OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=316
This commit is contained in:
commit
a1fc63cf96
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
21
_service
Normal file
21
_service
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<services>
|
||||||
|
<service name="tar_scm" mode="manual">
|
||||||
|
<param name="url">http://git.haproxy.org/git/haproxy-3.1.git/</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="filename">haproxy</param>
|
||||||
|
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
|
||||||
|
<param name="versionrewrite-pattern">v(.*)</param>
|
||||||
|
<param name="versionrewrite-replacement">\1</param>
|
||||||
|
<param name="revision">v3.1.0</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
|
||||||
|
<service name="recompress" mode="manual">
|
||||||
|
<param name="file">haproxy*.tar</param>
|
||||||
|
<param name="compression">gz</param>
|
||||||
|
</service>
|
||||||
|
|
||||||
|
<service name="set_version" mode="manual">
|
||||||
|
<param name="basename">haproxy</param>
|
||||||
|
</service>
|
||||||
|
</services>
|
6
_servicedata
Normal file
6
_servicedata
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<servicedata>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">http://git.haproxy.org/git/haproxy-3.1.git/</param>
|
||||||
|
<param name="changesrevision">f2b97918e80b2f4df1da751a44fe6e323c6e4b9e</param>
|
||||||
|
</service>
|
||||||
|
</servicedata>
|
22
haproxy-1.6.0-makefile_lib.patch
Normal file
22
haproxy-1.6.0-makefile_lib.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Index: haproxy-3.0/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-3.0.orig/Makefile
|
||||||
|
+++ haproxy-3.0/Makefile
|
||||||
|
@@ -784,7 +784,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0
|
||||||
|
PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local)
|
||||||
|
ifneq ($(PCREDIR),)
|
||||||
|
PCRE_INC := $(PCREDIR)/include
|
||||||
|
- PCRE_LIB := $(PCREDIR)/lib
|
||||||
|
+ PCRE_LIB := $(PCREDIR)/$(LIB)
|
||||||
|
endif
|
||||||
|
|
||||||
|
PCRE_CFLAGS := $(if $(PCRE_INC),-I$(PCRE_INC))
|
||||||
|
@@ -802,7 +802,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2
|
||||||
|
PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local)
|
||||||
|
ifneq ($(PCRE2DIR),)
|
||||||
|
PCRE2_INC := $(PCRE2DIR)/include
|
||||||
|
- PCRE2_LIB := $(PCRE2DIR)/lib
|
||||||
|
+ PCRE2_LIB := $(PCRE2DIR)/$(LIB)
|
||||||
|
|
||||||
|
ifeq ($(PCRE2_WIDTH),)
|
||||||
|
PCRE2_WIDTH = 8
|
46
haproxy-1.6.0-sec-options.patch
Normal file
46
haproxy-1.6.0-sec-options.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
commit 88413472b09e2ecd4ad2b4a00992184c14d5723c
|
||||||
|
Author: Kristoffer Gronlund <kgronlund@suse.com>
|
||||||
|
Date: Mon Jun 17 13:00:08 2019 +0000
|
||||||
|
|
||||||
|
SUSE: Makefile sec options
|
||||||
|
|
||||||
|
Index: haproxy-3.0/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-3.0.orig/Makefile
|
||||||
|
+++ haproxy-3.0/Makefile
|
||||||
|
@@ -887,6 +887,35 @@ ifneq ($(TRACE),)
|
||||||
|
COPTS += -finstrument-functions
|
||||||
|
endif
|
||||||
|
|
||||||
|
+# PIE
|
||||||
|
+ifneq ($(USE_PIE),)
|
||||||
|
+OPTIONS_CFLAGS += -DUSE_PIE
|
||||||
|
+BUILD_OPTIONS += $(call ignore_implicit,USE_PIE)
|
||||||
|
+OPTIONS_LDFLAGS += -pie
|
||||||
|
+# still need to figure out how to express this conditional in the makefile
|
||||||
|
+# %ifarch s390 s390x %sparc
|
||||||
|
+# PIEFLAGS="-fPIE"
|
||||||
|
+# %else
|
||||||
|
+# PIEFLAGS="-fpie"
|
||||||
|
+# %endif
|
||||||
|
+# PIE_FLAGS.s390 = -fPIE
|
||||||
|
+# PIE_FLAGS.i386 = -fpie
|
||||||
|
+# SEC_FLAGS += $(PIE_FLAGS.$(ARCH))
|
||||||
|
+OPTIONS_CFLAGS += -fpie
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
+ifneq ($(USE_STACKPROTECTOR),)
|
||||||
|
+OPTIONS_CFLAGS += -DUSE_STACKPROTECTOR
|
||||||
|
+BUILD_OPTIONS += $(call ignore_implicit,USE_STACKPROTECTOR)
|
||||||
|
+OPTIONS_CFLAGS += -fstack-protector
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
+ifneq ($(USE_RELRO_NOW),)
|
||||||
|
+OPTIONS_CFLAGS += -DUSE_RELRO_NOW
|
||||||
|
+BUILD_OPTIONS += $(call ignore_implicit,USE_RELRO_NOW)
