- Resolves: rhbz#2135866

- unit file: Remove Alias directive

Signed-off-by: Jan Friesse <jfriesse@redhat.com>

.booth.metadata

@@ -0,0 +1 @@
+1fe5851af81995b4187b6c24ffbb9e8edead7060 booth-1.0-283-9d4029a.tar.gz

booth.rpmlintrc

@@ -9,6 +9,9 @@ addFilter(r'booth-core\.[^:]+: (E|W): non-standard-dir-perm /var/lib/booth/cores
 # booth is just metapackage
 addFilter(r'booth\.[^:]+: (W|E): no-binary')
 
+# pc should be in devel but it is not really devel file
+addFilter(r'booth\.[^:]+: W: devel-file-in-non-devel-package /usr/share/pkgconfig/booth.pc')
+
 # booth-(site|test) installs just scripts in /usr/lib
 addFilter(r'booth-(site|test)\.[^:]+: (W|E): only-non-binary-in-usr-lib')
 

booth.spec

@@ -22,15 +22,16 @@
 %bcond_with html_man
 %bcond_with glue
 %bcond_with run_build_tests
+%bcond_with include_unit_test
 
 # set following to the result of  `git describe --abbrev=128 $commit`
 # This will be used to fill booth_ver, booth_numcomm and booth_sha1.
 # It is important to keep abbrev to get full length sha1! When updating source use
 # `spectool -g booth.spec` to download source.
-%global git_describe_str v1.0-237-gdd88847c8e7c55f18ace774cf70545aa137bd296
+%global git_describe_str v1.0-283-g9d4029aa14323a7f3b496215d25e40bd14f33632
 
 # Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
-%global release 2
+%global release 1
 
 # Run shell script to parse git_describe str into version, numcomm and sha1 hash
 %global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
@@ -61,6 +62,7 @@ Summary:        Ticket Manager for Multi-site Clusters
 License:        GPLv2+
 Url:            https://github.com/%{github_owner}/%{name}
 Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
+Patch0:         rhel-specific-0001-config-Add-enable-authfile-option.patch
 
 # direct build process dependencies
 BuildRequires:  autoconf
@@ -107,7 +109,9 @@ BuildRequires:  perl-interpreter iproute
 Requires:       %{name}-core%{?_isa}
 Requires:       %{name}-site
 %files
-# intentionally empty
+%license COPYING
+%dir %{_datadir}/pkgconfig
+%{_datadir}/pkgconfig/booth.pc
 
 %description
 Booth manages tickets which authorize cluster sites located
@@ -141,13 +145,13 @@ Support for running Booth, ticket manager for multi-site clusters,
 as an arbitrator.
 
 %post arbitrator
-%systemd_post booth@.service booth-arbitrator.service
+%systemd_post booth-arbitrator.service
 
 %preun arbitrator
-%systemd_preun booth@.service booth-arbitrator.service
+%systemd_preun booth-arbitrator.service
 
 %postun arbitrator
-%systemd_postun_with_restart booth@.service booth-arbitrator.service
+%systemd_postun_with_restart booth-arbitrator.service
 
 %package        site
 Summary:        Booth support for running as a full-fledged site
@@ -177,7 +181,9 @@ Requires:       %{name}-arbitrator = %{version}-%{release}
 Requires:       %{name}-site = %{version}-%{release}
 Requires:       gdb
 Requires:       %{__python3}
+%if 0%{?with_include_unit_test}
 Requires:       python3-pexpect
+%endif
 # runtests.py suite (for perl and ss)
 Requires:       perl-interpreter iproute
 
@@ -218,7 +224,11 @@ rm -rf %{buildroot}/%{_pkgdocdir}/COPYING
 mkdir -p %{buildroot}/%{test_path}
 # Copy tests from tarball
 cp -a -t %{buildroot}/%{test_path} \
-        -- conf test unit-tests script/unit-test.py
+        -- conf test
+%if 0%{?with_include_unit_test}
+cp -a -t %{buildroot}/%{test_path} \
+        -- unit-tests script/unit-test.py
+%endif
 chmod +x %{buildroot}/%{test_path}/test/booth_path
 chmod +x %{buildroot}/%{test_path}/test/live_test.sh
 mkdir -p %{buildroot}/%{test_path}/src
@@ -301,6 +311,52 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc
 
