Sync from SUSE:SLFO:Main csync2 revision 729a63ec10ef92f50150e99e503d57cc
This commit is contained in:
commit
c05bea26ee
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
16
_service
Normal file
16
_service
Normal file
@ -0,0 +1,16 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="url">https://github.com/LINBIT/csync2.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">2.0+git.%ct.%h</param>
|
||||
<param name="revision">master</param>
|
||||
</service>
|
||||
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="file">csync2*.tar</param>
|
||||
<param name="compression">bz2</param>
|
||||
</service>
|
||||
|
||||
<service name="set_version" mode="disabled"/>
|
||||
</services>
|
BIN
csync2-2.0+git.1600444747.83b3644.tar.bz2
(Stored with Git LFS)
Normal file
BIN
csync2-2.0+git.1600444747.83b3644.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
61
csync2-README.quickstart
Normal file
61
csync2-README.quickstart
Normal file
@ -0,0 +1,61 @@
|
||||
Getting started with csync2 :
|
||||
|
||||
There's no need to define the port for csync2 in /etc/services, although the
|
||||
manual says so. Port 30865/tcp is defined in /etc/xinetd.d/csync2. All commands
|
||||
detailed here need to be executed as root, so be extra careful.
|
||||
|
||||
The config file for csync2 is /etc/csync2/csync2.cfg. Here is an example :
|
||||
|
||||
mygroup {
|
||||
host host1;
|
||||
host host2;
|
||||
key /etc/csync2/mygroup.key;
|
||||
include /etc/csync2/csync2.cfg;
|
||||
include /etc/testfile;
|
||||
}
|
||||
|
||||
This will sync the csync2 configuration and /etc/testfile between host1 and
|
||||
host2. Create the file on host1. Note that hostnames need to be the FQDN
|
||||
returned by "hostname".
|
||||
|
||||
Generate the pre-shared key used for authentication :
|
||||
csync2 -k /etc/csync2/mygroup.key
|
||||
|
||||
Copy the configuration file and the pre-shared key to host2:
|
||||
scp /etc/csync2/csync2.cfg /etc/csync2/mygroup.key host2:/etc/csync2/
|
||||
|
||||
The SSL key and certificate are generated upon package installation, but you
|
||||
can replace them with your own if you like. The files are :
|
||||
/etc/csync2/csync2_ssl_key.pem
|
||||
/etc/csync2/csync2_ssl_cert.pem
|
||||
|
||||
Note that the common name (CN) in each node's SSL certificate must be the
|
||||
same, or the SSL connection will fail. If you ever replace a node, and its
|
||||
SSL key changes, existing nodes will still have a cached copy of the old key,
|
||||
and the connection will fail. To remove the old key from an existing node's
|
||||
cache, run the following command on each existing node:
|
||||
csync2-rm-ssl-cert <replaced-hostname>
|
||||
|
||||
The csync2 service is disabled by default. To start it on both your hosts
|
||||
using systemd (preferred):
|
||||
systemctl enable csync2.socket
|
||||
systemctl start csync2.socket
|
||||
|
||||
If you would prefer to do it the old way with xinetd, run:
|
||||
chkconfig csync2 on
|
||||
chkconfig --level 345 xinetd on
|
||||
service xinetd restart
|
||||
|
||||
If you are running iptables, you need to open tcp port 30865 on both hosts so
|
||||
that the other host can connect.
|
||||
|
||||
Now you should be able to run and initial verbose sync on both hosts :
|
||||
csync2 -xv
|
||||
|
||||
Once everything looks good, you can add a file with the following line as
|
||||
/etc/cron.d/csync2 or add it to /etc/crontab :
|
||||
|
||||
*/5 * * * * root csync2 -x
|
||||
|
||||
Happy syncing!
|
||||
|
45
csync2-rm-ssl-cert
Normal file
45
csync2-rm-ssl-cert
Normal file
@ -0,0 +1,45 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -eq 0 -o "$1" = "-h" ]; then
|
||||
cat <<END
|
||||
|
||||
Remove a peer's SSL certificate from csync2's local database. Use this after
|
||||
replacing a peer node (or regenerating its SSL certificate).
