Accepting request 509615 from network:ha-clustering:Factory
1 OBS-URL: https://build.opensuse.org/request/show/509615 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/corosync?expand=0&rev=40
This commit is contained in:
commit
3c1b08885e
235
0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
Normal file
235
0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
Normal file
@ -0,0 +1,235 @@
|
|||||||
|
--- corosync-2.4.2.orig/exec/totemcrypto.c 2016-11-08 00:39:12.000000000 +0800
|
||||||
|
+++ corosync-2.4.2/exec/totemcrypto.c 2017-07-12 11:09:43.693227825 +0800
|
||||||
|
@@ -206,6 +206,13 @@
|
||||||
|
(const char *)format, ##args); \
|
||||||
|
} while (0);
|
||||||
|
|
||||||
|
+enum sym_key_type {
|
||||||
|
+ SYM_KEY_TYPE_CRYPT,
|
||||||
|
+ SYM_KEY_TYPE_HASH
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+#define MAX_WRAPPED_KEY_LEN 128
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* crypt/decrypt functions
|
||||||
|
*/
|
||||||
|
@@ -226,38 +233,147 @@
|
||||||
|
return CRYPTO_CIPHER_TYPE_AES256;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int init_nss_crypto(struct crypto_instance *instance)
|
||||||
|
+static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum sym_key_type key_type)
|
||||||
|
{
|
||||||
|
- PK11SlotInfo* crypt_slot = NULL;
|
||||||
|
- SECItem crypt_param;
|
||||||
|
+ SECItem key_item;
|
||||||
|
+ PK11SlotInfo *slot;
|
||||||
|
+ PK11SymKey *res_key;
|
||||||
|
+ CK_MECHANISM_TYPE cipher;
|
||||||
|
+ CK_ATTRIBUTE_TYPE operation;
|
||||||
|
+ CK_MECHANISM_TYPE wrap_mechanism;
|
||||||
|
+ int wrap_key_len;
|
||||||
|
+ PK11SymKey *wrap_key;
|
||||||
|
+ PK11Context *wrap_key_crypt_context;
|
||||||
|
+ SECItem tmp_sec_item;
|
||||||
|
+ SECItem wrapped_key;
|
||||||
|
+ int wrapped_key_len;
|
||||||
|
+ unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN];
|
||||||
|
+
|
||||||
|
+ memset(&key_item, 0, sizeof(key_item));
|
||||||
|
+ slot = NULL;
|
||||||
|
+ wrap_key = NULL;
|
||||||
|
+ res_key = NULL;
|
||||||
|
+ wrap_key_crypt_context = NULL;
|
||||||
|
+
|
||||||
|
+ key_item.type = siBuffer;
|
||||||
|
+ key_item.data = instance->private_key;
|
||||||
|
+
|
||||||
|
+ switch (key_type) {
|
||||||
|
+ case SYM_KEY_TYPE_CRYPT:
|
||||||
|
+ key_item.len = cipher_key_len[instance->crypto_cipher_type];
|
||||||
|
+ cipher = cipher_to_nss[instance->crypto_cipher_type];
|
||||||
|
+ operation = CKA_ENCRYPT|CKA_DECRYPT;
|
||||||
|
+ break;
|
||||||
|
+ case SYM_KEY_TYPE_HASH:
|
||||||
|
+ key_item.len = instance->private_key_len;
|
||||||
|
+ cipher = hash_to_nss[instance->crypto_hash_type];
|
||||||
|
+ operation = CKA_SIGN;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ slot = PK11_GetBestSlot(cipher, NULL);
|
||||||
|
+ if (slot == NULL) {
|
||||||
|
+ log_printf(instance->log_level_security, "Unable to find security slot (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if (!cipher_to_nss[instance->crypto_cipher_type]) {
|
||||||
|
- return 0;
|
||||||
|
+ /*
|
||||||
|
+ * Without FIPS it would be possible to just use
|
||||||
|
+ * res_key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, operation, &key_item, NULL);
|
||||||
|
+ * with FIPS NSS Level 2 certification has to be "workarounded" (so it becomes Level 1) by using
|
||||||
|
+ * following method:
|
||||||
|
+ * 1. Generate wrap key
|
||||||
|
+ * 2. Encrypt authkey with wrap key
|
||||||
|
+ * 3. Unwrap encrypted authkey using wrap key
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Generate wrapping key
|
||||||
|
+ */
|
||||||
|
+ wrap_mechanism = PK11_GetBestWrapMechanism(slot);
|
||||||
|
+ wrap_key_len = PK11_GetBestKeyLength(slot, wrap_mechanism);
|
||||||
|
+ wrap_key = PK11_KeyGen(slot, wrap_mechanism, NULL, wrap_key_len, NULL);
|
||||||
|
+ if (wrap_key == NULL) {
|
||||||
|
+ log_printf(instance->log_level_security, "Unable to generate wrapping key (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
}
|
||||||
|
|
||||||
|
- crypt_param.type = siBuffer;
|
||||||
|
- crypt_param.data = instance->private_key;
|
||||||
|
- crypt_param.len = cipher_key_len[instance->crypto_cipher_type];
|
||||||
|
+ /*
|
||||||
|
+ * Encrypt authkey with wrapping key
|
||||||
|
+ */
|
||||||
|
|
||||||
|
- crypt_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL);
|
||||||
|
- if (crypt_slot == NULL) {
|
||||||
|
- log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
|
||||||
|
- PR_GetError());
|
||||||
|
- return -1;
|
||||||
|
+ /*
|
||||||
|
+ * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode
|
||||||
|
+ */
|
||||||
|
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
|
||||||
|
+ wrap_key_crypt_context = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT,
|
||||||
|
+ wrap_key, &tmp_sec_item);
|
||||||
|
+ if (wrap_key_crypt_context == NULL) {
|
||||||
|
+ log_printf(instance->log_level_security, "Unable to create encrypt context (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ wrapped_key_len = (int)sizeof(wrapped_key_data);
