len - 1) { +- burstcnt = get_burstcount(chip); +- if (burstcnt < 0) { +- dev_err(&chip->dev, "Unable to read burstcount\n"); +- rc = burstcnt; +- goto out_err; +- } +- burstcnt = min_t(int, burstcnt, len - count - 1); +- rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality), +- burstcnt, buf + count); +- if (rc < 0) +- goto out_err; + +- count += burstcnt; +- +- if (__wait_for_tpm_stat(chip, TPM_STS_VALID, +- chip->timeout_c, 1, +- &priv->int_queue, false) < 0) { +- rc = -ETIME; +- goto out_err; +- } +- status = tpm_tis_status(chip); +- if (!itpm && (status & TPM_STS_DATA_EXPECT) == 0) { +- rc = -EIO; +- goto out_err; +- } ++ /* ++ * Get the initial burstcount to ensure TPM is ready to ++ * accept data, even when waiting for burstcount is disabled. ++ */ ++ burstcnt = get_burstcount(chip); ++ if (burstcnt < 0) { ++ dev_err(&chip->dev, "Unable to read burstcount\n"); ++ rc = burstcnt; ++ goto out_err; + } + ++ rc = tpm_tis_write_bytes(priv, TPM_DATA_FIFO(priv->locality), ++ len -1, buf); ++ if (rc < 0) ++ goto out_err; ++ + /* write last byte */ +- rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[count]); ++ rc = tpm_tis_write8(priv, TPM_DATA_FIFO(priv->locality), buf[len-1]); + if (rc < 0) + goto out_err; + +-- +1.8.3.1 + diff --git a/tpmdd/patches/tpm-kmod.spec.patchlist b/tpmdd/patches/tpm-kmod.spec.patchlist new file mode 100644 index 0000000..e49200c --- /dev/null +++ b/tpmdd/patches/tpm-kmod.spec.patchlist @@ -0,0 +1,7 @@ +0001-disable-arm64-acpi-command.patch +0002-tpmdd-kcompat-support.patch +UPSTREAM-0001-tpm-replace-msleep-with-usleep_range.patch +UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch +UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch +UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch +UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch