Sync from SUSE:SLFO:Main keepalived revision f692db42d8dd3c08f82855d979a82302

This commit is contained in:
Adrian Schröter 2024-05-03 14:10:36 +02:00
commit 2448a585d9
7 changed files with 2230 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

View File

@ -0,0 +1,24 @@
Index: keepalived-2.2.2/keepalived/keepalived.service.in
===================================================================
--- keepalived-2.2.2.orig/keepalived/keepalived.service.in
+++ keepalived-2.2.2/keepalived/keepalived.service.in
@@ -8,6 +8,19 @@ After=network-online.target syslog.targe
Documentation=https://keepalived.org
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=@SYSTEMD_SERVICE_TYPE@
PIDFile=@RUN_DIR@/run/keepalived.pid
KillMode=process

71
keepalive-init.patch Normal file
View File

@ -0,0 +1,71 @@
Index: keepalived-2.0.7/keepalived/etc/init.d/keepalived.suse.init.in
===================================================================
--- keepalived-2.0.7.orig/keepalived/etc/init.d/keepalived.suse.init.in
+++ keepalived-2.0.7/keepalived/etc/init.d/keepalived.suse.init.in
@@ -1,23 +1,24 @@
#! /bin/sh
### BEGIN INIT INFO
-# Provides: keepalived
+# Provides: keepalived
# Required-Start: $remote_fs $syslog
-# Required-Stop : $remote_fs $syslog
-# Default-Start : 3 5
-# Default-Stop : 0 1 2 6
-# Description : Start keepalived to allow XY and provide YZ
-# continued on second line by '#<TAB>'
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: Start keepalived to manage IPVS & LVS
+# Description: Start keepalived to manage IPVS & LVS
### END INIT INFO
-DAEMON="Keepalived daemon"
-DAEMON_BIN="@sbindir@/keepalived"
-DAEMON_CONF="@sysconfdir@/keepalived/keepalived.conf"
-DAEMON_PIDFILE="@localstatedir@/run/keepalived.pid"
-DAEMON_OPT="-d"
+DAEMON='Keepalived daemon'
+DAEMON_BIN='@sbindir@/keepalived'
+DAEMON_CONF='@sysconfdir@/keepalived/keepalived.conf'
+DAEMON_PIDFILE='@localstatedir@/run/keepalived.pid'
+DAEMON_SYSCONF='/etc/sysconfig/keepalived'
+DAEMON_OPT='-d'
#DAEMON_USER="root"
-SUPPORTS_HUP="yes"
+SUPPORTS_HUP='yes'
# PidFile @localstatedir@/run/keepalived.pid
# DatabaseOwner root
@@ -25,6 +26,18 @@ pid_par=${DAEMON_PIDFILE:+"-p $DAEMON_PI
usr_par=${DAEMON_USER:+"-u $DAEMON_USER"}
test -x $DAEMON_BIN || exit 5
+test -x $DAEMON_BIN || { echo "$DAEMON_BIN not installed or executable";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 5; fi; }
+
+test -r $DAEMON_CONF || { echo "$DAEMON_CONF not existing or readable";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 6; fi; }
+
+# read sysconfig variables that might overwrite the daemon options
+if [ -r "$DAEMON_SYSCONF" ]; then
+ . "$DAEMON_SYSCONF"
+fi
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
@@ -72,8 +85,8 @@ case "$1" in
0) echo -n "- Warning: daemon already running. " ;;
1) echo -n "- Warning: ${DAEMON_PIDFILE} exists. " ;;
esac
-# echo "startproc $usr_par $pid_par ${DAEMON_BIN} ${DAEMON_OPT}"
- startproc $usr_par $pid_par ${DAEMON_BIN} ${DAEMON_OPT}
+# echo "startproc $usr_par $pid_par ${DAEMON_BIN} ${DAEMON_OPT} ${KEEPALIVED_OPTIONS}"
+ startproc $usr_par $pid_par ${DAEMON_BIN} ${DAEMON_OPT} ${KEEPALIVED_OPTIONS}
rc_status -v
;;
stop)