|
||||||
|
+
|
||||||
|
+ if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key_data, &wrapped_key_len,
|
||||||
|
+ sizeof(wrapped_key_data), key_item.data, key_item.len) != SECSuccess) {
|
||||||
|
+ log_printf(instance->log_level_security, "Unable to encrypt authkey (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (PK11_Finalize(wrap_key_crypt_context) != SECSuccess) {
|
||||||
|
+ log_printf(instance->log_level_security, "Unable to finalize encryption of authkey (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
}
|
||||||
|
|
||||||
|
- instance->nss_sym_key = PK11_ImportSymKey(crypt_slot,
|
||||||
|
- cipher_to_nss[instance->crypto_cipher_type],
|
||||||
|
- PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT,
|
||||||
|
- &crypt_param, NULL);
|
||||||
|
+ /*
|
||||||
|
+ * Finally unwrap sym key
|
||||||
|
+ */
|
||||||
|
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
|
||||||
|
+ wrapped_key.data = wrapped_key_data;
|
||||||
|
+ wrapped_key.len = wrapped_key_len;
|
||||||
|
+
|
||||||
|
+ res_key = PK11_UnwrapSymKey(wrap_key, wrap_mechanism, &tmp_sec_item, &wrapped_key,
|
||||||
|
+ cipher, operation, key_item.len);
|
||||||
|
+ if (res_key == NULL) {
|
||||||
|
+ log_printf(instance->log_level_security, "Failure to import key into NSS (%d): %s",
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
+ goto exit_res_key;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+exit_res_key:
|
||||||
|
+ if (wrap_key_crypt_context != NULL) {
|
||||||
|
+ PK11_DestroyContext(wrap_key_crypt_context, PR_TRUE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (wrap_key != NULL) {
|
||||||
|
+ PK11_FreeSymKey(wrap_key);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (slot != NULL) {
|
||||||
|
+ PK11_FreeSlot(slot);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return (res_key);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int init_nss_crypto(struct crypto_instance *instance)
|
||||||
|
+{
|
||||||
|
+
|
||||||
|
+ if (!cipher_to_nss[instance->crypto_cipher_type]) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ instance->nss_sym_key = import_symmetric_key(instance, SYM_KEY_TYPE_CRYPT);
|
||||||
|
if (instance->nss_sym_key == NULL) {
|
||||||
|
- log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
|
||||||
|
- PR_GetError());
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- PK11_FreeSlot(crypt_slot);
|
||||||
|
-
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -312,9 +428,9 @@
|
||||||
|
nss_sec_param);
|
||||||
|
if (!crypt_context) {
|
||||||
|
log_printf(instance->log_level_security,
|
||||||
|
- "PK11_CreateContext failed (encrypt) crypt_type=%d (err %d)",
|
||||||
|
+ "PK11_CreateContext failed (encrypt) crypt_type=%d (%d): %s",
|
||||||
|
(int)cipher_to_nss[instance->crypto_cipher_type],
|
||||||
|
- PR_GetError());
|
||||||
|
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -447,36 +563,16 @@
|
||||||
|
|
||||||
|
static int init_nss_hash(struct crypto_instance *instance)
|
||||||
|
{
|
||||||
|
- PK11SlotInfo* hash_slot = NULL;
|
||||||
|
- SECItem hash_param;
|
||||||
|
|
||||||
|
if (!hash_to_nss[instance->crypto_hash_type]) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
- hash_param.type = siBuffer;
|
||||||
|
- hash_param.data = instance->private_key;
|
||||||
|
- hash_param.len = instance->private_key_len;
|
||||||
|
-
|
||||||
|
- hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL);
|
||||||
|
- if (hash_slot == NULL) {
|
||||||
|
- log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
|
||||||
|
- PR_GetError());
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot,
|
||||||
|
- hash_to_nss[instance->crypto_hash_type],
|
||||||
|
- PK11_OriginUnwrap, CKA_SIGN,
|
||||||
|
- &hash_param, NULL);
|
||||||
|
+ instance->nss_sym_key_sign = import_symmetric_key(instance, SYM_KEY_TYPE_HASH);
|
||||||
|
if (instance->nss_sym_key_sign == NULL) {
|
||||||
|
- log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
|
||||||
|
- PR_GetError());
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- PK11_FreeSlot(hash_slot);
|
||||||
|
-
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
@ -1,361 +0,0 @@
|
|||||||
--- corosync-2.4.2.orig/exec/totemconfig.c 2017-07-10 10:47:11.640061522 +0800
|
|
||||||
+++ corosync-2.4.2/exec/totemconfig.c 2017-07-10 12:47:33.936275775 +0800
|
|
||||||
@@ -1416,7 +1416,6 @@
|
|
||||||
{
|
|
||||||
int fd;
|
|
||||||
int res;
|
|
||||||
- ssize_t expected_key_len = sizeof (totem_config->private_key);
|
|
||||||
int saved_errno;
|
|
||||||
char error_str[100];
|
|
||||||
const char *error_ptr;
|
|
||||||
@@ -1430,7 +1429,7 @@
|
|
||||||
goto parse_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
- res = read (fd, totem_config->private_key, expected_key_len);
|
|
||||||
+ res = read (fd, totem_config->private_key, TOTEM_PRIVATE_KEY_LEN_MAX);
|
|
||||||
saved_errno = errno;
|
|
||||||
close (fd);
|
|
||||||
|
|
||||||
