rpms/pacemaker
6
0
Fork 0
Code Issues Pull Requests Releases Activity

1.1.16-1 - Update for new upstream tarball: Pacemaker-1.1.16,

Browse Source 
... for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.16

- Adapt spec file more akin to upstream version including:
  . clarify licensing, especially for -doc (f01f734)
  . fix pacemaker-remote upgrade (779e0e3)
  . require python >= 2.6 (31ef7f0)
  . older libqb is sufficient (based on 30fe1ce)
  . remove openssl-devel and libselinux-devel as BRs (2e05c17)
  . make systemd BR pkgconfig-driven (6285924)
  . defines instead of some globals + error suppression (625d427)

- Rectify -nagios-plugins-metadata declared license and install
  also respective license text
This commit is contained in:
Jan Pokorný 2016-12-02 20:36:37 +01:00
parent 1dd7338b33
commit 518aa2062f
No known key found for this signature in database
GPG Key ID: 61BBB23A9E8F8DE2
6 changed files with 187 additions and 2023 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

535
001-makefile-cleanup.patch
View File

@ -1,535 +0,0 @@
From d720014c2cf7ff00004b64ca9cf817ffc00e6ffb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Fri, 10 Jun 2016 15:00:03 +0200
Subject: [PATCH 1/5] Build: Makefile.common to define MAINTAINERCLEANFILES +
AM_CPPFLAGS
Fallout after 89fba95.
---
attrd/Makefile.am | 5 +----
lib/cib/Makefile.am | 5 +----
lib/cluster/Makefile.am | 5 +----
lib/common/Makefile.am | 8 +++-----
lib/fencing/Makefile.am | 6 +-----
lib/lrmd/Makefile.am | 8 +-------
lib/pengine/Makefile.am | 5 +----
lib/transition/Makefile.am | 5 +----
lrmd/Makefile.am | 1 -
9 files changed, 10 insertions(+), 38 deletions(-)
diff --git a/attrd/Makefile.am b/attrd/Makefile.am
index 9d5e223..0c5d456 100644
--- a/attrd/Makefile.am
+++ b/attrd/Makefile.am
@@ -15,10 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl
+include $(top_srcdir)/Makefile.common
halibdir = $(CRM_DAEMON_DIR)
halib_PROGRAMS = attrd
diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am
index 1ebd7b0..687b9f3 100644
--- a/lib/cib/Makefile.am
+++ b/lib/cib/Makefile.am
@@ -15,10 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl
+include $(top_srcdir)/Makefile.common
## libraries
lib_LTLIBRARIES = libcib.la
diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am
index 5b6f3f7..f5f40bc 100644
--- a/lib/cluster/Makefile.am
+++ b/lib/cluster/Makefile.am
@@ -15,10 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl
+include $(top_srcdir)/Makefile.common
headerdir=$(pkgincludedir)/crm/cluster
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
index 8ef08db..7ae1dc8 100644
--- a/lib/common/Makefile.am
+++ b/lib/common/Makefile.am
@@ -15,12 +15,10 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
+include $(top_srcdir)/Makefile.common
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \
- -I$(top_builddir)/lib/gnu -I$(top_srcdir)/lib/gnu \
- -DSBINDIR=\"$(sbindir)\"
+AM_CPPFLAGS += -I$(top_builddir)/lib/gnu -I$(top_srcdir)/lib/gnu \
+ -DSBINDIR=\"$(sbindir)\"
## libraries
lib_LTLIBRARIES = libcrmcommon.la
diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am
index 3320466..aa57ba5 100644
--- a/lib/fencing/Makefile.am
+++ b/lib/fencing/Makefile.am
@@ -16,11 +16,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \
- -I$(top_builddir) -I$(top_srcdir)
+include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = libstonithd.la
diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am
index d5ae2f4..8c76a78 100644
--- a/lib/lrmd/Makefile.am
+++ b/lib/lrmd/Makefile.am
@@ -14,13 +14,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
-#
-
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \
- -I$(top_builddir) -I$(top_srcdir)
+include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = liblrmd.la
diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am
index b9191d5..4544377 100644
--- a/lib/pengine/Makefile.am
+++ b/lib/pengine/Makefile.am
@@ -15,10 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl
+include $(top_srcdir)/Makefile.common
## libraries
lib_LTLIBRARIES = libpe_rules.la libpe_status.la
diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am
index 4447f1b..6cc9bca 100644
--- a/lib/transition/Makefile.am
+++ b/lib/transition/Makefile.am
@@ -15,10 +15,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
-MAINTAINERCLEANFILES = Makefile.in
-
-AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \
- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl
+include $(top_srcdir)/Makefile.common
## libraries
lib_LTLIBRARIES = libtransitioner.la
diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am
index a8fb07a..556d48a 100644
--- a/lrmd/Makefile.am
+++ b/lrmd/Makefile.am
@@ -14,7 +14,6 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
-
include $(top_srcdir)/Makefile.common
testdir = $(datadir)/$(PACKAGE)/tests/lrmd
--
1.8.3.1
From bfad92c9e23f3bf7a73e86017eed46ba7fd63c12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Fri, 10 Jun 2016 17:38:46 +0200
Subject: [PATCH 2/5] Build: Makefile.am files: drop extraneous variables +
targets
- empty variables
- non-fitting .PHONY definitions
- unemployed install-exec-local + uninstall-local target pairs (per file)
- AM_CFLAGS unnecessarily initialized with current AM_CPPFLAGS value
- empty header_HEADERS variable + superfluous headerdir definition
---
Makefile.am | 2 --
attrd/Makefile.am | 8 --------
fencing/Makefile.am | 2 --
include/crm/Makefile.am | 1 -
include/crm/fencing/Makefile.am | 3 ---
lib/cib/Makefile.am | 5 -----
lib/cluster/Makefile.am | 8 --------
lib/common/Makefile.am | 4 ----
lib/fencing/Makefile.am | 2 --
lib/lrmd/Makefile.am | 3 ---
lib/pengine/Makefile.am | 4 ----
lib/services/Makefile.am | 2 --
lib/transition/Makefile.am | 5 -----
tools/Makefile.am | 11 -----------
14 files changed, 60 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 0edf0c9..5d1a689 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -73,5 +73,3 @@ dist-clean-local:
maintainer-clean-local:
rm -f libltdl.tar
-
-.PHONY: rpm pkg handy handy-copy
diff --git a/attrd/Makefile.am b/attrd/Makefile.am
index 0c5d456..9a841e5 100644
--- a/attrd/Makefile.am
+++ b/attrd/Makefile.am
@@ -21,8 +21,6 @@ halibdir = $(CRM_DAEMON_DIR)
halib_PROGRAMS = attrd
## SOURCES
-noinst_HEADERS =
-
