From dc78c5095c11f97513bf56a293e1718c3938d197d15d7ee9ac0ef93ee1134056 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 17 Mar 2015 13:41:48 +0000 Subject: [PATCH 1/4] - Format with spec-cleaner, this is just reordering, no factical change here OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=116 --- cfengine.changes | 6 ++ cfengine.spec | 185 ++++++++++++++++++++--------------------------- 2 files changed, 85 insertions(+), 106 deletions(-) diff --git a/cfengine.changes b/cfengine.changes index b8b4a45..93f3895 100644 --- a/cfengine.changes +++ b/cfengine.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 17 13:41:26 UTC 2015 - tchvatal@suse.com + +- Format with spec-cleaner, this is just reordering, no factical + change here + ------------------------------------------------------------------- Fri Mar 13 07:29:41 UTC 2015 - kkaempf@suse.com diff --git a/cfengine.spec b/cfengine.spec index 9da455b..5fb3df6 100644 --- a/cfengine.spec +++ b/cfengine.spec @@ -16,55 +16,36 @@ # +# set to 1 to enable adapter, leave 0 for minimal cfengine +%define with_mysql 0 +%define with_postgresql 0 +%define with_libvirt 0 +%define srcname core-%{version} +%define libname libpromises +%define libsoname %{libname}3 +# Yes, its not FHS conformant but in sync with cfengine documentation +# reported upstream as https://cfengine.com/dev/issues/1896 +%define basedir %{_localstatedir}/%{name} +%define workdir %{basedir} %if 0%{?suse_version} >= 1210 %define have_systemd 1 %else %define have_systemd 0 %endif - -# set to 1 to enable adapter, leave 0 for minimal cfengine -%define with_mysql 0 -%define with_postgresql 0 -%define with_libvirt 0 - Name: cfengine Version: 3.6.5 Release: 0 -%define srcname core-%{version} -%define libname libpromises -%define libsoname %{libname}3 - -# Yes, its not FHS conformant but in sync with cfengine documentation -# reported upstream as https://cfengine.com/dev/issues/1896 -%define basedir /var/%{name} -%define workdir %{basedir} # This is the place where workdir should be #define basedir /var/lib/%{name} #define workdir %{basedir}/work - Summary: CFEngine automates large-scale IT computing infrastructure License: GPL-3.0 Group: Productivity/Networking/System Url: http://www.cfengine.org/ Source: %{srcname}.tar.gz Source1: %{name}.SuSEfirewall2 - -# wtf? SLE_11 does not honor rpmlintrc -%if 0%{?suse_version} <= 1130 -BuildRequires: -post-build-checks -%endif -%if %have_systemd -Source7: cf-execd.service -Source8: cf-monitord.service -Source9: cf-serverd.service -%else -Source7: cf-monitord -Source8: cf-execd -Source9: cf-serverd -%endif Source10: %{name}.cron Source11: %{name}-rpmlintrc - # docs Source101: http://www.cfengine.org/manuals/cf3-Reference.pdf Source102: http://www.cfengine.org/manuals/cf3-conceptguide.pdf @@ -73,28 +54,41 @@ Source104: http://www.cfengine.org/manuals/cf3-quickstart.pdf Source105: http://www.cfengine.org/manuals/cf3-solutions.pdf Source106: http://www.cfengine.org/manuals/cf3-tutorial.pdf Source107: http://www.verticalsysadmin.com/cfengine/primer.pdf - # SLE 11 or RHEL5 autoconf does not support AM_SUBST_NOTMAKE, kkaempf@suse.de Patch2: remove-am_subst_notmake.patch - # PATCH-FIX-UPSTREAM add 'suse' class for consistency with other vendor classes # PATCH-FEATURE-UPSTREAM better /etc/SuSE-release parsing, upstream #5423 # kkaempf@suse.de Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch - # PATCH-FIX-SUSE # set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin # kkaempf@suse.de Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: db-devel BuildRequires: flex +BuildRequires: libacl-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: