commit 06b4aa11ae6b3f4d054e5c8e028e61fedcf74320 Author: CentOS Sources Date: Tue Jul 30 00:11:40 2019 -0400 import fence-virt-0.4.0-6.el8 diff --git a/.fence-virt.metadata b/.fence-virt.metadata new file mode 100644 index 0000000..ba18ab3 --- /dev/null +++ b/.fence-virt.metadata @@ -0,0 +1 @@ +5936d188ef359c4fdf34f87be05d250e59f29db9 SOURCES/fence-virt-0.4.0.tar.bz2 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..90b9f24 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/fence-virt-0.4.0.tar.bz2 diff --git a/SOURCES/bz1624110-1-harden-fPIE.patch b/SOURCES/bz1624110-1-harden-fPIE.patch new file mode 100644 index 0000000..2d5d19c --- /dev/null +++ b/SOURCES/bz1624110-1-harden-fPIE.patch @@ -0,0 +1,147 @@ +diff -uNr a/client/Makefile.in b/client/Makefile.in +--- a/client/Makefile.in 2017-06-05 20:24:36.000000000 +0200 ++++ b/client/Makefile.in 2019-04-09 15:04:01.910270557 +0200 +@@ -24,7 +24,7 @@ + `xml2-config --cflags` + + # nss sucks in way too much stuff +-LIBS+=-lnss3 `xml2-config --libs` ++LIBS+=-lnss3 `xml2-config --libs` -Wl,-z,now + + TARGETS=${TARGET} + +@@ -40,7 +40,16 @@ + ln -snf $^ $@ + + fence_virt: ${fence_virt_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -L../common -lfence_virt ++ $(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt ++ ++mcast.o: mcast.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++options.o: options.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++serial.o: serial.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) + + %.o: %.c + $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES) +diff -uNr a/common/Makefile.in b/common/Makefile.in +--- a/common/Makefile.in 2017-06-05 20:24:36.000000000 +0200 ++++ b/common/Makefile.in 2019-04-09 15:07:17.456815023 +0200 +@@ -24,6 +24,18 @@ + libfence_virt.a: ${libfence_virt_a_SOURCE:.c=.o} + ar rc $@ $^ + ++fdops.o: fdops.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++ip_lookup.o: ip_lookup.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++mcast.o: mcast.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++tcp.o: tcp.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ + %.o: %.c + $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES) + +diff -uNr a/config/Makefile.in b/config/Makefile.in +--- a/config/Makefile.in 2017-06-05 20:24:36.000000000 +0200 ++++ b/config/Makefile.in 2019-04-09 13:53:38.538444645 +0200 +@@ -42,7 +42,7 @@ + $(LEX) -oconfig.c config.l + + %.o: %.c +- $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES) ++ $(CC) $(CFLAGS) -fPIE -c -o $@ $^ $(INCLUDES) + + clean: + rm -f ${TARGETS} *~ *.o testprog config.tab.c config.tab.h config.c +diff -uNr a/Makefile.top.in b/Makefile.top.in +--- a/Makefile.top.in 2017-06-05 20:24:36.000000000 +0200 ++++ b/Makefile.top.in 2019-04-09 15:17:52.488438333 +0200 +@@ -2,7 +2,9 @@ + CXX=@CXX@ + + CFLAGS=@CFLAGS@ +-CFLAGS+=-fPIC -Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE ++CFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE ++CXXFLAGS=@CXXFLAGS@ ++CXXFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE + + LEX=@LEX@ + YACC=@YACC@ +diff -uNr a/server/Makefile.in b/server/Makefile.in +--- a/server/Makefile.in 2017-06-05 20:24:36.000000000 +0200 ++++ b/server/Makefile.in 2019-04-09 15:11:51.692932810 +0200 +@@ -32,7 +32,7 @@ + XML_LIBS=`xml2-config --libs` + INCLUDES=-I../include `nss-config --cflags` `nspr-config --cflags` `xml2-config --cflags` + +-LIBS+=-L../common -lfence_virt -Wl,-wrap,syslog,-wrap,closelog -lpthread -luuid ++LIBS+=-L../common -lfence_virt -Wl,-z,now,-wrap,syslog,-wrap,closelog -lpthread -luuid + + MODULE_PATH=${libdir}/${PACKAGE_NAME} + +@@ -150,37 +150,46 @@ + all: ${TARGETS} ${MODULES} + + fence_virtd: ${fence_virtd_SOURCES:.c=.o} ${fence_virtd_cxx_SOURCES:.cpp=.opp} +- $(CXX) -o $@ $^ $(MAIN_LIBS) $(LIBS) ++ $(CXX) $(CXXFLAGS) -o $@ $^ $(MAIN_LIBS) $(LIBS) + + multicast.so: ${multicast_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS) + + libvirt.so: ${libvirt_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) + + libvirt-qmf.so: ${libvirt_qmf_so_SOURCES:.c=.o} ${libvirt_qmf_cxx_so_SOURCES:.cpp=.opp} +- $(CXX) -o $@ $^ $(LIBS) -shared $(VIRT_QPID) ++ $(CXX) $(CXXFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_QPID) + + pm-fence.so: ${pm_fence_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS) + + cpg.so: ${cpg_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS) + + null.so: ${null_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared + + serial.so: ${serial_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) + + tcp.so: ${tcp_so_SOURCES:.c=.o} +- $(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS) ++ $(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS) ++ ++cpg-virt.o: cpg-virt.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++virt.o: virt.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ ++virt-serial.o: virt-serial.c ++ $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) + + %.o: %.c + $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES) + + %.opp: %.cpp +- $(CXX) $(CFLAGS) -c -o $@ $^ $(INCLUDES) ++ $(CXX) $(CXXFLAGS) -c -o $@ $^ $(INCLUDES) + + install: all + if [ ! -d ${DESTDIR}/${sbindir} ]; then \ diff --git a/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch b/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch new file mode 100644 index 0000000..0e74386 --- /dev/null +++ b/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch @@ -0,0 +1,21 @@ +diff -uNr a/client/Makefile.in b/client/Makefile.in +--- a/client/Makefile.in 2019-04-10 11:06:55.428378274 +0200 ++++ b/client/Makefile.in 2019-04-10 13:02:54.734002880 +0200 +@@ -40,16 +40,7 @@ + ln -snf $^ $@ + + fence_virt: ${fence_virt_SOURCES:.c=.o} +- $(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt +- +-mcast.o: mcast.c +- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) +- +-options.o: options.c +- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) +- +-serial.o: serial.c +- $(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES) ++ $(CC) $(CFLAGS) -pie -o $@ $^ $(LIBS) -L../common -lfence_virt + + %.o: %.c + $(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES) diff --git a/SPECS/fence-virt.spec b/SPECS/fence-virt.spec new file mode 100644 index 0000000..291817c --- /dev/null +++ b/SPECS/fence-virt.spec @@ -0,0 +1,354 @@ +Name: fence-virt +Version: 0.4.0 +Release: 6%{?dist} +Summary: A pluggable fencing framework for virtual machines +Group: System Environment/Base +License: GPLv2+ + +%if 0%{?rhel} +ExclusiveArch: i686 x86_64 +%endif + +URL: http://fence-virt.sourceforge.net +Source0: http://people.redhat.com/rmccabe/fence-virt/%{name}-%{version}.tar.bz2 +Patch0: bz1624110-1-harden-fPIE.patch +Patch1: bz1624110-2-fence_virt-fix-coredump.patch + +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildRequires: corosynclib-devel libvirt-devel +BuildRequires: automake autoconf libxml2-devel nss-devel nspr-devel +BuildRequires: flex bison libuuid-devel + +BuildRequires: systemd-units +Requires(post): systemd-sysv systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +Conflicts: fence-agents < 3.0.5-2 + + +%description +Fencing agent for virtual machines. + + +%package -n fence-virtd +Summary: Daemon which handles requests from fence-virt +Group: System Environment/Base + +%description -n fence-virtd +This package provides the host server framework, fence_virtd, +for fence_virt. The fence_virtd host daemon is resposible for +processing fencing requests from virtual machines and routing +the requests to the appropriate physical machine for action. + + +%package -n fence-virtd-multicast +Summary: Multicast listener for fence-virtd +Group: System Environment/Base +Requires: fence-virtd + +%description -n fence-virtd-multicast +Provides multicast listener capability for fence-virtd. + + +%package -n