starlingx/integ
Code Issues Proposed changes

Merge "Remove CentOS/OpenSUSE build support"

Browse Source
This commit is contained in:
Zuul 2024-05-22 15:14:42 +00:00 committed by Gerrit Code Review
commit 88a593d142
699 changed files with 3 additions and 41645 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
base/anaconda/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

25
base/anaconda/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,25 +0,0 @@
From d52fda6215af4f2d51884a10c04d3c7a44d100dd Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 13 Nov 2017 16:38:15 -0500
Subject: [PATCH] Update package versioning for TIS format
---
SPECS/anaconda.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index e2d706d..00b19c4 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -3,7 +3,7 @@
Summary: Graphical system installer
Name: anaconda
Version: 21.48.22.147
-Release: 1%{?dist}
+Release: 1.el7.centos%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2+ and MIT
Group: Applications/System
URL: http://fedoraproject.org/wiki/Anaconda
--
1.8.3.1

36
base/anaconda/centos/meta_patches/0002-Add-TIS-patches.patch
View File

@ -1,36 +0,0 @@
From 6bec7d96120f7eef019ab2841265bf4b74ebc64d Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 13 Nov 2017 17:22:49 -0500
Subject: [PATCH] Add TIS patches
---
SPECS/anaconda.spec | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index 00b19c4..79e1c55 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -24,6 +24,9 @@ Patch8: 9800-rpmostreepayload-Rework-remote-add-handling.patch
Patch9: yumpayload-dont-verify-disabled-repos.patch
Patch10: anaconda-centos-armhfp-extloader.patch
+# WRS
+Patch10001: 0001-TIS-Progress-and-error-handling.patch
+
# Versions of required components (done so we make sure the buildrequires
# match the requires versions of things).
%define dbusver 1.2.3
@@ -250,6 +253,9 @@ runtime on NFS/HTTP/FTP servers or local disks.
%patch10 -p1
%endif
+# WRS
+%patch10001 -p1
+
%build
%configure --disable-static \
--enable-introspection \
--
1.8.3.1

32
base/anaconda/centos/meta_patches/0003-revert-7.4-grub2-efi-handling.patch
View File

@ -1,32 +0,0 @@
From 9ebc2f9343cc214fb1e590221e4791f10a2f87d1 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Fri, 17 Nov 2017 12:08:27 -0500
Subject: [PATCH] revert 7.4 grub2 efi handling
---
SPECS/anaconda.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index 79e1c55..2e5ece9 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -26,6 +26,7 @@ Patch10: anaconda-centos-armhfp-extloader.patch
# WRS
Patch10001: 0001-TIS-Progress-and-error-handling.patch
+Patch10002: 0002-revert-7.4-grub2-efi-handling.patch
# Versions of required components (done so we make sure the buildrequires
# match the requires versions of things).
@@ -255,6 +256,7 @@ runtime on NFS/HTTP/FTP servers or local disks.
# WRS
%patch10001 -p1
+%patch10002 -p1
%build
%configure --disable-static \
--
1.8.3.1

25
base/anaconda/centos/meta_patches/0004-Upversion-rpm-devel-dependency.patch
View File

@ -1,25 +0,0 @@
From 709f54c6e799c23a9a374dfca6196ec08102b658 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 23 Nov 2017 16:35:13 -0500
Subject: [PATCH] Upversion rpm-devel dependency
---
SPECS/anaconda.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index 2e5ece9..174dbee 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -51,7 +51,7 @@ Patch10002: 0002-revert-7.4-grub2-efi-handling.patch
%define pypartedver 2.5-2
%define pythonpyblockver 0.45
%define pythonurlgrabberver 3.9.1-5
-%define rpmver 4.10.0
+%define rpmver 4.14.0
%define sckeyboardver 1.3.1
%define utillinuxver 2.15.1
%define yumutilsver 1.1.11-3
--
1.8.3.1

53
base/anaconda/centos/meta_patches/0005-Add-TIS-patches-for-host-lookup.patch
View File

@ -1,53 +0,0 @@
From e54422230c27e53436fe94a639a04aaf65f787e1 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 23 Nov 2017 16:50:10 -0500
Subject: [PATCH] Add TIS patches for host lookup
---
SPECS/anaconda.spec | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index 174dbee..8541334 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -27,6 +27,8 @@ Patch10: anaconda-centos-armhfp-extloader.patch
# WRS
Patch10001: 0001-TIS-Progress-and-error-handling.patch
Patch10002: 0002-revert-7.4-grub2-efi-handling.patch
+Patch10003: 0003-Set-default-hostname-to-localhost.patch
+Patch10004: 0004-Cache-server-ip-in-etc-hosts.patch
# Versions of required components (done so we make sure the buildrequires
# match the requires versions of things).
@@ -257,6 +259,8 @@ runtime on NFS/HTTP/FTP servers or local disks.
# WRS
%patch10001 -p1
%patch10002 -p1
+%patch10003 -p1
+%patch10004 -p1
%build
%configure --disable-static \
@@ -275,6 +279,10 @@ desktop-file-install ---dir=%{buildroot}%{_datadir}/applications %{buildroot}%{_
mkdir -p %{buildroot}%{_datadir}/anaconda/site-python
install -m 0644 pyanaconda/sitecustomize.py %{buildroot}%{_datadir}/anaconda/site-python/
%endif
+
+# Add anaconda-preexec script
+install -m 0755 scripts/anaconda-preexec %{buildroot}%{_sbindir}/anaconda-preexec
+
# NOTE: If you see "error: Installed (but unpackaged) file(s) found" that include liveinst files,
# check the IS_LIVEINST_ARCH in configure.ac to make sure your architecture is properly defined
@@ -323,6 +331,7 @@ update-desktop-database &> /dev/null || :
%{_sysconfdir}/X11/xinit/xinitrc.d/*
%{_datadir}/applications/*.desktop
%endif
+%{_sbindir}/anaconda-preexec
%files gui
%{_libdir}/python*/site-packages/pyanaconda/ui/gui/*
--
1.8.3.1

47
base/anaconda/centos/meta_patches/0006-Add-support-for-https-and-IPv6-to-anaconda-preexec.patch
View File

@ -1,47 +0,0 @@
From 9a2fa4a719df870296f8559bbf775696b49847c5 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Fri, 7 Feb 2020 14:09:28 -0500
Subject: [PATCH] Add support for https and IPv6 to anaconda-preexec
Include the source patch that adds support for https and IPv6.
Signed-off-by: Don Penney <don.penney@windriver.com>
---
SPECS/anaconda.spec | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec
index c482f38..8fea2fa 100644
--- a/SPECS/anaconda.spec
+++ b/SPECS/anaconda.spec
@@ -24,11 +24,12 @@ Patch8: 9800-rpmostreepayload-Rework-remote-add-handling.patch
Patch9: yumpayload-dont-verify-disabled-repos.patch
Patch10: anaconda-centos-armhfp-extloader.patch
-# WRS
+# StarlingX
Patch10001: 0001-TIS-Progress-and-error-handling.patch
Patch10002: 0002-revert-7.4-grub2-efi-handling.patch
Patch10003: 0003-Set-default-hostname-to-localhost.patch
Patch10004: 0004-Cache-server-ip-in-etc-hosts.patch
+Patch10005: 0005-Add-support-for-IPv6-and-https-to-anaconda-preexec.patch
# Versions of required components (done so we make sure the buildrequires
# match the requires versions of things).
@@ -256,11 +257,12 @@ runtime on NFS/HTTP/FTP servers or local disks.
%patch10 -p1
%endif
-# WRS
+# StarlingX
%patch10001 -p1
%patch10002 -p1
%patch10003 -p1
%patch10004 -p1
+%patch10005 -p1
%build
%configure --disable-static \
--
1.8.3.1

6
base/anaconda/centos/meta_patches/PATCH_ORDER
View File

@ -1,6 +0,0 @@
0001-Update-package-versioning-for-TIS-format.patch
0002-Add-TIS-patches.patch
0003-revert-7.4-grub2-efi-handling.patch
0004-Upversion-rpm-devel-dependency.patch
0005-Add-TIS-patches-for-host-lookup.patch
0006-Add-support-for-https-and-IPv6-to-anaconda-preexec.patch

394
base/anaconda/centos/patches/0001-TIS-Progress-and-error-handling.patch
View File

@ -1,394 +0,0 @@
From fa37cfcf560506f49bb00b9d216b1e7646a6905b Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 13 Nov 2017 17:21:05 -0500
Subject: [PATCH] TIS Progress and error handling
---
data/tmux.conf | 3 +-
pyanaconda/errors.py | 24 +++++++--
pyanaconda/flags.py | 1 +
pyanaconda/install.py | 4 ++
pyanaconda/kickstart.py | 3 ++
pyanaconda/packaging/rpmostreepayload.py | 5 ++
pyanaconda/packaging/yumpayload.py | 15 +++++-
pyanaconda/tisnotify.py | 91 ++++++++++++++++++++++++++++++++
pyanaconda/ui/gui/hubs/progress.py | 4 ++
pyanaconda/ui/tui/spokes/progress.py | 4 ++
10 files changed, 147 insertions(+), 7 deletions(-)
create mode 100644 pyanaconda/tisnotify.py
diff --git a/data/tmux.conf b/data/tmux.conf
index 89f788b..7903b06 100644
--- a/data/tmux.conf
+++ b/data/tmux.conf
@@ -1,6 +1,7 @@
# tmux.conf for the anaconda environment
bind -n M-tab next
+bind -n C-o next
bind -n F1 list-keys
set-option -s exit-unattached off
@@ -10,7 +11,7 @@ set-option -g history-limit 10000
new-session -s anaconda -n main "anaconda"
-set-option status-right '#[fg=blue]#(echo -n "Switch tab: Alt+Tab | Help: F1 ")'
+set-option status-right '#[fg=blue]#(echo -n "Switch: Alt+Tab or Ctrl-o ")'
new-window -d -n shell "bash --login"
new-window -d -n log "tail -F /tmp/anaconda.log"
diff --git a/pyanaconda/errors.py b/pyanaconda/errors.py
index 860b228..1d1d34b 100644
--- a/pyanaconda/errors.py
+++ b/pyanaconda/errors.py
@@ -19,6 +19,7 @@
# Author(s): Chris Lumens <clumens@redhat.com>
from pyanaconda.i18n import _
+from pyanaconda.tisnotify import tisnotify
__all__ = ["ERROR_RAISE", "ERROR_CONTINUE", "ERROR_RETRY",
"InvalidImageSizeError", "MissingImageError", "MediaUnmountError",
@@ -81,6 +82,19 @@ ERROR_RAISE = 0
ERROR_CONTINUE = 1
ERROR_RETRY = 2
+#
+# WRS: If a fatal error occurs in a %pre, anaconda hasn't setup the UI yet,
+# and an exception occurs in the error handler. This is a basic dummy UI
+# to avoid this exception and print the error message.
+#
+class DefaultUI(object):
+ def __init__(self):
+ pass
+
+ def showError(self, msg):
+ print "\n\n", msg
+
+
###
### TOP-LEVEL ERROR HANDLING OBJECT
###
@@ -304,12 +318,12 @@ class ErrorHandler(object):
"""
rc = ERROR_RAISE
+ # WRS: Notify the controller installation has failed
+ tisnotify.failed()
+
if not self.ui:
- # While Pylint thinks something else, this should be likely OK
- # for an exception handler.
- #
- # pylint: disable=misplaced-bare-raise
- raise
+ # WRS: Use the basic UI
+ self.ui = DefaultUI()
_map = {"PartitioningError": self._partitionErrorHandler,
"FSResizeError": self._fsResizeHandler,
diff --git a/pyanaconda/flags.py b/pyanaconda/flags.py
index 8a97f95..3d0d2da 100644
--- a/pyanaconda/flags.py
+++ b/pyanaconda/flags.py
@@ -71,6 +71,7 @@ class Flags(object):
self.ksprompt = True
self.rescue_mode = False
self.kexec = False
+ self.tisNotifyPort = "0"
# nosave options
self.nosave_input_ks = False
self.nosave_output_ks = False
diff --git a/pyanaconda/install.py b/pyanaconda/install.py
index 26e1b26..bd8f85b 100644
--- a/pyanaconda/install.py
+++ b/pyanaconda/install.py
@@ -35,6 +35,9 @@ from pyanaconda.ui.lib.entropy import wait_for_entropy
from pyanaconda.kexec import setup_kexec
from pyanaconda.kickstart import runPostScripts, runPreInstallScripts
from pykickstart.constants import SNAPSHOT_WHEN_POST_INSTALL
+
+from pyanaconda.tisnotify import tisnotify
+
import logging
import blivet
log = logging.getLogger("anaconda")
@@ -139,6 +142,7 @@ def doConfiguration(storage, payload, ksdata, instClass):
with progress_report(N_("Creating snapshots")):
ksdata.snapshot.execute(storage, ksdata, instClass)
+ tisnotify.installed()
progress_complete()
def doInstall(storage, payload, ksdata, instClass):
diff --git a/pyanaconda/kickstart.py b/pyanaconda/kickstart.py
index 50515c8..d95b2df 100644
--- a/pyanaconda/kickstart.py
+++ b/pyanaconda/kickstart.py
@@ -90,6 +90,8 @@ from pykickstart.sections import NullSection, PackageSection, PostScriptSection,
from pykickstart.version import returnClassForVersion, RHEL7
from pykickstart.options import KSOptionParser
+from pyanaconda.tisnotify import tisnotify
+
import logging
log = logging.getLogger("anaconda")
stderrLog = logging.getLogger("anaconda.stderr")
@@ -2481,6 +2483,7 @@ def runPreScripts(scripts):
if len(preScripts) == 0:
return
+ tisnotify.preinstall()
log.info("Running kickstart %%pre script(s)")
stdoutLog.info(_("Running pre-installation scripts"))
diff --git a/pyanaconda/packaging/rpmostreepayload.py b/pyanaconda/packaging/rpmostreepayload.py
index 7cf59d7..8896ba1 100644
--- a/pyanaconda/packaging/rpmostreepayload.py
+++ b/pyanaconda/packaging/rpmostreepayload.py
@@ -36,6 +36,8 @@ from gi.repository import Gio
from blivet.size import Size
+from pyanaconda.tisnotify import tisnotify
+
import logging
log = logging.getLogger("anaconda")
@@ -69,6 +71,7 @@ class RPMOSTreePayload(ArchivePayload):
"""Like iutil.execWithRedirect, but treat errors as fatal"""
rc = iutil.execWithRedirect(cmd, argv, **kwargs)
if rc != 0:
+ tisnotify.failed()
exn = PayloadInstallError("%s %s exited with code %d" % (cmd, argv, rc))
if errors.errorHandler.cb(exn) == errors.ERROR_RAISE:
raise exn
@@ -183,6 +186,7 @@ class RPMOSTreePayload(ArchivePayload):
GLib.Variant('a{sv}', pull_opts),
progress, cancellable)
except GLib.GError as e:
+ tisnotify.failed()
exn = PayloadInstallError("Failed to pull from repository: %s" % e)
log.error(str(exn))
if errors.errorHandler.cb(exn) == errors.ERROR_RAISE:
@@ -227,6 +231,7 @@ class RPMOSTreePayload(ArchivePayload):
try:
self._copyBootloaderData()
except (OSError, RuntimeError) as e:
+ tisnotify.failed()
exn = PayloadInstallError("Failed to copy bootloader data: %s" % e)
log.error(str(exn))
if errors.errorHandler.cb(exn) == errors.ERROR_RAISE:
diff --git a/pyanaconda/packaging/yumpayload.py b/pyanaconda/packaging/yumpayload.py
index c6aa234..a0497e0 100644
--- a/pyanaconda/packaging/yumpayload.py
+++ b/pyanaconda/packaging/yumpayload.py
@@ -46,6 +46,8 @@ from pyanaconda.simpleconfig import simple_replace
from functools import wraps
from urlgrabber.grabber import URLGrabber, URLGrabError
+from pyanaconda.tisnotify import tisnotify
+
import logging
log = logging.getLogger("packaging")
@@ -181,6 +183,8 @@ class YumPayload(PackagePayload):
# save repomd metadata
self._repoMD_list = []
+ self.tisNotifyPort = flags.cmdline.get("tisNotifyPort")
+
self.reset()
def reset(self, root=None, releasever=None):
@@ -1347,6 +1351,8 @@ reposdir=%s
if self.data.packages.handleMissing == KS_MISSING_IGNORE:
return
+ tisnotify.failed()
+
# If we're doing non-interactive ks install, raise CmdlineError,
# otherwise the system will just reboot automatically
if flags.automatedInstall and not flags.ksprompt:
@@ -1524,6 +1530,7 @@ reposdir=%s
try:
self.checkSoftwareSelection()
except DependencyError as e:
+ tisnotify.failed()
if errorHandler.cb(e) == ERROR_RAISE:
progressQ.send_quit(1)
while True:
@@ -1578,6 +1585,10 @@ reposdir=%s
key, text = line.split(":", 1)
msg = progress_map[key] + text
progressQ.send_message(msg)
+ if line.startswith("PROGRESS_POST"):
+ tisnotify.postinstall()
+ elif not text.startswith(" error "):
+ tisnotify.installing(text)
log.debug(msg)
elif line.startswith("DEBUG:"):
log.debug(line[6:])
@@ -1590,7 +1601,8 @@ reposdir=%s
install_errors.append(line[6:])
else:
log.debug(line)
- except IOError as e:
+ except (IOError, OSError) as e:
+ tisnotify.failed()
log.error("Error running anaconda-yum: %s", e)
exn = PayloadInstallError(str(e))
if errorHandler.cb(exn) == ERROR_RAISE:
@@ -1612,6 +1624,7 @@ reposdir=%s
shutil.rmtree(iutil.getSysroot()+"/var/tmp/yum.cache")
if install_errors:
+ tisnotify.failed()
exn = PayloadInstallError("\n".join(install_errors))
if errorHandler.cb(exn) == ERROR_RAISE:
progressQ.send_quit(1)
diff --git a/pyanaconda/tisnotify.py b/pyanaconda/tisnotify.py
new file mode 100644
index 0000000..bf5d9bd
--- /dev/null
+++ b/pyanaconda/tisnotify.py
@@ -0,0 +1,91 @@
+"""
+Copyright (c) 2016-2017 Wind River Systems, Inc.
+ SPDX-License-Identifier: Apache-2.0
+
+
+
+"""
+
+import os
+import re
+import subprocess
+import time
+
+from pyanaconda.flags import flags
+
+class TisNotify():
+
+ def __init__(self):
+ self.tisnotify = flags.cmdline.get("tisnotify")
+ self.regex = re.compile(r'\(([\d\/]*)\)$')
+ self.DEVNULL = open(os.devnull, "w")
+ self.last_installing = 0
+
+ def sendNotification(self, data):
+ try:
+ subprocess.call(['/usr/bin/curl',
+ '--data', data,
+ self.tisnotify],
+ stdout=self.DEVNULL,
+ stderr=self.DEVNULL)
+ except:
+ pass
+
+ def preinstall(self):
+ if self.tisnotify is None:
+ return
+
+ data = "install_state=preinstall"
+ self.sendNotification(data)
+
+ def installing(self, text):
+ if self.tisnotify is None:
+ return
+
+ match = self.regex.search(text)
+ if match is None:
+ return
+
+ if (time.time() - self.last_installing) >= 5:
+ self.last_installing = time.time()
+ data = "install_state=installing&install_state_info=%s" % match.groups()[0]
+ self.sendNotification(data)
+
+ def postinstall(self):
+ if self.tisnotify is None:
+ return
+
+ data = "install_state=postinstall"
+ self.sendNotification(data)
+
+ def installed(self):
+ if self.tisnotify is None:
+ return
+
+ data = "install_state=installed"
+ self.sendNotification(data)
+
+ def failed(self):
+ if self.tisnotify is None:
+ return
+
+ data = "install_state=failed"
+ self.sendNotification(data)
+
+ etc_dir = '/mnt/sysimage/etc'
+ platform_dir = etc_dir + '/platform'
+ failed_flag = platform_dir + '/platform/installation_failed'
+ motd_file = etc_dir + '/motd'
+
+ # Set installation_failed flag, if possible and not already done
+ if os.path.exists(platform_dir) and not os.path.exists(failed_flag):
+ try:
+ subprocess.call(['touch', '/mnt/sysimage/etc/platform/installation_failed'])
+ with open(motd_file, 'a') as f:
+ f.write('Installation failure. Please check logs or reinstall.\n\n')
+ except:
+ pass
+
+
+tisnotify = TisNotify()
+
diff --git a/pyanaconda/ui/gui/hubs/progress.py b/pyanaconda/ui/gui/hubs/progress.py
index 0e4dbed..b342bd5 100644
--- a/pyanaconda/ui/gui/hubs/progress.py
+++ b/pyanaconda/ui/gui/hubs/progress.py
@@ -44,6 +44,8 @@ from pykickstart.constants import KS_SHUTDOWN, KS_REBOOT
from pyanaconda.ui.gui.hubs import Hub
from pyanaconda.ui.gui.utils import gtk_action_nowait, gtk_call_once
+from pyanaconda.tisnotify import tisnotify
+
__all__ = ["ProgressHub"]
class ProgressHub(Hub):
@@ -124,6 +126,8 @@ class ProgressHub(Hub):
# to indicate this method should be removed from the idle loop.
return False
elif code == progressQ.PROGRESS_CODE_QUIT:
+ if args[0] != 0:
+ tisnotify.failed()
sys.exit(args[0])
q.task_done()
diff --git a/pyanaconda/ui/tui/spokes/progress.py b/pyanaconda/ui/tui/spokes/progress.py
index 1feeb08..8221e31 100644
--- a/pyanaconda/ui/tui/spokes/progress.py
+++ b/pyanaconda/ui/tui/spokes/progress.py
@@ -31,6 +31,8 @@ from pyanaconda.ui.tui.spokes import StandaloneTUISpoke
from pyanaconda.ui.tui.hubs.summary import SummaryHub
from pyanaconda.ui.tui.simpleline.base import ExitAllMainLoops
+from pyanaconda.tisnotify import tisnotify
+
__all__ = ["ProgressSpoke"]
class ProgressSpoke(StandaloneTUISpoke):
@@ -101,6 +103,8 @@ class ProgressSpoke(StandaloneTUISpoke):
print('')
return True
elif code == progressQ.PROGRESS_CODE_QUIT:
+ if args[0] != 0:
+ tisnotify.failed()
sys.exit(args[0])
q.task_done()
--
1.8.3.1