@@ -1442,15 +1441,14 @@
|
|
||||||
goto parse_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
- totem_config->private_key_len = expected_key_len;
|
|
||||||
-
|
|
||||||
- if (res != expected_key_len) {
|
|
||||||
+ if (res < TOTEM_PRIVATE_KEY_LEN_MIN) {
|
|
||||||
snprintf (error_string_response, sizeof(error_string_response),
|
|
||||||
- "Could only read %d bits of 1024 bits from %s.\n",
|
|
||||||
- res * 8, key_location);
|
|
||||||
+ "Could only read %d bits of minimum %u bits from %s.\n",
|
|
||||||
+ res * 8, TOTEM_PRIVATE_KEY_LEN_MIN * 8, key_location);
|
|
||||||
goto parse_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ totem_config->private_key_len = res;
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
parse_error:
|
|
||||||
@@ -1467,8 +1465,8 @@
|
|
||||||
int res;
|
|
||||||
size_t key_len;
|
|
||||||
|
|
||||||
- memset (totem_config->private_key, 0, 128);
|
|
||||||
- totem_config->private_key_len = 128;
|
|
||||||
+ memset (totem_config->private_key, 0, sizeof(totem_config->private_key));
|
|
||||||
+ totem_config->private_key_len = 0;
|
|
||||||
|
|
||||||
if (strcmp(totem_config->crypto_cipher_type, "none") == 0 &&
|
|
||||||
strcmp(totem_config->crypto_hash_type, "none") == 0) {
|
|
||||||
@@ -1485,15 +1483,19 @@
|
|
||||||
got_key = 1;
|
|
||||||
} else { /* Or the key itself may be in the cmap */
|
|
||||||
if (icmap_get("totem.key", NULL, &key_len, NULL) == CS_OK) {
|
|
||||||
- if (key_len > sizeof (totem_config->private_key)) {
|
|
||||||
+ if (key_len > sizeof(totem_config->private_key)) {
|
|
||||||
sprintf(error_string_response, "key is too long");
|
|
||||||
goto key_error;
|
|
||||||
}
|
|
||||||
+ if (key_len < TOTEM_PRIVATE_KEY_LEN_MIN) {
|
|
||||||
+ sprintf(error_string_response, "key is too short");
|
|
||||||
+ goto key_error;
|
|
||||||
+ }
|
|
||||||
if (icmap_get("totem.key", totem_config->private_key, &key_len, NULL) == CS_OK) {
|
|
||||||
totem_config->private_key_len = key_len;
|
|
||||||
got_key = 1;
|
|
||||||
} else {
|
|
||||||
- sprintf(error_string_response, "can't store private key");
|
|
||||||
+ sprintf(error_string_response, "can't store load key");
|
|
||||||
goto key_error;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--- corosync-2.4.2.orig/include/corosync/totem/totem.h 2016-11-08 00:39:12.000000000 +0800
|
|
||||||
+++ corosync-2.4.2/include/corosync/totem/totem.h 2017-07-10 12:38:17.344259264 +0800
|
|
||||||
@@ -90,7 +90,11 @@
|
|
||||||
int log_subsys_id;
|
|
||||||
};
|
|
||||||
|
|
||||||
-enum { TOTEM_PRIVATE_KEY_LEN = 128 };
|
|
||||||
+enum {
|
|
||||||
+ TOTEM_PRIVATE_KEY_LEN = 128,
|
|
||||||
+ TOTEM_PRIVATE_KEY_LEN_MIN = 1024,
|
|
||||||
+ TOTEM_PRIVATE_KEY_LEN_MAX = 4096
|
|
||||||
+};
|
|
||||||
enum { TOTEM_RRP_MODE_BYTES = 64 };
|
|
||||||
|
|
||||||
typedef enum {
|
|
||||||
@@ -119,7 +123,7 @@
|
|
||||||
/*
|
|
||||||
* key information
|
|
||||||
*/
|
|
||||||
- unsigned char private_key[TOTEM_PRIVATE_KEY_LEN];
|
|
||||||
+ unsigned char private_key[TOTEM_PRIVATE_KEY_LEN_MAX];
|
|
||||||
|
|
||||||
unsigned int private_key_len;
|
|
||||||
|
|
||||||
--- corosync-2.4.2.orig/tools/corosync-keygen.c 2016-11-08 00:39:12.000000000 +0800
|
|
||||||
+++ corosync-2.4.2/tools/corosync-keygen.c 2017-07-10 11:30:12.340138080 +0800
|
|
||||||
@@ -1,10 +1,11 @@
|
|
||||||
/*
|
|
||||||
* Copyright (c) 2004 MontaVista Software, Inc.
|
|
||||||
- * Copyright (c) 2005-2011 Red Hat, Inc.
|
|
||||||
+ * Copyright (c) 2005-2017 Red Hat, Inc.
|
|
||||||
*
|
|
||||||
* All rights reserved.
|
|
||||||
*
|
|
||||||
* Author: Steven Dake (sdake@redhat.com)
|
|
||||||
+ * Jan Friesse (jfriesse@redhat.com)
|
|
||||||
*
|
|
||||||
* This software licensed under BSD license, the text of which follows:
|
|
||||||
*
|
|
||||||
@@ -47,16 +48,25 @@
|
|
||||||
|
|
||||||
#include <netinet/in.h>
|
|
||||||
|
|
||||||
+#include <corosync/totem/totem.h>
|
|
||||||
+
|
|
||||||
#define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey"
|
|
||||||
|
|
||||||
+#define DEFAULT_KEYFILE_LEN TOTEM_PRIVATE_KEY_LEN_MIN
|
|
||||||
+
|
|
||||||
+#define DEFAULT_RANDOM_DEV "/dev/urandom"
|
|
||||||
+
|
|
||||||
static const char usage[] =
|
|
||||||
- "Usage: corosync-keygen [-k <keyfile>] [-l]\n"
|
|
||||||
+ "Usage: corosync-keygen [-k <keyfile>] [-s size] [-m <randomfile>] [-l] [-h]\n"
|
|
||||||
" -k / --key-file=<filename> - Write to the specified keyfile\n"
|
|
||||||
" instead of the default " DEFAULT_KEYFILE ".\n"
|
|
||||||
- " -l / --less-secure - Use a less secure random number source\n"
|
|
||||||
- " (/dev/urandom) that is guaranteed not to require user\n"
|
|
||||||
- " input for entropy. This can be used when this\n"
|
|
||||||
- " application is used from a script.\n";
|
|
||||||
+ " -r / --random-file - Random number source file. Default is \n"
|
|
||||||
+ " /dev/urandom. As an example /dev/random may be requested\n"
|
|
||||||
+ " (that may require user input for entropy).\n"
|
|
||||||