fence-virtd-serial +Summary: Serial VMChannel listener for fence-virtd +Group: System Environment/Base +Requires: libvirt >= 0.6.2 +Requires: fence-virtd + +%description -n fence-virtd-serial +Provides serial VMChannel listener capability for fence-virtd. + +%package -n fence-virtd-tcp +Summary: TCP listener for fence-virtd +Group: System Environment/Base +Requires: fence-virtd + +%description -n fence-virtd-tcp +Provides TCP listener capability for fence-virtd. + + +%package -n fence-virtd-libvirt +Summary: Libvirt backend for fence-virtd +Group: System Environment/Base +Requires: libvirt >= 0.6.0 +Requires: fence-virtd + +%description -n fence-virtd-libvirt +Provides fence_virtd with a connection to libvirt to fence +virtual machines. Useful for running a cluster of virtual +machines on a desktop. + + +%package -n fence-virtd-cpg +Summary: CPG/libvirt backend for fence-virtd +Group: System Environment/Base +Requires: corosynclib +Requires: fence-virtd + +%description -n fence-virtd-cpg +Provides fence_virtd with a connection to libvirt to fence +virtual machines. Uses corosync CPG to keep track of VM +locations to allow for non-local VMs to be fenced when VMs +are located on corosync cluster nodes. + + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 + +%build +./autogen.sh +%{configure} --disable-libvirt-qmf-plugin --enable-cpg-plugin +make %{?_smp_mflags} + + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# Systemd unit file +mkdir -p %{buildroot}/%{_unitdir}/ +install -m 0644 fence_virtd.service %{buildroot}/%{_unitdir}/ + +%clean +rm -rf %{buildroot} + + +%files +%defattr(-,root,root,-) +%doc COPYING TODO README +%{_sbindir}/fence_virt +%{_sbindir}/fence_xvm +%{_mandir}/man8/fence_virt.* +%{_mandir}/man8/fence_xvm.* + + +%post +ccs_update_schema > /dev/null 2>&1 ||: +# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd +if [ $1 -eq 1 ] ; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi + +%preun +# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable fence_virtd.service &> /dev/null || : + /bin/systemctl stop fence_virtd.service &> /dev/null || : +fi + +%postun +# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd +/bin/systemctl daemon-reload &> /dev/null || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart fence_virtd.service &> /dev/null || : +fi + + +%triggerun -- fence_virtd < 0.3.0-1 +# https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Packages_migrating_to_a_systemd_unit_file_from_a_SysV_initscript +/usr/bin/systemd-sysv-convert --save fence_virtd &> /dev/null || : +/sbin/chkconfig --del fence_virtd &> /dev/null || : +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +/bin/systemctl try-restart fence_virtd.service &> /dev/null || : + + +%files -n fence-virtd +%defattr(-,root,root,-) +%{_sbindir}/fence_virtd +%{_unitdir}/fence_virtd.service +%config(noreplace) %{_sysconfdir}/fence_virt.conf +%dir %{_libdir}/%{name} +%{_mandir}/man5/fence_virt.conf.* +%{_mandir}/man8/fence_virtd.* + +%files -n fence-virtd-multicast +%defattr(-,root,root,-) +%{_libdir}/%{name}/multicast.so + +%files -n fence-virtd-serial +%defattr(-,root,root,-) +%{_libdir}/%{name}/serial.so + +%files -n fence-virtd-tcp +%defattr(-,root,root,-) +%{_libdir}/%{name}/tcp.so + +%files -n fence-virtd-libvirt +%defattr(-,root,root,-) +%{_libdir}/%{name}/libvirt.so + +%files -n fence-virtd-cpg +%defattr(-,root,root,-) +%{_libdir}/%{name}/cpg.so + +%changelog +* Tue Apr 9 2019 Oyvind Albrigtsen - 0.4.0-6 +- Harden with -fPIE and -Wl,-z,now + Resolves: rhbz#1624110 +- Add CI gating tests + Resolves: rhbz#1682883 + +* Wed Feb 07 2018 Fedora Release Engineering - 0.4.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Jun 05 2017 Ryan McCabe - 0.4.0-1 +- Rebase to fence-virt-0.4.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 0.3.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.3.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.3.