lmdb-devel +BuildRequires: openssl-devel BuildRequires: pam-devel +BuildRequires: pcre-devel +Requires: %{libsoname} = %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build +# wtf? SLE_11 does not honor rpmlintrc +%if 0%{?suse_version} <= 1130 +BuildRequires: -post-build-checks +%endif +%if %{have_systemd} +Source7: cf-execd.service +Source8: cf-monitord.service +Source9: cf-serverd.service +%else +Source7: cf-monitord +Source8: cf-execd +Source9: cf-serverd +%endif # # Disable mysql for SLE_11: # @@ -103,22 +97,18 @@ BuildRequires: pam-devel # library or disable MySQL connector. See # http://bugs.mysql.com/bug.php?id=65055 for details. # -%if %with_mysql +%if %{with_mysql} %if 0%{?suse_version} != 1110 && 0%{?rhel_version} == 0 BuildRequires: mysql-devel %endif %endif -BuildRequires: libacl-devel -%if %with_libvirt +%if %{with_libvirt} BuildRequires: libvirt-devel %endif -BuildRequires: openssl-devel -BuildRequires: pcre-devel -%if %with_postgresql +%if %{with_postgresql} BuildRequires: postgresql-devel %endif - -%if !%have_systemd +%if !%{have_systemd} # no systemd -> use cron %if 0%{?centos_version} || 0%{?rhel_version} Requires: vixie-cron @@ -126,17 +116,11 @@ Requires: vixie-cron Requires: cron %endif %endif - -%if %have_systemd +%if %{have_systemd} BuildRequires: systemd %{?systemd_requires} %endif - -%if 0%{?suse_version} > 01020 BuildRequires: fdupes -%endif - -Requires: %{libsoname} = %{version} %description CFEngine is the core of a configuration management system: ensuring @@ -153,9 +137,7 @@ Summary: Shared library of cfengine Group: System/Libraries Provides: %{libname}1 = %{version} Obsoletes: %{libname}1 < %{version} -%if 0%{?suse_version} == 1010 Requires: glibc -%endif %description -n %{libsoname} This package contains the shared libpromises (cfengine) library. @@ -163,14 +145,14 @@ This package contains the shared libpromises (cfengine) library. %package -n %{libname}-devel Summary: Development package for libpromises Group: Development/Libraries/C and C++ -Provides: %{name}-devel = %{version} -Obsoletes: %{name}-devel < %{version} Requires: %{libsoname} = %{version} Requires: glibc-devel +Provides: %{name}-devel = %{version} +Obsoletes: %{name}-devel < %{version} %description -n %{libname}-devel A high-speed character set detection library - + This package contains the files needed to compile programs that use the libpromises library. @@ -199,7 +181,7 @@ Lots of examples promises for CFEngine. %if 0%{?suse_version} > 0 && 0%{?suse_version} <= 1110 %patch2 -p1 %endif -%if 0%{?rhel_version} >= 500 && 0%{?rhel_version} < 600 +%if 0%{?rhel_version} >= 500 && 0%{?rhel_version} < 600 %patch2 -p1 %endif %patch5 -p1 @@ -212,22 +194,22 @@ Lots of examples promises for CFEngine. find ./examples -type f -name "*.cf" -exec perl -p -i -e 's|\r\n|\n|,s|^# Foundation.*|# Foundation, 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA|' {} \; ### install extra docs -%{__install} -d docs +install -d docs cp -a $RPM_SOURCE_DIR/*pdf docs/ %build autoreconf -fi -I m4 # /usr/include/sys for acl.h -CC=gcc CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ +CC=gcc CFLAGS="%{optflags} -fno-strict-aliasing" \ %configure \ --disable-static \ --enable-fhs \ --datadir=/var \ --with-workdir=%{workdir} \ -%if %with_postgresql +%if %{with_postgresql} --with-postgresql \ %endif -%if %with_mysql +%if %{with_mysql} %if 0%{?suse_version} != 1110 && 0%{?rhel_version} == 0 && 0%{?fedora_version} != 20 --with-mysql \ %endif @@ -238,78 +220,70 @@ CC=gcc CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ --with-pthreads \ --with-openssl \ --with-pcre \ -%if %with_libvirt +%if %{with_libvirt} --with-libvirt \ %endif --with-libacl \ --with-libxml2 \ -%if 0%{?suse_version} >= 1110 +%if 0%{?suse_version} >= 1110 --docdir=%{_docdir}/%{name} %else if 0%{?rhel_version} >= 600 --docdir=%{_docdir}/%{name}-%{version} %endif -# SLE 10 and RHEL5 don't recognize --docdir -%{__make} %{?