+ " -l / --less-secure - Not used, option is kept only\n"
|
|
||||||
+ " for compatibility.\n"
|
|
||||||
+ " -s / --size - Length of key.\n"
|
|
||||||
+ " -h / --help - Print basic usage.\n";
|
|
||||||
|
|
||||||
|
|
||||||
int main (int argc, char *argv[])
|
|
||||||
@@ -64,27 +74,49 @@
|
|
||||||
int authkey_fd;
|
|
||||||
int random_fd;
|
|
||||||
char *keyfile = NULL;
|
|
||||||
- unsigned char key[128];
|
|
||||||
+ unsigned char key[TOTEM_PRIVATE_KEY_LEN_MAX];
|
|
||||||
ssize_t res;
|
|
||||||
ssize_t bytes_read;
|
|
||||||
+ size_t key_len = DEFAULT_KEYFILE_LEN;
|
|
||||||
+ const char *random_dev = DEFAULT_RANDOM_DEV;
|
|
||||||
+ long long int tmpll;
|
|
||||||
+ char *ep;
|
|
||||||
int c;
|
|
||||||
int option_index;
|
|
||||||
- int less_secure = 0;
|
|
||||||
static struct option long_options[] = {
|
|
||||||
{ "key-file", required_argument, NULL, 'k' },
|
|
||||||
{ "less-secure", no_argument, NULL, 'l' },
|
|
||||||
+ { "random-file", required_argument, NULL, 'r' },
|
|
||||||
+ { "size", required_argument, NULL, 's' },
|
|
||||||
{ "help", no_argument, NULL, 'h' },
|
|
||||||
{ 0, 0, NULL, 0 },
|
|
||||||
};
|
|
||||||
|
|
||||||
- while ((c = getopt_long (argc, argv, "k:lh",
|
|
||||||
+ while ((c = getopt_long (argc, argv, "k:r:s:lh",
|
|
||||||
long_options, &option_index)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
case 'k':
|
|
||||||
keyfile = optarg;
|
|
||||||
break;
|
|
||||||
case 'l':
|
|
||||||
- less_secure = 1;
|
|
||||||
+ /*
|
|
||||||
+ * Only kept for compatibility
|
|
||||||
+ */
|
|
||||||
+ break;
|
|
||||||
+ case 'r':
|
|
||||||
+ random_dev = optarg;
|
|
||||||
+ break;
|
|
||||||
+ case 's':
|
|
||||||
+ tmpll = strtoll(optarg, &ep, 10);
|
|
||||||
+ if (tmpll < TOTEM_PRIVATE_KEY_LEN_MIN ||
|
|
||||||
+ tmpll > TOTEM_PRIVATE_KEY_LEN_MAX ||
|
|
||||||
+ errno != 0 || *ep != '\0') {
|
|
||||||
+ errx (1, "Unsupported key size (supported <%u,%u>)\n",
|
|
||||||
+ TOTEM_PRIVATE_KEY_LEN_MIN,
|
|
||||||
+ TOTEM_PRIVATE_KEY_LEN_MAX);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ key_len = (size_t)tmpll;
|
|
||||||
break;
|
|
||||||
case 'h':
|
|
||||||
printf ("%s\n", usage);
|
|
||||||
@@ -102,32 +134,30 @@
|
|
||||||
keyfile = (char *)DEFAULT_KEYFILE;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (less_secure) {
|
|
||||||
- printf ("Gathering %lu bits for key from /dev/urandom.\n", (unsigned long)(sizeof (key) * 8));
|
|
||||||
- random_fd = open ("/dev/urandom", O_RDONLY);
|
|
||||||
- } else {
|
|
||||||
- printf ("Gathering %lu bits for key from /dev/random.\n", (unsigned long)(sizeof (key) * 8));
|
|
||||||
- printf ("Press keys on your keyboard to generate entropy.\n");
|
|
||||||
- random_fd = open ("/dev/random", O_RDONLY);
|
|
||||||
- }
|
|
||||||
+ printf ("Gathering %lu bits for key from %s.\n", (unsigned long)(key_len * 8), random_dev);
|
|
||||||
+ random_fd = open (random_dev, O_RDONLY);
|
|
||||||
|
|
||||||
if (random_fd == -1) {
|
|
||||||
err (1, "Failed to open random source");
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (strcmp(random_dev, "/dev/random") == 0) {
|
|
||||||
+ printf ("Press keys on your keyboard to generate entropy.\n");
|
|
||||||
+ }
|
|
||||||
/*
|
|
||||||
* Read random data
|
|
||||||
*/
|
|
||||||
bytes_read = 0;
|
|
||||||
|
|
||||||
retry_read:
|
|
||||||
- res = read (random_fd, &key[bytes_read], sizeof (key) - bytes_read);
|
|
||||||
+ res = read (random_fd, &key[bytes_read], key_len - bytes_read);
|
|
||||||
if (res == -1) {
|
|
||||||
err (1, "Could not read /dev/random");
|
|
||||||
}
|
|
||||||
bytes_read += res;
|
|
||||||
- if (bytes_read != sizeof (key)) {
|
|
||||||
- printf ("Press keys on your keyboard to generate entropy (bits = %d).\n", (int)(bytes_read * 8));
|
|
||||||
+ if (bytes_read != key_len) {
|
|
||||||
+ printf ("Press keys on your keyboard to generate entropy (%d bits still needed).\n",
|
|
||||||
+ (int)((key_len - bytes_read) * 8));
|
|
||||||
goto retry_read;
|
|
||||||
}
|
|
||||||
close (random_fd);
|
|
||||||
@@ -135,7 +165,7 @@
|
|
||||||
/*
|
|
||||||
* Open key
|
|
||||||
*/
|
|
||||||
- authkey_fd = open (keyfile, O_CREAT|O_WRONLY, 0600);
|
|
||||||
+ authkey_fd = open (keyfile, O_CREAT|O_WRONLY|O_TRUNC, 0600);
|
|
||||||
if (authkey_fd == -1) {
|
|
||||||
err (2, "Could not create %s", keyfile);
|
|
||||||
}
|
|
||||||
@@ -148,8 +178,8 @@
|
|
||||||
/*
|
|
||||||
* Write key
|
|
||||||
*/
|
|
||||||
- res = write (authkey_fd, key, sizeof (key));
|
|
||||||
- if (res != sizeof (key)) {
|
|
||||||
+ res = write (authkey_fd, key, key_len);
|
|
||||||
+ if (res != key_len) {
|
|
||||||
err (4, "Could not write %s", keyfile);
|
|
||||||
}
|
|
||||||
|
|
||||||
--- corosync-2.4.2.orig/man/corosync-keygen.8 2016-11-08 00:39:12.000000000 +0800
|
|
||||||
+++ corosync-2.4.2/man/corosync-keygen.8 2017-07-10 12:55:30.260289906 +0800
|
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
.\"/*
|
|
||||||
-.\" * Copyright (C) 2010 Red Hat, Inc.