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sat May 02 2015 Kalev Lember - 0.3.2-4 +- Rebuilt for GCC 5 C++11 ABI change + +* Sat Aug 16 2014 Fedora Release Engineering - 0.3.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Nov 04 2013 Ryan McCabe - 0.3.2-1 +- New upstream version 0.3.2 + +* Sun Nov 03 2013 Ryan McCabe - 0.3.1-1 +- Drop executable flags of manual pages +- Fix for missed libvirtd events +- Fix for broken systemd service file + +* Sat Aug 03 2013 Fedora Release Engineering - 0.3.0-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 10 2013 Ryan McCabe - 0.3.0-14 +- Fail properly when unable to bind the TCP listener socket. +- Resolves: rhbz#814515 + +* Tue May 07 2013 Ryan McCabe - 0.3.0-13 +- Rebuild + +* Tue May 07 2013 Ryan McCabe - 0.3.0-12 +- Drop libvirt-qmf-plugin + +* Wed Feb 13 2013 Fedora Release Engineering - 0.3.0-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Nov 02 2012 Ryan McCabe - 0.3.0-10 +- bswap fix for big endian + +* Fri Nov 02 2012 Ryan McCabe - 0.3.0-9 +- Return success if a domain exists but is already off. + +* Thu Oct 25 2012 Ryan McCabe - 0.3.0-8 +- Version bump + +* Thu Oct 25 2012 Ryan McCabe - 0.3.0-7 +- Fix uninitialized variable for the -w option. + +* Mon Oct 15 2012 Ryan McCabe - 0.3.0-6 +- Add a -w (delay) option. +- Return failure when attempting to fence a nonexistent domain +- Improve man pages + +* Thu Jul 19 2012 Fedora Release Engineering - 0.3.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Mar 27 2012 Ryan McCabe 0.3.0-4 +- Add QPid build fix patch from upstream. + +* Fri Feb 10 2012 Lon Hohberger 0.3.0-2 +- Fix URL / Source0 lines + Resolves: Fedora#706560 + +* Tue Feb 07 2012 Lon Hohberger 0.3.0-1 +- Rebase from upstream to 0.3.0 +- Systemd unit file integration +- Pacemaker backend +- Various fixes for startup +- Rename libvirt-qpid to libvirt-qmf backend +- Updated default configuration for easier deployment on + Fedora systems + +* Tue Feb 07 2012 Lon Hohberger - 0.2.3-6 +- Bump and rebuild + +* Tue Feb 07 2012 Lon Hohberger - 0.2.3-5 +- Fixup changelog + +* Mon Feb 06 2012 Lon Hohberger - 0.2.3-4 +- Drop checkpoint backend since cman and openais are gone + +* Fri Jan 13 2012 Fedora Release Engineering - 0.2.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Jul 8 2011 Fabio M. Di Nitto - 0.2.3-2 +- add post call to fence-virt to integrate with cluster 3.1.4 + +* Wed Jun 29 2011 Fabio M. Di Nitto 0.2.3-1 +- new upstream release fix compat regression + +* Mon Jun 27 2011 Fabio M. Di Nitto 0.2.2-1 +- new upstream release + +* Mon May 09 2011 Fabio M. Di Nitto 0.2.1-5 +- Rebuilt for libqmfconsole soname change + +* Tue Feb 08 2011 Fedora Release Engineering - 0.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Apr 01 2010 Lon Hohberger 0.2.1-3 +- Update specfile to require correct qpid/qmf libraries +- Resolves: bz#565111 + +* Tue Feb 23 2010 Fabio M. Di Nitto 0.2.1-2 +- Update spec file to handle correctly versioned Requires + +* Fri Jan 15 2010 Lon Hohberger 0.2.1-1 +- Update to latest upstream version +- Fix bug around status return codes for VMs which are 'off' + +* Thu Jan 14 2010 Lon Hohberger 0.2-1 +- Update to latest upstream version +- Serial & VMChannel listener support +- Static permission map support +- Man pages +- Init script +- Various bugfixes + +* Mon Sep 21 2009 Lon Hohberger 0.1.3-1 +- Update to latest upstream version +- Adds libvirt-qpid backend support +- Fixes UUID operation with libvirt backend +- Adds man page for fence_xvm and fence_virt +- Provides fence_xvm compatibility for cluster 3.0.6 + +* Mon Sep 21 2009 Lon Hohberger 0.1.2-1 +- Update to latest upstream version +- Fix build issue on i686 + +* Mon Sep 21 2009 Lon Hohberger 0.1.1-1 +- Update to latest upstream version +- Clean up spec file + +* Mon Sep 21 2009 Lon Hohberger 0.1-2 +- Spec file cleanup + +* Thu Sep 17 2009 Lon Hohberger 0.1-1 +- Initial build for rawhide