2
keepalive-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
# Those PEM files are only examples:
addFilter("pem-certificate /usr/share/doc/packages/keepalived/samples/.*.pem")

BIN
keepalived-2.2.8.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

1871
keepalived.changes Normal file

File diff suppressed because it is too large Load Diff

236
keepalived.spec Normal file
View File

@ -0,0 +1,236 @@
#
# spec file for package keepalived
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
%if 0%{?suse_version} > 1500
%bcond_without dbus
%bcond_without keepalived_nftables
%else
%bcond_with dbus
%bcond_with keepalived_nftables
%endif
%if 0%{?suse_version} >= 1500
%bcond_without keepalived_regex
%else
%bcond_with keepalived_regex
%endif
%bcond_without json
%bcond_without systemd
Name: keepalived
Version: 2.2.8
Release: 0
Summary: A keepalive facility for Linux
License: GPL-2.0-or-later
Group: Productivity/Networking/Routing
URL: https://www.keepalived.org/
Source: https://www.keepalived.org/software/%{name}-%{version}.tar.gz
Source2: keepalive-rpmlintrc
Patch0: keepalive-init.patch
Patch1: harden_keepalived.service.patch
BuildRequires: file-devel
BuildRequires: net-snmp-devel
BuildRequires: pkgconfig
BuildRequires: snmp-mibs
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(gio-2.0)
BuildRequires: pkgconfig(openssl)
%if %{with json}
BuildRequires: pkgconfig(json-c)
%endif
BuildRequires: pkgconfig(libipset)
BuildRequires: pkgconfig(libiptc)
BuildRequires: pkgconfig(libnl-3.0)
%if %{with keepalived_regex}
BuildRequires: pkgconfig(libpcre2-8)
%endif
BuildRequires: pkgconfig(libnfnetlink)
%if %{with keepalived_nftables}
BuildRequires: pkgconfig(libnftables)
BuildRequires: pkgconfig(libnftnl)
%endif
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(xtables)
Requires(pre): pwdutils
Requires(pre): %fillup_prereq
%if %{with systemd}
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd)
%{?systemd_ordering}
%else
Requires(pre): %insserv_prereq
%endif
%description
This project provides facilities for load balancing and high-availability to
Linux system and Linux-based infrastructures. The load-balancing framework
relies on the Linux Virtual Server (IPVS) kernel module providing Layer4 load
balancing. Keepalived implements a set of checkers to dynamically and
adaptively maintain and manage loadbalanced server pool according their health.
High-availability is achieved by the VRRP protocol, a fundamental brick for
router failover. In addition, Keepalived implements a set of hooks to the VRRP
finite state machine, providing low-level and high-speed protocol interactions.
Keepalived frameworks can be used independently or all together to provide
resilient infrastructures.
%prep
%setup -q
%patch0 -p1
chmod 644 doc/samples/*
%patch1 -p1
%build
export STRIP=true
export CPPFLAGS="$(pkg-config --cflags libnfnetlink libiptc libipset xtables)"
export CFLAGS="%optflags -DOPENSSL_NO_SSL_INTERN"
# --enable-dbus-create-instance \
%configure \
--disable-silent-rules \
--docdir=%{_defaultdocdir}/%{name}/ \
--enable-bfd \
%if %{with json}
--enable-json \
%endif
--enable-snmp \