|
|
||||||
+.\" * Copyright (C) 2010-2017 Red Hat, Inc.
|
|
||||||
.\" *
|
|
||||||
.\" * All rights reserved.
|
|
||||||
.\" *
|
|
||||||
@@ -31,11 +31,11 @@
|
|
||||||
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
||||||
.\" * THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
.\" */
|
|
||||||
-.TH COROSYNC-KEYGEN 8 2010-05-30
|
|
||||||
+.TH COROSYNC-KEYGEN 8 2017-07-03
|
|
||||||
.SH NAME
|
|
||||||
corosync-keygen \- Generate an authentication key for Corosync.
|
|
||||||
.SH SYNOPSIS
|
|
||||||
-.B "corosync-keygen [\-k <filename>] [\-l]"
|
|
||||||
+.B "corosync-keygen [\-k <filename>] [-m <randomfile>] [\-s size] [\-l] [\-h]"
|
|
||||||
.SH DESCRIPTION
|
|
||||||
|
|
||||||
If you want to configure corosync to use cryptographic techniques to ensure authenticity
|
|
||||||
@@ -57,8 +57,6 @@
|
|
||||||
If a message "Invalid digest" appears from the corosync executive, the keys
|
|
||||||
are not consistent between processors.
|
|
||||||
.PP
|
|
||||||
-.B Note: corosync-keygen
|
|
||||||
-will ask for user input to assist in generating entropy unless the -l option is used.
|
|
||||||
.SH OPTIONS
|
|
||||||
.TP
|
|
||||||
.B -k <filename>
|
|
||||||
@@ -66,30 +64,55 @@
|
|
||||||
.br
|
|
||||||
The default is /etc/corosync/authkey.
|
|
||||||
.TP
|
|
||||||
+.B -r
|
|
||||||
+Random number source file. Default is /dev/urandom. As an example /dev/random may be
|
|
||||||
+used when really superb randomness is needed.
|
|
||||||
+.TP
|
|
||||||
+.B -s size
|
|
||||||
+Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
|
|
||||||
+.TP
|
|
||||||
+.TP
|
|
||||||
.B -l
|
|
||||||
-Use a less secure random data source that will not require user input to help generate
|
|
||||||
-entropy. This may be useful when this utility is used from a script or hardware random number
|
|
||||||
-generator is not available (f.e. in virtual machine).
|
|
||||||
+Option is not used and it's kept only for compatibility.
|
|
||||||
+.TP
|
|
||||||
+.B -h
|
|
||||||
+Print basic usage.
|
|
||||||
|
|
||||||
.SH EXAMPLES
|
|
||||||
.TP
|
|
||||||
Generate the key.
|
|
||||||
-.PP
|
|
||||||
+.nf
|
|
||||||
# corosync-keygen
|
|
||||||
-.br
|
|
||||||
Corosync Cluster Engine Authentication key generator.
|
|
||||||
-.br
|
|
||||||
-Gathering 1024 bits for key from /dev/random.
|
|
||||||
-.br
|
|
||||||
-Press keys on your keyboard to generate entropy.
|
|
||||||
-.br
|
|
||||||
-.PP
|
|
||||||
-$ corosync-keygen -l -k /tmp/authkey
|
|
||||||
-.br
|
|
||||||
+Gathering 8192 bits for key from /dev/urandom.
|
|
||||||
+Writing corosync key to /etc/corosync/authkey
|
|
||||||
+.fi
|
|
||||||
+
|
|
||||||
+.TP
|
|
||||||
+Generate longer key and store it in the /tmp/authkey file.
|
|
||||||
+.nf
|
|
||||||
+$ corosync-keygen -s 2048 -k /tmp/authkey
|
|
||||||
Corosync Cluster Engine Authentication key generator.
|
|
||||||
-.br
|
|
||||||
+Gathering 16384 bits for key from /dev/urandom.
|
|
||||||
Writing corosync key to /tmp/authkey.
|
|
||||||
-.br
|
|
||||||
+.fi
|
|
||||||
+
|
|
||||||
+.TP
|
|
||||||
+Generate superb key using /dev/random
|
|
||||||
+.nf
|
|
||||||
+# corosync-keygen -r /dev/random
|
|
||||||
+Corosync Cluster Engine Authentication key generator.
|
|
||||||
+Gathering 8192 bits for key from /dev/random.
|
|
||||||
+Press keys on your keyboard to generate entropy.
|
|
||||||
+Press keys on your keyboard to generate entropy (7928 bits still needed).
|
|
||||||
+Press keys on your keyboard to generate entropy (7880 bits still needed).
|
|
||||||
+ ...
|
|
||||||
+Press keys on your keyboard to generate entropy (104 bits still needed).
|
|
||||||
+Press keys on your keyboard to generate entropy (56 bits still needed).
|
|
||||||
+Press keys on your keyboard to generate entropy (8 bits still needed).
|
|
||||||
+Writing corosync key to /etc/corosync/authkey.