87
base/anaconda/centos/patches/0002-revert-7.4-grub2-efi-handling.patch
View File

@ -1,87 +0,0 @@
From 76cd2b90fd4e550e162bc8fc7e247ed2f4e6e310 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Fri, 17 Nov 2017 12:06:39 -0500
Subject: [PATCH] revert 7.4 grub2 efi handling
---
pyanaconda/bootloader.py | 36 +++---------------------------------
1 file changed, 3 insertions(+), 33 deletions(-)
diff --git a/pyanaconda/bootloader.py b/pyanaconda/bootloader.py
index 9db9cf3..24e8b56 100644
--- a/pyanaconda/bootloader.py
+++ b/pyanaconda/bootloader.py
@@ -1404,9 +1404,7 @@ class GRUB2(GRUB):
"""
name = "GRUB2"
- # grub2 is a virtual provides that's provided by grub2-pc, grub2-ppc64le,
- # and all of the primary grub components that aren't grub2-efi-${EFIARCH}
- packages = ["grub2", "grub2-tools"]
+ packages = ["grub2"]
_config_file = "grub.cfg"
_config_dir = "grub2"
_passwd_file = "user.cfg"
@@ -1680,28 +1678,12 @@ class GRUB2(GRUB):
return ret
class EFIGRUB(GRUB2):
- _packages32 = ["grub2-efi-ia32", "shim-ia32"]
- _packages64 = ["grub2-efi-x64", "shim-x64"]
- _packages_common = ["efibootmgr"]
+ packages = ["grub2-efi", "efibootmgr", "shim"]
can_dual_boot = False
stage2_is_valid_stage1 = False
stage2_bootable = False
- _is_32bit_firmware = False
-
- @property
- def _efi_binary(self):
- if self._is_32bit_firmware:
- return "\\shimia32.efi"
- return "\\shimx64.efi"
-
- @property
- def packages(self):
- if self._is_32bit_firmware:
- return self._packages32 + self._packages_common + \
- super(EFIGRUB, self).packages
- return self._packages64 + self._packages_common + \
- super(EFIGRUB, self).packages
+ _efi_binary = "\\shim.efi"
@property
def _config_dir(self):
@@ -1711,15 +1693,6 @@ class EFIGRUB(GRUB2):
super(EFIGRUB, self).__init__()
self.efi_dir = 'BOOT'
- try:
- f = open("/sys/firmware/efi/fw_platform_size", "r")
- value = f.readline().strip()
- except IOError:
- log.info("Reading /sys/firmware/efi/fw_platform_size failed, defaulting to 64-bit install.")
- value = '64'
- if value == '32':
- self._is_32bit_firmware = True
-
def efibootmgr(self, *args, **kwargs):
if flags.imageInstall or flags.dirInstall:
log.info("Skipping efibootmgr for image/directory install.")
@@ -1812,12 +1785,9 @@ class EFIGRUB(GRUB2):
return True
class Aarch64EFIGRUB(EFIGRUB):
- _packages64 = ["grub2-efi-aa64", "shim-aa64"]
_serial_consoles = ["ttyAMA", "ttyS"]
- _efi_binary = "\\shimaa64.efi"
class MacEFIGRUB(EFIGRUB):
- packages = [ "grub2-tools-efi", "mactel-boot" ]
def mactel_config(self):
if os.path.exists(iutil.getSysroot() + "/usr/libexec/mactel-boot-setup"):
rc = iutil.execInSysroot("/usr/libexec/mactel-boot-setup", [])
--
1.8.3.1

25
base/anaconda/centos/patches/0003-Set-default-hostname-to-localhost.patch
View File

@ -1,25 +0,0 @@
From d14b48ec201b4f90042f6292d537d5af5d78c6a6 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 23 Nov 2017 16:43:58 -0500
Subject: [PATCH] Set default hostname to localhost
---
pyanaconda/network.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pyanaconda/network.py b/pyanaconda/network.py
index c6f7bb7..26c24a3 100644
--- a/pyanaconda/network.py
+++ b/pyanaconda/network.py
@@ -65,7 +65,7 @@ networkConfFile = "%s/network" % (sysconfigDir)
hostnameFile = "/etc/hostname"
ipv6ConfFile = "/etc/sysctl.d/anaconda.conf"
ifcfgLogFile = "/tmp/ifcfg.log"
-DEFAULT_HOSTNAME = "localhost.localdomain"
+DEFAULT_HOSTNAME = "localhost"
ifcfglog = None
--
1.8.3.1

80
base/anaconda/centos/patches/0004-Cache-server-ip-in-etc-hosts.patch
View File

@ -1,80 +0,0 @@
From 0b9c332f7101c890c5bb1c65f9c89d82bd759a04 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 23 Nov 2017 16:46:31 -0500
Subject: [PATCH] Cache server ip in /etc/hosts
---
data/systemd/anaconda.service | 1 +
scripts/anaconda-preexec | 50 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 51 insertions(+)
create mode 100644 scripts/anaconda-preexec
diff --git a/data/systemd/anaconda.service b/data/systemd/anaconda.service
index a80c6bb..8966258 100644
--- a/data/systemd/anaconda.service
+++ b/data/systemd/anaconda.service
@@ -7,4 +7,5 @@ Wants=anaconda-noshell.service
Type=forking
Environment=HOME=/root MALLOC_CHECK_=2 MALLOC_PERTURB_=204 PATH=/usr/bin:/bin:/sbin:/usr/sbin:/mnt/sysimage/bin:/mnt/sysimage/usr/bin:/mnt/sysimage/usr/sbin:/mnt/sysimage/sbin LANG=en_US.UTF-8 GDK_BACKEND=x11 XDG_RUNTIME_DIR=/tmp GIO_USE_VFS=local
WorkingDirectory=/root
+ExecStartPre=/usr/sbin/anaconda-preexec
ExecStart=/usr/bin/tmux -u -f /usr/share/anaconda/tmux.conf start
diff --git a/scripts/anaconda-preexec b/scripts/anaconda-preexec
new file mode 100644
index 0000000..e3f79a4
--- /dev/null
+++ b/scripts/anaconda-preexec
@@ -0,0 +1,50 @@
+#!/bin/bash
+#
+# Copyright (c) 2017 Wind River Systems, Inc.
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+#
+#
+
+exec >>/tmp/anaconda-preexec.log
+exec 2>>/tmp/anaconda-preexec.log
+set -x
+
+function get_ip()
+{
+ local host=$1
+
+ # Try the DNS query
+ host -t A $host | awk '{print $4}' | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' | head -1
+}
+
+# If the kickstart is net-based, wait for connectivity to server
+cat /proc/cmdline | grep -q 'inst\.ks=http://'
+if [ $? -eq 0 ]
+then
+ server=$(cat /proc/cmdline | sed -r 's#.*inst\.ks=http://([^/:]*)(:[^/]*)?/.*#\1#')
+ if [ -n "$server" ]
+ then
+ echo "Testing connectivity to server: $server"
+ let -i ping_count=0
+ ping -c 1 -w 60 $server
+ while [ $? -ne 0 -a $ping_count -lt 600 ]
+ do
+ echo "Waiting for connectivity to server: $server"
+ sleep 1
+ let -i ping_count++
+ ping -c 1 -w 60 $server
+ done
+
+ # Cache the host IP
+ ipaddr=$(get_ip $server)
+ if [ -n "$ipaddr" -a "$ipaddr" != "$server" ]
+ then
+ echo "$ipaddr $server" >> /etc/hosts
+ fi
+
+ fi
+fi
+
+exit 0
--
1.8.3.1

113
base/anaconda/centos/patches/0005-Add-support-for-IPv6-and-https-to-anaconda-preexec.patch
View File

@ -1,113 +0,0 @@
From fbf22f153f415b1dfed1f01879c22b15ac030652 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Mon, 10 Feb 2020 20:00:19 -0500
Subject: [PATCH] Add support for IPv6 and https to anaconda-preexec
The anaconda-preexec script runs ahead of Anaconda to cache the IP
address of the network boot server in the /etc/hosts file, to avoid
further DNS queries during installation.
This update extends the checks to add support for IPv6 and to allow
for https network access.
Signed-off-by: Don Penney <don.penney@windriver.com>
---
scripts/anaconda-preexec | 69 +++++++++++++++++++++++++++++++-----------------
1 file changed, 45 insertions(+), 24 deletions(-)
diff --git a/scripts/anaconda-preexec b/scripts/anaconda-preexec
index d491173..22e6833 100644
--- a/scripts/anaconda-preexec
+++ b/scripts/anaconda-preexec
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# Copyright (c) 2017 Wind River Systems, Inc.
+# Copyright (c) 2017-2019 Wind River Systems, Inc.
# SPDX-License-Identifier: Apache-2.0
#
#
@@ -14,36 +14,57 @@ set -x
function get_ip()
{
local host=$1
+ local host_ip=
# Try the DNS query
- host -t A $host | awk '{print $4}' | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' | head -1
+ host_ip=$(host -t A $host | awk '{print $4}' | grep '^[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' | head -1)
+
+ if [ -z "${host_ip}" ]; then
+ # Check for IPv6
+ host_ip=$(host -t AAAA $host | grep 'has IPv6 address' | awk '{print $5}')
+ fi
+
+ echo -n ${host_ip}
+}
+
+function get_server()
+{
+ # Check for http/https first
+ cat /proc/cmdline | grep -q 'inst\.ks=http'
+ if [ $? -ne 0 ]; then
+ return
+ fi
+
+ local server_and_port=
+ server_and_port=$(cat /proc/cmdline | sed -r 's#.*inst\.ks=https*://([^/]*)/.*#\1#')
+
+ echo "${server_and_port}" | grep -q '^\['
+ if [ $? -eq 0 ]; then
+ echo "${server_and_port}" | sed -r 's#.*\[(.*)\].*#\1#'
+ else
+ echo "${server_and_port}" | sed -r 's#([^/:]*)(:[^/]*)?#\1#'
+ fi
}
# If the kickstart is net-based, wait for connectivity to server
-cat /proc/cmdline | grep -q 'inst\.ks=http://'
-if [ $? -eq 0 ]
+server=$(get_server)
+if [ -n "$server" ]
then
- server=$(cat /proc/cmdline | sed -r 's#.*inst\.ks=http://([^/:]*)(:[^/]*)?/.*#\1#')
- if [ -n "$server" ]
- then
- echo "Testing connectivity to server: $server"
- let -i ping_count=0
- ping -c 1 -w 60 $server
- while [ $? -ne 0 -a $ping_count -lt 600 ]
- do
- echo "Waiting for connectivity to server: $server"
- sleep 1
- let -i ping_count++
- ping -c 1 -w 60 $server
- done
-
- # Cache the host IP
- ipaddr=$(get_ip $server)
- if [ -n "$ipaddr" -a "$ipaddr" != "$server" ]
- then
- echo "$ipaddr $server" >> /etc/hosts
- fi
+ echo "Testing connectivity to server: $server"
+ let -i TIMEOUT=${SECONDS}+600
+ ping -c 1 -w 60 $server || ping6 -c 1 -w 60 $server
+ while [ $? -ne 0 -a ${SECONDS} -lt ${TIMEOUT} ]
+ do
+ echo "Waiting for connectivity to server: $server"
+ sleep 1
+ ping -c 1 -w 60 $server || ping6 -c 1 -w 60 $server
+ done
+ # Cache the host IP
+ ipaddr=$(get_ip $server)
+ if [ -n "$ipaddr" -a "$ipaddr" != "$server" ]
+ then
+ echo "$ipaddr $server" >> /etc/hosts
fi
fi
--
1.8.3.1

1
base/anaconda/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/anaconda-21.48.22.147-1.el7.centos.src.rpm

1
base/cluster-resource-agents/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

25
base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,25 +0,0 @@
From 85cd40238fb1f76483848007bd1e5663bb3f21ff Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:11:59 -0400
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
---
SPECS/resource-agents.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 21fa049..fd8bc97 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -89,7 +89,7 @@
Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 4.1.1
-Release: 12%{?dist}.7
+Release: 12.el7_6.7%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2+ and LGPLv2+ and ASL 2.0
URL: https://github.com/ClusterLabs/resource-agents
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
--
2.7.4

27
base/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch
View File

@ -1,27 +0,0 @@
From d48b31c66589b0c5a9831dcf4123a80fa8ccd89a Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Tue, 6 Mar 2018 12:19:53 -0600
Subject: [PATCH 1/1] Disable creation of the debug package as it causes a seg
fault in dwz
---
SPECS/resource-agents.spec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 2536cb7..e5fbbeb 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -35,6 +35,9 @@
} || %{?__transaction_systemd_inhibit:1}%{?!__transaction_systemd_inhibit:0}%{nil \
} || %(test -f /usr/lib/os-release; test $? -ne 0; echo $?))
+# Disable debug package, it currently triggers a segfault in dwz tool
+%define debug_package %{nil}
+
%global upstream_prefix ClusterLabs-resource-agents
%global upstream_version e711383f
--
1.8.3.1

34
base/cluster-resource-agents/centos/meta_patches/Do-not-log-at-debug-log-level-when-HAdebug-is-unset.patch
View File

@ -1,34 +0,0 @@
From 8d4d5620ae40468e4aea4cdd42ace1c288bd4d58 Mon Sep 17 00:00:00 2001
From: jmusico <joaopaulotavares.musico@windriver.com>
Date: Fri, 8 Oct 2021 01:21:30 +0000
Subject: [PATCH 1/1] Adding missed patch to not log at debug log level when
HA_debug is unset.
Signed-off-by: jmusico <joaopaulotavares.musico@windriver.com>
---
SPECS/resource-agents.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 941cb8b..ea888a7 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -141,6 +141,7 @@ Patch28: bz1641944-rabbitmq-cluster-monitor-mnesia-status.patch
Patch29: bz1641946-1-rabbitmq-cluster-fail-in-minority-partition.patch
Patch30: bz1641946-2-rabbitmq-cluster-fix-stop-regression.patch
Patch31: bz1657138-rabbitmq-cluster-ensure-node-attribures-removed.patch
+Patch32: Do-not-log-at-debug-log-level-when-HA_debug-is-unset.patch
# bundle patches
Patch1000: bz1568588-7-gcp-bundled.patch
Patch1001: bz1568588-8-google-cloud-sdk-fixes.patch
@@ -369,6 +370,7 @@ exit 1
%patch29 -p1
%patch30 -p1
%patch31 -p1
+%patch32 -p1
# add SAPHana agents to Makefile.am
mv %{saphana_prefix}-%{saphana_hash}/SAPHana/ra/SAPHana* heartbeat
--
2.29.2

5
base/cluster-resource-agents/centos/meta_patches/PATCH_ORDER
View File

@ -1,5 +0,0 @@
spec-include-TiS-patches.patch
spec-avoid-dir-collisions.patch
0001-Update-package-versioning-for-TIS-format.patch
Disable-creation-of-the-debug-package.patch
Do-not-log-at-debug-log-level-when-HAdebug-is-unset.patch

53
base/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch
View File

@ -1,53 +0,0 @@
From 8c725e6e7a4931066488a74227f902269850a263 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:11:58 -0400
Subject: [PATCH 02/10] WRS: spec-avoid-dir-collisions.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/resource-agents.spec | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index ec85fc2..bb96485 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -725,14 +725,11 @@ rm -rf %{buildroot}
%endif
%if %{with linuxha}
-%dir /usr/lib/ocf
-%dir /usr/lib/ocf/resource.d
-%dir /usr/lib/ocf/lib
+/usr/lib/ocf/lib/heartbeat/*
-/usr/lib/ocf/lib/heartbeat
-
-/usr/lib/ocf/resource.d/heartbeat
-/usr/lib/ocf/resource.d/openstack
+/usr/lib/ocf/resource.d/heartbeat/*
+/usr/lib/ocf/resource.d/heartbeat/.ocf-*
+/usr/lib/ocf/resource.d/openstack/*
%if %{with rgmanager}
/usr/lib/ocf/resource.d/redhat
%endif
@@ -758,8 +755,6 @@ rm -rf %{buildroot}
%{_includedir}/heartbeat
-%dir %attr (1755, root, root) %{_var}/run/resource-agents
-
%{_mandir}/man7/*.7*
###
@@ -912,7 +907,6 @@ rm -rf %{buildroot}
%exclude %{_mandir}/man8/ldirectord.8.gz
# For compatability with pre-existing agents
-%dir %{_sysconfdir}/ha.d
%{_sysconfdir}/ha.d/shellfuncs
%{_libexecdir}/heartbeat
--
1.8.3.1