 %changelog
+* Mon Nov 21 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-283.1.9d4029a.git
+- Resolves: rhbz#2135866
+
+- Update to current snapshot (commit 9d4029a) (rhbz#2135866)
+
+* Tue Oct 25 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.5.bfb2f92.git
+- Resolves: rhbz#2133833
+
+- unit file: Remove Alias directive
+
+* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.4.bfb2f92.git
+- Related: rhbz#2111669
+
+- Remove template unit from systemd_(post|preun|postun_with_restart) macro
+
+* Wed Aug 03 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git
+- Resolves: rhbz#2111669
+
+- Fix authfile directive handling in booth config file
+  (fixes CVE-2022-2553)
+- Add enable-authfile option
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-251.2.bfb2f92.git
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu May 20 2021 Jan Friesse <jfriesse@redhat.com> - 1.0-251.1.bfb2f92.git
+- Related: rhbz#1961216
+
+- Rebase to newest upstream snapshot
+
+* Tue May 18 2021 Jan Friesse <jfriesse@redhat.com> - 1.0-249.1.977726e.git
+- Resolves: rhbz#1961216
+
+- Do not include unit-test by default
+- Rebase to newest upstream snapshot
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-239.3.52ec255.git
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-239.2.52ec255.git
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Nov 23 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-239.1.52ec255.git
+- Rebase to newest upstream snapshot
+
 * Thu Oct 15 2020 Jan Friesse <jfriesse@redhat.com> - 1.0-237.2.dd88847.git
 - Fix dist macro
 

rhel-specific-0001-config-Add-enable-authfile-option.patch

@@ -0,0 +1,106 @@
+From 87c8545816cca03d19c2f3ef54031940f7e19d50 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Fri, 18 Nov 2022 11:57:46 +0100
+Subject: [PATCH] config: Add enable-authfile option
+
+This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+Default is 'no'.
+
+Booth usage of authfile was broken for long time (since commit
+da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
+
+Pcs was adding authfile by default, but it was not used. Once booth bug
+was fixed problem appears because mixed clusters (with fixed version and
+without fixed one) stops working.
+
+This non-upstream option is added and used to allow use of
+authfile without breaking compatibility for clusters
+consisting of mixed versions (usually happens before all nodes are
+updated) of booth (user have to explicitly
+enable usage of authfile).
+
+This patch is transitional and will be removed in future major version of
+distribution.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ docs/boothd.8.txt |  7 +++++++
+ src/config.c      | 17 +++++++++++++++++
+ src/config.h      |  1 +
+ src/main.c        |  2 +-
+ 4 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
+index 0f3d2c1..c7a8413 100644
+--- a/docs/boothd.8.txt
++++ b/docs/boothd.8.txt
+@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
+ 	parameter to a higher value. The time skew test is performed
+ 	only in concert with authentication.
+ 
++'enable-authfile'::
++	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
++	Default is 'no'.
++	This is non-upstream option used to allow use of authfile without
++	breaking compatibility for clusters consisting of mixed
++	versions of booth.
++
+ 'debug'::
+ 	Specifies the debug output level. Alternative to
+ 	command line argument. Effective only for 'daemon'
+diff --git a/src/config.c b/src/config.c
+index f0ca4aa..e1f25f0 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -732,6 +732,23 @@ no_value:
+ 			booth_conf->maxtimeskew = atoi(val);
+ 			continue;
+ 		}
++
++		if (strcmp(key, "enable-authfile") == 0) {
++			if (strcasecmp(val, "yes") == 0 ||
++			    strcasecmp(val, "on") == 0 ||
++			    strcasecmp(val, "1") == 0) {
++				booth_conf->enable_authfile = 1;
++			} else if (strcasecmp(val, "no") == 0 ||
++			    strcasecmp(val, "off") == 0 ||
++			    strcasecmp(val, "0") == 0) {
++				booth_conf->enable_authfile = 0;
++			} else {
++				error = "Expected yes/no value for enable-authfile";
++				goto err;
++			}
++
++			continue;
++		}
+ #endif
+ 
+ 		if (strcmp(key, "site") == 0) {
+diff --git a/src/config.h b/src/config.h
+index bca73bc..da1e917 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -297,6 +297,7 @@ struct booth_config {
+ 	struct stat authstat;
+ 	char authkey[BOOTH_MAX_KEY_LEN];
+ 	int authkey_len;
++	int enable_authfile;
+     /** Maximum time skew between peers allowed */
+ 	int maxtimeskew;
+ 
+diff --git a/src/main.c b/src/main.c
+index b4a174f..0fdb295 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (booth_conf->authfile[0] != '\0') {
++	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.27.0
+

sources

@@ -1 +1 @@
-SHA512 (booth-1.0-237-dd88847.tar.gz) = 889e67b3ce0d35800030f289eb9bca6d282ed75ab4def44910e35a1aa7b1bd9b1ccc65347222206542e1f7f49814a84e22e46dc004a0b19634a91954b0f89f88
+SHA512 (booth-1.0-283-9d4029a.tar.gz) = 628a3e1e128d0fdcd4600d8d4b46220363575bda83c85cd43bfe940a2a29a9176490342261354138f8d4c593b611cf0282653c1e4b3d4b4841d99ef31ba45ada