|
|
||||||
+.fi
|
|
||||||
+
|
|
||||||
.SH SEE ALSO
|
|
||||||
.BR corosync_overview (8),
|
|
||||||
.BR corosync.conf (5),
|
|
196
0008-main.c-add-option-to-set-priority.patch
Normal file
196
0008-main.c-add-option-to-set-priority.patch
Normal file
@ -0,0 +1,196 @@
|
|||||||
|
--- corosync-2.4.2.orig/exec/main.c 2017-07-11 16:45:28.979262348 +0800
|
||||||
|
+++ corosync-2.4.2/exec/main.c 2017-07-11 16:44:05.195259862 +0800
|
||||||
|
@@ -889,8 +889,10 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-static void corosync_setscheduler (void)
|
||||||
|
+static int corosync_set_rr_scheduler (void)
|
||||||
|
{
|
||||||
|
+ int ret_val = 0;
|
||||||
|
+
|
||||||
|
#if defined(HAVE_PTHREAD_SETSCHEDPARAM) && defined(HAVE_SCHED_GET_PRIORITY_MAX) && defined(HAVE_SCHED_SETSCHEDULER)
|
||||||
|
int res;
|
||||||
|
|
||||||
|
@@ -907,6 +909,7 @@
|
||||||
|
#ifdef HAVE_QB_LOG_THREAD_PRIORITY_SET
|
||||||
|
qb_log_thread_priority_set (SCHED_OTHER, 0);
|
||||||
|
#endif
|
||||||
|
+ ret_val = -1;
|
||||||
|
} else {
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -928,11 +931,15 @@
|
||||||
|
LOGSYS_PERROR (errno, LOGSYS_LEVEL_WARNING,
|
||||||
|
"Could not get maximum scheduler priority");
|
||||||
|
sched_priority = 0;
|
||||||
|
+ ret_val = -1;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
log_printf(LOGSYS_LEVEL_WARNING,
|
||||||
|
"The Platform is missing process priority setting features. Leaving at default.");
|
||||||
|
+ ret_val = -1;
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+ return (ret_val);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1159,29 +1166,46 @@
|
||||||
|
const char *error_string;
|
||||||
|
struct totem_config totem_config;
|
||||||
|
int res, ch;
|
||||||
|
- int background, setprio, testonly;
|
||||||
|
+ int background, sched_rr, prio, testonly;
|
||||||
|
struct stat stat_out;
|
||||||
|
enum e_corosync_done flock_err;
|
||||||
|
uint64_t totem_config_warnings;
|
||||||
|
struct scheduler_pause_timeout_data scheduler_pause_timeout_data;
|
||||||
|
+ long int tmpli;
|
||||||
|
+ char *ep;
|
||||||
|
|
||||||
|
/* default configuration
|
||||||
|
*/
|
||||||
|
background = 1;
|
||||||
|
- setprio = 1;
|
||||||
|
+ sched_rr = 1;
|
||||||
|
+ prio = 0;
|
||||||
|
testonly = 0;
|
||||||
|
|
||||||
|
- while ((ch = getopt (argc, argv, "fprtv")) != EOF) {
|
||||||
|
+ while ((ch = getopt (argc, argv, "fP:prtv")) != EOF) {
|
||||||
|
|
||||||
|
switch (ch) {
|
||||||
|
case 'f':
|
||||||
|
background = 0;
|
||||||
|
break;
|
||||||
|
case 'p':
|
||||||
|
- setprio = 0;
|
||||||
|
+ sched_rr = 0;
|
||||||
|
+ break;
|
||||||
|
+ case 'P':
|
||||||
|
+ if (strcmp(optarg, "max") == 0) {
|
||||||
|
+ prio = INT_MIN;
|
||||||
|
+ } else if (strcmp(optarg, "min") == 0) {
|
||||||
|
+ prio = INT_MAX;
|
||||||
|
+ } else {
|
||||||
|
+ tmpli = strtol(optarg, &ep, 10);
|
||||||
|
+ if (errno != 0 || *ep != '\0' || tmpli > INT_MAX || tmpli < INT_MIN) {
|
||||||
|
+ fprintf(stderr, "Priority value %s is invalid", optarg);
|
||||||
|
+ logsys_system_fini();
|
||||||
|
+ return EXIT_FAILURE;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case 'r':
|
||||||
|
- setprio = 1;
|
||||||
|
+ sched_rr = 1;
|
||||||
|
break;
|
||||||
|
case 't':
|
||||||
|
testonly = 1;
|
||||||
|
@@ -1197,9 +1221,10 @@
|
||||||
|
fprintf(stderr, \
|
||||||
|
"usage:\n"\
|
||||||
|
" -f : Start application in foreground.\n"\
|
||||||
|
- " -p : Do not set process priority.\n"\
|
||||||
|
+ " -p : Do not set realtime scheduling.\n"\
|
||||||
|
" -t : Test configuration and exit.\n"\
|
||||||
|
" -r : Set round robin realtime scheduling (default).\n"\
|
||||||
|
+ " -P num : Set priority of process (no effect when -r is used)\n"\
|
||||||
|
" -v : Display version and SVN revision of Corosync and exit.\n");
|
||||||
|
logsys_system_fini();
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
@@ -1207,15 +1232,6 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Set round robin realtime scheduling with priority 99
|
||||||
|
- * Lock all memory to avoid page faults which may interrupt
|
||||||
|
- * application healthchecking
|
||||||
|
- */
|
||||||
|
- if (setprio) {
|
||||||
|
- corosync_setscheduler ();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /*
|
||||||
|
* Other signals are registered later via qb_loop_signal_add
|
||||||
|
*/
|
||||||
|
(void)signal (SIGSEGV, sigsegv_handler);
|
||||||
|
@@ -1319,6 +1335,24 @@
|
||||||
|
corosync_exit_error (COROSYNC_DONE_EXIT);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Set round robin realtime scheduling with priority 99
|
||||||
|
+ */
|
||||||
|
+ if (sched_rr) {
|
||||||
|
+ if (corosync_set_rr_scheduler () != 0) {
|
||||||
|
+ prio = INT_MIN;
|
||||||
|
+ } else {
|
||||||
|
+ prio = 0;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (prio != 0) {
|
||||||
|
+ if (setpriority(PRIO_PGRP, 0, prio) != 0) {
|
||||||
|
+ LOGSYS_PERROR(errno, LOGSYS_LEVEL_WARNING,
|
||||||
|
+ "Could not set priority %d", prio);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ip_version = totem_config.ip_version;
|
||||||
|
|
||||||
|
totem_config.totem_memb_ring_id_create_or_load = corosync_ring_id_create_or_load;
|
||||||
|
@@ -1345,6 +1379,11 @@
|
||||||
|
corosync_tty_detach ();
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Lock all memory to avoid page faults which may interrupt
|
||||||
|
+ * application healthchecking
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
corosync_mlockall();
|
||||||
|
|
||||||
|
corosync_poll_handle = qb_loop_create ();
|
||||||
|
--- corosync-2.4.2.orig/man/corosync.8 2016-11-08 00:39:12.000000000 +0800
|
||||||
|
+++ corosync-2.4.2/man/corosync.8 2017-07-11 16:48:06.555267022 +0800
|
||||||
|
@@ -31,11 +31,11 @@
|
||||||
|
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
||||||
|
.\" * THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
.\" */
|
||||||
|
-.TH COROSYNC 8 2010-05-30
|
||||||
|
+.TH COROSYNC 8 2017-07-07
|
||||||
|
.SH NAME
|
||||||
|
corosync \- The Corosync Cluster Engine.