attrd_SOURCES =
attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
$(top_builddir)/lib/common/libcrmcommon.la \
@@ -37,9 +35,3 @@ endif
clean-generic:
rm -f *.log *.debug *.xml *~
-
-install-exec-local:
-
-uninstall-local:
-
-.PHONY: install-exec-hook
diff --git a/fencing/Makefile.am b/fencing/Makefile.am
index 383c217..bef6e6e 100644
--- a/fencing/Makefile.am
+++ b/fencing/Makefile.am
@@ -17,8 +17,6 @@
#
include $(top_srcdir)/Makefile.common
-SUBDIRS =
-
## binary progs
testdir = $(datadir)/$(PACKAGE)/tests/fencing
test_SCRIPTS = regression.py
diff --git a/include/crm/Makefile.am b/include/crm/Makefile.am
index ef96011..bdb627c 100644
--- a/include/crm/Makefile.am
+++ b/include/crm/Makefile.am
@@ -19,7 +19,6 @@ MAINTAINERCLEANFILES = Makefile.in
headerdir=$(pkgincludedir)/crm
-noinst_HEADERS =
header_HEADERS = crm.h cib.h attrd.h msg_xml.h transition.h stonith-ng.h cluster.h lrmd.h services.h error.h compatibility.h
SUBDIRS = common pengine cib fencing cluster
diff --git a/include/crm/fencing/Makefile.am b/include/crm/fencing/Makefile.am
index f85c842..57a787b 100644
--- a/include/crm/fencing/Makefile.am
+++ b/include/crm/fencing/Makefile.am
@@ -17,7 +17,4 @@
#
MAINTAINERCLEANFILES = Makefile.in
-headerdir=$(pkgincludedir)/crm/fencing
-
noinst_HEADERS = internal.h
-header_HEADERS =
diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am
index 687b9f3..07bf261 100644
--- a/lib/cib/Makefile.am
+++ b/lib/cib/Makefile.am
@@ -21,7 +21,6 @@ include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = libcib.la
## SOURCES
-noinst_HEADERS =
libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c
libcib_la_SOURCES += cib_file.c cib_remote.c
@@ -31,7 +30,3 @@ libcib_la_CFLAGS = -I$(top_srcdir)
clean-generic:
rm -f *.log *.debug *.xml *~
-
-install-exec-local:
-
-uninstall-local:
diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am
index f5f40bc..dcc1fbd 100644
--- a/lib/cluster/Makefile.am
+++ b/lib/cluster/Makefile.am
@@ -17,10 +17,6 @@
#
include $(top_srcdir)/Makefile.common
-headerdir=$(pkgincludedir)/crm/cluster
-
-header_HEADERS =
-
## libraries
lib_LTLIBRARIES = libcrmcluster.la
@@ -45,7 +41,3 @@ endif
clean-generic:
rm -f *.log *.debug *.xml *~
-
-install-exec-local:
-
-uninstall-local:
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
index 7ae1dc8..111628f 100644
--- a/lib/common/Makefile.am
+++ b/lib/common/Makefile.am
@@ -44,7 +44,3 @@ libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c
clean-generic:
rm -f *.log *.debug *.xml *~
-
-install-exec-local:
-
-uninstall-local:
diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am
index aa57ba5..a9f9874 100644
--- a/lib/fencing/Makefile.am
+++ b/lib/fencing/Makefile.am
@@ -23,5 +23,3 @@ lib_LTLIBRARIES = libstonithd.la
libstonithd_la_SOURCES = st_client.c
libstonithd_la_LDFLAGS = -version-info 4:1:2
libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
-
-AM_CFLAGS = $(AM_CPPFLAGS)
diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am
index 8c76a78..c23fef5 100644
--- a/lib/lrmd/Makefile.am
+++ b/lib/lrmd/Makefile.am
@@ -23,6 +23,3 @@ liblrmd_la_LDFLAGS = -version-info 4:0:3
liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/services/libcrmservice.la \
$(top_builddir)/lib/fencing/libstonithd.la
-
-
-AM_CFLAGS = $(AM_CPPFLAGS)
diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am
index 4544377..a0d19e5 100644
--- a/lib/pengine/Makefile.am
+++ b/lib/pengine/Makefile.am
@@ -34,7 +34,3 @@ libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.l
clean-generic:
rm -f *.log *.debug *~
-
-install-exec-local:
-
-uninstall-local:
diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am
index a9fe26d..2797b53 100644
--- a/lib/services/Makefile.am
+++ b/lib/services/Makefile.am
@@ -39,5 +39,3 @@ endif
if BUILD_SYSTEMD
libcrmservice_la_SOURCES += systemd.c
endif
-
-AM_CFLAGS = $(AM_CPPFLAGS)
diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am
index 6cc9bca..7bcfc1a 100644
--- a/lib/transition/Makefile.am
+++ b/lib/transition/Makefile.am
@@ -21,7 +21,6 @@ include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = libtransitioner.la
## SOURCES
-noinst_HEADERS =
libtransitioner_la_SOURCES = unpack.c graph.c utils.c
libtransitioner_la_LDFLAGS = -version-info 2:5:0
@@ -30,7 +29,3 @@ libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
clean-generic:
rm -f *~
-
-install-exec-local:
-
-uninstall-local:
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 555b1db..59ce743 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -26,9 +26,6 @@ COMMONLIBS = \
$(top_builddir)/lib/cib/libcib.la \
$(CURSESLIBS) $(CLUSTERLIBS)
-headerdir = $(pkgincludedir)/crm
-header_HEADERS =
-
pcmkdir = $(datadir)/$(PACKAGE)
pcmk_DATA = report.common report.collector
@@ -57,8 +54,6 @@ endif
## SOURCES
-noinst_HEADERS =
-
MAN8DEPS = crm_attribute crm_node
crmadmin_SOURCES = crmadmin.c
@@ -143,10 +138,4 @@ ipmiservicelogd_CFLAGS = $(OPENIPMI_SERVICELOG_CFLAGS) $(SERVICELOG_CFLAGS)
ipmiservicelogd_LDFLAGS = $(top_builddir)/lib/common/libcrmcommon.la $(OPENIPMI_SERVICELOG_LIBS) $(SERVICELOG_LIBS)
endif
-install-exec-local:
-
-uninstall-local:
-
-.PHONY: install-exec-hook
-
CLEANFILES = $(man8_MANS)
--
1.8.3.1
From 048efbf21a84568816b35522ed5f7b84f9ffdc41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Mon, 20 Jun 2016 15:10:34 +0200
Subject: [PATCH 3/5] Build: drop superfluous libcrmcluster_la_DEPENDENCIES var
---
lib/cluster/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am
index dcc1fbd..ffa2a73 100644
--- a/lib/cluster/Makefile.am
+++ b/lib/cluster/Makefile.am
@@ -23,7 +23,6 @@ lib_LTLIBRARIES = libcrmcluster.la
libcrmcluster_la_SOURCES = election.c cluster.c membership.c
libcrmcluster_la_LDFLAGS = -version-info 6:0:2
libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS)
-libcrmcluster_la_DEPENDENCIES = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la
if BUILD_CS_SUPPORT
libcrmcluster_la_SOURCES += cpg.c
--
1.8.3.1
From f5042bf76d048cb1fb77f9a60253cbf5a0ee9fc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Mon, 20 Jun 2016 21:09:00 +0200
Subject: [PATCH 4/5] Build: cib/Makefile.am: avoid second-guessing Libtool
Explicitly referring to location that is an implementation detail of
Libtool is not very reasonable and appears to be working regardless.
