Accepting request 89351 from network:ha-clustering:Factory

Add csync2-rm-ssl-cert script, remove explicit lib requires (without the latter, csync2 doesn't run/install presumably due to lib version mismatch) OBS-URL: https://build.opensuse.org/request/show/89351 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/csync2?expand=0&rev=6
2011-10-26 13:22:17 +00:00 · 2011-10-26 13:22:17 +00:00 · ce7ce5913e
commit ce7ce5913e
parent a8d2769fe0
4 changed files with 74 additions and 14 deletions
--- a/csync2-README.quickstart
+++ b/csync2-README.quickstart
@ -29,6 +29,13 @@ can replace them with your own if you like. The files are :
  /etc/csync2/csync2_ssl_key.pem
  /etc/csync2/csync2_ssl_cert.pem

+Note that the common name (CN) in each node's SSL certificate must be the
+same, or the SSL connection will fail.  If you ever replace a node, and its
+SSL key changes, existing nodes will still have a cached copy of the old key,
+and the connection will fail.  To remove the old key from an existing node's
+cache, run the following command on each existing node:
+  csync2-rm-ssl-cert <replaced-hostname>
+
 The csync2 service is disabled by default. To start it on both your hosts :
  chkconfig csync2 on
  chkconfig --level 345 xinetd on
--- a/45
+++ b/45
@ -0,0 +1,45 @@
+#!/bin/bash
+
+if [ $# -eq 0 -o "$1" = "-h" ]; then
+	cat <<END
+
+Remove a peer's SSL certificate from csync2's local database.  Use this after
+replacing a peer node (or regenerating its SSL certificate).
+
+Usage: $0 [-h] <hostname>
+
+Options:
+    -h          Display this usage information
+
+END
+	exit 0
+fi
+
+DBFILE=/var/lib/csync2/$(hostname).db
+if [ ! -f "$DBFILE" ]; then
+	echo "Local csync2 database ($DBFILE) not found."
+	exit 1
+fi
+
+# Strip double and single quotes from hostname so they can't interfere with the SQL
+PEERNAME=$(echo $1 | sed -e "s/['\"]//g")
+
+certcount()
+{
+	echo "SELECT COUNT(peername) FROM x509_cert WHERE peername='$1';" | sqlite $DBFILE
+}
+
+if [ $(certcount "$PEERNAME") -eq 0 ]; then
+	echo "Certificate for '$PEERNAME' not in local database."
+	exit 0
+fi
+
+echo "DELETE FROM x509_cert WHERE peername='$PEERNAME';" | sqlite $DBFILE
+
+if [ $(certcount "$PEERNAME") -ne 0 ]; then
+	echo "Error removing certificate for '$PEERNAME' from local database."
+	exit 1
+fi
+
+echo "Certificate for '$PEERNAME' removed from local database."
+
--- a/csync2.changes
+++ b/csync2.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Oct 26 09:19:16 UTC 2011 - tserong@suse.com
+
+- Remove explicit lib dependencies from spec file
+
+-------------------------------------------------------------------
+Tue Sep 20 12:41:40 UTC 2011 - tserong@suse.com
+
+- Add csync2-rm-ssl-cert helper script (bnc#709811)
+
+-------------------------------------------------------------------
+Sun Sep 18 00:06:31 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant tags/sections from specfile
+
 -------------------------------------------------------------------
 Tue Jun  8 00:59:40 UTC 2010 - tserong@novell.com

--- a/csync2.spec
+++ b/csync2.spec
@ -1,7 +1,7 @@
 #
-# spec file for package csync2 (Version 1.34)
+# spec file for package csync2
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,12 +20,13 @@ Summary:        Cluster synchronization tool

 Name:           csync2
 Version:        1.34
-Release:        1
+Release:        2
 Group:          Productivity/Clustering/HA
 License:        GPLv2+ ; LGPLv2.1+
 Url:            http://oss.linbit.com/csync2/
 Source0:        http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz
 Source1:        csync2-README.quickstart
+Source2:        csync2-rm-ssl-cert
 Patch0:         csync2-fix-xinetd.patch
 Patch1:         fix-missing-sentinels.diff
 %if 0%{?suse_version} > 1120
@ -34,7 +35,7 @@ BuildRequires:  pkg-config
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires(post): openssl 
-Requires:       xinetd libgnutls26 libgnutls-extra26 gnutls sqlite2 librsync libtasn1-3
+Requires:       xinetd gnutls sqlite2 
 BuildRequires:  bison flex libgnutls-devel libgnutls-extra-devel librsync libtasn1-devel sqlite2-devel

 %description
@ -44,12 +45,6 @@ setups with much more than just 2 hosts, handle file deletions and can
 detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs
 and server farms.

-
-
-Authors:
--------
-    Clifford Wolf <clifford@clifford.at>
-
 %prep
 %setup -q
 %patch0 -p1 -b .fix-xinetd
@ -64,17 +59,14 @@ install -p -m 644 %{SOURCE1} README.quickstart
 make %{?_smp_mflags}

 %install
-rm -rf %{buildroot}
 make install DESTDIR=%{buildroot}
 mkdir -p %{buildroot}%{_var}/lib/csync2
 install -p -D -m 644 csync2.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/csync2
+install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert
 # We need these empty files to be able to %%ghost them
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem
 touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem

-%clean
-rm -rf %{buildroot}
-
 %post
 umask 077
 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then
@ -112,6 +104,7 @@ fi
 %ghost %config %{_sysconfdir}/csync2/csync2_ssl_cert.pem
 %{_sbindir}/csync2
 %{_sbindir}/csync2-compare
+%{_sbindir}/csync2-rm-ssl-cert
 %{_mandir}/man1/csync2.1*
 %dir %{_var}/lib/csync2/