diff --git a/pam_slurm-Initialize-arrays-and-pass-sizes.patch b/pam_slurm-Initialize-arrays-and-pass-sizes.patch new file mode 100644 index 0000000..9f327fe --- /dev/null +++ b/pam_slurm-Initialize-arrays-and-pass-sizes.patch @@ -0,0 +1,82 @@ +From: Sebastian Krahmer +Date: Thu Feb 2 09:49:38 2017 +0100 +Subject: [PATCH]pam_slurm: Initialize arrays and pass sizes +Git-repo: https://github.com/SchedMD/slurm +Git-commit: fbfbb90f6a2e7f134220991ed3263894ba365411 +References: bsc#1007053 +Signed-off-by: Egbert Eich + +PAM is security critical: +- clear arrays +- ensure strings are NULL-terminated. + +Signed-off-by: Egbert Eich +--- + contribs/pam/pam_slurm.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/contribs/pam/pam_slurm.c b/contribs/pam/pam_slurm.c +index 0968a9c..ee179d5 100644 +--- a/contribs/pam/pam_slurm.c ++++ b/contribs/pam/pam_slurm.c +@@ -266,9 +266,9 @@ static int + _gethostname_short (char *name, size_t len) + { + int error_code, name_len; +- char *dot_ptr, path_name[1024]; ++ char *dot_ptr, path_name[1024] = {0}; + +- error_code = gethostname(path_name, sizeof(path_name)); ++ error_code = gethostname(path_name, sizeof(path_name) - 1); + if (error_code) + return error_code; + +@@ -296,11 +296,11 @@ static int + _slurm_match_allocation(uid_t uid) + { + int authorized = 0, i; +- char hostname[MAXHOSTNAMELEN]; ++ char hostname[MAXHOSTNAMELEN] = {0}; + char *nodename = NULL; + job_info_msg_t * msg; + +- if (_gethostname_short(hostname, sizeof(hostname)) < 0) { ++ if (_gethostname_short(hostname, sizeof(hostname) - 1) < 0) { + _log_msg(LOG_ERR, "gethostname: %m"); + return 0; + } +@@ -409,7 +409,7 @@ _send_denial_msg(pam_handle_t *pamh, struct _options *opts, + */ + extern void libpam_slurm_init (void) + { +- char libslurmname[64]; ++ char libslurmname[64] = {0}; + + if (slurm_h) + return; +@@ -417,10 +417,10 @@ extern void libpam_slurm_init (void) + /* First try to use the same libslurm version ("libslurm.so.24.0.0"), + * Second try to match the major version number ("libslurm.so.24"), + * Otherwise use "libslurm.so" */ +- if (snprintf(libslurmname, sizeof(libslurmname), ++ if (snprintf(libslurmname, sizeof(libslurmname) - 1, + "libslurm.so.%d.%d.%d", SLURM_API_CURRENT, + SLURM_API_REVISION, SLURM_API_AGE) >= +- sizeof(libslurmname) ) { ++ sizeof(libslurmname) - 1) { + _log_msg (LOG_ERR, "Unable to write libslurmname\n"); + } else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) { + return; +@@ -429,8 +429,10 @@ extern void libpam_slurm_init (void) + libslurmname, dlerror ()); + } + +- if (snprintf(libslurmname, sizeof(libslurmname), "libslurm.so.%d", +- SLURM_API_CURRENT) >= sizeof(libslurmname) ) { ++ memset(libslurmname, 0, sizeof(libslurmname)); ++ ++ if (snprintf(libslurmname, sizeof(libslurmname) - 1, "libslurm.so.%d", ++ SLURM_API_CURRENT) >= sizeof(libslurmname) - 1) { + _log_msg (LOG_ERR, "Unable to write libslurmname\n"); + } else if ((slurm_h = dlopen(libslurmname, RTLD_NOW|RTLD_GLOBAL))) { + return; diff --git a/slurm-16-05-5-1.tar.gz b/slurm-16-05-5-1.tar.gz deleted file mode 100644 index 2941b1e..0000000 --- a/slurm-16-05-5-1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d3c30c1683fd207dda22f4078e038d110fa5bce133828fbd8e1ae6317f2ad38 -size 8582827 diff --git a/slurm-16-05-8-1.tar.gz b/slurm-16-05-8-1.tar.gz new file mode 100644 index 0000000..2b2fac6 --- /dev/null +++ b/slurm-16-05-8-1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2c162d56138360543a9a0f2486ae671c588883685a80eda028e9e17541a1f7b1 +size 8432017 diff --git a/slurm.changes b/slurm.changes index b5036f6..39c7f92 100644 --- a/slurm.changes +++ b/slurm.changes @@ -1,3 +1,64 @@ +------------------------------------------------------------------- +Wed Feb 1 20:17:47 UTC 2017 - eich@suse.com + +- Updated to 16.05.8.1 + * Remove StoragePass from being printed out in the slurmdbd log at debug2 + level. + * Defer PATH search for task program until launch in slurmstepd. + * Modify regression test1.89 to avoid leaving vestigial job. Also reduce + logging to reduce likelyhood of Expect buffer overflow. + * Do not PATH search for mult-prog launches if LaunchParamters=test_exec is + enabled. + * Fix for possible infinite loop in select/cons_res plugin when trying to + satisfy a job's ntasks_per_core or socket specification. + * If job is held for bad constraints make it so once updated the job doesn't + go into JobAdminHeld. + * sched/backfill - Fix logic to reserve resources for jobs that require a + node reboot (i.e. to change KNL mode) in order to start. + * When unpacking a node or front_end record from state and the protocol + version is lower than the min version, set it to the min. + * Remove redundant lookup for part_ptr when updating a reservation's nodes. + * Fix memory and file descriptor leaks in slurmd daemon's sbcast logic. + * Do not allocate specialized cores to jobs using the --exclusive option. + * Cancel interactive job if Prolog failure with "PrologFlags=contain" or + "PrologFlags=alloc" configured. Send new error prolog failure message to + the salloc or srun command as needed. + * Prevent possible out-of-bounds read in slurmstepd on an invalid #! line. + * Fix check for PluginDir within slurmctld to work with multiple directories. + * Cancel interactive jobs automatically on communication error to launching + srun/salloc process. + * Fix security issue caused by insecure file path handling triggered by the + failure of a Prolog script. To exploit this a user needs to anticipate or + cause the Prolog to fail for their job. CVE-2016-10030 (bsc#1018371). +- Replace group/user add macros with function calls. +- Disable building with netloc support: the netloc API is part of the devel + branch of hwloc. Since this devel branch was included accidentally and has + been reversed since, we need to disable this for the time being. +- Conditionalized architecture specific pieces to support non-x86 architectures + better. + +------------------------------------------------------------------- +Tue Jan 3 17:21:58 UTC 2017 - eich@suse.com + +- Remove: unneeded 'BuildRequires: python' +- Add: + BuildRequires: freeipmi-devel + BuildRequires: libibmad-devel + BuildRequires: libibumad-devel + so they are picked up by the slurm build. +- Enable modifications from openHPC Project. +- Enable lua API package build. +- Add a recommends for slurm-munge to the slurm package: + This is way, the munge auth method is available and slurm + works out of the box. +- Create /var/lib/slurm as StateSaveLocation directory. + /tmp is dangerous. + +------------------------------------------------------------------- +Wed Nov 30 15:16:05 UTC 2016 - eich@suse.com + +- Keep %{_libdir}/libpmi* and %{_libdir}/mpi_pmi2* on SUSE. + ------------------------------------------------------------------- Tue Nov 22 21:42:04 UTC 2016 - eich@suse.com diff --git a/slurm.spec b/slurm.spec index 6e7d13d..358cc69 100644 --- a/slurm.spec +++ b/slurm.spec @@ -21,14 +21,28 @@ %define vers_t() %(%trunc) %if 0%{?suse_version} >= 1220 || 0%{?sle_version} >= 120000 -%define with_systemd 1 + %define with_systemd 1 %endif -%if 0%{suse_version} >= 1310 -%define have_netloc 1 + +%if 0 + %define have_netloc 1 +%endif + +%ifarch x86_64 + %define have_libnuma 1 +%else + %ifarch %{ix86} + %if 0%{?sle_version} >= 120200 + %define have_libnuma 1 + %endif + %endif %endif %define libslurm libslurm29 -%define ver_exp 16-05-5-1 +%define ver_exp 16-05-8-1 + +%define slurm_u %name +%define slurm_g %name Name: slurm Version: %{vers_f %ver_exp} @@ -44,14 +58,19 @@ Patch0: slurm-2.4.4-rpath.patch Patch1: slurm-2.4.4-init.patch Patch2: slurmd-Fix-slurmd-for-new-API-in-hwloc-2.0.patch Patch3: plugins-cgroup-Fix-slurmd-for-new-API-in-hwloc-2.0.patch +Patch4: pam_slurm-Initialize-arrays-and-pass-sizes.patch Requires: slurm-plugins = %{version} +%if 0%{?suse_version} <= 1140 +Requires(pre): pwdutils +%else +Requires(pre): shadow +%endif BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: gtk2-devel BuildRequires: libbitmask-devel BuildRequires: libcpuset-devel -BuildRequires: libhwloc-devel -%ifarch x86_64 +%if 0%{?have_libnuma} BuildRequires: libnuma-devel %endif BuildRequires: mysql-devel >= 5.0.0 @@ -59,8 +78,17 @@ BuildRequires: ncurses-devel BuildRequires: openssl-devel >= 0.9.6 BuildRequires: pkgconfig BuildRequires: postgresql-devel >= 8.0.0 -BuildRequires: python BuildRequires: readline-devel +%if 0%{?suse_version} > 1310 || 0%{?sle_version} +BuildRequires: libibmad-devel +BuildRequires: libibumad-devel +%endif +%if 0%{?suse_version} > 1140 +BuildRequires: libhwloc-devel +%ifarch %{ix86} x86_64 +BuildRequires: freeipmi-devel +%endif +%endif %if 0%{?with_systemd} %{?systemd_requires} BuildRequires: systemd @@ -68,6 +96,7 @@ BuildRequires: systemd PreReq: %insserv_prereq %fillup_prereq %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build +Recommends: %{name}-munge %description SLURM is an open source, fault-tolerant, and highly @@ -243,6 +272,15 @@ Linux Utility for Resource Managment (SLURM) is in use. Access is granted to root, any user with an SLURM-launched job currently running on the node, or any user who has allocated resources on the node according to the SLURM +%package lua +Summary: Lua API for SLURM +Group: Development/Libraries/Other +Requires: slurm = %{version} +BuildRequires: lua-devel + +%description lua +LUA API package for SLURM. This package includes the lua API to provide a +helpful interface to SLURM through LUA. %prep %setup -q -n %{name}-%{name}-%{ver_exp} @@ -250,17 +288,18 @@ or any user who has allocated resources on the node according to the SLURM %patch1 -p1 %patch2 -p1 %patch3 -p1 -chmod 0644 doc/html/*.{gif,jpg} +%patch4 -p1 %build %configure --enable-shared \ --disable-static \ --without-rpath \ +%{!?have_netloc:--without-netloc} \ --sysconfdir=%{_sysconfdir}/%{name} make %{?