|
||||||
|
+OPTIONS_LDFLAGS += -Wl,-z,relro,-z,now
|
||||||
|
+endif
|
||||||
|
+
|
||||||
|
#### Global link options
|
||||||
|
# These options are added at the end of the "ld" command line. Use LDFLAGS to
|
||||||
|
# add options at the beginning of the "ld" command line if needed.
|
101
haproxy-1.6.0_config_haproxy_user.patch
Normal file
101
haproxy-1.6.0_config_haproxy_user.patch
Normal file
@ -0,0 +1,101 @@
|
|||||||
|
Index: haproxy-2.6/examples/content-sw-sample.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/content-sw-sample.cfg
|
||||||
|
+++ haproxy-2.6/examples/content-sw-sample.cfg
|
||||||
|
@@ -11,9 +11,9 @@ global
|
||||||
|
maxconn 10000
|
||||||
|
stats socket /var/run/haproxy.stat mode 600 level admin
|
||||||
|
log 127.0.0.1 local0
|
||||||
|
- uid 200
|
||||||
|
- gid 200
|
||||||
|
- chroot /var/empty
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
daemon
|
||||||
|
|
||||||
|
# The public 'www' address in the DMZ
|
||||||
|
Index: haproxy-2.6/examples/option-http_proxy.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/option-http_proxy.cfg
|
||||||
|
+++ haproxy-2.6/examples/option-http_proxy.cfg
|
||||||
|
@@ -9,6 +9,9 @@ global
|
||||||
|
uid 200
|
||||||
|
gid 200
|
||||||
|
chroot /var/empty
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
daemon
|
||||||
|
|
||||||
|
frontend test-proxy
|
||||||
|
Index: haproxy-2.6/examples/transparent_proxy.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/transparent_proxy.cfg
|
||||||
|
+++ haproxy-2.6/examples/transparent_proxy.cfg
|
||||||
|
@@ -6,6 +6,10 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
global
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
+
|
||||||
|
defaults
|
||||||
|
timeout client 30s
|
||||||
|
timeout server 30s
|
||||||
|
Index: haproxy-2.6/examples/basic-config-edge.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/basic-config-edge.cfg
|
||||||
|
+++ haproxy-2.6/examples/basic-config-edge.cfg
|
||||||
|
@@ -15,7 +15,7 @@ global
|
||||||
|
zero-warning
|
||||||
|
|
||||||
|
# Security hardening: isolate and drop privileges
|
||||||
|
- chroot /var/empty
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
|
||||||
|
Index: haproxy-2.6/examples/quick-test.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/quick-test.cfg
|
||||||
|
+++ haproxy-2.6/examples/quick-test.cfg
|
||||||
|
@@ -3,6 +3,9 @@
|
||||||
|
|
||||||
|
global
|
||||||
|
strict-limits # refuse to start if insufficient FDs/memory
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
# add some process-wide tuning here if required
|
||||||
|
|
||||||
|
# A stats socket may be added to check live metrics if the load generators
|
||||||
|
Index: haproxy-2.6/examples/socks4.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/socks4.cfg
|
||||||
|
+++ haproxy-2.6/examples/socks4.cfg
|
||||||
|
@@ -2,6 +2,9 @@ global
|
||||||
|
log /dev/log local0
|
||||||
|
log /dev/log local1 notice
|
||||||
|
stats timeout 30s
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
|
||||||
|
defaults
|
||||||
|
log global
|
||||||
|
Index: haproxy-2.6/examples/wurfl-example.cfg
|
||||||
|
===================================================================
|
||||||
|
--- haproxy-2.6.orig/examples/wurfl-example.cfg
|
||||||
|
+++ haproxy-2.6/examples/wurfl-example.cfg
|
||||||
|
@@ -5,6 +5,9 @@
|
||||||
|
#
|
||||||
|
|
||||||
|
global
|
||||||
|
+ user haproxy
|
||||||
|
+ group haproxy
|
||||||
|
+ chroot /var/lib/haproxy
|
||||||
|
|
||||||
|
# The WURFL data file
|
||||||
|
wurfl-data-file /usr/share/wurfl/wurfl.zip
|
3
haproxy-3.0.2+git0.a45a8e623.tar.gz
Normal file
3
haproxy-3.0.2+git0.a45a8e623.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:070870d42c1a76bc925fd0b4541a92a750c5af861014905e57db2b904f465c46
|
||||||
|
size 4822140
|
3
haproxy-3.0.3+git0.95a607c4b.tar.gz
Normal file
3
haproxy-3.0.3+git0.95a607c4b.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:467c8b85b0b4b1b0eeb7f4893621e1717767083156ba49fcd531cbe815e179eb
|
||||||
|
size 4824237
|
BIN
haproxy-3.0.4+git0.7a59afa93.tar.gz
(Stored with Git LFS)
Normal file
BIN
haproxy-3.0.4+git0.7a59afa93.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
haproxy-3.0.6+git0.c2c009086.tar.gz
(Stored with Git LFS)
Normal file
BIN
haproxy-3.0.6+git0.c2c009086.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
3
haproxy-3.1.0+git0.f2b97918e.tar.gz
Normal file
3
haproxy-3.1.0+git0.f2b97918e.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:c19bd74bcea4f4f6c7e1bcf16e5a7e4342ebcfabe23852ebd147c41c46c94408
|
||||||
|
size 5036386
|
2
haproxy-rpmlintrc
Normal file
2
haproxy-rpmlintrc
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
addFilter('wrong-file-end-of-line-encoding .*/examples/errorfiles/.*\.http$')
|
||||||
|
addFilter('file-contains-current-date /usr/share/doc/packages/haproxy/examples/haproxy.spec')
|
11
haproxy-service.patch
Normal file
11
haproxy-service.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100
|
||||||
|
+++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
[Service]
|
||||||
|
EnvironmentFile=-/etc/default/haproxy
|
||||||
|
EnvironmentFile=-/etc/sysconfig/haproxy
|
||||||
|
-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
|
||||||
|
+Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
|
||||||
|
ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
|
||||||
|
ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
|
||||||
|
ExecReload=/bin/kill -USR2 $MAINPID
|
1
haproxy-tmpfiles.conf
Normal file
1
haproxy-tmpfiles.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
D /run/haproxy 0750 root haproxy
|
3
haproxy-user.conf
Normal file
3
haproxy-user.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Type Name ID GECOS [HOME]