|
||||
|
||||
Usage: $0 [-h] <hostname>
|
||||
|
||||
Options:
|
||||
-h Display this usage information
|
||||
|
||||
END
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DBFILE=/var/lib/csync2/$(hostname).db3
|
||||
if [ ! -f "$DBFILE" ]; then
|
||||
echo "Local csync2 database ($DBFILE) not found."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Strip double and single quotes from hostname so they can't interfere with the SQL
|
||||
PEERNAME=$(echo $1 | sed -e "s/['\"]//g")
|
||||
|
||||
certcount()
|
||||
{
|
||||
echo "SELECT COUNT(peername) FROM x509_cert WHERE peername='$1';" | sqlite3 $DBFILE
|
||||
}
|
||||
|
||||
if [ $(certcount "$PEERNAME") -eq 0 ]; then
|
||||
echo "Certificate for '$PEERNAME' not in local database."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "DELETE FROM x509_cert WHERE peername='$PEERNAME';" | sqlite3 $DBFILE
|
||||
|
||||
if [ $(certcount "$PEERNAME") -ne 0 ]; then
|
||||
echo "Error removing certificate for '$PEERNAME' from local database."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Certificate for '$PEERNAME' removed from local database."
|
||||
|
190
csync2.changes
Normal file
190
csync2.changes
Normal file
@ -0,0 +1,190 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 7 19:21:54 UTC 2021 - Peter Varkoly <varkoly@suse.com>
|
||||
|
||||
- Update to 2.0+git.1600444747.83b3644:
|
||||
* VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
|
||||
(bsc#1147137)
|
||||
* VUL-1: CVE-2019-15523: csync2: incorrect TLS handshake error handling
|
||||
(bsc#1147139
|
||||
* use standard %lld instead of non-standard %Ld format specifier
|
||||
* try to avoid (temporary) -rw------- root:root files on receiving side
|
||||
* fix diff mode truncation to first 512 byte
|
||||
* disable xinetd template by default as preparation for systemd socket unit
|
||||
* add systemd csync2.socket and csync2@.service templates
|
||||
* escape peername in SQL statements
|
||||
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
|
||||
Adapt suggested changes in %post section.
|
||||
Do not hide output on standard error during generating the keys.
|
||||
- Remove patches contained by update:
|
||||
* 0003-Set-AC_PROG_CPP-in-configure.ac.patch
|
||||
* 0002-Patch-sonames.patch
|
||||
* 0001-Add-COPYING-as-docfile.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>
|
||||
|
||||
- Update to 2.0+git.1542296533.b974921:
|
||||
* Convert documentation to asciidoc
|
||||
* Add error handling for out-of-memory while parsing config file
|
||||
* create_key: use all random bits; add some error handling
|
||||
|
||||
- Update patches
|
||||
* Add 0001-Add-COPYING-as-docfile.patch
|
||||
* Add 0002-Patch-sonames.patch
|
||||
* Add 0003-Set-AC_PROG_CPP-in-configure.ac.patch
|
||||
* Remove add-COPYING.patch
|
||||
* Remove add-ac_prog_cpp.patch
|
||||
* Remove fix-sonames.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>
|
||||
|
||||
- Update patches
|
||||
* Add 0001-Add-COPYING-as-docfile.patch
|
||||
* Add 0002-Patch-sonames.patch
|
||||
* Add 0003-Set-AC_PROG_CPP-in-configure.ac.patch
|
||||
* Remove add-COPYING.patch
|
||||
* Remove add-ac_prog_cpp.patch
|
||||
* Remove fix-sonames.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 15 14:20:12 UTC 2018 - kgronlund@suse.com
|
||||
|
||||
- comparison of peer names provided via command line should not be case sensitive (bsc#1082576)
|
||||
- fix for inetd stderr >& stdout
|
||||
- fix log message when generating backup files, demote log level
|
||||
- document -l and -N switches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 14 14:10:16 UTC 2018 - kgronlund@suse.com
|
||||
|
||||
- Avoid systemd service removal errors when uninstalling (bsc#1093165)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 19 13:46:24 UTC 2017 - tchvatal@suse.com
|
||||
|
||||
- Remove systemd dep in favor of systemd-rpm-macros
|
||||
- Format a bit with spec-cleaner
|
||||
- Add proper dependency over openssl
|
||||
- Remove all the tex deps as we now reduce from 300 to 160 buildrequires
|
||||
- Remove xinetd service and use only socket activation to keep
|
||||
only one tool for the job
|
||||
* Also remove patch csync2-fix-xinetd.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 13 11:24:17 UTC 2017 - olaf@aepfle.de
|
||||
|
||||
- Requires(post) hostname|openssl
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 6 21:13:01 UTC 2016 - jengelh@inai.de
|
||||
|
||||
- Avoid runtime dependency on systemd, the macros can all deal with
|
||||
its absence.