68
base/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch
View File

@ -1,68 +0,0 @@
From 1f6128eb7bf5287db6def45f278acf771a711a42 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:11:58 -0400
Subject: [PATCH] WRS: spec-include-TiS-patches.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/resource-agents.spec | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index a16660a..ec85fc2 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -148,6 +148,24 @@ Patch1002: bz1568588-9-google-cloud-sdk-oauth2client-python-rsa-to-cryptography.
Patch1003: bz1568588-10-gcloud-support-info.patch
Patch1004: bz1568589-4-aliyun-vpc-move-ip-bundled.patch
+# STX
+
+Patch1106: new_ocf_return_codes.patch
+Patch1107: ipaddr2_check_if_state.patch
+Patch1108: copyright.patch
+Patch1109: umount-in-namespace.patch
+Patch1110: lvm_vg_activation.patch
+Patch1111: pgsql.patch
+
+
+
+Patch1115: Fix-VG-activity-bug-in-heartbeat-LVM-script.patch
+Patch1116: ocf-shellfuncs_change_logtag.patch
+Patch1117: lvm_cleanup_refs_on_stop.patch
+Patch1118: ipaddr2_if_down.patch
+Patch1119: ipaddr2_ignore_lo_if_state.patch
+Patch1121: ipaddr2-avoid-failing-svc-if-down.patch
+Patch1122: ipaddr2-use-host-scope-for-addresses-on-loopback.patch
Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version}
@@ -508,6 +526,25 @@ cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE
%patch1004 -p1
%endif
+# STX
+
+%patch1106 -p1
+%patch1107 -p1
+%patch1108 -p1
+%patch1109 -p1
+%patch1110 -p1
+%patch1111 -p1
+
+
+
+%patch1115 -p1
+%patch1116 -p1
+%patch1117 -p1
+%patch1118 -p1
+%patch1119 -p1
+%patch1121 -p1
+%patch1122 -p1
+
%build
if [ ! -f configure ]; then
./autogen.sh
--
1.8.3.1

35
base/cluster-resource-agents/centos/patches/Do-not-log-at-debug-log-level-when-HA_debug-is-unset.patch
View File

@ -1,35 +0,0 @@
From aae26ca70ef910e83485778c1fb450941fe79e8a Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Mon, 3 Dec 2018 16:48:14 +0100
Subject: [PATCH] Do not log at debug log level when HA_debug is unset
There might be situations (e.g. bundles) where the HA_debug variable
is unset. It makes little sense to enable debug logging when the HA_debug env
variable is unset.
So let's skip debug logs when HA_debug is set to 0 or is unset.
Tested inside a bundle and observed that previously seen 'ocf_log debug'
calls are now correctly suppressed (w/ HA_debug being unset inside the
container)
Signed-off-by: Michele Baldessari <michele@acksyn.org>
---
heartbeat/ocf-shellfuncs.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
index 043ab9bf..b17297e1 100644
--- a/heartbeat/ocf-shellfuncs.in
+++ b/heartbeat/ocf-shellfuncs.in
@@ -257,7 +257,7 @@ ha_log()
ha_debug() {
- if [ "x${HA_debug}" = "x0" ] ; then
+ if [ "x${HA_debug}" = "x0" ] || [ -z "${HA_debug}" ] ; then
return 0
fi
if tty >/dev/null; then
--
2.29.2

60
base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch
View File

@ -1,60 +0,0 @@
From 7c181a1afdc85456333f9cbf9c5827ceb0554a91 Mon Sep 17 00:00:00 2001
From: Chris Friesen <chris.friesen@windriver.com>
Date: Fri, 24 Aug 2018 03:51:37 +0800
Subject: [PATCH] Fix VG activity bug in heartbeat/LVM script
There is currently an issue in the lvm2 package where if you create an LVM thin
pool, then create a thin volume in the pool, then the udev rule doesn't think
there should be a /dev// symlink for the thin pool, but "vgmknodes" and
"vgscan --mknodes" both think that there should be such a symlink. This is a
bug, but it's in the field in CentOS 7 at least and likely elsewhere.
The end result of this is that on such a system running either "vgscan
--mknodes" or "vgmknodes" and then running "vgchange -an " will
leave the /dev/ directory with a dangling symlink in it.
This breaks the LVM_status() function in this OCF script, since the
/dev/ directory exists and is not empty even though the volume
group is not active.
This commit changes the code to directly query lvm about the volume group
activity rather than relying on side effects.
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
heartbeat/LVM | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index 893ece8..1efb207 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -191,18 +191,15 @@ LVM_status() {
fi
fi
- if [ -d /dev/$1 ]; then
- test "`cd /dev/$1 && ls`" != ""
- rc=$?
- if [ $rc -ne 0 ]; then
- ocf_exit_reason "VG $1 with no logical volumes is not supported by this RA!"
- fi
- fi
-
- if [ $rc -ne 0 ]; then
+ # Ask lvm whether the volume group is active. This maps to
+ # the question "Are there any logical volumes that are active in
+ # the specified volume group?".
+ lvs --noheadings -o selected -S lv_active=active,vg_name=${1}|grep -q 1
+ if [ $? -ne 0 ]; then
ocf_log $loglevel "LVM Volume $1 is not available (stopped)"
rc=$OCF_NOT_RUNNING
else
+ rc=0
lvm_status
rc=$?
fi
--
2.7.4

51
base/cluster-resource-agents/centos/patches/copyright.patch
View File

@ -1,51 +0,0 @@
From 81bcbfb829001ccf61b515edb3d53ac8f15df334 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Fri, 26 Aug 2016 15:06:10 -0400
Subject: [PATCH 04/12] WRS: Patch108: copyright.patch
---
heartbeat/Filesystem | 2 ++
heartbeat/LVM | 1 +
heartbeat/pgsql | 1 +
3 files changed, 4 insertions(+)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index 27f03d2..af821b2 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -2,6 +2,8 @@
#
# Support: users@clusterlabs.org
# License: GNU General Public License (GPL)
+#
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# Filesystem
# Description: Manages a Filesystem on a shared storage medium.
diff --git a/heartbeat/LVM b/heartbeat/LVM
index e435e7b..c11fed7 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -10,6 +10,7 @@
# Support: users@clusterlabs.org
# License: GNU General Public License (GPL)
# Copyright: (C) 2002 - 2005 International Business Machines, Inc.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
# This code significantly inspired by the LVM resource
# in FailSafe by Lars Marowsky-Bree
diff --git a/heartbeat/pgsql b/heartbeat/pgsql
index 794f85e..b176b1d 100755
--- a/heartbeat/pgsql
+++ b/heartbeat/pgsql
@@ -10,6 +10,7 @@
#
# Copyright: 2006-2012 Serge Dubrouski <sergeyfd@gmail.com>
# and other Linux-HA contributors
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
# License: GNU General Public License (GPL)
#
###############################################################################
--
1.9.1

61
base/cluster-resource-agents/centos/patches/ipaddr2-avoid-failing-svc-if-down.patch
View File

@ -1,61 +0,0 @@
From c3448b1536d50291dc5ca49dce5957c39403cc82 Mon Sep 17 00:00:00 2001
From: Bin Qian <bin.qian@windriver.com>
Date: Wed, 29 Aug 2018 11:00:22 -0400
Subject: [PATCH 1/1] avoid failing service when I/F is down
---
heartbeat/IPaddr2 | 24 ++++++------------------
1 file changed, 6 insertions(+), 18 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index 86009b9..2da5c5e 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -968,12 +968,8 @@ ip_start() {
then
exit $OCF_SUCCESS
else
- if [ "$OCF_RESKEY_dc" = "yes" ]; then
- ocf_log info "NIC $NIC is DOWN..."
- exit $OCF_SUCCESS
- else
- exit $OCF_ERR_GENERIC
- fi
+ ocf_log info "NIC $NIC is DOWN..."
+ exit $OCF_SUCCESS
fi
fi
@@ -1037,12 +1033,8 @@ ip_start() {
then
exit $OCF_SUCCESS
else
- if [ "$OCF_RESKEY_dc" = "yes" ]; then
- ocf_log info "NIC $NIC is DOWN"
- exit $OCF_SUCCESS
- else
- exit $OCF_ERR_GENERIC
- fi
+ ocf_log info "NIC $NIC is DOWN"
+ exit $OCF_SUCCESS
fi
}
@@ -1123,12 +1115,8 @@ ip_monitor() {
then
return $OCF_SUCCESS
else
- if [ "$OCF_RESKEY_dc" = "yes" ]; then
- ocf_log info "NIC $NIC is DOWN"
- return $OCF_SUCCESS
- else
- return $OCF_NOT_RUNNING
- fi
+ ocf_log info "NIC $NIC is DOWN"
+ exit $OCF_SUCCESS
fi
;;
partial|no|partial2)
--
1.8.3.1

37
base/cluster-resource-agents/centos/patches/ipaddr2-use-host-scope-for-addresses-on-loopback.patch
View File

@ -1,37 +0,0 @@
From a39c83dbaf4054cc96cd4a0a2b671509dd10af28 Mon Sep 17 00:00:00 2001
From: Bart Wensley <barton.wensley@windriver.com>
Date: Wed, 21 Nov 2018 12:14:20 -0600
Subject: [PATCH 1/1] ipaddr2 use host scope for addresses on loopback
---
heartbeat/IPaddr2 | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index 2da5c5e..79dbdcf 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -622,10 +622,18 @@ add_interface () {
add_ipv6_addrlabel $ipaddr
fi
- cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask dev $iface"
+ # Addresses assigned to the loopback interfaces must be assigned
+ # using the host scope or assignment is prevented (can't have
+ # multiple global scope addresses on the loopback interface).
+ if [ "$iface" = "lo" ] ;then
+ option="scope host"
+ else
+ option=""
+ fi
+ cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask dev $iface $option"
msg="Adding $FAMILY address $ipaddr/$netmask to device $iface"
if [ "$broadcast" != "none" ]; then
- cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask brd $broadcast dev $iface"
+ cmd="$IP2UTIL -f $FAMILY addr add $ipaddr/$netmask brd $broadcast dev $iface $option"
msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface"
fi
--
1.8.3.1

58
base/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch
View File

@ -1,58 +0,0 @@
From fb5a76d9050c60b601a5dbbad65ed3dbff041af1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:12:36 -0400
Subject: [PATCH 03/13] WRS: Patch1107: ipaddr2_check_if_state.patch
---
heartbeat/IPaddr2 | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index aef6dc7..67a7ca3 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -964,7 +964,12 @@ ip_start() {
local ip_status=`ip_served`
if [ "$ip_status" = "ok" ]; then
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
fi
if [ -n "$IP_CIP" ] && ([ $ip_status = "no" ] || [ $ip_status = "partial2" ]); then
@@ -1023,7 +1028,12 @@ ip_start() {
fi
;;
esac
- exit $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
}
ip_stop() {
@@ -1099,7 +1109,12 @@ ip_monitor() {
case $ip_status in
ok)
run_arp_sender refresh
- return $OCF_SUCCESS
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ then
+ return $OCF_SUCCESS
+ else
+ return $OCF_NOT_RUNNING
+ fi
;;
partial|no|partial2)
exit $OCF_NOT_RUNNING
--
1.9.1

58
base/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch
View File

@ -1,58 +0,0 @@
From 573f0835621c5e64c6270260f607624aea29d21a Mon Sep 17 00:00:00 2001
From: Bin Qian <bin.qian@windriver.com>
Date: Sat, 21 Jan 2017 02:36:39 -0500
Subject: [PATCH 1/1] ipaddr2_if_down
---
heartbeat/IPaddr2 | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index 67a7ca3..2cd822d 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -968,7 +968,12 @@ ip_start() {
then
exit $OCF_SUCCESS
else
- exit $OCF_ERR_GENERIC
+ if [ "$OCF_RESKEY_dc" = "yes" ]; then
+ ocf_log info "NIC $NIC is DOWN..."
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
fi
fi
@@ -1032,7 +1037,12 @@ ip_start() {
then
exit $OCF_SUCCESS
else
- exit $OCF_ERR_GENERIC
+ if [ "$OCF_RESKEY_dc" = "yes" ]; then
+ ocf_log info "NIC $NIC is DOWN"
+ exit $OCF_SUCCESS
+ else
+ exit $OCF_ERR_GENERIC
+ fi
fi
}
@@ -1113,7 +1123,12 @@ ip_monitor() {
then
return $OCF_SUCCESS
else
- return $OCF_NOT_RUNNING
+ if [ "$OCF_RESKEY_dc" = "yes" ]; then
+ ocf_log info "NIC $NIC is DOWN"
+ return $OCF_SUCCESS
+ else
+ return $OCF_NOT_RUNNING
+ fi
fi
;;
partial|no|partial2)
--
1.9.1

43
base/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch
View File

@ -1,43 +0,0 @@
From 81bb87debd2a683bad2173d6cb16327c776fe3b3 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:13:46 -0400
Subject: [PATCH 13/13] WRS: Patch1119: ipaddr2_ignore_lo_if_state.patch
---
heartbeat/IPaddr2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index 2cd822d..59620d2 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -964,7 +964,7 @@ ip_start() {
local ip_status=`ip_served`
if [ "$ip_status" = "ok" ]; then
- if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ]
then
exit $OCF_SUCCESS
else
@@ -1033,7 +1033,7 @@ ip_start() {
fi
;;
esac
- if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ]
then
exit $OCF_SUCCESS
else
@@ -1119,7 +1119,7 @@ ip_monitor() {
case $ip_status in
ok)
run_arp_sender refresh
- if [ -n "`ip link show $NIC | grep \"state UP\"`" ]
+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ]
then
return $OCF_SUCCESS
else
--
1.9.1

125
base/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch
View File

@ -1,125 +0,0 @@
From 72fcaed4a9cc3c847278dd4fca88ba0bca88125a Mon Sep 17 00:00:00 2001
From: Vu Tran <vu.tran@windriver.com>
Date: Thu Sep 29 19:07:25 2016 -0400
Subject: CGTS-5173: LVM ocf cleanup refs on stop
In LVM ocf script, LVM_stop() fails if any of the created logical volume
dm block devices are being held by any process with the following error
err ERROR: Logical volume cinder-volumes/volume-96a8becd-a1c1-4508-8b25-9bcbcfeff2fa
contains a filesystem in use. Can't deactivate volume group "cinder-volumes"
with 1 open logical volume(s)
So here we want to have defensive code to scan through any process that
holds what dm block devices and causes LVM_stop() to fail. There are
2 cases:
* dm block devices are mounted and processes are accessing files located
in this mount point. We first need to kill all the processes which are
opening files and then umount the dm block devices.
* processes just hold/open dm block devices directly. We need to kill
these processes.
Signed-off-by: Sun Austin <austin.sun@intel.com>
---
heartbeat/LVM | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 76 insertions(+)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index 1efb207..bde381c 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -367,6 +367,81 @@ LVM_start() {
}
#
+# Kill provided process that holds lv
+#
+log_and_kill_process_hold_lv() {
+ p_info=$(ps -lfLp ${1} | tail -1)
+ ocf_log warn "lv ${2} is being held by this process (will be forced killed):"
+ ocf_log warn ${p_info}
+ kill -s KILL ${1}
+}
+
+#
+# Scan for processes that hold any lvs and kill them
+#
+scan_and_kill_processes_hold_lv() {
+ vg_name=${1}
+
+ # Get list of logical volumes which are busy
+ lv_paths=$(lvdisplay -c ${vg_name} | awk -F ":" '{print $1}')
+ for lv_path in ${lv_paths}; do
+ open_num=$(lvdisplay ${lv_path} | grep "# open" | awk '{print $3}')
+ if [ ${open_num} -gt 0 ]; then
+ lv_name=$(lvdisplay ${lv_path} | grep "LV Name" | awk '{print $3}')
+ lv_block=$(lvdisplay ${lv_path} | grep "Block device" | awk '{print $3}')
+
+ lv_list="${lv_list}
+${lv_name}|${lv_block}"
+ lv_block_list="${lv_block_list} ${lv_block}"
+ fi
+ done
+
+ # Exit if there is no busy logical volume
+ [ -z "${lv_list}" ] && exit 0
+
+ # Checking to see if any of these busy logical volumes are caused by mount
+ mountinfo=$(cat /proc/1/mountinfo)
+ while read -r line; do
+ mount_majorminor=$(echo ${line} | awk '{print $3}')
+ mount_point=$(echo ${line} | awk '{print $5}')
+
+ for lv in ${lv_block_list}; do
+ if [ "${lv}" == "${mount_majorminor}" ]; then
+ lv_name=$(echo "${lv_list}" | grep ${lv} | awk -F "|" '{print $1}')
+ ocf_log warn "lv ${lv_name} is busy mounted at ${mount_point} (will be forced unmounted)"
+ processes_holding_mount_point=$(fuser -m ${mount_point} 2>/dev/null)
+ if [ -n "${processes_holding_mount_point}" ]; then
+ for p in ${processes_holding_mount_point}; do
+ log_and_kill_process_hold_lv "${p}" "${lv_name}"
+ done
+ fi
+ umount ${mount_point}
+ [ $? -ne 0 ] && ocf_log warn "Cannot umount ${mount_point}"
+ fi
+ done
+ done <<< "${mountinfo}"
+
+ # Now checking to see if any process holding these logical volumes
+ all_processes=$(ps -e | awk '{print $1}')
+ for p in ${all_processes}; do
+ [ ! -d /proc/${p}/fd ] && continue
+ opened_file_list=$(ls -l /proc/${p}/fd | awk -F "->" '{print $2}')
+
+ for f in ${opened_file_list}; do
+ [ ! -b "${f}" ] && continue
+ f_majorminor=$(printf "%d:%d" $(stat -c '0x%t 0x%T' ${f}))
+
+ for lv in ${lv_block_list}; do
+ if [ "${lv}" == "${f_majorminor}" ]; then
+ lv_name=$(echo "${lv_list}" | grep ${lv} | awk -F "|" '{print $1}')
+ log_and_kill_process_hold_lv "${p}" "${lv_name}"
+ fi
+ done
+ done
+ done
+}
+
+#
# Disable the LVM volume
#
LVM_stop() {
@@ -395,6 +470,7 @@ LVM_stop() {
break
fi
+ scan_and_kill_processes_hold_lv $vg
res=$OCF_ERR_GENERIC
ocf_log warn "$vg still Active"
ocf_log info "Retry deactivating volume group $vg"
--
2.7.4

150
base/cluster-resource-agents/centos/patches/lvm_vg_activation.patch
View File