|
||||||
|
u haproxy - "User for haproxy" /var/lib/haproxy
|
||||||
|
|
34
haproxy.cfg
Normal file
34
haproxy.cfg
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
global
|
||||||
|
log /dev/log daemon
|
||||||
|
maxconn 32768
|
||||||
|
chroot /var/lib/haproxy
|
||||||
|
user haproxy
|
||||||
|
group haproxy
|
||||||
|
daemon
|
||||||
|
stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
|
||||||
|
tune.bufsize 32768
|
||||||
|
tune.ssl.default-dh-param 2048
|
||||||
|
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||||
|
|
||||||
|
defaults
|
||||||
|
log global
|
||||||
|
mode http
|
||||||
|
option log-health-checks
|
||||||
|
option log-separate-errors
|
||||||
|
option dontlog-normal
|
||||||
|
option dontlognull
|
||||||
|
option httplog
|
||||||
|
option socket-stats
|
||||||
|
retries 3
|
||||||
|
option redispatch
|
||||||
|
maxconn 10000
|
||||||
|
timeout connect 5s
|
||||||
|
timeout client 50s
|
||||||
|
timeout server 450s
|
||||||
|
|
||||||
|
listen stats
|
||||||
|
bind 0.0.0.0:80
|
||||||
|
bind :::80 v6only
|
||||||
|
stats enable
|
||||||
|
stats uri /
|
||||||
|
stats refresh 5s
|
7575
haproxy.changes
Normal file
7575
haproxy.changes
Normal file
File diff suppressed because it is too large
Load Diff
247
haproxy.init
Normal file
247
haproxy.init
Normal file
@ -0,0 +1,247 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: haproxy
|
||||||
|
# Required-Start: $syslog $remote_fs
|
||||||
|
# Should-Start: $time ypbind sendmail
|
||||||
|
# Required-Stop: $syslog $remote_fs
|
||||||
|
# Should-Stop: $time ypbind sendmail
|
||||||
|
# Default-Start: 3 5
|
||||||
|
# Default-Stop: 0 1 2 6
|
||||||
|
# Short-Description: haproxy
|
||||||
|
# Description: Start haproxy a reliable, high performance TCP/HTTP load balancer
|
||||||
|
### END INIT INFO
|
||||||
|
#
|
||||||
|
# Any extensions to the keywords given above should be preceeded by
|
||||||
|
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
|
||||||
|
#
|
||||||
|
# Notes on Required-Start/Should-Start:
|
||||||
|
# * There are two different issues that are solved by Required-Start
|
||||||
|
# and Should-Start
|
||||||
|
# (a) Hard dependencies: This is used by the runlevel editor to determine
|
||||||
|
# which services absolutely need to be started to make the start of
|
||||||
|
# this service make sense. Example: nfsserver should have
|
||||||
|
# Required-Start: $portmap
|
||||||
|
# Also, required services are started before the dependent ones.
|
||||||
|
# The runlevel editor will warn about such missing hard dependencies
|
||||||
|
# and suggest enabling. During system startup, you may expect an error,
|
||||||
|
# if the dependency is not fulfilled.
|
||||||
|
# (b) Specifying the init script ordering, not real (hard) dependencies.
|
||||||
|
# This is needed by insserv to determine which service should be
|
||||||
|
# started first (and at a later stage what services can be started
|
||||||
|
# in parallel). The tag Should-Start: is used for this.
|
||||||
|
# It tells, that if a service is available, it should be started
|
||||||
|