_smp_mflags} - -# --datadir=/var/lib/%%{name}/inputs \ +make %{?_smp_mflags} %install - chmod -x ChangeLog - -%if 0%{?rhel_version} || 0%{?centos_version} || 0%{?fedora_version} -[ -d %{buildroot} ] && [ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot} -%endif -%{__make} "DESTDIR=%{buildroot}" install +make "DESTDIR=%{buildroot}" install %if 0%{?suse_version} >= 1110 || 0%{?rhel_version} >= 600 # will appear in cfengine-examples rm -rf %{buildroot}/%{_docdir}/%{name}/examples %endif -%{__install} -d %{buildroot}/{usr/sbin,%{workdir}/{bin,inputs,reports}} +install -d %{buildroot}/{usr/sbin,%{workdir}/{bin,inputs,reports}} # create dirs needed for better organizing dirs and files -%{__install} -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins} +install -d %{buildroot}/%{basedir}/{backup,failsafe,config,plugins} #%%{__install} -d %{buildroot}/%%{basedir}/config/{development,production} -%if %have_systemd +%if %{have_systemd} # systemd: install sample cron file in docdir %if 0%{?suse_version} -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_docdir}/%{name} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_docdir}/%{name} %else -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_docdir}/%{name}-%{version} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_docdir}/%{name}-%{version} %endif %else # no systemd -> use cron # install cron file -%{__install} -D -m0644 %{S:10} %{buildroot}/%{_sysconfdir}/cron.d/%{name} +install -D -m0644 %{SOURCE10} %{buildroot}/%{_sysconfdir}/cron.d/%{name} %endif -%if %have_systemd +%if %{have_systemd} # install systemd scripts -%{__install} -D -m 0644 %{S:7} %{buildroot}/%_unitdir/cf-execd.service -%{__install} -D -m 0644 %{S:8} %{buildroot}/%_unitdir/cf-monitord.service -%{__install} -D -m 0644 %{S:9} %{buildroot}/%_unitdir/cf-serverd.service +install -D -m 0644 %{SOURCE7} %{buildroot}/%{_unitdir}/cf-execd.service +install -D -m 0644 %{SOURCE8} %{buildroot}/%{_unitdir}/cf-monitord.service +install -D -m 0644 %{SOURCE9} %{buildroot}/%{_unitdir}/cf-serverd.service %else # install init scripts -%{__install} -d %{buildroot}/etc/init.d -%{__install} -m 0755 %{S:7} %{S:8} %{S:9} %{buildroot}/etc/init.d/ -%{__ln_s} -f ../../etc/init.d/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord -%{__ln_s} -f ../../etc/init.d/cf-execd %{buildroot}/%{_sbindir}/rccf-execd -%{__ln_s} -f ../../etc/init.d/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd +install -d %{buildroot}%{_sysconfdir}/init.d +install -m 0755 %{SOURCE7} %{SOURCE8} %{SOURCE9} %{buildroot}%{_initddir}/ +ln -s -f ../..%{_initddir}/cf-monitord %{buildroot}/%{_sbindir}/rccf-monitord +ln -s -f ../..%{_initddir}/cf-execd %{buildroot}/%{_sbindir}/rccf-execd +ln -s -f ../..%{_initddir}/cf-serverd %{buildroot}/%{_sbindir}/rccf-serverd # sed @workdir@ in initscripts/cron.d sed -i\ -e "s,@workdir@,%{workdir},g"\ -e "s,@basedir@,%{basedir},g" \ - %{buildroot}/etc/init.d/cf-* %{buildroot}/etc/cron.d/%{name} + %{buildroot}%{_initddir}/cf-* %{buildroot}%{_sysconfdir}/cron.d/%{name} %endif # create symlinks for sbin_PROGRAMS # because: cf-promises needs to be installed in /var/cfengine/work/bin for pre-validation of full configuration for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd cf-upgrade; do - %{__ln_s} -f ../../..%{_sbindir}/${i} %{buildroot}%{workdir}/bin/${i} + ln -s -f ../../..