@ -1,150 +0,0 @@
From 577055560d55b388d479ef398ffd839792dc1996 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:12:54 -0400
Subject: [PATCH 06/13] WRS: Patch1110: lvm_vg_activation.patch
---
heartbeat/LVM | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 116 insertions(+), 1 deletion(-)
diff --git a/heartbeat/LVM b/heartbeat/LVM
index b0ca87a..38092f9 100755
--- a/heartbeat/LVM
+++ b/heartbeat/LVM
@@ -222,6 +222,81 @@ LVM_status() {
}
#
+# Activate one volume explicitly.
+#
+activate_volume() {
+ ocf_run lvchange $1 /dev/${2}/$3
+ if [ $? -eq 0 ] ; then
+ ocf_log info "Succesfully activated $LV."
+ else
+ ocf_log err "Problem activating $LV."
+ fi
+}
+
+#
+# Kick off parallel activation of all volumes
+#
+activate_all_volumes() {
+ VG=$1
+ shift
+ lvchange_args="$*"
+
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $VG |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" == "a" ]; then
+ ocf_log info "$LV is already active."
+ continue
+ fi
+
+ SNAPSHOT_ORIGIN=${LINE_ARRAY[4]}
+ if [ "$SNAPSHOT_ORIGIN" != "" ] ; then
+ # If this is a snapshot, don't activate it.
+ continue
+ fi
+
+ ( activate_volume "$*" $VG $LV ) &
+ done <<< "$VOLS"
+}
+
+#
+# Scan for inactive volumes and log any that are found.
+#
+log_inactive_volumes() {
+ # Get the list of volumes, without the first line which is column headings.
+ VOLS=`lvs $1 |tail -n +2`
+
+ while read -r LINE; do
+ # Convert the line into an array.
+ LINE_ARRAY=($LINE)
+
+ # First array element is the volume/snapshot name.
+ LV=${LINE_ARRAY[0]}
+
+ # Third array element is the attributes.
+ ATTR=${LINE_ARRAY[2]}
+
+ # Fifth character in the attributes is "a" if it's active.
+ ACTIVE=${ATTR:4:1}
+ if [ "$ACTIVE" != "a" ]; then
+ ocf_log err "Volume $LV is not active after expiry of timeout."
+ fi
+ done <<< "$VOLS"
+}
+
+#
# Enable LVM volume
#
LVM_start() {
@@ -241,10 +316,50 @@ LVM_start() {
ocf_run vgscan
fi
+ # Kick off activation of all volumes. If it doesn't complete within
+ # the timeout period, then we'll log the not-yet-activated volumes and
+ # continue on.
lvm_pre_activate || exit
- ocf_run vgchange $vgchange_activate_options $vg
+ (ocf_run vgchange $vgchange_activate_options $1) & PID=$!
lvm_post_activate $?
+ # Check every second for up to TIMEOUT seconds whether the vgchange has
+ # completed.
+ TIMEOUT=300
+ TIMED_OUT=true
+ SECONDS=0;
+ PARALLEL_ACTIVATE_DELAY=10
+ PARALLEL_ACTIVATE_DONE=false
+ while [ $SECONDS -lt $TIMEOUT ] ; do
+ kill -0 $PID &> /dev/null
+ if [ $? -eq 1 ] ; then
+ # process with pid of $PID doesn't exist, vgchange command completed
+ TIMED_OUT=false
+ break
+ fi
+ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \
+ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \
+ [ "$1" == "cinder-volumes" ] ; then
+ # This will kick off parallel activation of all LVs in the VG.
+ # The delay is to ensure the VG is activated first.
+ PARALLEL_ACTIVATE_DONE=true
+ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_activate_options
+ activate_all_volumes $1 $vgchange_activate_options
+ fi
+ sleep 1
+ done
+
+ if [ "$TIMED_OUT" = true ] ; then
+ ocf_log err "Timed out running ocf_run vgchange $vgchange_activate_options $1"
+ log_inactive_volumes $1
+ else
+ # Child process completed, get its status.
+ wait $PID
+ if [ $? -ne 0 ] ; then
+ return $OCF_ERR_GENERIC
+ fi
+ fi
+
if LVM_status $vg; then
: OK Volume $vg activated just fine!
return $OCF_SUCCESS
--
2.7.4

62
base/cluster-resource-agents/centos/patches/new_ocf_return_codes.patch
View File

@ -1,62 +0,0 @@
From 111343419dd381d81303354dad48cca5095ab080 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Fri, 26 Aug 2016 15:06:02 -0400
Subject: [PATCH 02/12] WRS: Patch106: new_ocf_return_codes.patch
---
heartbeat/ocf-returncodes | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/heartbeat/ocf-returncodes b/heartbeat/ocf-returncodes
index dd5f017..9200889 100644
--- a/heartbeat/ocf-returncodes
+++ b/heartbeat/ocf-returncodes
@@ -4,6 +4,7 @@
#
# Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof
# All Rights Reserved.
+# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved.
#
#
# This library is free software; you can redistribute it and/or
@@ -53,3 +54,37 @@ OCF_NOT_RUNNING=7
#
OCF_RUNNING_MASTER=8
OCF_FAILED_MASTER=9
+
+# Non-standard values particular to Wind River deployments.
+#
+# OCF does not include the concept of data sync states for master/slave
+# resources.
+#
+# OCF_DATA_INCONSISTENT:
+# The resource's data is not useable.
+#
+# OCF_DATA_OUTDATED:
+# The resource's data is consistent, but a peer with more recent data
+# has been seen.
+#
+# OCF_DATA_CONSISTENT:
+# The resource's data is consistent, but it is unsure that this is the
+# most recent data.
+#
+# OCF_SYNC:
+# The resource is syncing data.
+#
+# OCF_STANDALONE:
+# The resource is operating as standalone. No peer is available or
+# syncing is not possible (i.e. split brain fencing).
+#
+OCF_DATA_INCONSISTENT=32
+OCF_DATA_OUTDATED=33
+OCF_DATA_CONSISTENT=34
+OCF_DATA_SYNC=35
+OCF_DATA_STANDALONE=36
+OCF_RUNNING_MASTER_DATA_INCONSISTENT=37
+OCF_RUNNING_MASTER_DATA_OUTDATED=38
+OCF_RUNNING_MASTER_DATA_CONSISTENT=39
+OCF_RUNNING_MASTER_DATA_SYNC=40
+OCF_RUNNING_MASTER_DATA_STANDALONE=41
--
1.9.1

28
base/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch
View File

@ -1,28 +0,0 @@
From 64f5534579e8f14f723c48f317cd56badca225ee Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 25 Aug 2016 13:07:16 -0400
Subject: [PATCH 1/1] Set OCF_ prefix in logs for syslog destination sorting
---
heartbeat/ocf-shellfuncs.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
index 3565e20..688c150 100644
--- a/heartbeat/ocf-shellfuncs.in
+++ b/heartbeat/ocf-shellfuncs.in
@@ -176,9 +176,9 @@ hadate() {
set_logtag() {
if [ -z "$HA_LOGTAG" ]; then
if [ -n "$OCF_RESOURCE_INSTANCE" ]; then
- HA_LOGTAG="$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME($OCF_RESOURCE_INSTANCE)[$$]"
else
- HA_LOGTAG="$__SCRIPT_NAME[$$]"
+ HA_LOGTAG="OCF_$__SCRIPT_NAME[$$]"
fi
fi
}
--
2.7.4

88
base/cluster-resource-agents/centos/patches/pgsql.patch
View File

@ -1,88 +0,0 @@
From 386e3919b703c5a3d06edfc5b078ab67604139ab Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:12:59 -0400
Subject: [PATCH 07/13] WRS: Patch1111: pgsql.patch
---
heartbeat/pgsql | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/heartbeat/pgsql b/heartbeat/pgsql
index 768608e..28cc046 100755
--- a/heartbeat/pgsql
+++ b/heartbeat/pgsql
@@ -46,6 +46,7 @@ get_pgsql_param() {
OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl
OCF_RESKEY_psql_default=/usr/bin/psql
OCF_RESKEY_pgdata_default=/var/lib/pgsql/data
+OCF_RESKEY_pgconf_default=/etc/postgresql
OCF_RESKEY_pgdba_default=postgres
OCF_RESKEY_pghost_default=""
OCF_RESKEY_pgport_default=5432
@@ -78,11 +79,12 @@ OCF_RESKEY_replication_slot_name_default=""
: ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}}
: ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}}
: ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}}
+: ${OCF_RESKEY_pgconf=${OCF_RESKEY_pgconf_default}}
: ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}}
: ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}}
: ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}}
: ${OCF_RESKEY_pglibs=${OCF_RESKEY_pglibs_default}}
-: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf}
+: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf}
: ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}}
: ${OCF_RESKEY_ctl_opt=${OCF_RESKEY_ctl_opt_default}}
: ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}}
@@ -180,6 +182,14 @@ Path to PostgreSQL data directory.
<content type="string" default="${OCF_RESKEY_pgdata_default}" />
</parameter>
+<parameter name="pgconf" unique="0" required="0">
+<longdesc lang="en">
+Path to PostgreSQL config directory.
+</longdesc>
+<shortdesc lang="en">pgconf</shortdesc>
+<content type="string" default="${OCF_RESKEY_pgconf_default}" />
+</parameter>
+
<parameter name="pgdba" unique="0" required="0">
<longdesc lang="en">
User that owns PostgreSQL.
@@ -243,7 +253,7 @@ SQL script that will be used for monitor operations.
Path to the PostgreSQL configuration file for the instance.
</longdesc>
<shortdesc lang="en">Configuration file</shortdesc>
-<content type="string" default="${OCF_RESKEY_pgdata}/postgresql.conf" />
+<content type="string" default="${OCF_RESKEY_pgconf}/postgresql.conf" />
</parameter>
<parameter name="pgdb" unique="0" required="0">
@@ -630,6 +640,12 @@ pgsql_real_start() {
fi
fi
+ # WRS: Create an unversioned symlink under /var/run so SM can easily
+ # find the PID file.
+ if [ ! -h $PIDFILE_SYMLINK ]; then
+ /bin/ln -s $PIDFILE $PIDFILE_SYMLINK
+ fi
+
ocf_log info "PostgreSQL is started."
return $rc
}
@@ -2078,10 +2094,11 @@ then
fi
PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid
+PIDFILE_SYMLINK=/var/run/postmaster.pid
BACKUPLABEL=${OCF_RESKEY_pgdata}/backup_label
RESOURCE_NAME=`echo $OCF_RESOURCE_INSTANCE | cut -d ":" -f 1`
PGSQL_WAL_RECEIVER_STATUS_ATTR="${RESOURCE_NAME}-receiver-status"
-RECOVERY_CONF=${OCF_RESKEY_pgdata}/recovery.conf
+RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf
NODENAME=$(ocf_local_nodename | tr '[A-Z]' '[a-z]')
case "$1" in
--
1.9.1

27
base/cluster-resource-agents/centos/patches/umount-in-namespace.patch
View File

@ -1,27 +0,0 @@
From eb45b8271ce64a046d41c93b1cffd641245ce55f Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:12:48 -0400
Subject: [PATCH 05/13] WRS: Patch1109: umount-in-namespace.patch
---
heartbeat/Filesystem | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index f536298..05e4097 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -503,6 +503,10 @@ signal_processes() {
}
try_umount() {
local SUB=$1
+
+ # We need to ensure we umount in namespaces, too
+ /usr/sbin/umount-in-namespace $SUB
+
$UMOUNT $umount_force $SUB
list_mounts | grep -q " $SUB " >/dev/null 2>&1 || {
ocf_log info "unmounted $SUB successfully"
--
1.9.1

2
base/cluster-resource-agents/centos/srpm_path
View File

@ -1,2 +0,0 @@
mirror:Source/resource-agents-4.1.1-12.el7_6.7.src.rpm

1
base/dhcp/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

27
base/dhcp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,27 +0,0 @@
From 1eeae27ddc87dc61928b96baa63fe2ff767e35b0 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/dhcp.spec
---
SPECS/dhcp.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 42409f6..70c7a6d 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -18,7 +18,7 @@
Summary: Dynamic host configuration protocol software
Name: dhcp
Version: 4.2.5
-Release: 82%{?dist}
+Release: 82.el7.centos%{?_tis_dist}.%{tis_patch_ver}
# NEVER CHANGE THE EPOCH on this package. The previous maintainer (prior to
# dcantrell maintaining the package) made incorrect use of the epoch and
# that's why it is at 12 now. It should have never been used, but it was.
--
2.7.4

49
base/dhcp/centos/meta_patches/0001-dhcp-set-the-prefixlen-to-64.patch
View File

@ -1,49 +0,0 @@
From 54d85d8a0378a6610012adeae7abaefaf01ea9a1 Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Tue, 9 Feb 2021 18:30:14 -0800
Subject: [PATCH] WRS: dhcp: set the prefixlen to 64
Drop the patch dhcp-dhclient_ipv6_prefix.patch to keep the default
value of the prefixlen to 64, since we don't need this patch to set
the default value 128 as usual, otherwise it will occurs that all hosts
(controller|compute node) offline after booting off the controller-0,
or the other usage scenes.
As usual, 128 is usually the specifications call for host address
and it doesn't include any on-link information.
By contrast, 64 indicates that's subnet area, and this vaule is used
frequently as usual. So we still use the previous vaule 64.
Meanwhile we don't need to modify the relevant place where every
application code needed for the compatibility any more.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
---
SPECS/dhcp.spec | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index c893632..f7add1a 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -111,7 +111,8 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch71: dhcp-replay_file_limit.patch
Patch72: dhcp-4.2.5-expiry_before_renewal_v2.patch
Patch73: dhcp-4.2.5-bind-config.patch
-Patch74: dhcp-dhclient_ipv6_prefix.patch
+#Drop dhcp-dhclient_ipv6_prefix.patch not to set the default prefixlen 128
+#Patch74: dhcp-dhclient_ipv6_prefix.patch
# Support build with bind 9.11.3+
Patch75: dhcp-4.2.5-isc-util.patch
@@ -452,7 +453,8 @@ rm -rf includes/isc-dhcp
# https://bugzilla.redhat.com/show_bug.cgi?id=1647784
%patch72 -p1 -b .t2-expirity
-%patch74 -p1 -b .ipv6-prefix
+# Drop this patch not to set the default prefixlen 128
+#%patch74 -p1 -b .ipv6-prefix
# Support for BIND 9.11
%patch73 -p1 -b .bind-config
--
2.17.0

4
base/dhcp/centos/meta_patches/PATCH_ORDER
View File

@ -1,4 +0,0 @@
spec-include-TiS-patches.patch
dhclient-dhcp6-set-hostname.patch
0001-dhcp-set-the-prefixlen-to-64.patch
0001-Update-package-versioning-for-TIS-format.patch

38
base/dhcp/centos/meta_patches/dhclient-dhcp6-set-hostname.patch
View File

@ -1,38 +0,0 @@
From 484178cab006e67cc132eec2587e59c5605edac7 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: WRS: dhclient-dhcp6-set-hostname.patch
---
SOURCES/dhclient-script | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/SOURCES/dhclient-script b/SOURCES/dhclient-script
index 87bad65..fb51eb5 100644
--- a/SOURCES/dhclient-script
+++ b/SOURCES/dhclient-script
@@ -653,6 +653,10 @@ dh6config() {
add_ipv6_addr_with_DAD
+
+ if [ -n "${new_fqdn_hostname}" ] && need_hostname; then
+ hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page."
+ fi
;;
RENEW6|REBIND6)
@@ -670,6 +674,10 @@ dh6config() {
[ ! "${new_dhcp6_domain_search}" = "${old_dhcp6_domain_search}" ]; then
make_resolv_conf
fi
+
+ if [ -n "${new_fqdn_hostname}" ] && need_hostname; then
+ hostname ${new_fqdn_hostname} || echo "See -nc option in dhclient(8) man page."
+ fi
;;
DEPREF6)
--
2.7.4

40
base/dhcp/centos/meta_patches/spec-include-TiS-patches.patch
View File

@ -1,40 +0,0 @@
From 7e7a9f1bce5884da1e57d5bdc4f5215b7231924e Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:05 -0400
Subject: [PATCH] WRS: spec-include-TiS-patches.patch
---
SPECS/dhcp.spec | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/SPECS/dhcp.spec b/SPECS/dhcp.spec
index 14da097..904e3ad 100644
--- a/SPECS/dhcp.spec
+++ b/SPECS/dhcp.spec
@@ -111,6 +115,11 @@ Patch70: dhcp-4.2.5-reference_count_overflow.patch
Patch71: dhcp-4.2.5-centos-branding.patch
+# WRS
+Patch101: dhclient-restrict-interfaces-to-command-line.patch
+Patch102: dhclient-ipv6-bind-to-interface.patch
+Patch103: dhclient-ipv6-conditionally-set-hostname.patch
+
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -439,6 +451,11 @@ rm -rf includes/isc-dhcp
%patch70 -p1 -b .reference_overflow
%patch71 -p1
+# WRS
+%patch101 -p1
+%patch102 -p1
+%patch103 -p1
+
# Update paths in all man pages
for page in client/dhclient.conf.5 client/dhclient.leases.5 \
client/dhclient-script.8 client/dhclient.8 ; do
--
2.7.4

48
base/dhcp/centos/patches/dhclient-ipv6-bind-to-interface.patch
View File

@ -1,48 +0,0 @@
From f1df67309b435da1d9e02b77100a793ba0165f04 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:18 -0400
Subject: [PATCH 3/7] WRS: Patch103: dhclient-ipv6-bind-to-interface.patch
---
common/socket.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/common/socket.c b/common/socket.c
index f30c171..b236c4a 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -236,6 +236,15 @@ if_register_socket(struct interface_info *info, int family,
}
#endif
+#if defined(SO_BINDTODEVICE)
+ /* Bind this socket to this interface. */
+ if ((!do_multicast || !*do_multicast) && info->ifp &&
+ setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
+ (char *)(info -> ifp), sizeof(*(info -> ifp))) < 0) {
+ log_error("setsockopt: SO_BINDTODEVICE: %m");
+ }
+#endif
+
/* Bind the socket to this interface's IP address. */
if (bind(sock, (struct sockaddr *)&name, name_len) < 0) {
log_error("Can't bind to dhcp address: %m");
@@ -246,15 +255,6 @@ if_register_socket(struct interface_info *info, int family,
log_fatal("includes a bootp server.");
}
-#if defined(SO_BINDTODEVICE)
- /* Bind this socket to this interface. */
- if ((local_family != AF_INET6) && (info->ifp != NULL) &&
- setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
- (char *)(info -> ifp), sizeof(*(info -> ifp))) < 0) {
- log_fatal("setsockopt: SO_BINDTODEVICE: %m");
- }
-#endif
-
/* IP_BROADCAST_IF instructs the kernel which interface to send
* IP packets whose destination address is 255.255.255.255. These
* will be treated as subnet broadcasts on the interface identified
--
1.9.1

37
base/dhcp/centos/patches/dhclient-ipv6-conditionally-set-hostname.patch
View File

@ -1,37 +0,0 @@
From 04e5bef0d9bb0e1b3c8bbecccf11228ae809dfd2 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:21 -0400
Subject: [PATCH 4/7] WRS: Patch104:
dhclient-ipv6-conditionally-set-hostname.patch
---
client/scripts/linux | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/client/scripts/linux b/client/scripts/linux
index 14655f0..59e764f 100755
--- a/client/scripts/linux
+++ b/client/scripts/linux
@@ -254,6 +254,19 @@ if [ x$reason = xPREINIT6 ] ; then
exit_with_hooks 0
fi
+if [ x$reason = xBOUND6 ] || [ x$reason = xRENEW6 ] || \
+ [ x$reason = xREBIND6 ] || [ x$reason = xREBOOT6 ]; then
+ current_hostname=`hostname`
+ if [ x$current_hostname = x ] || \
+ [ x$current_hostname = "x(none)" ] || \
+ [ x$current_hostname = xlocalhost ] || \
+ [ x$current_hostname = x$old_fqdn_hostname ]; then
+ if [ x$new_fqdn_hostname != x$old_fqdn_hostname ]; then
+ hostname "$new_fqdn_hostname"
+ fi
+ fi
+fi
+
if [ x${old_ip6_prefix} != x ] || [ x${new_ip6_prefix} != x ] ; then
echo Prefix ${reason} old=${old_ip6_prefix} new=${new_ip6_prefix}
--
1.9.1

67
base/dhcp/centos/patches/dhclient-restrict-interfaces-to-command-line.patch
View File