---
lib/cib/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am
index 07bf261..0c57eee 100644
--- a/lib/cib/Makefile.am
+++ b/lib/cib/Makefile.am
@@ -24,7 +24,7 @@ lib_LTLIBRARIES = libcib.la
libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c
libcib_la_SOURCES += cib_file.c cib_remote.c
-libcib_la_LDFLAGS = -version-info 5:1:1 -L$(top_builddir)/lib/pengine/.libs
+libcib_la_LDFLAGS = -version-info 5:1:1
libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la
libcib_la_CFLAGS = -I$(top_srcdir)
--
1.8.3.1
From 8a86b03d1dbb8bab4a38f39544c519a2e7e85136 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Fri, 10 Jun 2016 17:55:57 +0200
Subject: [PATCH 5/5] Build: Makefile.am f.: move/drop comments to reflect
previous commits
* "# lex/yacc issues":
- introduced with 800b0c3 ("CFLAGS = $(CFLAGS_COPY:-Werror=)")
- comment + the statement got separated as of ae6fb13
* "# utils.h pengine.h"
- introduced with a4d9634
- became superfluous as of ef1f2e2
---
fencing/Makefile.am | 4 +---
pengine/Makefile.am | 2 +-
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/fencing/Makefile.am b/fencing/Makefile.am
index bef6e6e..79fe2ed 100644
--- a/fencing/Makefile.am
+++ b/fencing/Makefile.am
@@ -56,9 +56,6 @@ BUILT_SOURCES = standalone_config.h
stonithd_SOURCES += standalone_config.c config.y config.l
stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c
-
-# lex/yacc issues:
-
endif
stonithd_YFLAGS = -d
@@ -69,6 +66,7 @@ stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/pengine/libpengine.la \
$(CRYPTOLIB) $(CLUSTERLIBS)
+# lex/yacc issues:
CFLAGS = $(CFLAGS_COPY:-Werror=)
CLEANFILES = $(man7_MANS) $(man8_MANS)
diff --git a/pengine/Makefile.am b/pengine/Makefile.am
index 172a86b..170b728 100644
--- a/pengine/Makefile.am
+++ b/pengine/Makefile.am
@@ -58,8 +58,8 @@ man7_MANS = pengine.7
endif
## SOURCES
+
noinst_HEADERS = allocate.h utils.h pengine.h
-#utils.h pengine.h
libpengine_la_LDFLAGS = -version-info 11:0:1
# -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version
--
1.8.3.1

678
002-build-cleanup.patch
View File

@ -1,678 +0,0 @@
From f4305372f80faafb5a1856f68b06c4dd87f8f521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Fri, 17 Jun 2016 21:47:34 +0200
Subject: [PATCH 1/3] Build: drop acinclude.m4 never ever used by pacemaker
proper
It was rather used by the management tool being part of heartbeat
project -- pacemaker's precursor -- hence the shared codebase that
just wasn't split carefully.
[note that hearbeat also mistakenly carries that file along while
the reason disappeared as of:
http://hg.linux-ha.org/heartbeat-STABLE_3_0/rev/cf17a3d4167b#l1.39]
---
acinclude.m4 | 39 ---------------------------------------
1 file changed, 39 deletions(-)
delete mode 100644 acinclude.m4
diff --git a/acinclude.m4 b/acinclude.m4
deleted file mode 100644
index fa8fef2..0000000
--- a/acinclude.m4
+++ /dev/null
@@ -1,39 +0,0 @@
-dnl
-dnl local autoconf/automake macros needed for heartbeat
-dnl Started by David Lee <t.d.lee@durham.ac.uk> February 2006
-dnl
-dnl License: GNU General Public License (GPL)
-
-
-dnl AM_CHECK_PYTHON_HEADERS: Find location of python include files.
-dnl Taken from:
-dnl http://source.macgimp.org/
-dnl which is GPL and is attributed to James Henstridge.
-dnl
-dnl AM_CHECK_PYTHON_HEADERS([ACTION-IF-POSSIBLE], [ACTION-IF-NOT-POSSIBLE])
-dnl Imports:
-dnl $PYTHON
-dnl Exports:
-dnl PYTHON_INCLUDES
-
-AC_DEFUN([AM_CHECK_PYTHON_HEADERS],
-[AC_REQUIRE([AM_PATH_PYTHON])
-AC_MSG_CHECKING(for headers required to compile python extensions)
-dnl deduce PYTHON_INCLUDES
-py_prefix=`$PYTHON -c "import sys; print sys.prefix"`
-py_exec_prefix=`$PYTHON -c "import sys; print sys.exec_prefix"`
-PYTHON_INCLUDES="-I${py_prefix}/include/python${PYTHON_VERSION}"
-if test "$py_prefix" != "$py_exec_prefix"; then
- PYTHON_INCLUDES="$PYTHON_INCLUDES -I${py_exec_prefix}/include/python${PYTHON_VERSION}"
-fi
-AC_SUBST(PYTHON_INCLUDES)
-dnl check if the headers exist:
-save_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES"
-AC_TRY_CPP([#include <Python.h>],dnl
-[AC_MSG_RESULT(found)
-$1],dnl
-[AC_MSG_RESULT(not found)
-$2])
-CPPFLAGS="$save_CPPFLAGS"
-])
--
1.8.3.1
From 4e0d5c81dae95be2bd3598d2f0dd639b64e5486a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Fri, 17 Jun 2016 22:59:42 +0200
Subject: [PATCH 2/3] Build: configure.ac: drop unused CC_ERRORS, move
CC_EXTRAS
... so as not to delimit the comment and respective code with unrelated
stuff.
---
configure.ac | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1a393fc..c5b30dc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1703,10 +1703,6 @@ dnl not have CFLAGS in their environment then this should have
dnl no effect. However if CFLAGS was exported from the user's
dnl environment, then the new CFLAGS will also be exported
dnl to sub processes.
