Compare commits
10 Commits
c759e509c5
...
ecb2c1511c
Author | SHA1 | Date |
---|---|---|
Jan Friesse | ecb2c1511c | |
Jan Friesse | 490ddeb716 | |
Jan Friesse | 1dadf64b03 | |
Jan Friesse | 21f807019c | |
Mohan Boddu | dce9f30854 | |
Jan Friesse | 8ec84547f5 | |
Jan Friesse | a14b4bc843 | |
Mohan Boddu | 6caac2fdf3 | |
DistroBaker | 23db529e91 | |
DistroBaker | 59eb6930e1 |
|
@ -0,0 +1 @@
|
|||
1fe5851af81995b4187b6c24ffbb9e8edead7060 booth-1.0-283-9d4029a.tar.gz
|
|
@ -9,6 +9,9 @@ addFilter(r'booth-core\.[^:]+: (E|W): non-standard-dir-perm /var/lib/booth/cores
|
|||
# booth is just metapackage
|
||||
addFilter(r'booth\.[^:]+: (W|E): no-binary')
|
||||
|
||||
# pc should be in devel but it is not really devel file
|
||||
addFilter(r'booth\.[^:]+: W: devel-file-in-non-devel-package /usr/share/pkgconfig/booth.pc')
|
||||
|
||||
# booth-(site|test) installs just scripts in /usr/lib
|
||||
addFilter(r'booth-(site|test)\.[^:]+: (W|E): only-non-binary-in-usr-lib')
|
||||
|
||||
|
|
70
booth.spec
70
booth.spec
|
@ -22,15 +22,16 @@
|
|||
%bcond_with html_man
|
||||
%bcond_with glue
|
||||
%bcond_with run_build_tests
|
||||
%bcond_with include_unit_test
|
||||
|
||||
# set following to the result of `git describe --abbrev=128 $commit`
|
||||
# This will be used to fill booth_ver, booth_numcomm and booth_sha1.
|
||||
# It is important to keep abbrev to get full length sha1! When updating source use
|
||||
# `spectool -g booth.spec` to download source.
|
||||
%global git_describe_str v1.0-237-gdd88847c8e7c55f18ace774cf70545aa137bd296
|
||||
%global git_describe_str v1.0-283-g9d4029aa14323a7f3b496215d25e40bd14f33632
|
||||
|
||||
# Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
|
||||
%global release 2
|
||||
%global release 1
|
||||
|
||||
# Run shell script to parse git_describe str into version, numcomm and sha1 hash
|
||||
%global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
|
||||
|
@ -61,6 +62,7 @@ Summary: Ticket Manager for Multi-site Clusters
|
|||
License: GPLv2+
|
||||
Url: https://github.com/%{github_owner}/%{name}
|
||||
Source0: https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
|
||||
Patch0: rhel-specific-0001-config-Add-enable-authfile-option.patch
|
||||
|
||||
# direct build process dependencies
|
||||
BuildRequires: autoconf
|
||||
|
@ -107,7 +109,9 @@ BuildRequires: perl-interpreter iproute
|
|||
Requires: %{name}-core%{?_isa}
|
||||
Requires: %{name}-site
|
||||
%files
|
||||
# intentionally empty
|
||||
%license COPYING
|
||||
%dir %{_datadir}/pkgconfig
|
||||
%{_datadir}/pkgconfig/booth.pc
|
||||
|
||||
%description
|
||||
Booth manages tickets which authorize cluster sites located
|
||||
|
@ -141,13 +145,13 @@ Support for running Booth, ticket manager for multi-site clusters,
|
|||
as an arbitrator.