@ -1,67 +0,0 @@
From 15b7057f9b9f2b232cf2f9f674c63140e903e379 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 15:25:15 -0400
Subject: [PATCH 2/7] WRS: Patch102:
dhclient-restrict-interfaces-to-command-line.patch
---
client/clparse.c | 8 ++++++--
client/dhclient.c | 3 +++
includes/dhcpd.h | 1 +
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/client/clparse.c b/client/clparse.c
index b609caf..3ae632a 100644
--- a/client/clparse.c
+++ b/client/clparse.c
@@ -943,8 +943,12 @@ void parse_interface_declaration (cfile, outer_config, name)
if (!client -> config)
make_client_config (client, outer_config);
- ip -> flags &= ~INTERFACE_AUTOMATIC;
- interfaces_requested = 1;
+ if (restrict_interfaces != ISC_TRUE) {
+ ip -> flags &= ~INTERFACE_AUTOMATIC;
+ interfaces_requested = 1;
+ } else {
+ log_info("%s not in command line interfaces; ignoring", ip->name);
+ }
token = next_token (&val, (unsigned *)0, cfile);
if (token != LBRACE) {
diff --git a/client/dhclient.c b/client/dhclient.c
index 0db4703..00b4240 100644
--- a/client/dhclient.c
+++ b/client/dhclient.c
@@ -71,6 +71,7 @@ isc_boolean_t no_pid_file = ISC_FALSE;
int dhcp_max_agent_option_packet_length = 0;
int interfaces_requested = 0;
+int restrict_interfaces = ISC_FALSE;
struct iaddr iaddr_broadcast = { 4, { 255, 255, 255, 255 } };
struct iaddr iaddr_any = { 4, { 0, 0, 0, 0 } };
@@ -242,6 +243,8 @@ main(int argc, char **argv) {
no_dhclient_pid = 1;
} else if (!strcmp(argv[i], "--no-pid")) {
no_pid_file = ISC_TRUE;
+ } else if (!strcmp(argv[i], "--restrict-interfaces")) {
+ restrict_interfaces = ISC_TRUE;
} else if (!strcmp(argv[i], "-cf")) {
if (++i == argc)
usage();
diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 1d2bf2c..b1f16bf 100644
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -2693,6 +2693,7 @@ extern const char *path_dhclient_db;
extern const char *path_dhclient_pid;
extern char *path_dhclient_script;
extern int interfaces_requested;
+extern int restrict_interfaces;
extern struct data_string default_duid;
extern int duid_type;
--
1.9.1

1
base/dhcp/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/dhcp-4.2.5-82.el7.centos.src.rpm

1
base/dnsmasq/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

26
base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,26 +0,0 @@
From 402d56affb9e0767c4406260522fb356ecc420a0 Mon Sep 17 00:00:00 2001
From: jmckenna <jason.mckenna@windriver.com>
Date: Fri, 9 Feb 2018 13:51:24 -0500
Subject: [PATCH] update package patching
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/dnsmasq.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index 4d30b0a..689158e 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -13,7 +13,7 @@
Name: dnsmasq
Version: 2.76
-Release: 7%{?extraversion}%{?dist}
+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: A lightweight DHCP/caching DNS server
Group: System Environment/Daemons
--
1.8.3.1

2
base/dnsmasq/centos/meta_patches/PATCH_ORDER
View File

@ -1,2 +0,0 @@
spec-include-TiS-patch.patch
0001-Update-package-versioning-for-TIS-format.patch

67
base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch
View File

@ -1,67 +0,0 @@
From ecbe3b4e138cb5076b8cbbedf86fea3044449132 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 17:27:13 -0400
Subject: [PATCH 1/5] WRS: spec-include-TiS-patch.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/dnsmasq.spec | 26 ++++++++++----------------
1 file changed, 10 insertions(+), 16 deletions(-)
diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec
index b312ef3..4d30b0a 100644
--- a/SPECS/dnsmasq.spec
+++ b/SPECS/dnsmasq.spec
@@ -57,6 +57,10 @@ Patch19: dnsmasq-2.76-misc-cleanups.patch
Patch20: dnsmasq-2.76-CVE-2017-14491-2.patch
Patch21: dnsmasq-2.76-inotify.patch
+# WRS patches
+Patch30: dnsmasq-update-ipv6-leases-from-config.patch
+Patch31: close-tftp-sockets-immediately.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dbus-devel
@@ -113,6 +117,10 @@ query/remove a DHCP server's leases.
%patch20 -p1 -b .CVE-2017-14491-2
%patch21 -p1 -b .inotify
+# WRS patches
+%patch30 -p1
+%patch31 -p1
+
# use /var/lib/dnsmasq instead of /var/lib/misc
for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do
sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file"
@@ -168,25 +176,11 @@ rm -rf %{buildroot}%{_initrddir}
%clean
rm -rf $RPM_BUILD_ROOT
-%post
-%systemd_post dnsmasq.service
-
-%preun
-%systemd_preun dnsmasq.service
-
-%postun
-%systemd_postun_with_restart dnsmasq.service
-
-%triggerun -- dnsmasq < 2.52-3
-%{_bindir}/systemd-sysv-convert --save dnsmasq >/dev/null 2>&1 ||:
-/sbin/chkconfig --del dnsmasq >/dev/null 2>&1 || :
-/bin/systemctl try-restart dnsmasq.service >/dev/null 2>&1 || :
-
%files
%defattr(-,root,root,-)
%doc CHANGELOG COPYING COPYING-v3 FAQ doc.html setup.html dbus/DBus-interface
-%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dnsmasq.conf
-%dir /etc/dnsmasq.d
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/dnsmasq.conf
+%dir %attr(750,root,root) %{_sysconfdir}/dnsmasq.d
%dir %{_var}/lib/dnsmasq
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/dnsmasq.conf
%{_unitdir}/%{name}.service
--
1.8.3.1

28
base/dnsmasq/centos/patches/close-tftp-sockets-immediately.patch
View File

@ -1,28 +0,0 @@
From 858e259bf7125695c068301d0ef56cc4750d6544 Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Thu, 15 Sep 2016 13:32:03 -0400
Subject: [PATCH 1/1] Close tftp sockets immediately
---
src/tftp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/tftp.c b/src/tftp.c
index d7d050f..ecc6ce8 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -768,9 +768,11 @@ int do_tftp_script_run(void)
if ((transfer = daemon->tftp_done_trans))
{
daemon->tftp_done_trans = transfer->next;
+#if 0 /* Disable delayed closing of TFTP UDP socket */
#ifdef HAVE_SCRIPT
queue_tftp(transfer->file->size, transfer->file->filename, &transfer->peer);
#endif
+#endif
free_transfer(transfer);
return 1;
}
--
1.9.1

83
base/dnsmasq/centos/patches/dnsmasq-update-ipv6-leases-from-config.patch
View File

@ -1,83 +0,0 @@
From 1a91b72146893dab1cca1354dd3b0a8fa74d6b55 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Tue, 18 Oct 2016 13:07:56 -0400
Subject: WRS: Patch22: dnsmasq-update-ipv6-leases-from-config.patch
---
src/lease.c | 53 +++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 43 insertions(+), 10 deletions(-)
diff --git a/src/lease.c b/src/lease.c
index 69e698c..bc56c47 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -210,6 +210,18 @@ void lease_init(time_t now)
dns_dirty = 1;
}
+static int lease_match_config_addr(struct dhcp_lease *lease, struct dhcp_config *config)
+{
+ if (!(lease->flags & (LEASE_TA | LEASE_NA)) && (config->flags & CONFIG_ADDR))
+ return (lease->addr.s_addr == config->addr.s_addr);
+#ifdef HAVE_DHCP6
+ else if ((lease->flags & (LEASE_TA | LEASE_NA)) && (config->flags & CONFIG_ADDR6))
+ return IN6_ARE_ADDR_EQUAL(&config->addr6, &lease->addr6);
+#endif
+ else
+ return 0;
+}
+
void lease_update_from_configs(void)
{
/* changes to the config may change current leases. */
@@ -218,16 +230,37 @@ void lease_update_from_configs(void)
struct dhcp_config *config;
char *name;
- for (lease = leases; lease; lease = lease->next)
- if (lease->flags & (LEASE_TA | LEASE_NA))
- continue;
- else if ((config = find_config(daemon->dhcp_conf, NULL, lease->clid, lease->clid_len,
- lease->hwaddr, lease->hwaddr_len, lease->hwaddr_type, NULL)) &&
- (config->flags & CONFIG_NAME) &&
- (!(config->flags & CONFIG_ADDR) || config->addr.s_addr == lease->addr.s_addr))
- lease_set_hostname(lease, config->hostname, 1, get_domain(lease->addr), NULL);
- else if ((name = host_from_dns(lease->addr)))
- lease_set_hostname(lease, name, 1, get_domain(lease->addr), NULL); /* updates auth flag only */
+ for (lease = leases; lease; lease = lease->next) {
+ if (lease->flags & LEASE_TA)
+ continue; /* we do not update temporary ipv6 leases */
+
+ config = find_config(daemon->dhcp_conf, NULL, lease->clid, lease->clid_len,
+ (lease->hwaddr_len > 0 ? lease->hwaddr : NULL),
+ lease->hwaddr_len, lease->hwaddr_type, NULL);
+ if (config)
+ {
+ if ((!(config->flags & (CONFIG_ADDR | CONFIG_ADDR6))) ||
+ lease_match_config_addr(lease, config))
+ {
+ /*
+ * Either we matched on a config that doesn't have an address in
+ * which case we'll just use the hostname, or we matched on a
+ * config that has the same IP address.
+ */
+ if (!(lease->flags & (LEASE_TA | LEASE_NA)))
+ lease_set_hostname(lease, config->hostname, 1, get_domain(lease->addr), NULL);
+#ifdef HAVE_DHCP6
+ else
+ lease_set_hostname(lease, config->hostname, 1, get_domain6(&lease->addr6), NULL);
+#endif
+ continue; /* lease updated; move on to next lease */
+ }
+ }
+
+ /* attempt to find a matching DNS cache entry for an IPv4 entry */
+ if (!(lease->flags & (LEASE_TA | LEASE_NA)) && (name = host_from_dns(lease->addr)))
+ lease_set_hostname(lease, name, 1, get_domain(lease->addr), NULL); /* updates auth flag only */
+ }
}
static void ourprintf(int *errp, char *format, ...)
--
2.7.4

1
base/dnsmasq/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/dnsmasq-2.76-7.el7.src.rpm

2
base/dpkg/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
COPY_LIST="$CGCS_BASE/downloads/dpkg_1.18.24.tar.xz"
TIS_PATCH_VER=PKG_GITREVCOUNT

43
base/dpkg/centos/dpkg.spec
View File

@ -1,43 +0,0 @@
Summary: dpkg
Name: dpkg
Version: 1.18.24
Release: 0%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2 and GPLv2+ and LGPLv2+ and Public Domain and BSD
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: %{name}_%{version}.tar.xz
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: ncurses-static
BuildRequires: perl-version
%description
dpkg
%define local_bindir /usr/bin/
%prep
%setup
%build
./configure --prefix=$RPM_BUILD_ROOT \
--disable-dselect \
--disable-update-alternatives \
--without-liblzma
make -j"%(nproc)"
%install
# Don't install everything, it's too dangerous
# make install
install -d -m 755 %{buildroot}%{local_bindir}
install -p -D -m 700 utils/start-stop-daemon %{buildroot}%{local_bindir}/start-stop-daemon
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{local_bindir}/*

2
base/haproxy/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
SRC_DIR="files"
TIS_PATCH_VER=PKG_GITREVCOUNT

26
base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,26 +0,0 @@
From 55d52d8bc9f649b4871336aaffd87fb7d931eac8 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:12:36 -0400
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/haproxy.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
index 39c0c86..b0d5862 100644
--- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec
@@ -8,7 +8,7 @@
Name: haproxy
Version: 1.5.18
-Release: 8%{?dist}
+Release: 8.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: TCP/HTTP proxy and load balancer for high availability environments
Group: System Environment/Daemons
--
1.8.3.1

2
base/haproxy/centos/meta_patches/PATCH_ORDER
View File

@ -1,2 +0,0 @@
spec-include-TiS-changes.patch
0001-Update-package-versioning-for-TIS-format.patch

53
base/haproxy/centos/meta_patches/spec-include-TiS-changes.patch
View File

@ -1,53 +0,0 @@
From 0b326ac9fcee3fbac7e41e3bc269cc7251dcf9dd Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 2 Oct 2017 16:12:36 -0400
Subject: WRS: spec-include-TiS-changes.patch
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
SPECS/haproxy.spec | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
index 30dca25..53def97 100644
--- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec
@@ -26,6 +26,8 @@ Patch0: halog-unused-variables.patch
Patch1: iprange-return-type.patch
Patch2: haproxy-tcp-user-timeout.patch
Patch3: haproxy-systemd-wrapper-exit-code.patch
+Patch4: haproxy-env-var.patch
+Patch5: haproxy-tpm-support.patch
BuildRequires: pcre-devel
BuildRequires: zlib-devel
@@ -37,6 +39,8 @@ Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
+Requires: tpm2-openssl-engine
+
%description
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
availability environments. Indeed, it can:
@@ -57,6 +61,8 @@ availability environments. Indeed, it can:
%patch1 -p0
%patch2 -p1
%patch3 -p1
+%patch4 -p1
+%patch5 -p1
%build
regparm_opts=
@@ -79,7 +85,7 @@ popd
%{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
-%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
+%{__install} -p -D -m 0640 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
--
1.8.3.1

245
base/haproxy/centos/patches/haproxy-env-var.patch
View File

@ -1,245 +0,0 @@
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 39abf6b..6a7f80c 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -5821,12 +5821,19 @@ out:
*/
int readcfgfile(const char *file)
{
- char thisline[LINESIZE];
+ char *thisline;
+ int linesize = LINESIZE;
FILE *f;
int linenum = 0;
int err_code = 0;
struct cfg_section *cs = NULL;
struct cfg_section *ics;
+ int readbytes = 0;
+
+ if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) {
+ Alert("parsing [%s] : out of memory.\n", file);
+ return -1;
+ }
/* Register internal sections */
if (!cfg_register_section("listen", cfg_parse_listen) ||
@@ -5842,11 +5849,14 @@ int readcfgfile(const char *file)
if ((f=fopen(file,"r")) == NULL)
return -1;
- while (fgets(thisline, sizeof(thisline), f) != NULL) {
+next_line:
+ while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) {
int arg, kwm = KWM_STD;
char *end;
char *args[MAX_LINE_ARGS + 1];
char *line = thisline;
+ int dquote = 0; /* double quote */
+ int squote = 0; /* simple quote */
linenum++;
@@ -5856,11 +5866,25 @@ int readcfgfile(const char *file)
/* Check if we reached the limit and the last char is not \n.
* Watch out for the last line without the terminating '\n'!
*/
- Alert("parsing [%s:%d]: line too long, limit: %d.\n",
- file, linenum, (int)sizeof(thisline)-1);
- err_code |= ERR_ALERT | ERR_FATAL;
+ char *newline;
+ int newlinesize = linesize * 2;
+
+ newline = realloc(thisline, sizeof(*thisline) * newlinesize);
+ if (newline == NULL) {
+ Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n",
+ file, linenum);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ continue;
+ }
+
+ readbytes = linesize - 1;
+ linesize = newlinesize;
+ thisline = newline;
+ continue;
}
+ readbytes = 0;
+
/* skip leading spaces */
while (isspace((unsigned char)*line))
line++;
@@ -5869,10 +5893,26 @@ int readcfgfile(const char *file)
args[arg] = line;
while (*line && arg < MAX_LINE_ARGS) {
- /* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
- * C equivalent value. Other combinations left unchanged (eg: \1).
- */
- if (*line == '\\') {
+ if (*line == '"' && !squote) { /* double quote outside single quotes */
+ if (dquote)
+ dquote = 0;
+ else
+ dquote = 1;
+ memmove(line, line + 1, end - line);
+ end--;
+ }
+ else if (*line == '\'' && !dquote) { /* single quote outside double quotes */
+ if (squote)
+ squote = 0;
+ else
+ squote = 1;
+ memmove(line, line + 1, end - line);
+ end--;
+ }
+ else if (*line == '\\' && !squote) {
+ /* first, we'll replace \\, \<space>, \#, \r, \n, \t, \xXX with their
+ * C equivalent value. Other combinations left unchanged (eg: \1).
+ */
int skip = 0;
if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') {
*line = line[1];
@@ -5904,6 +5944,15 @@ int readcfgfile(const char *file)
Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]);
err_code |= ERR_ALERT | ERR_FATAL;
}
+ } else if (line[1] == '"') {
+ *line = '"';
+ skip = 1;
+ } else if (line[1] == '\'') {
+ *line = '\'';
+ skip = 1;
+ } else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */
+ *line = '$';
+ skip = 1;
}
if (skip) {
memmove(line + 1, line + 1 + skip, end - (line + skip));
@@ -5911,23 +5960,117 @@ int readcfgfile(const char *file)
}
line++;
}
- else if (*line == '#' || *line == '\n' || *line == '\r') {
+ else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') {
/* end of string, end of loop */
*line = 0;
break;
}
- else if (isspace((unsigned char)*line)) {
+ else if (!squote && !dquote && isspace((unsigned char)*line)) {
/* a non-escaped space is an argument separator */
*line++ = '\0';
while (isspace((unsigned char)*line))
line++;
args[++arg] = line;
}
+ else if (dquote && *line == '$') {
+ /* environment variables are evaluated inside double quotes */
+ char *var_beg;
+ char *var_end;
+ char save_char;
+ char *value;
+ int val_len;
+ int newlinesize;
+ int braces = 0;
+
+ var_beg = line + 1;
+ var_end = var_beg;
+
+ if (*var_beg == '{') {
+ var_beg++;
+ var_end++;
+ braces = 1;
+ }
+
+ if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') {
+ Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto next_line; /* skip current line */
+ }
+
+ while (isalnum((int)(unsigned char)*var_end) || *var_end == '_')
+ var_end++;
+
+ save_char = *var_end;
+ *var_end = '\0';
+ value = getenv(var_beg);
+ *var_end = save_char;
+ val_len = value ? strlen(value) : 0;
+
+ if (braces) {
+ if (*var_end == '}') {
+ var_end++;
+ braces = 0;
+ } else {
+ Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto next_line; /* skip current line */
+ }
+ }
+
+ newlinesize = (end - thisline) - (var_end - line) + val_len + 1;
+
+ /* if not enough space in thisline */
+ if (newlinesize > linesize) {
+ char *newline;
+
+ newline = realloc(thisline, newlinesize * sizeof(*thisline));
+ if (newline == NULL) {
+ Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto next_line; /* slip current line */
+ }
+ /* recompute pointers if realloc returns a new pointer */
+ if (newline != thisline) {
+ int i;
+ int diff;
+
+ for (i = 0; i <= arg; i++) {
+ diff = args[i] - thisline;
+ args[i] = newline + diff;
+ }
+
+ diff = var_end - thisline;
+ var_end = newline + diff;
+ diff = end - thisline;
+ end = newline + diff;
+ diff = line - thisline;
+ line = newline + diff;
+ thisline = newline;
+ }
+ linesize = newlinesize;
+ }
+
+ /* insert value inside the line */
+ memmove(line + val_len, var_end, end - var_end + 1);
+ memcpy(line, value, val_len);
+ end += val_len - (var_end - line);
+ line += val_len;
+ }
else {
line++;
}
}
+ if (dquote) {
+ Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ }
+
+ if (squote) {
+ Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ }
+
/* empty line */
if (!**args)
continue;
@@ -5998,6 +6141,7 @@ int readcfgfile(const char *file)
break;
}
cursection = NULL;
+ free(thisline);
fclose(f);
return err_code;
}