# before. If not, never mind.
|
||||||
|
# * When specifying hard dependencies or ordering requirements, you can
|
||||||
|
# use names of services (contents of their Provides: section)
|
||||||
|
# or pseudo names starting with a $. The following ones are available
|
||||||
|
# according to LSB (1.1):
|
||||||
|
# $local_fs all local file systems are mounted
|
||||||
|
# (most services should need this!)
|
||||||
|
# $remote_fs all remote file systems are mounted
|
||||||
|
# (note that /usr may be remote, so
|
||||||
|
# many services should Require this!)
|
||||||
|
# $syslog system logging facility up
|
||||||
|
# $network low level networking (eth card, ...)
|
||||||
|
# $named hostname resolution available
|
||||||
|
# $netdaemons all network daemons are running
|
||||||
|
# The $netdaemons pseudo service has been removed in LSB 1.2.
|
||||||
|
# For now, we still offer it for backward compatibility.
|
||||||
|
# These are new (LSB 1.2):
|
||||||
|
# $time the system time has been set correctly
|
||||||
|
# $portmap SunRPC portmapping service available
|
||||||
|
# UnitedLinux extensions:
|
||||||
|
# $ALL indicates that a script should be inserted
|
||||||
|
# at the end
|
||||||
|
# * The services specified in the stop tags
|
||||||
|
# (Required-Stop/Should-Stop)
|
||||||
|
# specify which services need to be still running when this service
|
||||||
|
# is shut down. Often the entries there are just copies or a subset
|
||||||
|
# from the respective start tag.
|
||||||
|
# * Should-Start/Stop are now part of LSB as of 2.0,
|
||||||
|
# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
|
||||||
|
# insserv does support both variants.
|
||||||
|
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
|
||||||
|
# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
|
||||||
|
# a startup script should default to be enabled after installation.
|
||||||
|
# It's not used by insserv.
|
||||||
|
#
|
||||||
|
# Note on runlevels:
|
||||||
|
# 0 - halt/poweroff 6 - reboot
|
||||||
|
# 1 - single user 2 - multiuser without network exported
|
||||||
|
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
|
||||||
|
#
|
||||||
|
# Note on script names:
|
||||||
|
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
|
||||||
|
# A registry has been set up to manage the init script namespace.
|
||||||
|
# http://www.lanana.org/
|
||||||
|
# Please use the names already registered or register one or use a
|
||||||
|
# vendor prefix.
|
||||||
|
|
||||||
|
|
||||||
|
# Check for missing binaries (stale symlinks should not happen)
|
||||||
|
# Note: Special treatment of stop for LSB conformance
|
||||||
|
HAPROXY_BIN=/usr/sbin/haproxy
|
||||||
|
test -x $HAPROXY_BIN || { echo "$HAPROXY_BIN not installed";
|
||||||
|
if [ "$1" = "stop" ]; then exit 0;
|
||||||
|
else exit 5; fi; }
|
||||||
|
HAPROXY_PID="/var/run/haproxy.pid"
|
||||||
|
HAPROXY_CONF="/etc/haproxy/haproxy.cfg"
|
||||||
|
## Check for existence of needed config file and read it
|
||||||
|
#HAPROXY_CONFIG=/etc/sysconfig/haproxy
|
||||||
|
#test -r $HAPROXY_CONFIG || { echo "$HAPROXY_CONFIG not existing";