%{_sbindir}/${i} %{buildroot}%{workdir}/bin/${i} done rm -rf %{buildroot}/%{_libdir}/%{name}/libpromises.la @@ -319,7 +293,7 @@ rm -rf %{buildroot}/%{_datadir}/%{name}/ChangeLog rm -rf %{buildroot}/%{_datadir}/%{name}/README # create man pages, see https://cfengine.com/dev/issues/2989 -%{__install} -d %{buildroot}/%{_mandir}/man8 +install -d %{buildroot}/%{_mandir}/man8 for i in cf-agent cf-execd cf-key cf-monitord cf-promises cf-runagent cf-serverd do LD_LIBRARY_PATH=%{buildroot}%{_libdir}/%{name} %{buildroot}%{_sbindir}/$i -M > %{buildroot}%{_mandir}/man8/$i.8 @@ -327,15 +301,15 @@ do done %if 0%{?suse_version} > 1010 -install -D -m 644 %{S:1} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine +install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine %endif %if 0%{?suse_version} > 01020 -%fdupes %{buildroot}/usr/share/cfengine +%fdupes %{buildroot}%{_datadir}/cfengine %endif # systemd -%if %have_systemd +%if %{have_systemd} #################################################################### # Systemd @@ -375,13 +349,12 @@ fi %stop_on_removal cf-execd %stop_on_removal cf-serverd %else -/etc/init.d/cf-execd stop -/etc/init.d/cf-monitord stop -/etc/init.d/cf-serverd stop +%{_initddir}/cf-execd stop +%{_initddir}/cf-monitord stop +%{_initddir}/cf-serverd stop %endif -%post -/sbin/ldconfig +%post -p /sbin/ldconfig %postun %if 0%{?suse_version} > 1010 @@ -393,7 +366,7 @@ fi # Update ? if [ ${1:-0} -eq 1 ]; then for i in execd monitord serverd; do - /etc/init.d/cf-${i} restart + %{_initddir}/cf-${i} restart done else : @@ -419,12 +392,12 @@ fi %{_sbindir}/cf-upgrade %{_sbindir}/cf-runagent %{_sbindir}/rpmvercmp -%if %have_systemd -%_unitdir/cf-execd.service -%_unitdir/cf-monitord.service -%_unitdir/cf-serverd.service +%if %{have_systemd} +%{_unitdir}/cf-execd.service +%{_unitdir}/cf-monitord.service +%{_unitdir}/cf-serverd.service %else -%config %attr(0755,root,root) /etc/init.d/* +%config %attr(0755,root,root) %{_initddir}/* %{_sbindir}/rccf-execd %{_sbindir}/rccf-monitord %{_sbindir}/rccf-serverd @@ -439,8 +412,8 @@ fi %dir %{workdir} %{workdir}/* -%if !%have_systemd -%config(noreplace) /etc/cron.d/%{name} +%if !%{have_systemd} +%config(noreplace) %{_sysconfdir}/cron.d/%{name} %endif %files -n %{libsoname} From f620abe9c93510ab65e372be40cb4765465eec947f986385cd2399ec088f7973 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 17 Mar 2015 13:51:53 +0000 Subject: [PATCH 2/4] - Add patch to use proper SSL exponent bnc#922571 * cfengine-fips.patch OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=117 --- cfengine-fips.patch | 66 +++++++++++++++++++++++++++++++++++++++++++++ cfengine.changes | 6 +++++ cfengine.spec | 3 +++ 3 files changed, 75 insertions(+) create mode 100644 cfengine-fips.patch diff --git a/cfengine-fips.patch b/cfengine-fips.patch new file mode 100644 index 0000000..81b1b0f --- /dev/null +++ b/cfengine-fips.patch @@ -0,0 +1,66 @@ +Index: core-3.6.5/cf-key/cf-key-functions.c +=================================================================== +--- core-3.6.5.orig/cf-key/cf-key-functions.c ++++ core-3.6.5/cf-key/cf-key-functions.c +@@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_ + printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); + + #ifdef OPENSSL_NO_DEPRECATED +- BN_set_word(rsa_bignum, 35); ++ BN_set_word(rsa_bignum, RSA_F4); + + if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL)) + #else +- pair = RSA_generate_key(2048, 35, NULL, NULL); ++ pair = RSA_generate_key(2048, 65537, NULL, NULL); + + if (pair == NULL) + #endif +Index: core-3.6.5/tests/unit/hash_test.c +=================================================================== +--- core-3.6.5.orig/tests/unit/hash_test.c ++++ core-3.6.5/tests/unit/hash_test.c +@@ -52,7 +52,7 @@ void tests_setup() + initialized = 0; + return; + } +- BN_set_word(bn, 3); ++ BN_set_word(bn, RSA_F4); + RSA_generate_key_ex(rsa, 1024, bn, NULL); + BN_free(bn); + } +Index: core-3.6.5/tests/unit/key_test.c +=================================================================== +--- core-3.6.5.orig/tests/unit/key_test.c ++++ core-3.6.5/tests/unit/key_test.c +@@ -25,7 +25,7 @@ void test_setup() + initialized = 0; + return; + } +- BN_set_word(bn, 3); ++ BN_set_word(bn, RSA_F4); + RSA_generate_key_ex(rsa, 1024, bn, NULL); + BN_free(bn); + } +Index: core-3.6.5/tests/unit/tls_generic_test.c +=================================================================== +--- core-3.6.5.orig/tests/unit/tls_generic_test.c ++++ core-3.6.5/tests/unit/tls_generic_test.c +@@ -54,7 +54,7 @@ static bool init_test_server() + int ret; + RSA *key = RSA_new(); + BIGNUM *bignum = BN_new(); +- BN_set_word(bignum, 17); ++ BN_set_word(bignum, RSA_F4); + ret = RSA_generate_key_ex(key, 1024, bignum, NULL); + if (!ret) + { +@@ -450,7 +450,7 @@ static bool init_test_client() + int ret; + RSA *key = RSA_new(); + BIGNUM *bignum = BN_new(); +- BN_set_word(bignum, 17); ++ BN_set_word(bignum, RSA_F4); + ret = RSA_generate_key_ex(key, 1024, bignum, NULL); + if (!ret) + { diff --git a/cfengine.changes b/cfengine.changes index 93f3895..e4053ca 100644 --- a/cfengine.changes +++ b/cfengine.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 17 13:51:18 UTC 2015 - tchvatal@suse.com + +- Add patch to use proper SSL exponent bnc#922571 + * cfengine-fips.patch + ------------------------------------------------------------------- Tue Mar 17 13:41:26 UTC 2015 - tchvatal@suse.com diff --git a/cfengine.spec b/cfengine.spec index 5fb3df6..1d29690 100644 --- a/cfengine.spec +++ b/cfengine.spec @@ -64,6 +64,8 @@ Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch # set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin # kkaempf@suse.de Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch +# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571 +Patch7: cfengine-fips.patch BuildRequires: bison BuildRequires: db-devel BuildRequires: flex @@ -186,6 +188,7 @@ Lots of examples promises for CFEngine. %endif %patch5 -p1 %patch6 -p1 +%patch7 -p1 ##### rpmlint #### wrong-file-end-of-line-encoding From 0e2e046e7167687604a167473cad9c79add18c907a3fe04684a5db5a98f80ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 17 Mar 2015 13:54:21 +0000 Subject: [PATCH 3/4] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=118 --- cfengine.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cfengine.spec b/cfengine.spec index 1d29690..870ffe1 100644 --- a/cfengine.spec +++ b/cfengine.spec @@ -122,7 +122,9 @@ Requires: cron BuildRequires: systemd %{?systemd_requires} %endif +%if 0%{?suse_version} > 01020 BuildRequires: fdupes +%endif %description CFEngine is the core of a configuration management system: ensuring From 3d119a579c7a6f41a18abd277dd1c1a8ed51c3cc742a44af16830fcbeef9f069 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 17 Mar 2015 13:54:43 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=119 --- cfengine.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/cfengine.spec b/cfengine.spec index 870ffe1..f877e42 100644 --- a/cfengine.spec +++ b/cfengine.spec @@ -141,7 +141,6 @@ Summary: Shared library of cfengine Group: System/Libraries Provides: %{libname}1 = %{version} Obsoletes: %{libname}1 < %{version} -Requires: glibc %description -n %{libsoname} This package contains the shared libpromises (cfengine) library.