|
||||
- Ensure csync@.service template instances are disabled on package
|
||||
removal.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 27 09:49:11 UTC 2016 - kgronlund@suse.com
|
||||
|
||||
- Update to csync2-2.0-6-g10636a4:
|
||||
- Document the -N flag to bind csync2 to a specific ip address.
|
||||
- fix diff mode truncation to first 512 byte
|
||||
- fix diff mode prefix substitution
|
||||
|
||||
- Drop merged patches:
|
||||
- Remove csync2-librsync-1.0.0.patch
|
||||
- Remove fix-csync2_ssl_cert-filename.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 26 11:25:01 UTC 2015 - dimstar@opensuse.org
|
||||
|
||||
- Add csync2-librsync-1.0.0.patch: Fix build with librsync 1.0.0.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 26 09:07:40 UTC 2013 - tserong@suse.com
|
||||
|
||||
- Ensure COPYING file is included in package
|
||||
+ Added add-COPYING.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 11 05:12:22 UTC 2013 - tserong@suse.com
|
||||
|
||||
- Update to upstream version 2.0-rc2. Changes since 1.34 too numerous
|
||||
to list, but include:
|
||||
+ Database abstraction layer (default build uses sqlite3)
|
||||
+ IPv6 support
|
||||
+ Native GnuTLS support
|
||||
+ tempdir and lock-timeout config options
|
||||
+ do-local-only config option for actions
|
||||
- Reworked patches and extra source being carried in openSUSE:
|
||||
+ Added csync2.socket and csync2@.service for use via systemd
|
||||
+ Added add-ac_prog_cpp.patch
|
||||
+ Added fix-csync2_ssl_cert-filename.patch
|
||||
+ Added fix-sonames.patch
|
||||
+ Updated csync2-fix-xinetd.patch
|
||||
+ Updated README.quickstart
|
||||
+ Removed fix-missing-sentinels.diff (upstream)
|
||||
+ Removed csync2-1.34-pure-gnutls-r2.patch (obsolete)
|
||||
+ Removed force-debug-stderr-off-inetd.patch (obsolete)
|
||||
+ Removed bind-to-local-hostname.patch (obsolete)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 10 12:56:38 UTC 2013 - tserong@suse.com
|
||||
|
||||
- Try to bind to "local" IP explicitly to avoid "identification failed"
|
||||
errors with multiple IPs on same subnet (bnc#757327)
|
||||
+ Added bind-to-local-hostname.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 28 06:00:00 UTC 2013 - coolo@suse.com
|
||||
|
||||
- update license to new format
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 4 08:56:27 UTC 2012 - tserong@suse.com
|
||||
|
||||
- Drop requirement on libgnutls-extra-devel (unnecessary on openSUSE)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 19 12:51:03 UTC 2012 - tserong@suse.com
|
||||
|
||||
- Force debug output off completely when running under xinetd (fixes
|
||||
protocol breakage when target directories don't exist; bnc#752563)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 20 19:10:40 UTC 2012 - coolo@suse.com
|
||||
|
||||
- factory has librsync split into devel package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 26 09:19:16 UTC 2011 - tserong@suse.com
|
||||
|
||||
- Remove explicit lib dependencies from spec file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 20 12:41:40 UTC 2011 - tserong@suse.com
|
||||
|
||||
- Add csync2-rm-ssl-cert helper script (bnc#709811)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Sep 18 00:06:31 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Remove redundant tags/sections from specfile
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 8 00:59:40 UTC 2010 - tserong@novell.com
|
||||
|
||||
- Fix build against gnutls 2.8 in factory (integrated patch from
|
||||
http://bugs.gentoo.org/show_bug.cgi?id=274213)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 14 16:57:21 CET 2009 - ro@suse.de
|
||||
|
||||
- fix build against current openssl
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 4 09:58:35 UTC 2009 - jshi@novell.com
|
||||
|
||||
- Init import of csync2 for DRBD configuration file sync (fate#307419)
