Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
Brian Stinson 2023-04-27 17:42:18 -05:00
parent 6e3dd8bd2d
commit a96983d666
3 changed files with 113 additions and 32 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/galera-26.4.7.tar.gz /galera-*.tar.gz
/galera-26.4.7.tar.gz /galera-*/

View File

@ -1,5 +1,5 @@
Name: galera Name: galera
Version: 26.4.7 Version: 26.4.11
Release: 1%{?dist} Release: 1%{?dist}
Summary: Synchronous multi-master wsrep provider (replication engine) Summary: Synchronous multi-master wsrep provider (replication engine)
@ -15,19 +15,21 @@ Source0: http://releases.galeracluster.com/source/%{name}-%{version}.tar.
Source1: garbd.service Source1: garbd.service
Source2: garbd-wrapper Source2: garbd-wrapper
Patch0: galera-python3.patch Patch0: cmake_paths.patch
BuildRequires: boost-devel check-devel openssl-devel python3-scons systemd gcc-c++ asio-devel BuildRequires: boost-devel check-devel openssl-devel cmake systemd gcc-c++ asio-devel
Requires(pre): /usr/sbin/useradd
Requires: nmap-ncat Requires: nmap-ncat
Requires: procps-ng
%{?systemd_requires} %{?systemd_requires}
%description %description
Galera is a fast synchronous multi-master wsrep provider (replication engine) Galera is a fast synchronous multimaster wsrep provider (replication engine)
for transactional databases and similar applications. For more information for transactional databases and similar applications. For more information
about wsrep API see http://launchpad.net/wsrep. For a description of Galera about wsrep API see https://github.com/codership/wsrep-API repository. For a
replication engine see http://www.codership.com. description of Galera replication engine see https://www.galeracluster.com web.
%prep %prep
@ -37,36 +39,83 @@ replication engine see http://www.codership.com.
%build %build
%{set_build_flags} %{set_build_flags}
# Print help: %cmake . \
# scons-3 --help -DCMAKE_BUILD_TYPE="%{?with_debug:Debug}%{!?with_debug:RelWithDebInfo}" \
# scons-3 -H -DINSTALL_LAYOUT=RPM \
-DCMAKE_RULE_MESSAGES:BOOL=OFF \
\
-DBUILD_SHARED_LIBS:BOOL=OFF \
\
-DINSTALL_DOCDIR="share/doc/%{name}/" \
-DINSTALL_GARBD="sbin" \
-DINSTALL_GARBD-SYSTEMD="share/doc/galera" \
-DINSTALL_CONFIGURATION="/etc/sysconfig/" \
-DINSTALL_SYSTEMD_SERVICE="share/doc/galera" \
-DINSTALL_LIBDIR="%{_lib}/galera" \
-DINSTALL_MANPAGE="share/man/man8"
# Possibly usefull arguments: cmake -B %_vpath_builddir -LAH
# --debug=findlibs
# --debug=stacktrace %cmake_build
# --warn=all
# debug=0
# Update for 26.4.6: The strict_build_flags FTBFS on armv7hl and i686; fails to find check.h on RHEL
# Update for 26.4.7: The strict_build_flags FTBFS ppc64le, failing tests
%ifarch i686 ppc64le
scons-3 %{?_smp_mflags} strict_build_flags=0
%else
scons-3 %{?_smp_mflags} strict_build_flags=1
%endif
%install %install
%cmake_install
# PATCH 1:
# Change the Systemd service name from "garb" to "garbd"
#
# The Galera upstream uses name "garb" for the service while providing "garbd" alias
# Fedora downstream packaging historically used "garbd" name for the service.
#
# Let's stick with the Fedora legacy naming, AND provide an alias to the Galera upstream name
mv %{buildroot}/usr/share/doc/galera/garb.service %{buildroot}/usr/share/doc/galera/garbd.service
sed -i 's/Alias=garbd.service/Alias=garb.service/g' %{buildroot}/usr/share/doc/galera/garbd.service
# PATCH 2:
# Fix the hardcoded paths
# In the Systemd service file:
sed -i 's;/usr/bin/garb-systemd;/usr/sbin/garb-systemd;g' %{buildroot}/usr/share/doc/galera/garbd.service
# In the wrapper script:
sed -i 's;/usr/bin/garbd;/usr/sbin/garbd;g' %{buildroot}/usr/share/doc/galera/garb-systemd
# PATCH 4:
# Use a dedicated user for the Systemd service
# To fix an security issue reported by Systemd:
#
## systemd[1]: /usr/lib/systemd/system/garb.service:14: Special user nobody configured, this is not safe!
## Subject: Special user nobody configured, this is not safe!
## Defined-By: systemd
## Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