319
base/haproxy/centos/patches/haproxy-tpm-support.patch
View File

@ -1,319 +0,0 @@
From a2a25214f6f4913b774bdd6c0b80d3ea424d3a1b Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 22 Mar 2017 12:07:24 -0400
Subject: [PATCH] haproxy tpm support
---
include/types/global.h | 13 +++++
src/cfgparse.c | 28 ++++++++++
src/haproxy.c | 26 ++++++++-
src/ssl_sock.c | 147 +++++++++++++++++++++++++++++++++++++++++++------
4 files changed, 197 insertions(+), 17 deletions(-)
diff --git a/include/types/global.h b/include/types/global.h
index f1525ae..2e9c077 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -30,6 +30,10 @@
#include <types/proxy.h>
#include <types/task.h>
+#ifdef USE_OPENSSL
+#include <openssl/engine.h>
+#endif
+
#ifndef UNIX_MAX_PATH
#define UNIX_MAX_PATH 108
#endif
@@ -71,6 +75,14 @@ enum {
SSL_SERVER_VERIFY_REQUIRED = 1,
};
+// WRS: Define a new TPM configuration structure
+struct tpm_conf {
+ char *tpm_object;
+ char *tpm_engine;
+ EVP_PKEY *tpm_key;
+ ENGINE *tpm_engine_ref;
+};
+
/* FIXME : this will have to be redefined correctly */
struct global {
#ifdef USE_OPENSSL
@@ -87,6 +99,7 @@ struct global {
char *connect_default_ciphers;
int listen_default_ssloptions;
int connect_default_ssloptions;
+ struct tpm_conf tpm; // tpm configuration
#endif
unsigned int ssl_server_verify; /* default verify mode on servers side */
struct freq_ctr conn_per_sec;
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 6a7f80c..3bc6e79 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1541,6 +1541,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm)
goto out;
#endif
}
+ else if (!strcmp(args[0], "tpm-object")) {
+ if (global.tpm.tpm_object) {
+ free(global.tpm.tpm_object);
+ }
+#ifdef USE_OPENSSL
+ if (*(args[1]) && (access(args[1], F_OK) != -1)) {
+ global.tpm.tpm_object = strdup(args[1]);
+ }
+#else
+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+#endif
+ }
+ else if (!strcmp(args[0], "tpm-engine")) {
+ if (global.tpm.tpm_engine) {
+ free(global.tpm.tpm_engine);
+ }
+#ifdef USE_OPENSSL
+ if (*(args[1]) && (access(args[1], F_OK) != -1)) {
+ global.tpm.tpm_engine = strdup(args[1]);
+ }
+#else
+ Alert("parsing [%s:%d] : '%s' is not implemented.\n", file, linenum, args[0]);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+#endif
+ }
else {
struct cfg_kw_list *kwl;
int index;
diff --git a/src/haproxy.c b/src/haproxy.c
index 862697d..2a1a0dc 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -959,6 +959,24 @@ static void deinit_stick_rules(struct list *rules)
}
}
+static void deinit_tpm_engine()
+{
+ /*
+ * if the tpm engine is present then
+ * deinit it, this is needed to
+ * flush the TPM key handle from TPM memory
+ */
+ if (global.tpm.tpm_engine_ref) {
+ ENGINE_finish(global.tpm.tpm_engine_ref);
+ }
+
+ if (global.tpm.tpm_key) {
+ EVP_PKEY_free(global.tpm.tpm_key);
+ }
+ free(global.tpm.tpm_engine); global.tpm.tpm_engine = NULL;
+ free(global.tpm.tpm_object); global.tpm.tpm_object = NULL;
+}
+
void deinit(void)
{
struct proxy *p = proxy, *p0;
@@ -1218,7 +1236,13 @@ void deinit(void)
free(uap);
}
-
+
+ /* if HAProxy was in TPM mode then deinit
+ * that configuration as well.
+ */
+ if (global.tpm.tpm_object && global.tpm.tpm_object != '\0')
+ deinit_tpm_engine();
+
userlist_free(userlist);
protocol_unbind_all();
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ead4c7b..4e16026 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -50,6 +50,7 @@
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
+#include <openssl/engine.h>
#include <common/buffer.h>
#include <common/compat.h>
@@ -1115,6 +1116,80 @@ end:
return ret;
}
+/*
+ * initialize the TPM engine and load the
+ * TPM object as private key within the Engine.
+ * Only do this for the first bind since TPM can
+ * only load 3-4 contexes before it runs out of memory
+ */
+static int ssl_sock_load_tpm_key(SSL_CTX *ctx, char **err) {
+ if (!global.tpm.tpm_object || global.tpm.tpm_object[0] == '\0') {
+ /* not in TPM mode */
+ return -1;
+ }
+ if (!global.tpm.tpm_key) {
+ Warning ("Could not find tpm_key; initializing engine\n");
+ /* no key present; load the dynamic TPM engine */
+ if (global.tpm.tpm_engine && global.tpm.tpm_engine[0]) {
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ memprintf(err, "%s Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)\n",
+ err && *err ? *err : "");
+ return 1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH", global.tpm.tpm_engine, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ /* stow away for ENGINE cleanup */
+ global.tpm.tpm_engine_ref = engine;
+
+ if (ENGINE_init(engine) != 1) {
+ const char *error_str = ERR_error_string(ERR_get_error(), NULL);
+ memprintf(err, "%s Unable to init the TPM engine (%s). Err: %s\n",
+ err && *err ? *err : "",
+ global.tpm.tpm_engine, error_str);
+ goto tpm_err;
+ }
+ EVP_PKEY *pkey = ENGINE_load_private_key(engine,
+ global.tpm.tpm_object,
+ NULL, NULL);
+ if (!pkey) {
+ const char *error_str = ERR_error_string(ERR_get_error(), NULL);
+ memprintf(err, "%s Unable to load TPM object (%s). Err: %s\n",
+ err && *err ? *err : "",
+ global.tpm.tpm_object, error_str);
+ goto tpm_err;
+ }
+ global.tpm.tpm_key = pkey;
+ }
+ else { /* no TPM engine found */
+ memprintf(err, "%s TPM engine option not set when TPM mode expected\n",
+ err && *err ? *err : "");
+ goto tpm_err;
+ }
+ }
+
+ if (SSL_CTX_use_PrivateKey(ctx, global.tpm.tpm_key) <= 0){
+ const char *error_str = ERR_error_string(ERR_get_error(),
+ NULL);
+ memprintf(err, "%s Invalid private key provided from TPM engine(%s). Err: %s\n",
+ err && *err ? *err : "",
+ global.tpm.tpm_object, error_str);
+ goto tpm_err;
+ }
+
+ return 0;
+
+tpm_err:
+ ENGINE_finish(global.tpm.tpm_engine_ref);
+ global.tpm.tpm_engine_ref = NULL;
+ EVP_PKEY_free(global.tpm.tpm_key);
+ global.tpm.tpm_key = NULL;
+ return 1;
+}
+
static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
{
int ret;
@@ -1127,26 +1202,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf
return 1;
}
- if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
- memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
- err && *err ? *err : "", path);
- SSL_CTX_free(ctx);
- return 1;
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * This SSL context applies to SSL frontends only.
+ * If the TPM option is set then the Private key
+ * is stored in TPM.
+ *
+ * Launch the OpenSSL TPM engine and load the TPM
+ * Private Key. The Public key will still be located
+ * at the provided path and needs to be loaded as
+ * per usual.
+ */
+ if (global.tpm.tpm_object) {
+ ret = ssl_sock_load_tpm_key(ctx, err);
+ if (ret > 0) {
+ /* tpm configuration failed */
+ SSL_CTX_free(ctx);
+ return 1;
+ }
}
-
- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount);
- if (ret <= 0) {
- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
- err && *err ? *err : "", path);
- if (ret < 0) /* serious error, must do that ourselves */
+ else { /* non TPM mode */
+ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
+ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
+ err && *err ? *err : "", path);
SSL_CTX_free(ctx);
- return 1;
+ return 1;
+ }
}
- if (SSL_CTX_check_private_key(ctx) <= 0) {
- memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
- err && *err ? *err : "", path);
- return 1;
+ ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount);
+ if (ret <= 0) {
+ memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
+ err && *err ? *err : "", path);
+ if (ret < 0) /* serious error, must do that ourselves */
+ SSL_CTX_free(ctx);
+ return 1;
+ }
+
+ /*
+ * only match the private key to the public key
+ * for non TPM mode. This op would never work for
+ * TPM since the private key has been wrapped, whereas
+ * the public key is still the original one.
+ */
+ if (!global.tpm.tpm_object) {
+ if (SSL_CTX_check_private_key(ctx) <= 0) {
+ memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
+ err && *err ? *err : "", path);
+ return 1;
+ }
}
/* we must not free the SSL_CTX anymore below, since it's already in
@@ -1725,6 +1828,18 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
cfgerr++;
return cfgerr;
}
+
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * This SSL context applies to SSL backends only.
+ * Since Titanium backends don't support SSL, there
+ * is no need to offload these keys in TPM or reuse the
+ * same TPM key for the frontend engine.
+ *
+ * If SSL backends are to be supported in the future,
+ * over TPM, then create a new TPM Engine context and
+ * load the backend key in TPM, in a similar fashion to
+ * the frontend key.
+ */
if (srv->ssl_ctx.client_crt) {
if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
--
1.8.3.1

1
base/haproxy/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/haproxy-1.5.18-8.el7.src.rpm

6
base/inih/centos/build_srpm.data
View File

@ -1,6 +0,0 @@
TAR_NAME=inih
GIT_SHA=b1dbff4b0bd1e1f40d237e21011f6dee0ec2fa69
VERSION=44
COPY_LIST="$STX_BASE/downloads/$TAR_NAME-$GIT_SHA.tar.gz"
TIS_PATCH_VER=PKG_GITREVCOUNT

45
base/inih/centos/inih.spec
View File

@ -1,45 +0,0 @@
%global git_sha b1dbff4b0bd1e1f40d237e21011f6dee0ec2fa69
Summary: inih
Name: inih
Version: 44
Release: 0%{?_tis_dist}.%{tis_patch_ver}
License: New BSD
Group: base
Packager: Wind River <info@windriver.com>
URL: https://github.com/benhoyt/inih/releases/tag/r44
Source0: %{name}-%{git_sha}.tar.gz
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: ncurses-static
BuildRequires: perl-version
%define debug_package %{nil}
%description
Simple .INI file parser written in C
%prep
%setup
%build
pushd extra > /dev/null
make -f Makefile.static
popd > /dev/null
%install
install -d -m 755 %{buildroot}%{_libdir}
install -d -m 755 %{buildroot}%{_includedir}
install -d -m 755 %{buildroot}%{_datadir}/inih/
install -p -D -m 755 extra/libinih.a %{buildroot}%{_libdir}/libinih.a
install -p -D -m 644 ini.h %{buildroot}%{_includedir}/ini.h
install -p -D -m 644 LICENSE.txt %{buildroot}%{_datadir}/inih/LICENSE.txt
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{_libdir}/*
%{_includedir}/*
%{_datadir}/*

1
base/initscripts/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

110
base/initscripts/centos/meta_patches/0001-Include-starlingx-initscripts-changes.patch
View File

@ -1,110 +0,0 @@
From 764ce9e69477b47577fc0231f4a0190b119937f7 Mon Sep 17 00:00:00 2001
From: Joseph Richard <joseph.richard@windriver.com>
Date: Tue, 19 Nov 2019 13:06:43 -0500
Subject: [PATCH] Include starlingx initscripts changes
This is build with build-pkgs --edit initscripts, and then rebased with
git rebase -i --root, with all existing meta-patches squashed into this
commit, and then the new meta-patch created from the output of
git format-patch HEAD~
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
---
SPECS/initscripts.spec | 38 ++++++++++++++++++++++++++++++--------
1 file changed, 30 insertions(+), 8 deletions(-)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index fb0bd96..a446775 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -4,7 +4,7 @@ Version: 9.49.46
# ppp-watch is GPLv2+, everything else is GPLv2
License: GPLv2 and GPLv2+
Group: System Environment/Base
-Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
URL: https://github.com/fedora-sysv/initscripts
Source: https://github.com/fedora-sysv/initscripts/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -36,6 +36,20 @@ Requires(preun): /sbin/chkconfig
BuildRequires: glib2-devel popt-devel gettext pkgconfig systemd
Provides: /sbin/service
+Patch1: support-interface-scriptlets.patch
+Patch2: relocate-dhclient-leases-to-var-run.patch
+Patch3: dhclient-restrict-interfaces-to-those-on-c.patch
+Patch4: support-interface-promisc.patch
+Patch5: 0001-dhclient-remove-1-arg.patch
+Patch6: 0001-force-delay-check-link-down.patch
+Patch7: run-ifdown-on-all-interfaces.patch
+Patch8: sysconfig-affirmative-check-for-link-carrier.patch
+Patch9: sysconfig-unsafe-usage-of-linkdelay-variable.patch
+Patch10: ipv6-static-route-support.patch
+Patch11: ifup-eth-stop-waiting-if-link-is-up.patch
+Patch12: ifup-alias-scope.patch
+Patch13: ifup-alias-check-ipaddr.patch
+
%description
The initscripts package contains basic system scripts used
during a boot of the system. It also contains scripts which
@@ -55,6 +69,20 @@ Currently, this consists of various memory checking code.
%prep
%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+
%build
make
@@ -163,10 +191,7 @@ rm -rf $RPM_BUILD_ROOT
/usr/lib/systemd/rhel-*
/usr/lib/systemd/system/*
/etc/inittab
-%dir /etc/rc.d
-%dir /etc/rc.d/rc[0-9].d
/etc/rc[0-9].d
-%dir /etc/rc.d/init.d
/etc/rc.d/init.d/*
%config(noreplace) /etc/sysctl.conf
/usr/lib/sysctl.d/00-system.conf
@@ -188,7 +213,6 @@ rm -rf $RPM_BUILD_ROOT
/usr/sbin/ppp-watch
%{_mandir}/man*/*
%dir %attr(775,root,root) /var/run/netreport
-%dir /etc/ppp
%dir /etc/ppp/peers
/etc/ppp/ip-up
/etc/ppp/ip-down
@@ -196,8 +220,6 @@ rm -rf $RPM_BUILD_ROOT
/etc/ppp/ip-down.ipv6to4
/etc/ppp/ipv6-up
/etc/ppp/ipv6-down
-%dir /etc/NetworkManager
-%dir /etc/NetworkManager/dispatcher.d
/etc/NetworkManager/dispatcher.d/00-netreport
%doc sysconfig.txt sysvinitfiles static-routes-ipv6 ipv6-tunnel.howto ipv6-6to4.howto changes.ipv6 COPYING
%doc examples
@@ -207,7 +229,7 @@ rm -rf $RPM_BUILD_ROOT
%ghost %attr(0664,root,utmp) /var/run/utmp
%ghost %attr(0644,root,root) /etc/sysconfig/kvm
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
-%dir /usr/lib/tmpfiles.d
+%dir %attr(0755,root,root) /usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/initscripts.conf
%dir /usr/libexec/initscripts
%dir /usr/libexec/initscripts/legacy-actions
--
1.8.3.1

2
base/initscripts/centos/meta_patches/PATCH_ORDER
View File

@ -1,2 +0,0 @@
0001-Include-starlingx-initscripts-changes.patch
meta-dhclient6-remove-one-shot-arg.patch

34
base/initscripts/centos/meta_patches/meta-dhclient6-remove-one-shot-arg.patch
View File

@ -1,34 +0,0 @@
From ea055ff88680ae68f78b8807cef8c76030e3d1de Mon Sep 17 00:00:00 2001
From: Andre Fernando Zanella Kantek
<AndreFernandoZanella.Kantek@windriver.com>
Date: Tue, 6 Jul 2021 10:24:21 -0400
Subject: [PATCH 1/1] meta dhclient6 remove one shot arg
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
---
SPECS/initscripts.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec
index a446775..bda0e5c 100644
--- a/SPECS/initscripts.spec
+++ b/SPECS/initscripts.spec
@@ -49,6 +49,7 @@ Patch10: ipv6-static-route-support.patch
Patch11: ifup-eth-stop-waiting-if-link-is-up.patch
Patch12: ifup-alias-scope.patch
Patch13: ifup-alias-check-ipaddr.patch
+Patch14: dhclient6-remove-one-shot-arg.patch
%description
The initscripts package contains basic system scripts used
@@ -82,6 +83,7 @@ Currently, this consists of various memory checking code.
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
%build
make
--
2.29.2

26
base/initscripts/centos/patches/0001-dhclient-remove-1-arg.patch
View File

@ -1,26 +0,0 @@
From 11bc780fc8c7cfc7bbc59dcd84f3735c1cabfd30 Mon Sep 17 00:00:00 2001
From: Ludovic Beliveau <ludovic.beliveau@windriver.com>
Date: Mon, 30 May 2016 10:12:43 -0400
Subject: [PATCH 1/1] dhclient remove -1 arg
---
sysconfig/network-scripts/ifup-eth | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index fdbbf13..439c4c5 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -212,7 +212,8 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then
generate_lease_file_name
# Initialize the dhclient args and obtain the hostname options if needed:
- DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid"
+ # DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid"
+ DHCLIENTARGS="${DHCLIENTARGS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid"
set_hostname_options DHCLIENTARGS
echo
--
1.9.1

25
base/initscripts/centos/patches/0001-force-delay-check-link-down.patch
View File

@ -1,25 +0,0 @@
From 6afaa4c6e0f4ca0821da986e3e4cc1a0bf56bebb Mon Sep 17 00:00:00 2001
From: Ludovic Beliveau <ludovic.beliveau@windriver.com>
Date: Thu, 9 Jun 2016 23:05:17 -0400
Subject: [PATCH 1/1] force-delay-check-link-down
---
sysconfig/network-scripts/network-functions | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index 080101b..798f28a 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -470,7 +470,7 @@ check_link_down ()
ip link set dev $1 up >/dev/null 2>&1
fi
timeout=0
- delay=10
+ delay=20
[ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do
[ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1
--
1.9.1

65
base/initscripts/centos/patches/dhclient-restrict-interfaces-to-those-on-c.patch
View File

@ -1,65 +0,0 @@
From bafc4d1f7971edbe7cd411fbe2ee6876ded35c6e Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 14 Apr 2016 12:04:55 -0400
Subject: [PATCH] CGTS-3416: dhclient: restrict interfaces to those on command
line only
By default, the dhclient process does not respect the list of interfaces
supplied at the command line. It configures any interfaces found to be
specified in the config file. Since we customize options for each interface in
our config file and run a separate dhclient process for each interface we end
up with multiple dhclient processes that each service all interfaces. This is
undesirable because it is possible that a request is sent by process A but
received by process B. This leads to lease expiry events even though a valid
request packet was returned by the server.
This change introduces a "--restrict-interfaces" option to the dhclient process
to force it to ignore all interfaces in config files other than those specified
at the command line.
To activate this change our version of ifup/ifdown has been modified to
pass the "--restrict-interfaces" to dhclient as well as to request that each
process use its own lease file to avoid file corruption.
---
sysconfig/network-scripts/ifdown-eth | 2 +-
sysconfig/network-scripts/ifup-eth | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/sysconfig/network-scripts/ifdown-eth b/sysconfig/network-scripts/ifdown-eth
index 7ccbddf..5b75162 100755
--- a/sysconfig/network-scripts/ifdown-eth
+++ b/sysconfig/network-scripts/ifdown-eth
@@ -92,7 +92,7 @@ for VER in "" 6 ; do
dhcpid=$(cat /var/run/dhclient$VER-${DEVICE}.pid)
generate_lease_file_name $VER
if is_true "$DHCPRELEASE"; then
- /sbin/dhclient -r -lf ${LEASEFILE} -pf /var/run/dhclient$VER-${DEVICE}.pid ${DEVICE} >/dev/null 2>&1
+ /sbin/dhclient -r -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient$VER-${DEVICE}.pid ${DEVICE} >/dev/null 2>&1
retcode=$?
else
kill $dhcpid >/dev/null 2>&1
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index 3da5c16..9bcf57f 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -204,7 +204,7 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then
generate_lease_file_name
# Initialize the dhclient args and obtain the hostname options if needed:
- DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient-${DEVICE}.pid"
+ DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid"
set_hostname_options DHCLIENTARGS
echo
@@ -355,7 +355,7 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then
echo -n $"Determining IPv6 information for ${DEVICE}..."
# Initialize the dhclient args for IPv6 and obtain the hostname options if needed:
- DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}"
+ DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}"
set_hostname_options DHCLIENTARGS
if /sbin/dhclient $DHCLIENTARGS; then
--
1.9.1