-
-CC_ERRORS=""
-CC_EXTRAS=""
-
if export | fgrep " CFLAGS=" > /dev/null; then
SAVED_CFLAGS="$CFLAGS"
unset CFLAGS
@@ -1714,6 +1710,8 @@ if export | fgrep " CFLAGS=" > /dev/null; then
unset SAVED_CFLAGS
fi
+CC_EXTRAS=""
+
if test "$GCC" != yes; then
CFLAGS="$CFLAGS -g"
enable_fatal_warnings=no
--
1.8.3.1
From 9632cd73b758dd4d41c2dbf2b9f10679cc3ee1a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Tue, 21 Jun 2016 19:05:52 +0200
Subject: [PATCH 3/3] Refactor: sanitizing touch on makefiles about to receive
hardening
* whitespace cleanup
* internally provided -D... and -I... switches belong to CPPFLAGS rather
than CFLAGS
* use a following order of the per-target flags:
- CPPFLAGS
- YFLAGS
- CFLAGS
- LDFLAGS
- LDADD/LIBADD
- SOURCES
This is in part to reflect common conditional inclusion of additional
sources (which should preferably immediately follow the main SOURCES
definition) sometimes connected with extending other flags as well.
---
attrd/Makefile.am | 12 ++++++------
cib/Makefile.am | 18 +++++++++---------
crmd/Makefile.am | 31 +++++++++++++++----------------
fencing/Makefile.am | 30 ++++++++++++++++--------------
lib/cib/Makefile.am | 9 +++++----
lib/cluster/Makefile.am | 3 +--
lib/common/Makefile.am | 8 ++++----
lib/fencing/Makefile.am | 8 ++++----
lib/lrmd/Makefile.am | 10 +++++-----
lib/pengine/Makefile.am | 12 ++++++------
lib/services/Makefile.am | 24 ++++++++++++------------
lib/transition/Makefile.am | 9 +++++----
lrmd/Makefile.am | 46 ++++++++++++++++++++++------------------------
mcp/Makefile.am | 4 ++--
pengine/Makefile.am | 16 +++++++---------
15 files changed, 119 insertions(+), 121 deletions(-)
diff --git a/attrd/Makefile.am b/attrd/Makefile.am
index 9a841e5..a116e0e 100644
--- a/attrd/Makefile.am
+++ b/attrd/Makefile.am
@@ -17,16 +17,16 @@
#
include $(top_srcdir)/Makefile.common
-halibdir = $(CRM_DAEMON_DIR)
-halib_PROGRAMS = attrd
+halibdir = $(CRM_DAEMON_DIR)
+halib_PROGRAMS = attrd
## SOURCES
-attrd_SOURCES =
-attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
- $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/cib/libcib.la \
+attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
+ $(top_builddir)/lib/common/libcrmcommon.la \
+ $(top_builddir)/lib/cib/libcib.la \
$(CLUSTERLIBS)
+attrd_SOURCES =
if BUILD_ATOMIC_ATTRD
attrd_SOURCES += main.c commands.c
else
diff --git a/cib/Makefile.am b/cib/Makefile.am
index 8508223..fcb8ce9 100644
--- a/cib/Makefile.am
+++ b/cib/Makefile.am
@@ -23,23 +23,23 @@ hadir = $(sysconfdir)/ha.d
halibdir = $(CRM_DAEMON_DIR)
commmoddir = $(halibdir)/modules/comm
-COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/cib/libcib.la
+COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \
+ $(top_builddir)/lib/cib/libcib.la
## binary progs
halib_PROGRAMS = cib cibmon
## SOURCES
-noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h
+noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h
-cib_SOURCES = io.c messages.c notify.c \
- callbacks.c main.c remote.c common.c
+cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
+ $(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS)
-cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
- $(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS)
+cib_SOURCES = io.c messages.c notify.c \
+ callbacks.c main.c remote.c common.c
-cibmon_SOURCES = cibmon.c
-cibmon_LDADD = $(COMMONLIBS)
+cibmon_LDADD = $(COMMONLIBS)
+cibmon_SOURCES = cibmon.c
clean-generic:
rm -f *.log *.debug *.xml *~
diff --git a/crmd/Makefile.am b/crmd/Makefile.am
index c28da0b..979e266 100644
--- a/crmd/Makefile.am
+++ b/crmd/Makefile.am
@@ -24,20 +24,10 @@ halib_PROGRAMS = crmd
## SOURCES
-noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \
- fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \
+noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \
+ fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \
crmd_lrm.h te_callbacks.h tengine.h
-crmd_SOURCES = main.c crmd.c corosync.c notify.c \
- fsa.c control.c messages.c membership.c callbacks.c \
- election.c join_client.c join_dc.c subsystems.c throttle.c \
- cib.c pengine.c tengine.c lrm.c lrm_state.c remote_lrmd_ra.c \
- utils.c misc.c te_events.c te_actions.c te_utils.c te_callbacks.c
-
-if BUILD_HEARTBEAT_SUPPORT
-crmd_SOURCES += heartbeat.c
-endif
-
crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \
$(top_builddir)/lib/transition/libtransitioner.la \
$(top_builddir)/lib/pengine/libpe_rules.la \
@@ -45,19 +35,28 @@ crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \
$(top_builddir)/lib/cluster/libcrmcluster.la \
$(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/services/libcrmservice.la \
- $(top_builddir)/lib/lrmd/liblrmd.la \
+ $(top_builddir)/lib/lrmd/liblrmd.la \
$(CLUSTERLIBS)
+crmd_SOURCES = main.c crmd.c corosync.c notify.c \
+ fsa.c control.c messages.c membership.c callbacks.c \
+ election.c join_client.c join_dc.c subsystems.c throttle.c \
+ cib.c pengine.c tengine.c lrm.c lrm_state.c remote_lrmd_ra.c \
+ utils.c misc.c te_events.c te_actions.c te_utils.c te_callbacks.c
+if BUILD_HEARTBEAT_SUPPORT
+crmd_SOURCES += heartbeat.c
+endif
+
if BUILD_XML_HELP
-man7_MANS = crmd.7
+man7_MANS = crmd.7
endif
-graphs: fsa_inputs.png fsa_inputs_by_action.png fsa_actions_by_state.png
+graphs: fsa_inputs.png fsa_inputs_by_action.png fsa_actions_by_state.png
%.png: %.dot
dot -Tpng $< > $@
-%.dot : fsa_matrix.h make_dot.pl
+%.dot: fsa_matrix.h make_dot.pl
perl $(top_srcdir)/crmd/make_dot.pl $(top_srcdir)/crmd/fsa_matrix.h $(top_builddir)/crmd
CLEANFILES = $(man7_MANS)