|
||||||
|
# if [ "$1" = "stop" ]; then exit 0;
|
||||||
|
# else exit 6; fi; }
|
||||||
|
#
|
||||||
|
## Read config
|
||||||
|
#. $HAPROXY_CONFIG
|
||||||
|
|
||||||
|
# Source LSB init functions
|
||||||
|
# providing start_daemon, killproc, pidofproc,
|
||||||
|
# log_success_msg, log_failure_msg and log_warning_msg.
|
||||||
|
# This is currently not used by UnitedLinux based distributions and
|
||||||
|
# not needed for init scripts for UnitedLinux only. If it is used,
|
||||||
|
# the functions from rc.status should not be sourced or used.
|
||||||
|
#. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
# Shell functions sourced from /etc/rc.status:
|
||||||
|
# rc_check check and set local and overall rc status
|
||||||
|
# rc_status check and set local and overall rc status
|
||||||
|
# rc_status -v be verbose in local rc status and clear it afterwards
|
||||||
|
# rc_status -v -r ditto and clear both the local and overall rc status
|
||||||
|
# rc_status -s display "skipped" and exit with status 3
|
||||||
|
# rc_status -u display "unused" and exit with status 3
|
||||||
|
# rc_failed set local and overall rc status to failed
|
||||||
|
# rc_failed <num> set local and overall rc status to <num>
|
||||||
|
# rc_reset clear both the local and overall rc status
|
||||||
|
# rc_exit exit appropriate to overall rc status
|
||||||
|
# rc_active checks whether a service is activated by symlinks
|
||||||
|
. /etc/rc.status
|
||||||
|
|
||||||
|
# Reset status of this service
|
||||||
|
rc_reset
|
||||||
|
|
||||||
|
# Return values acc. to LSB for all commands but status:
|
||||||
|
# 0 - success
|
||||||
|
# 1 - generic or unspecified error
|
||||||
|
# 2 - invalid or excess argument(s)
|
||||||
|
# 3 - unimplemented feature (e.g. "reload")
|
||||||
|
# 4 - user had insufficient privileges
|
||||||
|
# 5 - program is not installed
|
||||||
|
# 6 - program is not configured
|
||||||
|
# 7 - program is not running
|
||||||
|
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
|
||||||
|
#
|
||||||
|
# Note that starting an already running service, stopping
|
||||||
|
# or restarting a not-running service as well as the restart
|
||||||
|
# with force-reload (in case signaling is not supported) are
|
||||||
|
# considered a success.
|
||||||
|
|
||||||
|
function haproxy_check() {
|
||||||
|
HAPROXY_CONFIG_CHECK="$($HAPROXY_BIN -c -q -f $HAPROXY_CONF 2>&1)"
|
||||||
|
if [ $? -ne 0 ] ; then
|
||||||
|
echo "" >&2
|
||||||
|
echo "$HAPROXY_CONFIG_CHECK" >&2
|
||||||
|
rc_failed
|
||||||
|
rc_status -v
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
echo -n "Starting haproxy "
|
||||||
|
## Start daemon with startproc(8). If this fails
|
||||||
|
## the return value is set appropriately by startproc.
|
||||||
|
haproxy_check
|
||||||
|
/sbin/startproc $HAPROXY_BIN -D -f $HAPROXY_CONF -p $HAPROXY_PID
|
||||||
|
# Remember status and be verbose
|
||||||
|
rc_status -v
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
echo -n "Shutting down haproxy "
|
||||||
|
## Stop daemon with killproc(8) and if this fails
|
||||||
|
## killproc sets the return value according to LSB.
|
||||||
|
|
||||||
|
/sbin/killproc -TERM $HAPROXY_BIN
|
||||||
|
|
||||||
|
# Remember status and be verbose
|
||||||
|
rc_status -v
|
||||||
|
;;
|
||||||
|
try-restart|condrestart)
|
||||||
|
## Do a restart only if the service was active before.
|
||||||
|
## Note: try-restart is now part of LSB (as of 1.9).
|
||||||
|
## RH has a similar command named condrestart.
|
||||||
|
if test "$1" = "condrestart"; then
|
||||||
|
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
|
||||||
|
fi
|
||||||
|
$0 status
|
||||||
|
if test $? = 0; then
|
||||||
|
# we us reload here for a graceful restart during update
|
||||||
|
$0 reload
|
||||||
|
else
|
||||||
|
rc_reset # Not running is not a failure.
|
||||||
|
fi
|
||||||
|
# Remember status and be quiet
|
||||||
|
rc_status
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
## Stop the service and regardless of whether it was
|
||||||
|
## running or not, start it again.
|
||||||
|
haproxy_check
|
||||||
|
$0 stop
|
||||||
|
$0 start
|
||||||
|
|
||||||
|
# Remember status and be quiet
|
||||||
|
rc_status
|
||||||
|
;;
|
||||||
|
check)
|
||||||
|
## Stop the service and regardless of whether it was
|
||||||
|
## running or not, start it again.
|
||||||
|
echo -n "Checking config of haproxy "
|
||||||
|
haproxy_check
|
||||||
|
rc_status -v
|
||||||
|
;;
|
||||||
|
reload|force-reload)
|
||||||
|
## Like force-reload, but if daemon does not support
|
||||||
|
## signaling, do nothing (!)
|
||||||
|
haproxy_check
|
||||||
|
# If it supports signaling:
|
||||||
|
echo -n "Reload service haproxy "
|
||||||
|
$HAPROXY_BIN -p $HAPROXY_PID -D -f $HAPROXY_CONF -sf $(cat $HAPROXY_PID)
|
||||||
|
rc_status -v
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
echo -n "Checking for service haproxy "
|
||||||
|
## Check status with checkproc(8), if process is running
|
||||||
|
## checkproc will return with exit status 0.
|
||||||
|
|
||||||
|
# Return value is slightly different for the status command:
|
||||||
|
# 0 - service up and running
|
||||||
|
# 1 - service dead, but /var/run/ pid file exists
|
||||||
|
# 2 - service dead, but /var/lock/ lock file exists
|
||||||
|
# 3 - service not running (unused)
|
||||||
|
# 4 - service status unknown :-(
|
||||||
|
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
||||||
|
|
||||||
|
# NOTE: checkproc returns LSB compliant status values.
|
||||||
|
/sbin/checkproc -p $HAPROXY_PID $HAPROXY_BIN
|
||||||
|
# NOTE: rc_status knows that we called this init script with
|
||||||
|
# "status" option and adapts its messages accordingly.
|
||||||
|
rc_status -v
|
||||||
|
;;
|
||||||
|
probe)