|
||||
|
||||
%post arbitrator
|
||||
%systemd_post booth@.service booth-arbitrator.service
|
||||
%systemd_post booth-arbitrator.service
|
||||
|
||||
%preun arbitrator
|
||||
%systemd_preun booth@.service booth-arbitrator.service
|
||||
%systemd_preun booth-arbitrator.service
|
||||
|
||||
%postun arbitrator
|
||||
%systemd_postun_with_restart booth@.service booth-arbitrator.service
|
||||
%systemd_postun_with_restart booth-arbitrator.service
|
||||
|
||||
%package site
|
||||
Summary: Booth support for running as a full-fledged site
|
||||
|
@ -177,7 +181,9 @@ Requires: %{name}-arbitrator = %{version}-%{release}
|
|||
Requires: %{name}-site = %{version}-%{release}
|
||||
Requires: gdb
|
||||
Requires: %{__python3}
|
||||
%if 0%{?with_include_unit_test}
|
||||
Requires: python3-pexpect
|
||||
%endif
|
||||
# runtests.py suite (for perl and ss)
|
||||
Requires: perl-interpreter iproute
|
||||
|
||||
|
@ -218,7 +224,11 @@ rm -rf %{buildroot}/%{_pkgdocdir}/COPYING
|
|||
mkdir -p %{buildroot}/%{test_path}
|
||||
# Copy tests from tarball
|
||||
cp -a -t %{buildroot}/%{test_path} \
|
||||
-- conf test unit-tests script/unit-test.py
|
||||
-- conf test
|
||||
%if 0%{?with_include_unit_test}
|
||||
cp -a -t %{buildroot}/%{test_path} \
|
||||
-- unit-tests script/unit-test.py
|
||||
%endif
|
||||
chmod +x %{buildroot}/%{test_path}/test/booth_path
|
||||
chmod +x %{buildroot}/%{test_path}/test/live_test.sh
|
||||
mkdir -p %{buildroot}/%{test_path}/src
|
||||
|
@ -301,6 +311,52 @@ VERBOSE=1 make check
|
|||
%{_usr}/lib/ocf/resource.d/booth/sharedrsc
|
||||
|
||||
%changelog
|
||||
* Mon Nov 21 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-283.1.9d4029a.git
|
||||
- Resolves: rhbz#2135866
|
||||
|
||||
- Update to current snapshot (commit 9d4029a) (rhbz#2135866)
|
||||
|
||||
* Tue Oct 25 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.5.bfb2f92.git
|
||||
- Resolves: rhbz#2133833
|
||||
|
||||
- unit file: Remove Alias directive
|
||||
|
||||
* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.4.bfb2f92.git
|
||||
- Related: rhbz#2111669
|
||||
|
||||
- Remove template unit from systemd_(post|preun|postun_with_restart) macro
|
||||
|
||||
* Wed Aug 03 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git
|
||||
- Resolves: rhbz#2111669
|
||||
|
||||
- Fix authfile directive handling in booth config file
|
||||
(fixes CVE-2022-2553)
|
||||
- Add enable-authfile option
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-251.2.bfb2f92.git
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Thu May 20 2021 Jan Friesse <jfriesse@redhat.com> - 1.0-251.1.bfb2f92.git
|
||||
- Related: rhbz#1961216
|
||||
|
||||
- Rebase to newest upstream snapshot
|
||||
|
||||
* Tue May 18 2021 Jan Friesse <jfriesse@redhat.com> - 1.0-249.1.977726e.git
|
||||
- Resolves: rhbz#1961216
|
||||
|
||||
- Do not include unit-test by default
|
||||
- Rebase to newest upstream snapshot
|
||||
|
||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-239.3.52ec255.git
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-239.2.52ec255.git
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Mon Nov 23 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-239.1.52ec255.git
|
||||
- Rebase to newest upstream snapshot
|
||||
|
||||
* Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-237.2.dd88847.git
|
||||
- Fix dist macro
|
||||
|
||||
|
|
|
@ -0,0 +1,106 @@
|
|||
From 87c8545816cca03d19c2f3ef54031940f7e19d50 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Friesse <jfriesse@redhat.com>
|
||||
Date: Fri, 18 Nov 2022 11:57:46 +0100
|
||||
Subject: [PATCH] config: Add enable-authfile option
|
||||
|
||||
This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
|
||||
Default is 'no'.
|
||||
|
||||
Booth usage of authfile was broken for long time (since commit
|
||||
da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
|
||||
|
||||
Pcs was adding authfile by default, but it was not used. Once booth bug
|
||||
was fixed problem appears because mixed clusters (with fixed version and
|
||||
without fixed one) stops working.
|
||||
|
||||
This non-upstream option is added and used to allow use of
|
||||
authfile without breaking compatibility for clusters
|
||||
consisting of mixed versions (usually happens before all nodes are
|
||||
updated) of booth (user have to explicitly
|
||||
enable usage of authfile).