diff --git a/fencing/Makefile.am b/fencing/Makefile.am
index 79fe2ed..1d591fc 100644
--- a/fencing/Makefile.am
+++ b/fencing/Makefile.am
@@ -24,13 +24,13 @@ test_SCRIPTS = regression.py
halibdir = $(CRM_DAEMON_DIR)
halib_PROGRAMS = stonithd stonith-test
-sbin_PROGRAMS = stonith_admin
-sbin_SCRIPTS = fence_legacy fence_pcmk
+sbin_PROGRAMS = stonith_admin
+sbin_SCRIPTS = fence_legacy fence_pcmk
-noinst_HEADERS = internal.h
+noinst_HEADERS = internal.h
if BUILD_XML_HELP
-man7_MANS = stonithd.7
+man7_MANS = stonithd.7
endif
stonith_test_SOURCES = test.c
@@ -49,23 +49,25 @@ stonith_admin_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/fencing/libstonithd.la \
$(CRYPTOLIB) $(CLUSTERLIBS)
-stonithd_CFLAGS = -I$(top_srcdir)/pengine
-stonithd_SOURCES = main.c commands.c remote.c
-if BUILD_STONITH_CONFIG
-BUILT_SOURCES = standalone_config.h
-
-stonithd_SOURCES += standalone_config.c config.y config.l
-stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c
-endif
-stonithd_YFLAGS = -d
+stonithd_CPPFLAGS = -I$(top_srcdir)/pengine $(AM_CPPFLAGS)
+stonithd_YFLAGS = -d
stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/cluster/libcrmcluster.la \
$(top_builddir)/lib/fencing/libstonithd.la \
$(top_builddir)/lib/pengine/libpe_status.la \
- $(top_builddir)/pengine/libpengine.la \
+ $(top_builddir)/pengine/libpengine.la \
$(CRYPTOLIB) $(CLUSTERLIBS)
+stonithd_SOURCES = main.c commands.c remote.c
+
+if BUILD_STONITH_CONFIG
+BUILT_SOURCES = standalone_config.h
+
+stonithd_SOURCES += standalone_config.c config.y config.l
+stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c
+endif
+
# lex/yacc issues:
CFLAGS = $(CFLAGS_COPY:-Werror=)
diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am
index 0c57eee..e414a7f 100644
--- a/lib/cib/Makefile.am
+++ b/lib/cib/Makefile.am
@@ -18,15 +18,16 @@
include $(top_srcdir)/Makefile.common
## libraries
-lib_LTLIBRARIES = libcib.la
+lib_LTLIBRARIES = libcib.la
## SOURCES
libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c
-libcib_la_SOURCES += cib_file.c cib_remote.c
+libcib_la_SOURCES += cib_file.c cib_remote.c
libcib_la_LDFLAGS = -version-info 5:1:1
-libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la
-libcib_la_CFLAGS = -I$(top_srcdir)
+libcib_la_CPPFLAGS = -I$(top_srcdir) $(AM_CPPFLAGS)
+
+libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la
clean-generic:
rm -f *.log *.debug *.xml *~
diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am
index ffa2a73..06d7066 100644
--- a/lib/cluster/Makefile.am
+++ b/lib/cluster/Makefile.am
@@ -20,10 +20,10 @@ include $(top_srcdir)/Makefile.common
## libraries
lib_LTLIBRARIES = libcrmcluster.la
-libcrmcluster_la_SOURCES = election.c cluster.c membership.c
libcrmcluster_la_LDFLAGS = -version-info 6:0:2
libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS)
+libcrmcluster_la_SOURCES = election.c cluster.c membership.c
if BUILD_CS_SUPPORT
libcrmcluster_la_SOURCES += cpg.c
if BUILD_CS_PLUGIN
@@ -32,7 +32,6 @@ else
libcrmcluster_la_SOURCES += corosync.c
endif
endif
-
if BUILD_HEARTBEAT_SUPPORT
libcrmcluster_la_SOURCES += heartbeat.c
#libcrmcluster_la_LIBADD += -ldl
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
index 111628f..7550ec1 100644
--- a/lib/common/Makefile.am
+++ b/lib/common/Makefile.am
@@ -31,16 +31,16 @@ lib_LTLIBRARIES = libcrmcommon.la
CFLAGS = $(CFLAGS_COPY:-Wcast-qual=) -fPIC
+libcrmcommon_la_LDFLAGS = -version-info 9:0:6
+libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm
+
libcrmcommon_la_SOURCES = compat.c digest.c ipc.c io.c procfs.c utils.c xml.c \
iso8601.c remote.c mainloop.c logging.c watchdog.c \
xpath.c
if BUILD_CIBSECRETS
libcrmcommon_la_SOURCES += cib_secrets.c
endif
-
-libcrmcommon_la_LDFLAGS = -version-info 9:0:6
-libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm
-libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c
+libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c
clean-generic:
rm -f *.log *.debug *.xml *~
diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am
index a9f9874..85ae40a 100644
--- a/lib/fencing/Makefile.am
+++ b/lib/fencing/Makefile.am
@@ -18,8 +18,8 @@
#
include $(top_srcdir)/Makefile.common
-lib_LTLIBRARIES = libstonithd.la
+lib_LTLIBRARIES = libstonithd.la
-libstonithd_la_SOURCES = st_client.c
-libstonithd_la_LDFLAGS = -version-info 4:1:2
-libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
+libstonithd_la_LDFLAGS = -version-info 4:1:2
+libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
+libstonithd_la_SOURCES = st_client.c
diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am
index c23fef5..25f3d55 100644
--- a/lib/lrmd/Makefile.am
+++ b/lib/lrmd/Makefile.am
@@ -16,10 +16,10 @@
#
include $(top_srcdir)/Makefile.common
-lib_LTLIBRARIES = liblrmd.la
+lib_LTLIBRARIES = liblrmd.la
-liblrmd_la_SOURCES = lrmd_client.c proxy_common.c
-liblrmd_la_LDFLAGS = -version-info 4:0:3
-liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/services/libcrmservice.la \
+liblrmd_la_LDFLAGS = -version-info 4:0:3
+liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \
+ $(top_builddir)/lib/services/libcrmservice.la \
$(top_builddir)/lib/fencing/libstonithd.la
+liblrmd_la_SOURCES = lrmd_client.c proxy_common.c
diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am
index a0d19e5..de760c3 100644
--- a/lib/pengine/Makefile.am
+++ b/lib/pengine/Makefile.am
@@ -18,19 +18,19 @@
include $(top_srcdir)/Makefile.common
## libraries
-lib_LTLIBRARIES = libpe_rules.la libpe_status.la
+lib_LTLIBRARIES = libpe_rules.la libpe_status.la
## SOURCES
-noinst_HEADERS = unpack.h variant.h