|
||||||
|
## Optional: Probe for the necessity of a reload, print out the
|
||||||
|
## argument to this init script which is required for a reload.
|
||||||
|
## Note: probe is not (yet) part of LSB (as of 1.9)
|
||||||
|
|
||||||
|
test $HAPROXY_CONF -nt $HAPROXY_PID && echo reload
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
rc_exit
|
308
haproxy.spec
Normal file
308
haproxy.spec
Normal file
@ -0,0 +1,308 @@
|
|||||||
|
#
|
||||||
|
# spec file for package haproxy
|
||||||
|
#
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
|
||||||
|
%bcond_with quic
|
||||||
|
%if 0%{?suse_version} >= 1230
|
||||||
|
%bcond_without tcp_fast_open
|
||||||
|
%bcond_without network_namespace
|
||||||
|
%else
|
||||||
|
%bcond_with tcp_fast_open
|
||||||
|
%bcond_with network_namespace
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?suse_version} > 1320
|
||||||
|
%bcond_without lua
|
||||||
|
%else
|
||||||
|
%bcond_with lua
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?suse_version} >= 1310
|
||||||
|
%bcond_without systemd
|
||||||
|
%else
|
||||||
|
%bcond_with systemd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%bcond_without pcre2_jit
|
||||||
|
|
||||||
|
%bcond_without apparmor
|
||||||
|
%if 0%{?suse_version} > 1320
|
||||||
|
%bcond_without apparmor_reload
|
||||||
|
%else
|
||||||
|
%bcond_with apparmor_reload
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?suse_version} >= 1500
|
||||||
|
%bcond_without sysusers
|
||||||
|
%bcond_without tmpfiles
|
||||||
|
%else
|
||||||
|
%bcond_with sysusers
|
||||||
|
%bcond_with tmpfiles
|
||||||
|
%endif
|
||||||
|
|
||||||
|
Name: haproxy
|
||||||
|
Version: 3.1.0+git0.f2b97918e
|
||||||
|
Release: 0
|
||||||
|
#
|
||||||
|
#
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
%if %{with apparmor}
|
||||||
|
%if 0%{?suse_version} <= 1315
|
||||||
|
BuildRequires: apparmor-profiles
|
||||||
|
Recommends: apparmor-profiles
|
||||||
|
%else
|
||||||
|
BuildRequires: apparmor-abstractions
|
||||||
|
Recommends: apparmor-abstractions
|
||||||
|
%endif
|
||||||
|
%if %{with apparmor_reload}
|
||||||
|
BuildRequires: apparmor-rpm-macros
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
BuildRequires: libgcrypt-devel
|
||||||
|
%if %{with lua}
|
||||||
|
BuildRequires: lua-devel >= 5.3
|
||||||
|
%endif
|
||||||
|
BuildRequires: pcre2-devel
|
||||||
|
BuildRequires: zlib-devel
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
BuildRequires: pkg-config
|
||||||
|
%if %{with systemd}
|
||||||
|
BuildRequires: pkgconfig(systemd)
|
||||||
|
BuildRequires: pkgconfig(libsystemd)
|
||||||
|
%if %{with sysusers}
|
||||||
|
BuildRequires: sysuser-shadow
|
||||||
|
BuildRequires: sysuser-tools
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
BuildRequires: vim
|
||||||
|
%define pkg_name haproxy
|
||||||
|
%define pkg_home /var/lib/%{pkg_name}
|
||||||
|
#
|
||||||
|
Url: http://www.haproxy.org/
|
||||||
|
# source URL in _service file
|
||||||
|
Source: haproxy-%{version}.tar.gz
|
||||||
|
Source1: %{pkg_name}.init
|
||||||
|
Source2: usr.sbin.haproxy.apparmor
|
||||||
|
Source3: local.usr.sbin.haproxy.apparmor
|
||||||
|
Source4: haproxy.cfg
|
||||||
|
Source5: haproxy-user.conf
|
||||||
|
Source6: haproxy-tmpfiles.conf
|
||||||
|
Patch1: haproxy-1.6.0_config_haproxy_user.patch
|
||||||
|
Patch2: haproxy-1.6.0-makefile_lib.patch
|
||||||
|
Patch3: haproxy-1.6.0-sec-options.patch
|
||||||
|
Patch4: haproxy-service.patch
|
||||||
|
#
|
||||||
|
Source98: series
|
||||||
|
Source99: haproxy-rpmlintrc
|
||||||
|
#
|
||||||
|
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||||
|
License: GPL-3.0+ and LGPL-2.1+
|
||||||
|
Group: Productivity/Networking/Web/Proxy
|
||||||
|
Provides: %{name}-doc = %{version}
|
||||||
|
Obsoletes: %{name}-doc < %{version}
|
||||||
|
Provides: haproxy-1.5 = %{version}
|
||||||
|
Obsoletes: haproxy-1.5 < %{version}
|
||||||
|
%if %{with systemd}
|
||||||
|
%{?systemd_ordering}
|
||||||
|
%if %{with sysusers}
|
||||||
|
%sysusers_requires
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
|
||||||
|
|
||||||
|
%description
|
||||||
|
HAProxy implements an event-driven, mono-process model which enables support
|
||||||
|
for very high number of simultaneous connections at very high speeds.