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-.B "corosync [\-f] [\-p] [\-r] [\-v]"
|
||||||
|
+.B "corosync [\-f] [-P num] [\-p] [\-r] [\-v]"
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.B corosync
|
||||||
|
Corosync provides clustering infracture such as membership, messaging and quorum.
|
||||||
|
@@ -45,10 +45,22 @@
|
||||||
|
Start application in foreground.
|
||||||
|
.TP
|
||||||
|
.B -p
|
||||||
|
-Do not set process priority.
|
||||||
|
+Do not set realtime scheduling.
|
||||||
|
.TP
|
||||||
|
+.B -P
|
||||||
|
+Set priority of process. Has effect only when
|
||||||
|
.B -r
|
||||||
|
-Set round robin realtime scheduling (default).
|
||||||
|
+is not used. Can be ether numeric value with similar meaning as
|
||||||
|
+.BR nice (1)
|
||||||
|
+or
|
||||||
|
+.B max
|
||||||
|
+/
|
||||||
|
+.B min
|
||||||
|
+meaning maximal / minimal priority (so minimal / maximal nice value).
|
||||||
|
+.TP
|
||||||
|
+.B -r
|
||||||
|
+Set round robin realtime scheduling with maximal priority (default). When setting
|
||||||
|
+of scheduler fails, fallback to set maximal priority.
|
||||||
|
.TP
|
||||||
|
.B -t
|
||||||
|
Test configuration and then exit.
|
68
0009-totem-Propagate-totem-initialization-failure.patch
Normal file
68
0009-totem-Propagate-totem-initialization-failure.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
--- corosync-2.4.2.orig/exec/main.c 2017-07-11 17:23:41.903330368 +0800
|
||||||
|
+++ corosync-2.4.2/exec/main.c 2017-07-11 17:31:08.687343622 +0800
|
||||||
|
@@ -1424,9 +1424,13 @@
|
||||||
|
* Join multicast group and setup delivery
|
||||||
|
* and configuration change functions
|
||||||
|
*/
|
||||||
|
- totempg_initialize (
|
||||||
|
+ if(totempg_initialize (
|
||||||
|
corosync_poll_handle,
|
||||||
|
- &totem_config);
|
||||||
|
+ &totem_config) != 0) {
|
||||||
|
+
|
||||||
|
+ log_printf (LOGSYS_LEVEL_ERROR, "Can't initialize TOTEM layer");
|
||||||
|
+ corosync_exit_error (COROSYNC_DONE_FATAL_ERR);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
totempg_service_ready_register (
|
||||||
|
main_service_ready);
|
||||||
|
--- corosync-2.4.2.orig/exec/totempg.c 2016-11-08 00:39:12.000000000 +0800
|
||||||
|
+++ corosync-2.4.2/exec/totempg.c 2017-07-11 17:27:47.615337658 +0800
|
||||||
|
@@ -814,6 +814,10 @@
|
||||||
|
totempg_confchg_fn,
|
||||||
|
totempg_waiting_trans_ack_cb);
|
||||||
|
|
||||||
|
+ if (res == -1) {
|
||||||
|
+ goto error_exit;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
totemmrp_callback_token_create (
|
||||||
|
&callback_token_received_handle,
|
||||||
|
TOTEM_CALLBACK_TOKEN_RECEIVED,
|
||||||
|
@@ -827,6 +831,7 @@
|
||||||
|
|
||||||
|
list_init (&totempg_groups_list);
|
||||||
|
|
||||||
|
+error_exit:
|
||||||
|
return (res);
|
||||||
|
}
|
||||||
|
|
||||||
|
--- corosync-2.4.2.orig/exec/totemsrp.c 2016-11-08 00:39:12.000000000 +0800
|
||||||
|
+++ corosync-2.4.2/exec/totemsrp.c 2017-07-11 17:30:30.887342501 +0800
|
||||||
|
@@ -851,6 +851,7 @@
|
||||||
|
int waiting_trans_ack))
|
||||||
|
{
|
||||||
|
struct totemsrp_instance *instance;
|
||||||
|
+ int res;
|
||||||
|
|
||||||
|
instance = malloc (sizeof (struct totemsrp_instance));
|
||||||
|
if (instance == NULL) {
|
||||||
|
@@ -993,7 +994,7 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- totemrrp_initialize (
|
||||||
|
+ res = totemrrp_initialize (
|
||||||
|
poll_handle,
|
||||||
|
&instance->totemrrp_context,
|
||||||
|
totem_config,
|
||||||
|
@@ -1004,6 +1005,9 @@
|
||||||
|
main_token_seqid_get,
|
||||||
|
main_msgs_missing,
|
||||||
|
target_set_completed);
|
||||||
|
+ if (res == -1) {
|
||||||
|
+ goto error_exit;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Must have net_mtu adjusted by totemrrp_initialize first
|
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 12 05:25:45 UTC 2017 - bliu@suse.com
|
||||||
|
|
||||||
|
- some upstream fixes for corosync(bsc#1048259)
|
||||||
|
Added:
|
||||||
|
bsc#1047860-add-version.patch
|
||||||
|
0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
|
||||||
|
0008-main.c-add-option-to-set-priority.patch
|
||||||
|
0009-totem-Propagate-totem-initialization-failure.patch
|
||||||
|
|
||||||
|
Removed:
|
||||||
|
bnc#867767-add-version.patch
|
||||||
|
0007-improve-corosync-keygen.patch(since this patch is not for corosync v2.x)
|
||||||
|
|
||||||
|
Modified:
|
||||||
|
corosync.spec, add judgement whether /etc/sysconfig/corosycn* exist before remove these files
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 10 06:54:23 UTC 2017 - bliu@suse.com
|
Mon Jul 10 06:54:23 UTC 2017 - bliu@suse.com
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ Url: http://corosync.github.io/corosync/