+noinst_HEADERS = unpack.h variant.h
libpe_rules_la_LDFLAGS = -version-info 2:6:0
-libpe_rules_la_SOURCES = rules.c common.c
libpe_rules_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
+libpe_rules_la_SOURCES = rules.c common.c
libpe_status_la_LDFLAGS = -version-info 11:0:1
-libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \
- group.c clone.c rules.c common.c remote.c
-libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la
+libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la
+libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \
+ group.c clone.c rules.c common.c remote.c
clean-generic:
rm -f *.log *.debug *~
diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am
index 2797b53..c789fbd 100644
--- a/lib/services/Makefile.am
+++ b/lib/services/Makefile.am
@@ -18,24 +18,24 @@
MAINTAINERCLEANFILES = Makefile.in
-AM_CPPFLAGS = -I$(top_builddir)/include
+AM_CPPFLAGS = -I$(top_builddir)/include
-lib_LTLIBRARIES = libcrmservice.la
-noinst_HEADERS = upstart.h systemd.h services_private.h
+lib_LTLIBRARIES = libcrmservice.la
+noinst_HEADERS = upstart.h systemd.h services_private.h
-libcrmservice_la_SOURCES = services.c services_linux.c
-libcrmservice_la_LDFLAGS = -version-info 4:1:1
-libcrmservice_la_CFLAGS = $(GIO_CFLAGS) -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\"
-libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS)
+libcrmservice_la_LDFLAGS = -version-info 4:1:1
+libcrmservice_la_CPPFLAGS = -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\" $(AM_CPPFLAGS)
+libcrmservice_la_CFLAGS = $(GIO_CFLAGS)
+libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS)
+
+libcrmservice_la_SOURCES = services.c services_linux.c
if BUILD_DBUS
-libcrmservice_la_SOURCES += dbus.c
+libcrmservice_la_SOURCES += dbus.c
endif
-
if BUILD_UPSTART
-libcrmservice_la_SOURCES += upstart.c
+libcrmservice_la_SOURCES += upstart.c
endif
-
if BUILD_SYSTEMD
-libcrmservice_la_SOURCES += systemd.c
+libcrmservice_la_SOURCES += systemd.c
endif
diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am
index 7bcfc1a..9bc039e 100644
--- a/lib/transition/Makefile.am
+++ b/lib/transition/Makefile.am
@@ -18,14 +18,15 @@
include $(top_srcdir)/Makefile.common
## libraries
-lib_LTLIBRARIES = libtransitioner.la
+lib_LTLIBRARIES = libtransitioner.la
## SOURCES
-libtransitioner_la_SOURCES = unpack.c graph.c utils.c
libtransitioner_la_LDFLAGS = -version-info 2:5:0
-libtransitioner_la_CFLAGS = -I$(top_builddir)
-libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
+libtransitioner_la_CPPFLAGS = -I$(top_builddir) $(AM_CPPFLAGS)
+
+libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
+libtransitioner_la_SOURCES = unpack.c graph.c utils.c
clean-generic:
rm -f *~
diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am
index 556d48a..64df105 100644
--- a/lrmd/Makefile.am
+++ b/lrmd/Makefile.am
@@ -19,45 +19,43 @@ include $(top_srcdir)/Makefile.common
testdir = $(datadir)/$(PACKAGE)/tests/lrmd
test_SCRIPTS = regression.py
-lrmdlibdir = $(CRM_DAEMON_DIR)
-lrmdlib_PROGRAMS = lrmd lrmd_test lrmd_internal_ctl
+lrmdlibdir = $(CRM_DAEMON_DIR)
+lrmdlib_PROGRAMS = lrmd lrmd_test lrmd_internal_ctl
-initdir = $(INITDIR)
-init_SCRIPTS = pacemaker_remote
-sbin_PROGRAMS = pacemaker_remoted
+initdir = $(INITDIR)
+init_SCRIPTS = pacemaker_remote
+sbin_PROGRAMS = pacemaker_remoted
if BUILD_SYSTEMD
-systemdunit_DATA = pacemaker_remote.service
+systemdunit_DATA = pacemaker_remote.service
endif
-lrmd_SOURCES = main.c lrmd.c
lrmd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/services/libcrmservice.la \
- $(top_builddir)/lib/lrmd/liblrmd.la \
+ $(top_builddir)/lib/services/libcrmservice.la \
+ $(top_builddir)/lib/lrmd/liblrmd.la \
$(top_builddir)/lib/fencing/libstonithd.la ${COMPAT_LIBS}
+lrmd_SOURCES = main.c lrmd.c
+pacemaker_remoted_CPPFLAGS = -DSUPPORT_REMOTE $(AM_CPPFLAGS)
-pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c
-pacemaker_remoted_CFLAGS = -DSUPPORT_REMOTE
pacemaker_remoted_LDADD = $(lrmd_LDADD)
+pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c
-
+lrmd_internal_ctl_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
+ $(top_builddir)/lib/lrmd/liblrmd.la \
+ $(top_builddir)/lib/cib/libcib.la \
+ $(top_builddir)/lib/services/libcrmservice.la \
+ $(top_builddir)/lib/pengine/libpe_status.la \
+ $(top_builddir)/pengine/libpengine.la
lrmd_internal_ctl_SOURCES = remote_ctl.c
-lrmd_internal_ctl_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/lrmd/liblrmd.la \
- $(top_builddir)/lib/cib/libcib.la \
- $(top_builddir)/lib/services/libcrmservice.la \
- $(top_builddir)/lib/pengine/libpe_status.la \
- $(top_builddir)/pengine/libpengine.la
-
-lrmd_test_SOURCES = test.c
lrmd_test_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/lrmd/liblrmd.la \
- $(top_builddir)/lib/cib/libcib.la \
- $(top_builddir)/lib/services/libcrmservice.la \
- $(top_builddir)/lib/pengine/libpe_status.la \
+ $(top_builddir)/lib/lrmd/liblrmd.la \
+ $(top_builddir)/lib/cib/libcib.la \
+ $(top_builddir)/lib/services/libcrmservice.la \
+ $(top_builddir)/lib/pengine/libpe_status.la \
$(top_builddir)/pengine/libpengine.la
+lrmd_test_SOURCES = test.c
noinst_HEADERS = lrmd_private.h
diff --git a/mcp/Makefile.am b/mcp/Makefile.am
index 1b3720a..195530a 100644
--- a/mcp/Makefile.am
+++ b/mcp/Makefile.am
@@ -24,16 +24,16 @@ init_SCRIPTS = pacemaker
sbin_PROGRAMS = pacemakerd
if BUILD_SYSTEMD
-systemdunit_DATA = pacemaker.service
+systemdunit_DATA = pacemaker.service
endif
## SOURCES
noinst_HEADERS = pacemaker.h
-pacemakerd_SOURCES = pacemaker.c corosync.c