|
||||||
|
Multi-process or multi-threaded models can rarely cope with thousands of
|
||||||
|
connections because of memory limits, system scheduler limits, and lock
|
||||||
|
contention everywhere. Event-driven models do not have these problems because
|
||||||
|
implementing all the tasks in user-space allows a finer resource and time
|
||||||
|
management. The down side is that those programs generally don't scale well on
|
||||||
|
multi-processor systems. That's the reason why they must be optimized to get
|
||||||
|
the most work done from every CPU cycle.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
make %{?_smp_mflags} \
|
||||||
|
TARGET=linux-glibc \
|
||||||
|
CPU="%{_target_cpu}" \
|
||||||
|
USE_PCRE2=1 \
|
||||||
|
%if %{with pcre2_jit}
|
||||||
|
USE_PCRE2_JIT=1 \
|
||||||
|
%endif
|
||||||
|
%ifarch %ix86
|
||||||
|
USE_REGPARM=1 \
|
||||||
|
%endif
|
||||||
|
USE_GETADDRINFO=1 \
|
||||||
|
USE_OPENSSL=1 \
|
||||||
|
%if %{with lua}
|
||||||
|
USE_LUA=1 \
|
||||||
|
%endif
|
||||||
|
USE_ZLIB=1 \
|
||||||
|
%if %{with tcp_fast_open}
|
||||||
|
USE_TFO=1 \
|
||||||
|
%endif
|
||||||
|
%if %{with network_namespace}
|
||||||
|
USE_NS=1 \
|
||||||
|
%endif
|
||||||
|
%if %{with systemd}
|
||||||
|
USE_SYSTEMD=1 \
|
||||||
|
%endif
|
||||||
|
USE_PIE=1 \
|
||||||
|
USE_STACKPROTECTOR=1 \
|
||||||
|
USE_RELRO_NOW=1 \
|
||||||
|
LIB="%{_lib}" \
|
||||||
|
PREFIX="%{_prefix}" \
|
||||||
|
USE_PROMEX=1 \
|
||||||
|
%if %{with quic}
|
||||||
|
USE_QUIC=1 \
|
||||||
|
%endif
|
||||||
|
%if %{with opentracing}
|
||||||
|
USE_OT=1 \
|
||||||
|
%endif
|
||||||
|
%if %{with memory_profiling}
|
||||||
|
USE_MEMORY_PROFILING=1 \
|
||||||
|
%endif
|
||||||
|
DEBUG_CFLAGS="%{optflags}" V=1
|
||||||
|
%if %{with systemd}
|
||||||
|
make -C admin/systemd PREFIX="%{_prefix}"
|
||||||
|
%if %{with sysusers}
|
||||||
|
%sysusers_generate_pre %{SOURCE5} haproxy haproxy-user.conf
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
make admin/halog/halog DEBUG_CFLAGS="%{optflags}" V=1
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
|
||||||
|
install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/
|
||||||
|
install -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
|
||||||
|
|
||||||
|
install -D -m 0755 admin/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
|
||||||
|
|
||||||
|
%if %{with systemd}
|
||||||
|
install -D -m 0644 admin/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
|
||||||
|
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||||
|
%if %{with sysusers}
|
||||||
|
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
|
||||||
|
%endif
|
||||||
|
%if %{with tmpfiles}
|
||||||
|
install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||||
|
%endif
|
||||||
|
%else
|
||||||
|
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
|
||||||
|
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
|
||||||
|
%endif
|
||||||
|
|
||||||
|
install -d -m 0750 %{buildroot}%{pkg_home}
|
||||||
|
install -D -m 0644 admin/syntax-highlight/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
|
||||||
|
install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
|
||||||
|
%if %{with apparmor}
|
||||||
|
install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
|
||||||
|
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/haproxy
|
||||||
|
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
|
||||||
|
%endif
|
||||||
|
|
||||||
|
rm examples/*init*
|
||||||
|
|
||||||
|
|
||||||
|
%if %{with systemd}
|
||||||
|
%if %{with sysusers}
|
||||||
|
%pre -f haproxy.pre
|
||||||
|
%else
|
||||||
|
%pre
|
||||||
|
%endif
|
||||||
|
%service_add_pre %{pkg_name}.service
|
||||||
|
|
||||||
|
%post
|
||||||
|
%if %{with apparmor} && %{with apparmor_reload}
|
||||||
|
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
|
||||||
|
%endif
|
||||||
|
%if %{with systemd}
|
||||||
|
%if %{with tmpfiles}
|
||||||
|
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%service_add_post %{pkg_name}.service
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%service_del_preun %{pkg_name}.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%service_del_postun %{pkg_name}.service
|
||||||
|
|
||||||
|
%else
|
||||||
|
|
||||||
|
%pre
|
||||||
|
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
|
||||||
|
getent passwd %{pkg_name} >/dev/null || \
|
||||||
|
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
|
||||||
|
-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
|
||||||
|
|
||||||
|
%post
|