## Documentation: https://systemd.io/UIDS-GIDS
##
## The unit garb.service is configured to use User=nobody.
##
## This is not safe. The nobody user's main purpose on Linux-based
## operating systems is to be the owner of files that otherwise cannot be mapped
## to any local user. It's used by the NFS client and Linux user namespacing,
## among others. By running a unit's processes under the identity of this user
## they might possibly get read and even write access to such files that cannot
## otherwise be mapped.
##
## It is strongly recommended to avoid running services under this user identity,
## in particular on systems using NFS or running containers. Allocate a user ID
## specific to this service, either statically via systemd-sysusers or dynamically
## via the DynamicUser= service setting.
sed -i 's/User=nobody/User=garb/g' %{buildroot}/usr/share/doc/galera/garbd.service
# Install old service and wrapper to maintain compatibility
install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/garbd.service install -D -m 644 %{SOURCE1} %{buildroot}%{_unitdir}/garbd.service
install -D -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/garbd-wrapper install -D -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/garbd-wrapper
install -D -m 755 garb/garbd %{buildroot}%{_sbindir}/garbd
install -D -m 755 libgalera_smm.so %{buildroot}%{_libdir}/galera/libgalera_smm.so
install -D -m 644 garb/files/garb.cnf %{buildroot}%{_sysconfdir}/sysconfig/garb
install -D -m 644 COPYING %{buildroot}%{_docdir}/galera/COPYING
install -D -m 644 asio/LICENSE_1_0.txt %{buildroot}%{_docdir}/galera/LICENSE.asio
install -D -m 644 scripts/packages/README %{buildroot}%{_docdir}/galera/README
install -D -m 644 scripts/packages/README-MySQL %{buildroot}%{_docdir}/galera/README-MySQL
%check
%ctest
%pre
/usr/sbin/useradd -M -r -d /dev/null -s /sbin/nologin -c "Galera Arbitrator Daemon" garb >/dev/null 2>&1 || :
%post %post
/sbin/ldconfig /sbin/ldconfig
%systemd_post garbd.service %systemd_post garbd.service
@ -81,19 +130,51 @@ install -D -m 644 scripts/packages/README-MySQL %{buildroot}%{_docdir}/galera/RE
%files %files
%config(noreplace,missingok) %{_sysconfdir}/sysconfig/garb %config(noreplace,missingok) %{_sysconfdir}/sysconfig/garb
%dir %{_docdir}/galera %dir %{_docdir}/galera
%dir %{_libdir}/galera %dir %{_libdir}/galera
%{_sbindir}/garbd %{_sbindir}/garbd
%{_sbindir}/garbd-wrapper %{_sbindir}/garbd-wrapper
# PATCH 3:
# Make sure the wrapper script is executable
%attr(755, -, -) %{_docdir}/galera/garb-systemd
%{_mandir}/man8/garbd.8*
%{_unitdir}/garbd.service %{_unitdir}/garbd.service
%{_docdir}/galera/garbd.service
%{_libdir}/galera/libgalera_smm.so %{_libdir}/galera/libgalera_smm.so
%doc %{_docdir}/galera/AUTHORS
%doc %{_docdir}/galera/COPYING %doc %{_docdir}/galera/COPYING
%doc %{_docdir}/galera/LICENSE.asio %doc %{_docdir}/galera/LICENSE.asio
%doc %{_docdir}/galera/README %doc %{_docdir}/galera/README
%doc %{_docdir}/galera/README-MySQL #%doc %{_docdir}/galera/README-MySQL
%changelog %changelog
* Sun Feb 20 2022 Michal Schorm <mschorm@redhat.com> - 26.4.11-1
- Rebase to 26.4.11
* Fri Jan 28 2022 Lukas Javorsky <ljavorsk@redhat.com> - 26.4.9-4
- Use downstream garbd-wrapper and garbd.service to ensure compatibility
- Add upstream versions of garbd-wrapper (called garbd-systemd) and garbd.service
in case user want's to use them
* Wed Jan 19 2022 Lukas Javorsky <ljavorsk@redhat.com> - 26.4.9-3
- Explicitly require the 'procps-ng' package
- Otherwise it will not require it in the lightweight systems (e.g. containers)
- and Galera won't work properly
* Wed Jan 19 2022 Michal Schorm <mschorm@redhat.com> - 26.4.9-2
- Switch from SCONS build tooling to CMAKE build tooling
* Wed Jan 19 2022 Lukas Javorsky <ljavorsk@redhat.com> - 26.4.9-1
- Rebase to 26.4.9
* Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 26.4.7-1 * Mon Mar 22 2021 Michal Schorm <mschorm@redhat.com> - 26.4.7-1
- Rebase to 26.4.7 - Rebase to 26.4.7

View File

@ -1 +1 @@
SHA512 (galera-26.4.7.tar.gz) = 6c5016aca151c4560db65bed309d8381080546030f003a5aa1177d68685eabbce44dfc2551db8756206831a898659b26d0904a48336b8ba22c0106260577543e SHA512 (galera-26.4.11.tar.gz) = 7f8f6c6633ca3cc782ec5e874303bf9e5343bffb0da5bbda50417750a1d22b4540bfaa2339a75c506214b7aa5ecc253fa4888c2e8e532751d4e904ca50001ecf