_smp_mflags} %install -%makeinstall +%make_install make install-contrib DESTDIR=$RPM_BUILD_ROOT PERL_MM_PARAMS="INSTALLDIRS=vendor" rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/slurm.conf.template rm -f $RPM_BUILD_ROOT/%{_sbindir}/slurmconfgen.py @@ -294,10 +333,11 @@ install -D -m755 contribs/sjstat ${RPM_BUILD_ROOT}%{_bindir}/sjstat %if 0%{?OHPC_BUILD} # 6/16/15 karl.w.schulz@intel.com - do not package Slurm's version of libpmi with OpenHPC. -rm -f $RPM_BUILD_ROOT/%{_libdir}/libpmi* -rm -f $RPM_BUILD_ROOT/%{_libdir}/mpi_pmi2* +## rm -f $RPM_BUILD_ROOT/%%{_libdir}/libpmi* +## rm -f $RPM_BUILD_ROOT/%%{_libdir}/mpi_pmi2* # 9/8/14 karl.w.schulz@intel.com - provide starting config file head -n -2 $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf.example | grep -v ReturnToService > $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf +sed -i 's#\(StateSaveLocation=\).*#\1%_localstatedir/lib/slurm#' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf echo "# OpenHPC default configuration" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf echo "PropagateResourceLimitsExcept=MEMLOCK" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf echo "SlurmdLogFile=/var/log/slurm.log" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf @@ -309,6 +349,7 @@ echo "PartitionName=normal Nodes=c[1-4] Default=YES MaxTime=24:00:00 State=UP" > echo "ReturnToService=1" >> $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.conf # 9/17/14 karl.w.schulz@intel.com - Add option to drop VM cache during epilog sed -i '/^# No other SLURM jobs,/i \\n# Drop clean caches (OpenHPC)\necho 3 > /proc/sys/vm/drop_caches\n\n#' $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/slurm.epilog.clean +%{__mkdir_p} $RPM_BUILD_ROOT%_localstatedir/lib/slurm %endif # Delete unpackaged files: @@ -359,18 +400,23 @@ libdir=%{_libdir} Cflags: -I\${includedir} Libs: -L\${libdir} -lslurm Description: Slurm API -Name: %{pname} +Name: %{name} Version: %{version} EOF %fdupes -s $RPM_BUILD_ROOT -%if 0%{?with_systemd} %pre +%if 0%{?with_systemd} %service_add_pre slurmd.service %service_add_pre slurmctld.service %endif +%define slurmdir %{_sysconfdir}/slurm +%define slurmdescr "SLURM workload manager" +getent group %name >/dev/null || groupadd -r %name +getent passwd %name >/dev/null || useradd -r -g %name -d %slurmdir -s /bin/false -c %{slurmdescr} %name +exit 0 %post %if 0%{?with_systemd} @@ -512,6 +558,7 @@ EOF %{_sbindir}/rcslurm %endif %{?with_systemd:%{_sbindir}/rcslurmctld} +%{?OHPC_BUILD:%attr(0755, %slurm_u, %slurm_g) %_localstatedir/lib/slurm} %files openlava %defattr(-,root,root) @@ -537,8 +584,8 @@ EOF %files devel %defattr(-,root,root) %{_prefix}/include/slurm -%{!?OHPC_BUILD:%{_libdir}/libpmi.so} -%{!?OHPC_BUILD:%{_libdir}/libpmi2.so} +%{_libdir}/libpmi.so +%{_libdir}/libpmi2.so %{_libdir}/libslurm.so %{_libdir}/libslurmdb.so %{_libdir}/slurm/src/* @@ -553,7 +600,7 @@ EOF %files sched-wiki %defattr(-,root,root) %{_libdir}/slurm/sched_wiki*.so -%{_mandir}/man5/wiki.* +#%%{_mandir}/man5/wiki.* %files auth-none %defattr(-,root,root) @@ -683,6 +730,20 @@ EOF %{_libdir}/slurm/mcs_group.so %{_libdir}/slurm/mcs_none.so %{_libdir}/slurm/mcs_user.so +%if 0%{?suse_version} > 1310 +%{_libdir}/slurm/acct_gather_infiniband_ofed.so +%endif +%if 0%{?suse_version} > 1140 +%ifarch %{ix86} x86_64 +%{_libdir}/slurm/acct_gather_energy_ipmi.so +%endif +%endif +%{_libdir}/slurm/node_features_knl_generic.so + +%files lua +%defattr(-,root,root) +%{_libdir}/slurm/job_submit_lua.so +%{_libdir}/slurm/proctrack_lua.so %files torque %defattr(-,root,root)