27
base/initscripts/centos/patches/dhclient6-remove-one-shot-arg.patch
View File

@ -1,27 +0,0 @@
From b6b206cdba982d8152191e8e795d15ae29ed993e Mon Sep 17 00:00:00 2001
From: Andre Fernando Zanella Kantek
<AndreFernandoZanella.Kantek@windriver.com>
Date: Tue, 6 Jul 2021 10:17:40 -0400
Subject: [PATCH 1/1] dhclient6 remove one shot arg
Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
---
sysconfig/network-scripts/ifup-eth | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index bf3f96b..cb87fd6 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -364,7 +364,7 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then
echo -n $"Determining IPv6 information for ${DEVICE}..."
# Initialize the dhclient args for IPv6 and obtain the hostname options if needed:
- DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}"
+ DHCLIENTARGS="-6 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}"
set_hostname_options DHCLIENTARGS
if /sbin/dhclient $DHCLIENTARGS; then
--
2.29.2

25
base/initscripts/centos/patches/ifup-alias-check-ipaddr.patch
View File

@ -1,25 +0,0 @@
From a45766732beaa475d48907824666e501bacc69db Mon Sep 17 00:00:00 2001
From: Teresa Ho <teresa.ho@windriver.com>
Date: Wed, 25 Sep 2019 15:56:36 -0400
Subject: [PATCH 1/1] Patch14: ifup-alias-check-ipaddr
---
sysconfig/network-scripts/ifup-aliases | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/ifup-aliases b/sysconfig/network-scripts/ifup-aliases
index 9086763..40454ed 100755
--- a/sysconfig/network-scripts/ifup-aliases
+++ b/sysconfig/network-scripts/ifup-aliases
@@ -175,7 +175,7 @@ function new_interface ()
ipseen_${IPGLOP}=$FILE; devseen_${DEVNUM}=$FILE;
";
- if [ -n "$ipseen" ]; then
+ if [ -n "$IPADDR" -a -n "$ipseen" ]; then
net_log $"error in $FILE: already seen ipaddr $IPADDR in $ipseen"
return 1
fi
--
1.8.3.1

32
base/initscripts/centos/patches/ifup-alias-scope.patch
View File

@ -1,32 +0,0 @@
From 59e30a344df4b661f30c0a5c629dbd13e9d88e8f Mon Sep 17 00:00:00 2001
From: Teresa Ho <teresa.ho@windriver.com>
Date: Mon, 17 Dec 2018 17:47:18 -0500
Subject: [PATCH 1/1] WRS: Patch13: ifup-alias-scope.patch
---
sysconfig/network-scripts/ifup-aliases | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/ifup-aliases b/sysconfig/network-scripts/ifup-aliases
index 52d43ea..9086763 100755
--- a/sysconfig/network-scripts/ifup-aliases
+++ b/sysconfig/network-scripts/ifup-aliases
@@ -277,8 +277,14 @@ function new_interface ()
fi
fi
+ if [ "${parent_device}" = "lo" ]; then
+ SCOPE="scope host"
+ else
+ SCOPE=${SCOPE:-}
+ fi
+
/sbin/ip addr add ${IPADDR}/${PREFIX} brd ${BROADCAST} \
- dev ${parent_device} label ${DEVICE}
+ dev ${parent_device} ${SCOPE} label ${DEVICE}
# update ARP cache of neighboring computers:
if ! is_false "${ARPUPDATE}" && [ "${REALDEVICE}" != "lo" ]; then
--
1.8.3.1

52
base/initscripts/centos/patches/ifup-eth-stop-waiting-if-link-is-up.patch
View File

@ -1,52 +0,0 @@
From 358cb3c0c8feed5ecfaa8ebfc56b7742b88bb14a Mon Sep 17 00:00:00 2001
From: Denny Khoerniawan <denny.khoerniawan@windriver.com>
Date: Wed, 15 Nov 2017 14:02:49 -0500
Subject: [PATCH] ifup-eth stop waiting if link is up
---
sysconfig/network-scripts/ifup-eth | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index 192ad18..4b8b992 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -168,7 +168,7 @@ if [ "$ISALIAS" = no ] && is_bonding_device ${DEVICE} ; then
/sbin/ifup ${device##*/} || net_log "Unable to start slave device ${device##*/} for master ${DEVICE}." warning
done
- [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
+ check_link_down ${DEVICE}
# add the bits to setup the needed post enslavement parameters
for arg in $BONDING_OPTS ; do
@@ -188,7 +188,7 @@ if [ -n "${BRIDGE}" ] && [ -x /usr/sbin/brctl ]; then
/sbin/ip addr flush dev ${DEVICE} 2>/dev/null
/sbin/ip link set dev ${DEVICE} up
ethtool_set
- [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
+ check_link_down ${DEVICE}
/usr/sbin/brctl addif -- ${BRIDGE} ${DEVICE}
# add the bits to setup driver parameters here
for arg in $BRIDGING_OPTS ; do
@@ -244,7 +244,7 @@ else
# enable device without IP, useful for e.g. PPPoE
ip link set dev ${REALDEVICE} up
ethtool_set
- [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
+ check_link_down ${REALDEVICE}
else
expand_config
@@ -259,7 +259,7 @@ else
ethtool_set
- [ -n "${LINKDELAY}" ] && /bin/sleep ${LINKDELAY}
+ check_link_down ${REAL_DEVICE}
if [ "${DEVICE}" = "lo" ]; then
SCOPE="scope host"
--
1.8.3.1

29
base/initscripts/centos/patches/ipv6-static-route-support.patch
View File

@ -1,29 +0,0 @@
From e47e3faa2a3a35018e111dbd061a2e529cf77f9c Mon Sep 17 00:00:00 2001
From: Kevin Smith <kevin.smith@windriver.com>
Date: Tue, 17 Oct 2017 10:46:00 -0500
Subject: [PATCH 1/1] ipv6 static route support
---
sysconfig/network-scripts/ifup-routes | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/ifup-routes b/sysconfig/network-scripts/ifup-routes
index ff8d5b5..a82d053 100755
--- a/sysconfig/network-scripts/ifup-routes
+++ b/sysconfig/network-scripts/ifup-routes
@@ -32,9 +32,11 @@ handle_ip_file() {
if [ "$type" != "$t" ]; then
proto="-6"
fi
+ # remove proto input from below so we can keep
+ # ipv6 routes in a route-<if> file as well.
{ cat "$file" ; echo ; } | while read line; do
if [[ ! "$line" =~ $MATCH ]]; then
- /sbin/ip $proto $type add $line
+ /sbin/ip $type add $line
fi
done
}
--
1.8.3.1

30
base/initscripts/centos/patches/relocate-dhclient-leases-to-var-run.patch
View File

@ -1,30 +0,0 @@
From 6a3a3047ad47570ccdb9b758c8417a66447be697 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Thu, 5 Oct 2017 12:31:18 -0400
Subject: [PATCH 2/9] WRS: Patch5-relocate-dhclient-leases-to-var-run.patch
---
sysconfig/network-scripts/network-functions | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index 1867c38..080101b 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -65,11 +65,11 @@ get_uuid_by_config ()
generate_lease_file_name ()
{
local ver=$1
- LEASEFILE="/var/lib/dhclient/dhclient$ver-${DEVICE}.leases"
+ LEASEFILE="/var/run/dhclient$ver-${DEVICE}.leases"
if [ -f $LEASEFILE ]; then
return
fi
- LEASEFILE="/var/lib/dhclient/dhclient$ver-${UUID}-${DEVICE}.lease"
+ LEASEFILE="/var/run/dhclient$ver-${UUID}-${DEVICE}.lease"
}
generate_config_file_name ()
--
1.9.1

26
base/initscripts/centos/patches/run-ifdown-on-all-interfaces.patch
View File

@ -1,26 +0,0 @@
From 76a5f892c132eed05a6cbffbdba3306e50b6a672 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Thu, 5 Oct 2017 12:40:38 -0400
Subject: [PATCH 7/9] WRS: Patch10-run-ifdown-on-all-interfaces.patch
---
rc.d/init.d/network | 3 +++
1 file changed, 3 insertions(+)
diff --git a/rc.d/init.d/network b/rc.d/init.d/network
index a8deed3..852ef94 100755
--- a/rc.d/init.d/network
+++ b/rc.d/init.d/network
@@ -228,6 +228,9 @@ stop)
if ! check_device_down $DEVICE; then
action $"Shutting down interface $i: " ./ifdown $i boot
[ $? -ne 0 ] && rc=1
+ else
+ action $"Shutting down non-UP interface $i: " ./ifdown $i boot
+ logger $"Running ifdown on non-UP interface $i"
fi
)
done
--
1.9.1

53
base/initscripts/centos/patches/support-interface-promisc.patch
View File

@ -1,53 +0,0 @@
From f50fd7a0a9b53ba475d85670a5428876e13dac36 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Thu, 5 Oct 2017 12:37:06 -0400
Subject: [PATCH 4/9] WRS: Patch7-support-interface-promisc.patch
---
sysconfig/network-scripts/ifdown-eth | 5 +++++
sysconfig/network-scripts/ifup-eth | 8 ++++++++
2 files changed, 13 insertions(+)
diff --git a/sysconfig/network-scripts/ifdown-eth b/sysconfig/network-scripts/ifdown-eth
index 5b75162..60f1ba2 100755
--- a/sysconfig/network-scripts/ifdown-eth
+++ b/sysconfig/network-scripts/ifdown-eth
@@ -181,4 +181,9 @@ if [ -n "$VLAN" ]; then
fi
fi
+# WRS: Support PROMISC
+if [ "${PROMISC}" = yes ]; then
+ ip link set dev ${DEVICE} promisc off
+fi
+
exit $retcode
diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth
index 9bcf57f..fdbbf13 100755
--- a/sysconfig/network-scripts/ifup-eth
+++ b/sysconfig/network-scripts/ifup-eth
@@ -128,6 +128,11 @@ if [ -n "${MTU}" ]; then
ip link set dev ${DEVICE} mtu ${MTU}
fi
+# WRS: Support PROMISC
+if [ "${PROMISC}" = yes ]; then
+ ip link set dev ${DEVICE} promisc on
+fi
+
# is the device wireless? If so, configure wireless device specifics
is_wireless_device ${DEVICE} && . ./ifup-wireless
@@ -147,6 +152,9 @@ if [ "${SLAVE}" = yes -a "${ISALIAS}" = no -a "${MASTER}" != "" ]; then
}
ethtool_set
+ # WRS: Flush addresses
+ ip addr flush dev ${DEVICE}
+
exit 0
fi
--
1.9.1

91
base/initscripts/centos/patches/support-interface-scriptlets.patch
View File

@ -1,91 +0,0 @@
From b5fb31139b18385f295debe8acdb25c23b6f8b87 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Thu, 5 Oct 2017 12:30:03 -0400
Subject: [PATCH 1/9] WRS: Patch4-support-interface-scriptlets.patch
---
sysconfig/network-scripts/ifdown | 6 ++++++
sysconfig/network-scripts/ifdown-post | 12 ++++++++++++
sysconfig/network-scripts/ifup | 6 ++++++
sysconfig/network-scripts/ifup-post | 12 ++++++++++++
4 files changed, 36 insertions(+)
diff --git a/sysconfig/network-scripts/ifdown b/sysconfig/network-scripts/ifdown
index 90b1c83..88c1d74 100755
--- a/sysconfig/network-scripts/ifdown
+++ b/sysconfig/network-scripts/ifdown
@@ -58,6 +58,12 @@ if [ -x /sbin/ifdown-pre-local ]; then
/sbin/ifdown-pre-local ${DEVICE}
fi
+# WRS: Execute pre-down commands.
+if [ -n "$pre_down" ]; then
+ eval $pre_down
+ [ "$?" != "0" ] && exit 1
+fi
+
OTHERSCRIPT="/etc/sysconfig/network-scripts/ifdown-${DEVICETYPE}"
if [ ! -x ${OTHERSCRIPT} ]; then
diff --git a/sysconfig/network-scripts/ifdown-post b/sysconfig/network-scripts/ifdown-post
index 8b56e14..bd4198a 100755
--- a/sysconfig/network-scripts/ifdown-post
+++ b/sysconfig/network-scripts/ifdown-post
@@ -69,4 +69,16 @@ if [ -x /sbin/ifdown-local ]; then
/sbin/ifdown-local ${DEVICE}
fi
+# WRS: Execute down commands.
+if [ -n "$down" ]; then
+ eval $down
+ [ "$?" != "0" ] && exit 1
+fi
+
+# WRS: Execute post-down commands.
+if [ -n "$post_down" ]; then
+ eval $post_down
+ [ "$?" != "0" ] && exit 1
+fi
+
exit 0
diff --git a/sysconfig/network-scripts/ifup b/sysconfig/network-scripts/ifup
index d25db5a..07c63a5 100755
--- a/sysconfig/network-scripts/ifup
+++ b/sysconfig/network-scripts/ifup
@@ -151,6 +151,12 @@ if [ -x /sbin/ifup-pre-local ]; then
/sbin/ifup-pre-local ${CONFIG} $2
fi
+# WRS: Execute pre-up commands.
+if [ -n "$pre_up" ]; then
+ eval $pre_up
+ [ "$?" != "0" ] && exit 1
+fi
+
OTHERSCRIPT="/etc/sysconfig/network-scripts/ifup-${DEVICETYPE}"
if [ ! -x ${OTHERSCRIPT} ]; then
diff --git a/sysconfig/network-scripts/ifup-post b/sysconfig/network-scripts/ifup-post
index ab0710b..3b76492 100755
--- a/sysconfig/network-scripts/ifup-post
+++ b/sysconfig/network-scripts/ifup-post
@@ -148,4 +148,16 @@ if [ -x /sbin/ifup-local ]; then
/sbin/ifup-local ${DEVICE}
fi
+# WRS: Execute up commands.
+if [ -n "$up" ]; then
+ eval $up
+ [ "$?" != "0" ] && exit 1
+fi
+
+# WRS: Execute post-up commands.
+if [ -n "$post_up" ]; then
+ eval $post_up
+ [ "$?" != "0" ] && exit 1
+fi
+
exit 0
--
1.9.1

42
base/initscripts/centos/patches/sysconfig-affirmative-check-for-link-carrier.patch
View File

@ -1,42 +0,0 @@
From cd3e0b0fea9588c987db119cb6d7840ace399368 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 08:27:42 -0500
Subject: [PATCH] sysconfig: affirmative check for link carrier
The /sys/class/net/<iface>/carrier attribute is supposed to return 0 or 1 to
indicate whether a link carrier is present or not. This holds true for regular
ethernet devices but for special devices, such as VLAN interfaces, it appears
to be possible that it returns an error on stderr and nothing on stdout in some
scenarios. One such scenario is if the lower interface of a VLAN is
administratively down then checking the carrier status of the VLAN returns
"invalid argument".
Because of the way the check_link_down() function is currently coded a failure
to produce any output on stdout is interpreted as a sign that the link carrier
is present. That is, the empty string "" is not equal to "0" therefore the
check passes.
To avoid this scenario we are changing this to a more affirmative check so that
it won't actually pass until stdout returns "1".
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
---
sysconfig/network-scripts/network-functions | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index d08f618..13cf4de 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -473,7 +473,7 @@ check_link_down ()
delay=20
[ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do
- [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" != "0" ] && return 1
+ [ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
sleep 0.5
timeout=$((timeout+1))
done
--
2.7.4

33
base/initscripts/centos/patches/sysconfig-unsafe-usage-of-linkdelay-variable.patch
View File

@ -1,33 +0,0 @@
From 9b12287d8dade60c012969db3ae56b36d1e50966 Mon Sep 17 00:00:00 2001
From: Allain Legacy <allain.legacy@windriver.com>
Date: Thu, 17 Nov 2016 11:37:38 -0500
Subject: [PATCH] sysconfig: unsafe usage of linkdelay variable
If the LINKDELAY variable is an alphabetic string instead of an integer then
the calculation in check_link_down() causes delay to be set to 0. That causes
the loop to never execute and for the caller to think that the link is always
down.
This does not address but is related to CGTS-5821
Signed-off-by: Allain Legacy <allain.legacy@windriver.com>
---
sysconfig/network-scripts/network-functions | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysconfig/network-scripts/network-functions b/sysconfig/network-scripts/network-functions
index 13cf4de..4bcc48f 100644
--- a/sysconfig/network-scripts/network-functions
+++ b/sysconfig/network-scripts/network-functions
@@ -471,7 +471,7 @@ check_link_down ()
fi
timeout=0
delay=20
- [ -n "$LINKDELAY" ] && delay=$(($LINKDELAY * 2))
+ [[ $LINKDELAY =~ ^[0-9]+$ ]] && delay=$(($LINKDELAY * 2))
while [ $timeout -le $delay ]; do
[ "$(cat /sys/class/net/$REALDEVICE/carrier 2>/dev/null)" == "1" ] && return 1
sleep 0.5
--
2.7.4

1
base/initscripts/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/initscripts-9.49.46-1.el7.src.rpm

2
base/libevent/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
COPY_LIST="files/*"
TIS_PATCH_VER=PKG_GITREVCOUNT

24
base/libevent/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch
View File

@ -1,24 +0,0 @@
From d63b56b8511b808a4c23c4c15ed81e368f9b020c Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Tue, 27 Sep 2016 10:59:20 -0400
Subject: [PATCH] Update package versioning for TIS format
---
SPECS/libevent.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/libevent.spec b/SPECS/libevent.spec
index 9c6cc3e..7d98b8f 100644
--- a/SPECS/libevent.spec
+++ b/SPECS/libevent.spec
@@ -1,6 +1,6 @@
Name: libevent
Version: 2.0.21
-Release: 4%{?dist}
+Release: 4.el7%{?_tis_dist}.%{tis_patch_ver}
Summary: Abstract asynchronous event notification library
Group: System Environment/Libraries
--
1.8.3.1

2
base/libevent/centos/meta_patches/PATCH_ORDER
View File

@ -1,2 +0,0 @@
spec-include-TiS-patches.patch
0001-Update-package-versioning-for-TIS-format.patch

20
base/libevent/centos/meta_patches/spec-include-TiS-patches.patch
View File

@ -1,20 +0,0 @@
diff --git a/SPECS/libevent.spec b/SPECS/libevent.spec
index fd59ca3..9c6cc3e 100644
--- a/SPECS/libevent.spec
+++ b/SPECS/libevent.spec
@@ -13,6 +13,7 @@ BuildRequires: doxygen openssl-devel
Patch00: libevent-2.0.10-stable-configure.patch
# Disable network tests
Patch01: libevent-nonettests.patch
+Patch02: libevent-ipv6-client-socket.patch
%description
The libevent API provides a mechanism to execute a callback function
@@ -49,6 +50,7 @@ need to install %{name}-doc.
# 477685 - libevent-devel multilib conflict
%patch00 -p1
%patch01 -p1 -b .nonettests
+%patch02 -p1
%build
%configure \

1
base/libevent/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/libevent-2.0.21-4.el7.src.rpm

2
base/libfdt/centos/build_srpm.data
View File

@ -1,2 +0,0 @@
COPY_LIST="$CGCS_BASE/downloads/dtc-1.4.4.tar.gz"
TIS_PATCH_VER=PKG_GITREVCOUNT

51
base/libfdt/centos/libfdt.spec
View File

@ -1,51 +0,0 @@
Summary: libfdt
Name: libfdt
Version: 1.4.4
Release: 0%{?_tis_dist}.%{tis_patch_ver}
License: GPLv2
Group: base
Packager: Wind River <info@windriver.com>
URL: unknown
Source0: dtc-1.4.4.tar.gz
BuildRequires: gcc
BuildRequires: bison
BuildRequires: flex
%define debug_package %{nil}
%description
Device Tree Compiler
%package -n libfdt-devel
Summary: libfdt devel
%description -n libfdt-devel
libfdt devel
%define prefix /usr/
%prep
%setup -n dtc-1.4.4
%build
make
%install
make install PREFIX=%{buildroot}%{prefix}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%license GPL README.license
%defattr(-,root,root,-)
# TODO: Devel shouldn't contain bin
%files -n libfdt-devel
%license GPL README.license
%defattr(-,root,root,-)
%{prefix}/bin/*
%dir %{prefix}/include
%{prefix}/include/*
%{prefix}/lib/*