||||||
|
%fillup_and_insserv %{pkg_name}
|
||||||
|
%if %{with apparmor} && %{with apparmor_reload}
|
||||||
|
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%stop_on_removal %{pkg_name}
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%restart_on_update %{pkg_name}
|
||||||
|
%{insserv_cleanup}
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
%license LICENSE
|
||||||
|
%doc CHANGELOG README.md
|
||||||
|
%doc doc/* examples/
|
||||||
|
%doc admin/netsnmp-perl/ admin/selinux/
|
||||||
|
%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
|
||||||
|
%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
|
||||||
|
%if %{with systemd}
|
||||||
|
%{_unitdir}/%{pkg_name}.service
|
||||||
|
%if %{with sysusers}
|
||||||
|
%{_sysusersdir}/haproxy-user.conf
|
||||||
|
%endif
|
||||||
|
%if %{with tmpfiles}
|
||||||
|
%{_tmpfilesdir}/%{name}.conf
|
||||||
|
%dir %ghost %{_rundir}/%{name}
|
||||||
|
%endif
|
||||||
|
%else
|
||||||
|
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
|
||||||
|
%endif
|
||||||
|
%{_sbindir}/haproxy
|
||||||
|
%{_sbindir}/haproxy-halog
|
||||||
|
%{_sbindir}/rchaproxy
|
||||||
|
%dir %attr(-,root,haproxy) %{pkg_home}
|
||||||
|
%{_mandir}/man1/%{pkg_name}.1.gz
|
||||||
|
%dir %{_datadir}/vim
|
||||||
|
%dir %{vim_data_dir}
|
||||||
|
%dir %{vim_data_dir}/syntax
|
||||||
|
%{vim_data_dir}/syntax/%{pkg_name}.vim
|
||||||
|
%if %{with apparmor}
|
||||||
|
%if 0%{?suse_version} == 1110
|
||||||
|
%dir /etc/apparmor.d/local/
|
||||||
|
%endif
|
||||||
|
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
|
||||||
|
%config(noreplace) %ghost /etc/apparmor.d/local/haproxy
|
||||||
|
%config(noreplace) %ghost /etc/apparmor.d/local/usr.sbin.haproxy
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
1
local.usr.sbin.haproxy.apparmor
Normal file
1
local.usr.sbin.haproxy.apparmor
Normal file
@ -0,0 +1 @@
|
|||||||
|
# Site-specific additions and overrides for usr.sbin.haproxy.apparmor
|
4
series
Normal file
4
series
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
haproxy-1.6.0_config_haproxy_user.patch
|
||||||
|
haproxy-1.6.0-makefile_lib.patch
|
||||||
|
haproxy-1.6.0-sec-options.patch
|
||||||
|
haproxy-service.patch
|
59
usr.sbin.haproxy.apparmor
Normal file
59
usr.sbin.haproxy.apparmor
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
#include <tunables/global>
|
||||||
|
|
||||||
|
profile haproxy /usr/sbin/haproxy {
|
||||||
|
#include <abstractions/base>
|
||||||
|
#include <abstractions/openssl>
|
||||||
|
#include <abstractions/ssl_certs>
|
||||||
|
#include <abstractions/ssl_keys>
|
||||||
|
#include <abstractions/nameservice>
|
||||||
|
capability net_bind_service,
|
||||||
|
capability setgid,
|
||||||
|
capability setuid,
|
||||||
|
capability kill,
|
||||||
|
capability sys_resource,
|
||||||
|
capability sys_chroot,
|
||||||
|
capability net_admin,
|
||||||
|
|
||||||
|
# those are needed for the stats socket creation
|
||||||
|
capability chown,
|
||||||
|
capability fowner,
|
||||||
|
capability fsetid,
|
||||||
|
|
||||||
|
network inet,
|
||||||
|
network inet6,
|
||||||
|
|
||||||
|
/etc/haproxy/* r,
|
||||||
|
|
||||||
|
/usr/sbin/haproxy rmix,
|
||||||
|
|
||||||
|
/dev/shm/haproxy_startup_logs_* rwlk,
|
||||||
|
|
||||||
|
# old stats socket location, for compatibility
|
||||||
|
/var/lib/haproxy/stats rwl,
|
||||||
|
/var/lib/haproxy/stats.*.bak rwl,
|
||||||
|
/var/lib/haproxy/stats.*.tmp rwl,
|
||||||
|
# new stats socket location
|
||||||
|
/run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
|
||||||
|
|
||||||
|
/{,var/}run/haproxy/pid rw,
|
||||||
|
/{,var/}run/haproxy/master.sock* rwlk,
|
||||||
|
|
||||||
|
# This is for the additional debug output in haproxy >= 2.9
|
||||||
|
# can be accessed with "p post_mortem" in gdb
|
||||||
|
/sys/devices/system/node/ r,
|
||||||
|
/sys/devices/system/node/*/cpumap r,
|
||||||
|
/sys/devices/system/cpu/online r,
|
||||||
|
/sys/class/dmi/id/sys_vendor r,
|
||||||
|
/sys/class/dmi/id/product_family r,
|
||||||
|
/sys/class/dmi/id/product_name r,
|
||||||
|
/sys/class/dmi/id/board_vendor r,
|
||||||
|
/sys/firmware/devicetree/base/model r,
|
||||||
|
/sys/class/dmi/id/board_name r,
|
||||||
|
/proc/2/status r,
|
||||||
|
/proc/cpuinfo r,
|
||||||
|
# end of debug.c files
|
||||||
|
|
||||||
|
# Site-specific additions and overrides. See local/README for details.
|
||||||
|
#include if exists <local/haproxy>
|
||||||
|
#include if exists <local/usr.sbin.haproxy>
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user