pacemakerd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la $(top_builddir)/lib/common/libcrmcommon.la
pacemakerd_LDADD += $(CLUSTERLIBS)
+pacemakerd_SOURCES = pacemaker.c corosync.c
endif
diff --git a/pengine/Makefile.am b/pengine/Makefile.am
index 170b728..96c914f 100644
--- a/pengine/Makefile.am
+++ b/pengine/Makefile.am
@@ -17,7 +17,7 @@
#
include $(top_srcdir)/Makefile.common
-AM_CPPFLAGS += -I$(top_builddir) -I$(top_srcdir)
+AM_CPPFLAGS += -I$(top_builddir) -I$(top_srcdir)
halibdir = $(CRM_DAEMON_DIR)
@@ -30,9 +30,8 @@ test_DATA = regression.core.sh
test10dir = $(datadir)/$(PACKAGE)/tests/pengine/test10
test10_DATA = $(PE_TESTS) $(PE_TESTS:%.scores=%.xml) $(PE_TESTS:%.scores=%.exp) $(PE_TESTS:%.scores=%.dot) $(PE_TESTS:%.scores=%.summary) $(wildcard test10/*.stderr)
-COMMONLIBS = \
- $(top_builddir)/lib/common/libcrmcommon.la \
- $(top_builddir)/lib/pengine/libpe_status.la \
+COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \
+ $(top_builddir)/lib/pengine/libpe_status.la \
libpengine.la $(CURSESLIBS) $(CLUSTERLIBS)
beekhof:
@@ -62,17 +61,16 @@ endif
noinst_HEADERS = allocate.h utils.h pengine.h
libpengine_la_LDFLAGS = -version-info 11:0:1
+libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \
+ $(top_builddir)/lib/cib/libcib.la
# -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version
libpengine_la_SOURCES = pengine.c allocate.c utils.c constraints.c
-libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c
+libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c
-libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \
- $(top_builddir)/lib/cib/libcib.la
-
-pengine_SOURCES = main.c
pengine_LDADD = $(top_builddir)/lib/cib/libcib.la $(COMMONLIBS)
# libcib for get_object_root()
# $(top_builddir)/lib/hbclient/libhbclient.la
+pengine_SOURCES = main.c
install-exec-local:
$(mkinstalldirs) $(DESTDIR)/$(PE_STATE_DIR)
--
1.8.3.1

603
003-harden-toolchain.patch
View File

@ -1,603 +0,0 @@
From 658fff9445711b8402029bc2916fccbc5d6fd8fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Tue, 21 Jun 2016 19:16:43 +0200
Subject: [PATCH 1/2] Feature: conditional hardening, especially for daemons +
libraries
So far the build system has not been concerned with run-time hardening
measures the typical toolchains provide (beside unconditional enforcing
of -fstack-protector-all). Hence make a step in that direction,
enabling following if available and anticipating more to come:
[$LD -z relro]
- daemons incl. libs
- make some parts of Global Offset Table (GOT) read-only
[$CC -fPIE + ld -pie]
- daemons
- benefit from Address Space Layout Randomization (ASLR) for code
areas
[$LD -z now]
- daemons incl. libs, only when the former two features are supported
- all symbols are resolved initially to that complete GOT is read-only
[$CC -fstack-protector-strong/-fstack-protector-all/-fstack-protector]
- universal
- extra run-time checks for buffer overflows
- NOTE:
in case -fstack-protector-strong is supported, this is effectively
a weakening of previously enforced -fstack-protector-all, but note
that this variant comes with not entirely negligible performance
penalty [1], making "strong" variant a reasonable tradeoff for
something that is not in the prime line of possible attacks
For details on how to instruct configure script to do the right
thing (for when the default won't cut it), see detailed comment
in configure.ac under "Hardening flags" section.
[1] http://nvlpubs.nist.gov/nistpubs/TechnicalNotes/NIST.TN.1860.pdf
---
acinclude.m4 | 25 +++++++++
attrd/Makefile.am | 3 +
cib/Makefile.am | 3 +
configure.ac | 135 +++++++++++++++++++++++++++++++++++++++++++--
crmd/Makefile.am | 3 +
fencing/Makefile.am | 3 +
lib/cib/Makefile.am | 3 +
lib/cluster/Makefile.am | 4 ++
lib/common/Makefile.am | 4 ++
lib/fencing/Makefile.am | 4 ++
lib/lrmd/Makefile.am | 4 ++
lib/pengine/Makefile.am | 8 +++
lib/services/Makefile.am | 3 +
lib/transition/Makefile.am | 3 +
lrmd/Makefile.am | 6 ++
mcp/Makefile.am | 3 +
pacemaker.spec.in | 17 ++++++
pengine/Makefile.am | 6 ++
18 files changed, 231 insertions(+), 6 deletions(-)
create mode 100644 acinclude.m4
diff --git a/acinclude.m4 b/acinclude.m4
new file mode 100644
index 0000000..ecaa1dd
--- /dev/null
+++ b/acinclude.m4
@@ -0,0 +1,25 @@
+dnl
+dnl local autoconf/automake macros for pacemaker
+dnl
+
+dnl Check if the flag is supported by linker (cacheable)
+dnl CC_CHECK_LDFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND])
+dnl
+dnl Origin (declared license: GPLv2+ with less restrictive exception):
+dnl https://git.gnome.org/browse/glib/tree/m4macros/attributes.m4?h=2.49.1
+dnl (AC_LANG_PROGRAM substituted by Jan Pokorny <jpokorny@redhat.com>)
+
+AC_DEFUN([CC_CHECK_LDFLAGS], [
+ AC_CACHE_CHECK([if $CC supports $1 flag],
+ AS_TR_SH([cc_cv_ldflags_$1]),
+ [ac_save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $1"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"],
+ [eval "AS_TR_SH([cc_cv_ldflags_$1])="])
+ LDFLAGS="$ac_save_LDFLAGS"
+ ])
+
+ AS_IF([eval test x$]AS_TR_SH([cc_cv_ldflags_$1])[ = xyes],
+ [$2], [$3])
+])
diff --git a/attrd/Makefile.am b/attrd/Makefile.am
index a116e0e..6eaaae2 100644
--- a/attrd/Makefile.am
+++ b/attrd/Makefile.am
@@ -21,6 +21,9 @@ halibdir = $(CRM_DAEMON_DIR)
halib_PROGRAMS = attrd
## SOURCES
+attrd_CFLAGS = $(CFLAGS_HARDENED_EXE)
+attrd_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
$(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/cib/libcib.la \
diff --git a/cib/Makefile.am b/cib/Makefile.am
index fcb8ce9..4273191 100644
--- a/cib/Makefile.am