|
||||
|
124
csync2.spec
Normal file
124
csync2.spec
Normal file
@ -0,0 +1,124 @@
|
||||
#
|
||||
# spec file for package csync2
|
||||
#
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: csync2
|
||||
Version: 2.0+git.1600444747.83b3644
|
||||
Release: 0
|
||||
Summary: Cluster synchronization tool
|
||||
License: GPL-2.0-or-later
|
||||
Group: Productivity/Clustering/HA
|
||||
URL: http://oss.linbit.com/csync2/
|
||||
#Source0: http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz
|
||||
Source0: %{name}-%{version}.tar.bz2
|
||||
Source1: csync2-README.quickstart
|
||||
Source2: csync2-rm-ssl-cert
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: bison
|
||||
BuildRequires: flex
|
||||
BuildRequires: libgnutls-devel
|
||||
BuildRequires: librsync-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: sqlite3-devel
|
||||
BuildRequires: systemd-rpm-macros
|
||||
Requires: sqlite3
|
||||
Requires(post): openssl
|
||||
%if 0%{?suse_version} > 1320
|
||||
# Conflicts with net-tools in Leap
|
||||
Requires(post): hostname
|
||||
%endif
|
||||
|
||||
%description
|
||||
Csync2 is a cluster synchronization tool. It can be used to keep files on
|
||||
multiple hosts in a cluster in sync. Csync2 can handle complex setups with
|
||||
much more than just 2 hosts, handle file deletions and can detect conflicts.
|
||||
It is expedient for HA-clusters, HPC-clusters, COWs and server farms.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
%build
|
||||
autoreconf -fvi
|
||||
%configure \
|
||||
--enable-sqlite3 \
|
||||
--enable-systemd \
|
||||
--sysconfdir=%{_sysconfdir}/csync2 \
|
||||
--docdir=%{_docdir}/%{name}
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install
|
||||
mkdir -p %{buildroot}%{_localstatedir}/lib/csync2
|
||||
install -p -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/README.quickstart
|
||||
install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
# We need these empty files to be able to %%ghost them
|
||||
touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem
|
||||
touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
|
||||
|
||||
%pre
|
||||
%service_add_pre csync2.socket csync2@.service
|
||||
|
||||
%post
|
||||
%service_add_post csync2.socket csync2@.service
|
||||
umask 077
|
||||
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then
|
||||
%{_bindir}/openssl ecparam -genkey -name secp384r1 -out %{_sysconfdir}/csync2/csync2_ssl_key.pem
|
||||
fi
|
||||
FQDN=`hostname`
|
||||
if [ "x${FQDN}" = "x" ]; then
|
||||
FQDN=localhost.localdomain
|
||||
fi
|
||||
if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then
|
||||
cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -x509 -days 3000 -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
|
||||
--
|
||||
SomeState
|
||||
SomeCity
|
||||
SomeOrganization
|
||||
SomeOrganization
|
||||
SomeName
|
||||
name@example.com
|
||||
EOF
|
||||
fi
|
||||
|
||||
%preun
|
||||
%service_del_preun csync2.socket csync2@.service
|
||||
# Cleanup all databases upon last removal
|
||||
if [ $1 -eq 0 ]; then
|
||||
rm -f %{_localstatedir}/lib/csync2/*
|
||||
fi
|
||||
|
||||
%postun
|
||||
%service_del_postun csync2.socket csync2@.service
|
||||
|
||||
%files
|
||||
%{_sbindir}/csync2
|
||||
%{_sbindir}/csync2-compare
|
||||
%{_unitdir}/csync2.socket
|
||||
%{_unitdir}/csync2@.service
|
||||
%dir %{_localstatedir}/lib/csync2/
|
||||
# Using docdir here ensures correct doc file tagging
|
||||
%{_docdir}/%{name}
|
||||
%dir %{_sysconfdir}/csync2/
|
||||
%config(noreplace) %{_sysconfdir}/csync2/csync2.cfg
|
||||
%ghost %config %{_sysconfdir}/csync2/csync2_ssl_key.pem
|
||||
%ghost %config %{_sysconfdir}/csync2/csync2_ssl_cert.pem
|
||||
%{_sbindir}/csync2-rm-ssl-cert
|
||||
%{_mandir}/man1/csync2.1*
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user