|
||||
|
||||
This patch is transitional and will be removed in future major version of
|
||||
distribution.
|
||||
|
||||
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
|
||||
---
|
||||
docs/boothd.8.txt | 7 +++++++
|
||||
src/config.c | 17 +++++++++++++++++
|
||||
src/config.h | 1 +
|
||||
src/main.c | 2 +-
|
||||
4 files changed, 26 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
|
||||
index 0f3d2c1..c7a8413 100644
|
||||
--- a/docs/boothd.8.txt
|
||||
+++ b/docs/boothd.8.txt
|
||||
@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
|
||||
parameter to a higher value. The time skew test is performed
|
||||
only in concert with authentication.
|
||||
|
||||
+'enable-authfile'::
|
||||
+ Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
|
||||
+ Default is 'no'.
|
||||
+ This is non-upstream option used to allow use of authfile without
|
||||
+ breaking compatibility for clusters consisting of mixed
|
||||
+ versions of booth.
|
||||
+
|
||||
'debug'::
|
||||
Specifies the debug output level. Alternative to
|
||||
command line argument. Effective only for 'daemon'
|
||||
diff --git a/src/config.c b/src/config.c
|
||||
index f0ca4aa..e1f25f0 100644
|
||||
--- a/src/config.c
|
||||
+++ b/src/config.c
|
||||
@@ -732,6 +732,23 @@ no_value:
|
||||
booth_conf->maxtimeskew = atoi(val);
|
||||
continue;
|
||||
}
|
||||
+
|
||||
+ if (strcmp(key, "enable-authfile") == 0) {
|
||||
+ if (strcasecmp(val, "yes") == 0 ||
|
||||
+ strcasecmp(val, "on") == 0 ||
|
||||
+ strcasecmp(val, "1") == 0) {
|
||||
+ booth_conf->enable_authfile = 1;
|
||||
+ } else if (strcasecmp(val, "no") == 0 ||
|
||||
+ strcasecmp(val, "off") == 0 ||
|
||||
+ strcasecmp(val, "0") == 0) {
|
||||
+ booth_conf->enable_authfile = 0;
|
||||
+ } else {
|
||||
+ error = "Expected yes/no value for enable-authfile";
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
+ continue;
|
||||
+ }
|
||||
#endif
|
||||
|
||||
if (strcmp(key, "site") == 0) {
|
||||
diff --git a/src/config.h b/src/config.h
|
||||
index bca73bc..da1e917 100644
|
||||
--- a/src/config.h
|
||||
+++ b/src/config.h
|
||||
@@ -297,6 +297,7 @@ struct booth_config {
|
||||
struct stat authstat;
|
||||
char authkey[BOOTH_MAX_KEY_LEN];
|
||||
int authkey_len;
|
||||
+ int enable_authfile;
|
||||
/** Maximum time skew between peers allowed */
|
||||
int maxtimeskew;
|
||||
|
||||
diff --git a/src/main.c b/src/main.c
|
||||
index b4a174f..0fdb295 100644
|
||||
--- a/src/main.c
|
||||
+++ b/src/main.c
|
||||
@@ -364,7 +364,7 @@ static int setup_config(int type)
|
||||
if (rv < 0)
|
||||
goto out;
|
||||
|
||||
- if (booth_conf->authfile[0] != '\0') {
|
||||
+ if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
|
||||
rv = read_authkey();
|
||||
if (rv < 0)
|
||||
goto out;
|
||||
--
|
||||
2.27.0
|
||||
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (booth-1.0-237-dd88847.tar.gz) = 889e67b3ce0d35800030f289eb9bca6d282ed75ab4def44910e35a1aa7b1bd9b1ccc65347222206542e1f7f49814a84e22e46dc004a0b19634a91954b0f89f88
|
||||
SHA512 (booth-1.0-283-9d4029a.tar.gz) = 628a3e1e128d0fdcd4600d8d4b46220363575bda83c85cd43bfe940a2a29a9176490342261354138f8d4c593b611cf0282653c1e4b3d4b4841d99ef31ba45ada
|
||||
|
|
Loading…
Reference in New Issue