Accepting request 1144067 from home:crameleon:branches:server:http

- Set /run/haproxy as the default PID file and socket location (more canonical location for transient files) - Allow custom stats socket names (allows users to define multiple sockets with different access levels as /run/haproxy/stats-*.sock) OBS-URL: https://build.opensuse.org/request/show/1144067 OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=299
2024-02-16 09:26:49 +00:00 · 2024-02-16 09:26:49 +00:00 · deb5095fcd
commit deb5095fcd
parent b4a7079e8d
6 changed files with 43 additions and 5 deletions
--- a/haproxy-service.patch
+++ b/haproxy-service.patch
@ -0,0 +1,11 @@
+--- a/admin/systemd/haproxy.service.in	2024-01-18 15:32:19.000000000 +0100
+++ b/admin/systemd/haproxy.service.in	2024-02-04 23:58:30.873980359 +0100
+@@ -6,7 +6,7 @@
+ [Service]
+ EnvironmentFile=-/etc/default/haproxy
+ EnvironmentFile=-/etc/sysconfig/haproxy
+-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
+Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
+ ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
+ ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
+ ExecReload=/bin/kill -USR2 $MAINPID
--- a/haproxy-tmpfiles.conf
+++ b/haproxy-tmpfiles.conf
@ -0,0 +1 @@
+D /run/haproxy 0750 root haproxy
--- a/haproxy.cfg
+++ b/haproxy.cfg
@ -5,7 +5,7 @@ global
  user haproxy
  group haproxy
  daemon
-  stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
+  stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
  tune.bufsize 32768
  tune.ssl.default-dh-param 2048
  ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun Feb  4 22:52:43 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
+
+- Set /run/haproxy as the default PID file and socket location
+- Allow custom stats socket names
+
 -------------------------------------------------------------------
 Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com

--- a/haproxy.spec
+++ b/haproxy.spec
@ -1,7 +1,7 @@
 #
 # spec file for package haproxy
 #
-# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/

 %bcond_with quic
 %if 0%{?suse_version} >= 1230
@ -46,8 +46,10 @@

 %if 0%{?suse_version} >= 1500
 %bcond_without sysusers
+%bcond_without tmpfiles
 %else
 %bcond_with sysusers
+%bcond_with tmpfiles
 %endif

 Name:           haproxy
@ -96,9 +98,11 @@ Source2:        usr.sbin.haproxy.apparmor
 Source3:        local.usr.sbin.haproxy.apparmor
 Source4:        haproxy.cfg
 Source5:        haproxy-user.conf
+Source6:        haproxy-tmpfiles.conf
 Patch1:         haproxy-1.6.0_config_haproxy_user.patch
 Patch2:         haproxy-1.6.0-makefile_lib.patch
 Patch3:         haproxy-1.6.0-sec-options.patch
+Patch4:         haproxy-service.patch
 #
 Source98:       series
 Source99:       haproxy-rpmlintrc
@ -195,6 +199,9 @@ ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
 %if %{with sysusers}
 install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
 %endif
+%if %{with tmpfiles}
+install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+%endif
 %else
 install -D -m 0755 %{S:1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
 ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -224,6 +231,11 @@ rm examples/*init*
 %if %{with apparmor} && %{with apparmor_reload}
 %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
 %endif
+%if %{with systemd}
+%if %{with tmpfiles}
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
+%endif
+%endif
 %service_add_post %{pkg_name}.service

 %preun
@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \
 %if %{with sysusers}
 %{_sysusersdir}/haproxy-user.conf
 %endif
+%if %{with tmpfiles}
+%{_tmpfilesdir}/%{name}.conf
+%dir %ghost %{_rundir}/%{name}
+%endif
 %else
 %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
 %endif
--- a/usr.sbin.haproxy.apparmor
+++ b/usr.sbin.haproxy.apparmor
@ -28,11 +28,15 @@ profile haproxy /usr/sbin/haproxy {

  /dev/shm/haproxy_startup_logs_* rwlk,

+  # old stats socket location, for compatibility
  /var/lib/haproxy/stats rwl,
  /var/lib/haproxy/stats.*.bak rwl,
  /var/lib/haproxy/stats.*.tmp rwl,
-  /{,var/}run/haproxy.pid rw,
-  /{,var/}run/haproxy-master.sock* rwlk,
+  # new stats socket location
+  /run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
+
+  /{,var/}run/haproxy/pid rw,
+  /{,var/}run/haproxy/master.sock* rwlk,

  /sys/devices/system/node/ r,