--enable-snmp-rfc \
%if %{with dbus}
--enable-dbus \
%endif
%if %{with keepalived_regex}
--enable-regex \
%endif
%if %{with keepalived_nftables}
--enable-nftables \
--disable-iptables \
%else
--enable-iptables \
--enable-libipset \
%endif
%if %{with systemd}
--enable-systemd \
--with-init=systemd \
--with-systemdsystemunitdir="%{_unitdir}" \
%else
--with-init=SUSE \
%endif
--enable-sha1 \
--enable-gnu-std-paths \
--enable-hardening \
--enable-log-file \
--enable-routes \
--disable-dynamic-linking \
--disable-libiptc-dynamic \
--disable-libipset-dynamic \
--disable-libnl-dynamic \
--enable-libnl \
--enable-json
make %{?_smp_mflags}
%install
%make_install
install -dD -m 0750 %{buildroot}%{_var}/lib/%{name}
install -D -m 0644 %{buildroot}/etc/sysconfig/keepalived %{buildroot}%{_fillupdir}/sysconfig.%{name}
%if %{with systemd}
ln -s /sbin/service %{buildroot}%{_sbindir}/rckeepalived
%else
install -D -m 0750 keepalived/etc/init.d/keepalived.suse.init %{buildroot}/etc/init.d/keepalived
ln -s /etc/init.d/keepalived %{buildroot}%{_sbindir}/rckeepalived
%endif
chmod -R o= %{buildroot}/etc/keepalived
rm -rv %{buildroot}/etc/keepalived/samples/ %{buildroot}/etc/sysconfig/keepalived
cp -rv \
AUTHOR ChangeLog CONTRIBUTORS README doc/samples/ doc/keepalived.conf.SYNOPSIS doc/NOTE_vrrp_vmac.txt \
%{buildroot}%{_defaultdocdir}/%{name}/
%check
# A build could silently have LVS support disabled if the kernel includes can't
# be properly found, we need to avoid that.
if ! grep -q "#define _WITH_LVS_ *1" lib/config.h; then
%{__echo} "ERROR: We do not want keepalived lacking LVS support." >&2
exit 1
fi
%pre
getent group %{name} >/dev/null || /usr/sbin/groupadd -r %{name}
getent passwd %{name} >/dev/null || \
/usr/sbin/useradd -g %{name} -s /bin/false -r -c "Keepalived" \
-d %{_var}/lib/%{name} %{name}
%if %{with systemd}
%service_add_pre %{name}.service
%endif
%preun
%if %{with systemd}
%service_del_preun %{name}.service
%else
%stop_on_removal %{name}
%endif
%post
%fillup_only %{name}
%if %{with systemd}
%service_add_post %{name}.service
%endif
%postun
%if %{with systemd}
%service_del_postun %{name}.service
%else
%insserv_cleanup
%restart_on_update %{name}
%endif
%files
%defattr(-,root,root)
%license COPYING
%doc %{_defaultdocdir}/%{name}/
%dir %{_sysconfdir}/keepalived
%dir %attr(-,keepalived,keepalived) %{_var}/lib/%{name}
%config(noreplace) %ghost %attr(0640,root,root) %{_sysconfdir}/keepalived/keepalived.conf
%config %attr(0640,root,root) %{_sysconfdir}/keepalived/keepalived.conf.sample
%{_fillupdir}/sysconfig.%{name}
%{_bindir}/genhash
%{_sbindir}/rckeepalived
%{_sbindir}/keepalived
%{_mandir}/man1/genhash.1*
%{_mandir}/man5/keepalived.conf.5*
%{_mandir}/man8/keepalived.8*
%{_datadir}/snmp/mibs/KEEPALIVED-MIB.txt
%{_datadir}/snmp/mibs/VRRP-MIB.txt
%{_datadir}/snmp/mibs/VRRPv3-MIB.txt
#
%if %{with dbus}
%config /etc/dbus-1/system.d/org.keepalived.Vrrp1.conf
%{_datadir}/dbus-1/interfaces/org.keepalived.Vrrp1.Instance.xml
%{_datadir}/dbus-1/interfaces/org.keepalived.Vrrp1.Vrrp.xml
%endif
#
%if %{with systemd}
%{_unitdir}/%name.service
%else
/etc/init.d/keepalived
%endif
%changelog