|
|||||||
Source0: %{name}-%{version}.tar.gz
|
Source0: %{name}-%{version}.tar.gz
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Patch1: corosync-init-lockfile-path-error.patch
|
Patch1: corosync-init-lockfile-path-error.patch
|
||||||
Patch2: bnc#867767-add-version.patch
|
Patch2: bsc#1047860-add-version.patch
|
||||||
Patch3: bnc#872651-stop-cluster.patch
|
Patch3: bnc#872651-stop-cluster.patch
|
||||||
Patch4: bnc#882449-corosync-conf-example.patch
|
Patch4: bnc#882449-corosync-conf-example.patch
|
||||||
Patch5: corosync-2.3.4-fix-bashisms.patch
|
Patch5: corosync-2.3.4-fix-bashisms.patch
|
||||||
@ -67,7 +67,9 @@ Patch13: 0003-totemrrp-Fix-situation-when-all-rings-are-faulty.patch
|
|||||||
Patch14: 0004-main-Display-reason-why-cluster-cannot-be-formed.patch
|
Patch14: 0004-main-Display-reason-why-cluster-cannot-be-formed.patch
|
||||||
Patch15: 0005-votequorum-Report-errors-from-votequorum_exec_send_r.patch
|
Patch15: 0005-votequorum-Report-errors-from-votequorum_exec_send_r.patch
|
||||||
Patch16: 0006-coroapi-Use-size_t-for-private_data_size.patch
|
Patch16: 0006-coroapi-Use-size_t-for-private_data_size.patch
|
||||||
Patch17: 0007-improve-corosync-keygen.patch
|
Patch17: 0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
|
||||||
|
Patch18: 0008-main.c-add-option-to-set-priority.patch
|
||||||
|
Patch19: 0009-totem-Propagate-totem-initialization-failure.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
# openais is indeed gone and should be uninstalled. Yes, we do not
|
# openais is indeed gone and should be uninstalled. Yes, we do not
|
||||||
@ -144,6 +146,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|||||||
%patch15 -p1
|
%patch15 -p1
|
||||||
%patch16 -p1
|
%patch16 -p1
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
|
%patch18 -p1
|
||||||
|
%patch19 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%if %{with_runautogen}
|
%if %{with_runautogen}
|
||||||
@ -291,7 +295,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
rm /etc/sysconfig/corosync
|
if [ -f /etc/sysconfig/corosync ]; then
|
||||||
|
rm /etc/sysconfig/corosync
|
||||||
|
fi
|
||||||
%if %{with_systemd} && 0%{?systemd_postun:1}
|
%if %{with_systemd} && 0%{?systemd_postun:1}
|
||||||
%systemd_postun
|
%systemd_postun
|
||||||
%endif
|
%endif
|
||||||
@ -499,8 +505,8 @@ NSS certificates and an init script.
|
|||||||
%if %{sles_version} > 0
|
%if %{sles_version} > 0
|
||||||
ln -s /run/corosync-qdevice /var/run/
|
ln -s /run/corosync-qdevice /var/run/
|
||||||
%endif
|
%endif
|
||||||
%if %{with_systemd} && 0%{?systemd_post:1}
|
%if %{with_systemd}
|
||||||
%systemd_post corosync-qdevice.service
|
%service_add_post corosync-qdevice.service
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%preun -n corosync-qdevice
|
%preun -n corosync-qdevice
|
||||||
@ -517,11 +523,12 @@ unlink /var/run/corosync-qdevice
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%postun -n corosync-qdevice
|
%postun -n corosync-qdevice
|
||||||
rm /etc/sysconfig/corosync-qdevice
|
if [ -f /etc/sysconfig/corosync-qdevice ]; then
|
||||||
|
rm /etc/sysconfig/corosync-qdevice
|
||||||
|
fi
|
||||||
%if %{with_systemd} && 0%{?systemd_postun:1}
|
%if %{with_systemd} && 0%{?systemd_postun:1}
|
||||||
%systemd_postun
|
%systemd_postun
|
||||||
%endif
|
%endif
|
||||||
#rm /etc/sysconfig/corosync-qdevice
|
|
||||||
|
|
||||||
%files -n corosync-qdevice
|
%files -n corosync-qdevice
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
@ -582,8 +589,8 @@ exit 0
|
|||||||
ln -s /run/corosync-qnetd /var/run/
|
ln -s /run/corosync-qnetd /var/run/
|
||||||
%endif
|
%endif
|
||||||
%{fillup_and_insserv -n corosync-qnetd}
|
%{fillup_and_insserv -n corosync-qnetd}
|
||||||
%if %{with_systemd} && 0%{?systemd_post:1}
|
%if %{with_systemd}
|
||||||
%systemd_post corosync-qnetd.service
|
%service_add_post corosync-qnetd.service
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%preun -n corosync-qnetd
|
%preun -n corosync-qnetd
|
||||||
@ -600,11 +607,12 @@ unlink /var/run/corosync-qnetd
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%postun -n corosync-qnetd
|
%postun -n corosync-qnetd
|
||||||
rm /etc/sysconfig/corosync-qnetd
|
if [ -f /etc/sysconfig/corosync-qnetd ];then
|
||||||
|
rm /etc/sysconfig/corosync-qnetd
|
||||||
|
fi
|
||||||
%if %{with_systemd} && 0%{?systemd_postun:1}
|
%if %{with_systemd} && 0%{?systemd_postun:1}
|
||||||
%systemd_postun
|
%systemd_postun
|
||||||
%endif
|
%endif
|
||||||
#rm /etc/sysconfig/corosync-qnetd
|
|
||||||
|
|
||||||
%files -n corosync-qnetd
|
%files -n corosync-qnetd
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
|
Loading…
Reference in New Issue
Block a user