1
base/lighttpd/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

4
base/lighttpd/centos/meta_patches/PATCH_ORDER
View File

@ -1,4 +0,0 @@
spec-include-TiS-changes.patch
Update-package-versioning-for-TIS-format.patch
spec-check-content-length.patch
meta_add_support_for_tpm.patch

27
base/lighttpd/centos/meta_patches/Update-package-versioning-for-TIS-format.patch
View File

@ -1,27 +0,0 @@
From 1c4a8d83d96eab943d1cb7b4f0d9b7175e6858f1 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch
Conflicts:
SPECS/lighttpd.spec
---
SPECS/lighttpd.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index 2f7b261..2553b27 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -46,7 +46,7 @@
Summary: Lightning fast webserver with light system requirements
Name: lighttpd
Version: 1.4.54
-Release: 1%{?dist}
+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver}
License: BSD
Group: System Environment/Daemons
URL: http://www.lighttpd.net/
--
2.7.4

32
base/lighttpd/centos/meta_patches/meta_add_support_for_tpm.patch
View File

@ -1,32 +0,0 @@
From 2cfc139ffabdb52c82834be2f88333f99c181677 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Tue, 28 Mar 2017 17:33:34 -0400
Subject: [PATCH] Adding support for TPM 2.0
---
SPECS/lighttpd.spec | 2 ++
1 file changed, 2 insertions(+)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index c27f78f..bc11989 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -76,6 +76,7 @@ Patch3: lighttpd-1.4.39-socket.patch
# WRS Patches
Patch100: check-content-length.patch
+Patch101: lighttpd-tpm-support.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
# For the target poweredby.png image (skip requirement + provide image on EL5)
@@ -191,6 +192,7 @@ Authentication module for lighttpd that uses PAM.
# WRS Patches
%patch100 -p1 -b .content_length
+%patch101 -p1 -b .tpm_support
#install -p -m 0644 %{SOURCE100} src/mod_geoip.c
#install -p -m 0644 %{SOURCE101} mod_geoip.txt
--
2.7.4

40
base/lighttpd/centos/meta_patches/spec-check-content-length.patch
View File

@ -1,40 +0,0 @@
From 730a5321581e70790da4e94085698fd299072be5 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH] WRS: spec-check-content-length.patch
Conflicts:
SPECS/lighttpd.spec
---
SPECS/lighttpd.spec | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index 2553b27..c27f78f 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -73,6 +73,10 @@ Patch3: lighttpd-1.4.39-socket.patch
#Patch7: lighttpd-1.4.42-bignum.patch
#Patch8: lighttpd-1.4.43-mysql.patch
#Patch9: lighttpd-1.4.48-autoconf.patch
+
+# WRS Patches
+Patch100: check-content-length.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
# For the target poweredby.png image (skip requirement + provide image on EL5)
%if %{with systemlogos}
@@ -184,6 +188,10 @@ Authentication module for lighttpd that uses PAM.
#%patch7 -p0 -b .bignum
#%patch8 -p0 -b .mysql
#%patch9 -p0 -b .autoconf
+
+# WRS Patches
+%patch100 -p1 -b .content_length
+
#install -p -m 0644 %{SOURCE100} src/mod_geoip.c
#install -p -m 0644 %{SOURCE101} mod_geoip.txt
--
2.7.4

93
base/lighttpd/centos/meta_patches/spec-include-TiS-changes.patch
View File

@ -1,93 +0,0 @@
From 8f91c53ae95b97e12d4a7b16fac8f3d5195ccd52 Mon Sep 17 00:00:00 2001
From: Scott Little <scott.little@windriver.com>
Date: Mon, 20 Mar 2017 10:21:28 -0400
Subject: [PATCH 1/4] WRS: spec-include-TiS-changes.patch
---
SPECS/lighttpd.spec | 29 ++++++++++++++---------------
1 file changed, 14 insertions(+), 15 deletions(-)
diff --git a/SPECS/lighttpd.spec b/SPECS/lighttpd.spec
index de52e46..7acdc84 100644
--- a/SPECS/lighttpd.spec
+++ b/SPECS/lighttpd.spec
@@ -62,6 +62,7 @@ Source13: http://www.lighttpd.net/light_logo.png
Source14: lighttpd-empty.png
#Source100: lighttpd-mod_geoip.c
#Source101: lighttpd-mod_geoip.txt
+
Patch0: lighttpd-1.4.39-defaultconf.patch
#Patch1: lighttpd-1.4.40-mod_geoip.patch
Patch2: lighttpd-1.4.54-system-crypto-policy.patch
@@ -194,17 +195,19 @@ autoreconf -if
--libdir='%{_libdir}/lighttpd' \
%{confswitch mysql} \
%{confswitch pam} \
- %{confswitch ldap} \
+ --without-ldap \
%{confswitch attr} \
- %{confswitch openssl} \
+ --with-openssl \
%{confswitch kerberos5} \
- %{confswitch pcre} \
+ --with-pcre \
%{confswitch fam} \
- %{?with_webdavprops:--with-webdav-props} \
- %{?with_webdavlocks:--with-webdav-locks} \
+ --without-webdav-props \
+ --without-webdav-locks \
%{confswitch gdbm} \
- %{confswitch memcache} \
- %{confswitch lua} \
+ --without-memcache \
+ --without-lua \
+ --without-bzip2 \
+ --disable-static \
%{confswitch geoip} \
%{confswitch krb5}
make %{?_smp_mflags}
@@ -223,13 +226,14 @@ install -D -p -m 0644 %{SOURCE2} \
%{buildroot}%{_sysconfdir}/php.d/lighttpd.ini
# Install our own init script (included one is old style) or systemd service
-%if %{with systemd}
+#%if %{with systemd}
install -D -p -m 0644 %{SOURCE4} \
%{buildroot}%{_unitdir}/lighttpd.service
-%else
+#%else
+mkdir -p /etc/rc.d/init.d
install -D -p -m 0755 %{SOURCE3} \
%{buildroot}%{_sysconfdir}/rc.d/init.d/lighttpd
-%endif
+#%endif
# Install our own default web page and images
mkdir -p %{buildroot}%{webroot}
@@ -267,11 +271,9 @@ echo 'D /var/run/lighttpd 0750 lighttpd lighttpd -' > \
%{buildroot}%{_sysconfdir}/tmpfiles.d/lighttpd.conf
%endif
-
%clean
rm -rf %{buildroot}
-
%pre
/usr/sbin/useradd -s /sbin/nologin -M -r -d %{webroot} \
-c 'lighttpd web server' lighttpd &>/dev/null || :
@@ -315,11 +317,8 @@ fi
%config %{_sysconfdir}/lighttpd/conf.d/mod.template
%config %{_sysconfdir}/lighttpd/vhosts.d/vhosts.template
%config(noreplace) %{_sysconfdir}/logrotate.d/lighttpd
-%if %{with systemd}
%{_unitdir}/lighttpd.service
-%else
%{_sysconfdir}/rc.d/init.d/lighttpd
-%endif
%if %{with tmpfiles}
%config(noreplace) %{_sysconfdir}/tmpfiles.d/lighttpd.conf
%endif
--
2.7.4

79
base/lighttpd/centos/patches/check-content-length.patch
View File

@ -1,79 +0,0 @@
From 65107586a55c594c44b0a97a2d6756f6a0f0a5ca Mon Sep 17 00:00:00 2001
From: Giao Le <giao.le@windriver.com>
Date: Mon, 27 Aug 2018 19:41:36 +0800
Subject: [PATCH] check-length
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
---
src/request.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/src/request.c b/src/request.c
index d25e1e7..fe541a5 100644
--- a/src/request.c
+++ b/src/request.c
@@ -8,9 +8,38 @@
#include "log.h"
#include "sock_addr.h"
+#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/statvfs.h>
+
+static size_t get_tempdirs_free_space(server *srv)
+{
+ int i;
+ int valid = 0;
+ size_t total = 0;
+ array *dirs = srv->srvconf.upload_tempdirs;
+
+ for (i = 0; i < (int)dirs->used; ++i) {
+ struct statvfs stat;
+ const char *name = ((data_string *)dirs->data[i])->value->ptr;
+ int ret = statvfs(name, &stat);
+
+ if (ret >= 0) {
+ size_t df = (size_t)(stat.f_bsize * stat.f_bfree);
+ total += df;
+ valid = 1;
+ }
+ else {
+ log_error_write(srv, __FILE__, __LINE__, "ssss",
+ "dir:", name,
+ "error:", strerror(errno));
+ }
+ }
+
+ return (valid) ? total : SSIZE_MAX;
+}
static int request_check_hostname(buffer *host) {
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
@@ -901,6 +930,22 @@ int http_request_parse(server *srv, connection *con, buffer *hdrs) {
if (!state.con_length_set) {
return http_request_header_line_invalid(srv, 411, "POST-request, but content-length missing -> 411");
}
+ /* content-length is larger than 64k */
+ if (con->request.content_length > 64*1024) {
+ size_t disk_free = get_tempdirs_free_space(srv);
+ if (con->request.content_length > disk_free) {
+ con->http_status = 413;
+ con->keep_alive = 0;
+
+ log_error_write(srv, __FILE__, __LINE__, "ssosos",
+ "not enough free space in tempdirs:",
+ "length =", (off_t) con->request.content_length,
+ "free =", (off_t) disk_free,
+ "-> 413");
+ return 0;
+ }
+ }
+
break;
default:
break;
--
2.21.0

288
base/lighttpd/centos/patches/lighttpd-tpm-support.patch
View File

@ -1,288 +0,0 @@
From c58d174a1d2872272bfa9d83c642591f04effcb1 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Wed, 29 Mar 2017 21:56:41 -0400
Subject: [PATCH] lighttpd tpm support
---
src/base.h | 24 ++++++++++
src/configfile.c | 4 ++
src/mod_openssl.c | 116 +++++++++++++++++++++++++++++++++++++---------
src/server.c | 17 ++++++-
4 files changed, 139 insertions(+), 22 deletions(-)
diff --git a/src/base.h b/src/base.h
index f21973b..f7b5777 100644
--- a/src/base.h
+++ b/src/base.h
@@ -15,6 +15,21 @@
#include "sock_addr.h"
#include "etag.h"
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+# define USE_OPENSSL
+# include <openssl/opensslconf.h>
+# ifndef USE_OPENSSL_KERBEROS
+# ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+# endif
+# endif
+# include <openssl/ssl.h>
+# include <openssl/engine.h>
+# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define OPENSSL_NO_TLSEXT
+# endif
+#endif
+
struct fdevents; /* declaration */
struct stat_cache; /* declaration */
@@ -342,6 +357,14 @@ typedef struct {
unsigned short high_precision_timestamps;
time_t loadts;
double loadavg[3];
+#ifdef USE_OPENSSL
+ // TPM engine and object configuration
+ buffer *tpm_object;
+ buffer *tpm_engine;
+ ENGINE *tpm_engine_ref;
+ EVP_PKEY *tpm_key;
+#endif
+
buffer *syslog_facility;
unsigned short compat_module_load;
@@ -380,6 +403,7 @@ struct server {
int con_written;
int con_closed;
+ int tpm_is_init; // has TPM been initialized already
int max_fds; /* max possible fds */
int max_fds_lowat;/* low watermark */
int max_fds_hiwat;/* high watermark */
diff --git a/src/configfile.c b/src/configfile.c
index b870b59..5b91b35 100644
--- a/src/configfile.c
+++ b/src/configfile.c
@@ -282,6 +282,8 @@ static int config_insert(server *srv) {
{ "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */
{ "server.http-parseopts", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_SERVER }, /* 82 */
{ "server.systemd-socket-activation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 83 */
+ { "server.tpm-object", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 84 */
+ { "server.tpm-engine", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 85 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@@ -327,6 +329,8 @@ static int config_insert(server *srv) {
http_parseopts = array_init();
cv[82].destination = http_parseopts;
cv[83].destination = &(srv->srvconf.systemd_socket_activation);
+ cv[84].destination = srv->srvconf.tpm_object;
+ cv[85].destination = srv->srvconf.tpm_engine;
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index f9a4fe8..e38605c 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -488,6 +488,29 @@ error:
return NULL;
}
+static EVP_PKEY*
+evp_pkey_load_tpm_object_file(server *srv) {
+ if (!srv->tpm_is_init || !srv->srvconf.tpm_engine_ref)
+ return NULL;
+
+ if (srv->srvconf.tpm_key) {
+ // if a TPM key was previously loaded
+ // then return that as there is no need to
+ // reload this key into TPM
+ return srv->srvconf.tpm_key;
+ }
+
+ EVP_PKEY *pkey = ENGINE_load_private_key(srv->srvconf.tpm_engine_ref,
+ srv->srvconf.tpm_object->ptr,
+ NULL, NULL);
+ if (!pkey) {
+ log_error_write(srv, __FILE__, __LINE__, "SSS", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ return NULL;
+ }
+ srv->srvconf.tpm_key = pkey;
+ return pkey;
+}
static EVP_PKEY *
evp_pkey_load_pem_file (server *srv, const char *file)
@@ -542,17 +565,24 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
if (NULL == s->ssl_pemfile_x509) return -1;
- s->ssl_pemfile_pkey = !buffer_string_is_empty(s->ssl_privkey)
- ? evp_pkey_load_pem_file(srv, s->ssl_privkey->ptr)
- : evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr);
- if (NULL == s->ssl_pemfile_pkey) return -1;
-
- if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
- log_error_write(srv, __FILE__, __LINE__, "sssbb", "SSL:",
- "Private key does not match the certificate public key,"
- " reason:", ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile, s->ssl_privkey);
- return -1;
+ // If TPM mode is enabled thenload the TPM key, otherwise load
+ // the regular SSL private key.
+ if (srv->tpm_is_init) {
+ s->ssl_pemfile_pkey = evp_pkey_load_tpm_object_file(srv);
+ if (NULL == s->ssl_pemfile_pkey) return -1;
+ } else {
+ s->ssl_pemfile_pkey = !buffer_string_is_empty(s->ssl_privkey)
+ ? evp_pkey_load_pem_file(srv, s->ssl_privkey->ptr)
+ : evp_pkey_load_pem_file(srv, s->ssl_pemfile->ptr);
+ if (NULL == s->ssl_pemfile_pkey) return -1;
+
+ if (!X509_check_private_key(s->ssl_pemfile_x509, s->ssl_pemfile_pkey)) {
+ log_error_write(srv, __FILE__, __LINE__, "sssbb", "SSL:",
+ "Private key does not match the certificate public key,"
+ " reason:", ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile, s->ssl_privkey);
+ return -1;
+ }
}
return 0;
@@ -878,6 +908,43 @@ network_init_ssl (server *srv, void *p_d)
force_assert(NULL != local_send_buffer);
}
+ /* NOTE (knasim-wrs): US93721: TPM support
+ * if TPM mode is configured, and we have not previously
+ * initialized the engine then do so now
+ */
+ if (!buffer_string_is_empty(srv->srvconf.tpm_object) &&
+ (!srv->tpm_is_init)) {
+ if (!buffer_string_is_empty(srv->srvconf.tpm_engine)) {
+ // load the dynamic TPM engine
+ ENGINE_load_dynamic();
+ ENGINE *engine = ENGINE_by_id("dynamic");
+ if (!engine) {
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "Unable to load the dynamic engine "
+ "(needed for loading custom TPM engine)");
+ return -1;
+ }
+
+ ENGINE_ctrl_cmd_string(engine, "SO_PATH",
+ srv->srvconf.tpm_engine->ptr, 0);
+ ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0);
+ if (ENGINE_init(engine) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_finish(engine);
+ return -1;
+ }
+ srv->tpm_is_init = 1;
+ // stow away for ENGINE cleanup
+ srv->srvconf.tpm_engine_ref = engine;
+ }
+ else { // no TPM engine found
+ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ "TPM engine option not set when TPM mode expected");
+ return -1;
+ }
+ }
+
if (!buffer_string_is_empty(s->ssl_pemfile)) {
#ifdef OPENSSL_NO_TLSEXT
data_config *dc = (data_config *)srv->config_context->data[i];
@@ -1147,28 +1214,35 @@ network_init_ssl (server *srv, void *p_d)
}
}
- if (1 != SSL_CTX_use_certificate_chain_file(s->ssl_ctx,
- s->ssl_pemfile->ptr)) {
+ if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile);
return -1;
}
- if (1 != SSL_CTX_use_PrivateKey(s->ssl_ctx, s->ssl_pemfile_pkey)) {
+ if (1 != SSL_CTX_use_certificate(s->ssl_ctx, s->ssl_pemfile_x509)) {
log_error_write(srv, __FILE__, __LINE__, "ssbb", "SSL:",
ERR_error_string(ERR_get_error(), NULL),
s->ssl_pemfile, s->ssl_privkey);
return -1;
}
- if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
- log_error_write(srv, __FILE__, __LINE__, "sssbb", "SSL:",
- "Private key does not match the certificate public "
- "key, reason:",
- ERR_error_string(ERR_get_error(), NULL),
- s->ssl_pemfile, s->ssl_privkey);
- return -1;
+ /*
+ * Only check private key against loaded
+ * certificate, in non TPM mode, since
+ * if this is a TPM key then it is wrapped
+ * and will not match the public key.
+ */
+ if (!srv->tpm_is_init) {
+ if (SSL_CTX_check_private_key(s->ssl_ctx) != 1) {
+ log_error_write(srv, __FILE__, __LINE__, "sssbb", "SSL:",
+ "Private key does not match the certificate public "
+ "key, reason:",
+ ERR_error_string(ERR_get_error(), NULL),
+ s->ssl_pemfile, s->ssl_privkey);
+ return -1;
+ }
}
SSL_CTX_set_default_read_ahead(s->ssl_ctx, s->ssl_read_ahead);
SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx)
diff --git a/src/server.c b/src/server.c
index b7086b0..b90ce61 100644
--- a/src/server.c
+++ b/src/server.c
@@ -248,6 +248,11 @@ static server *server_init(void) {
CLEAN(srvconf.pid_file);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -344,6 +349,14 @@ static void server_free(server *srv) {
CLEAN(srvconf.xattr_name);
CLEAN(srvconf.syslog_facility);
+#ifdef USE_OPENSSL
+ CLEAN(srvconf.tpm_object);
+ CLEAN(srvconf.tpm_engine);
+ // don't free the tpm_key as that will be freed
+ // below as ssl_pemfile_pkey
+ ENGINE_finish(srv->srvconf.tpm_engine_ref);
+#endif
+
CLEAN(tmp_chunk_len);
#undef CLEAN
@@ -784,7 +797,9 @@ static int log_error_open(server *srv) {
if (-1 == (errfd = fdevent_open_devnull())) {
log_error_write(srv, __FILE__, __LINE__, "ss",
"opening /dev/null failed:", strerror(errno));
- return -1;
+ /* In version 1.4.45 it will also failed here but not check return value of openDevNull(STDERR_FILENO)
+ need further check with upstream to see if there is a potential bug */
+ //return -1;
}
}
else {
--
2.21.0

1
base/lighttpd/centos/srpm_path
View File

@ -1 +0,0 @@
mirror:Source/lighttpd-1.4.54-1.el7.src.rpm

1
base/linuxptp/centos/build_srpm.data
View File

@ -1 +0,0 @@
TIS_PATCH_VER=PKG_GITREVCOUNT

Some files were not shown because too many files have changed in this diff Show More