+++ b/cib/Makefile.am
@@ -32,6 +32,9 @@ halib_PROGRAMS = cib cibmon
## SOURCES
noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h
+cib_CFLAGS = $(CFLAGS_HARDENED_EXE)
+cib_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \
$(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS)
diff --git a/configure.ac b/configure.ac
index c5b30dc..edf6a91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -196,6 +196,13 @@ AC_ARG_ENABLE([systemd],
[ --enable-systemd
Do not build support for the Systemd init system [default=yes]])
+AC_ARG_ENABLE(hardening,
+ [ --with-hardening
+ Harden the resulting executables/libraries (best effort by default)],
+ [ HARDENING="${enableval}" ],
+ [ HARDENING=try ],
+)
+
AC_ARG_WITH(ais,
[ --with-ais
Support the Corosync messaging and membership layer ],
@@ -1710,6 +1717,12 @@ if export | fgrep " CFLAGS=" > /dev/null; then
unset SAVED_CFLAGS
fi
+AC_ARG_VAR([CFLAGS_HARDENED_LIB], [extra C compiler flags for hardened libraries])
+AC_ARG_VAR([LDFLAGS_HARDENED_LIB], [extra linker flags for hardened libraries])
+
+AC_ARG_VAR([CFLAGS_HARDENED_EXE], [extra C compiler flags for hardened executables])
+AC_ARG_VAR([LDFLAGS_HARDENED_EXE], [extra linker flags for hardened executables])
+
CC_EXTRAS=""
if test "$GCC" != yes; then
@@ -1785,12 +1798,6 @@ dnl otherwise none of both
# Additional warnings it might be nice to enable one day
# -Wshadow
# -Wunreachable-code
- case "$host_os" in
- *solaris*) ;;
- *) EXTRA_FLAGS="$EXTRA_FLAGS
- -fstack-protector-all"
- ;;
- esac
for j in $EXTRA_FLAGS
do
if
@@ -1829,6 +1836,118 @@ dnl System specific options
AC_MSG_NOTICE(Activated additional gcc flags: ${CC_EXTRAS})
fi
+dnl
+dnl Hardening flags
+dnl
+dnl The prime control of whether to apply (targeted) hardening build flags and
+dnl which ones is --{enable,disable}-hardening option passed to ./configure:
+dnl
+dnl --enable-hardening=try (default):
+dnl depending on whether any of CFLAGS_HARDENED_EXE, LDFLAGS_HARDENED_EXE,
+dnl CFLAGS_HARDENED_LIB or LDFLAGS_HARDENED_LIB environment variables
+dnl (see below) is set and non-null, all these custom flags (even if not
+dnl set) are used as are, otherwise the best effort is made to offer
+dnl reasonably strong hardening in several categories (RELRO, PIE,
+dnl "bind now", stack protector) according to what the selected toolchain
+dnl can offer
+dnl
+dnl --enable-hardening:
+dnl same effect as --enable-hardening=try when the environment variables
+dnl in question are suppressed
+dnl
+dnl --disable-hardening:
+dnl do not apply any targeted hardening measures at all
+dnl
+dnl The user-injected environment variables that regulate the hardening in
+dnl default case are as follows:
+dnl
+dnl * CFLAGS_HARDENED_EXE, LDFLAGS_HARDENED_EXE
+dnl compiler and linker flags (respectively) for daemon programs
+dnl (attrd, cib, crmd, lrmd, stonithd, pacemakerd, pacemaker_remoted,
+dnl pengine)
+dnl
+dnl * CFLAGS_HARDENED_LIB, LDFLAGS_HARDENED_LIB
+dnl compiler and linker flags (respectively) for libraries linked
+dnl with the daemon programs
+dnl
+dnl Note that these are purposedly targeted variables (addressing particular
+dnl targets all over the scattered Makefiles) and have no effect outside of
+dnl the predestined scope (e.g., CLI utilities). For a global reach,
+dnl use CFLAGS, LDFLAGS, etc. as usual.
+dnl
+dnl For guidance on the suitable flags consult, for instance:
+dnl https://fedoraproject.org/wiki/Changes/Harden_All_Packages#Detailed_Harden_Flags_Description
+dnl https://owasp.org/index.php/C-Based_Toolchain_Hardening#GCC.2FBinutils
+dnl
+
+if test "x${HARDENING}" != "xtry"; then
+ unset CFLAGS_HARDENED_EXE
+ unset CFLAGS_HARDENED_LIB
+ unset LDFLAGS_HARDENED_EXE
+ unset LDFLAGS_HARDENED_LIB
+fi
+if test "x${HARDENING}" = "xno"; then
+ AC_MSG_NOTICE([Hardening: explicitly disabled])
+elif test "x${HARDENING}" = "xyes" \
+ || test "$(env | grep -Ec '^(C|LD)FLAGS_HARDENED_(EXE|LIB)=.')" = 0; then
+ dnl We'll figure out on our own...
+ CFLAGS_HARDENED_EXE=
+ CFLAGS_HARDENED_LIB=
+ LDFLAGS_HARDENED_EXE=
+ LDFLAGS_HARDENED_LIB=
+ relro=0
+ pie=0
+ bindnow=0
+ # daemons incl. libs: partial RELRO
+ flag="-Wl,-z,relro"
+ CC_CHECK_LDFLAGS(["${flag}"],
+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}";
+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}";
+ relro=1]
+ )
+ # daemons: PIE for both CFLAGS and LDFLAGS
+ if cc_supports_flag -fPIE; then
+ flag="-pie"
+ CC_CHECK_LDFLAGS(["${flag}"],
+ [CFLAGS_HARDENED_EXE="${CFLAGS_HARDENED_EXE} -fPIE";
+ LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}";
+ pie=1]
+ )
+ fi
+ # daemons incl. libs: full RELRO if sensible
+ if test "${relro}" = 1 && test "${pie}" = 1; then
+ flag="-Wl,-z,now"
+ CC_CHECK_LDFLAGS(["${flag}"],
+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}";
+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}";
+ bindnow=1]
+ )
+ fi
+ # universal: prefer strong > all > default stack protector if possible
+ flag=
+ if cc_supports_flag -fstack-protector-strong; then
+ flag="-fstack-protector-strong"
+ elif cc_supports_flag -fstack-protector-all; then
+ flag="-fstack-protector-all"
+ elif cc_supports_flag -fstack-protector; then
+ flag="-fstack-protector"
+ fi
+ if test -n "${flag}"; then
+ CC_EXTRAS="${CC_EXTRAS} ${flag}"
+ stackprot=1
+ fi
+ if test "${relro}" = 1 \
+ || test "${pie}" = 1 \
+ || test "${stackprot}" = 1; then
+ AC_MSG_NOTICE(
+ [Hardening: relro=${relro} pie=${pie} bindnow=${bindnow} stackprot=${flag}])
+ else
+ AC_MSG_WARN([Hardening: no suitable features in the toolchain detected])
+ fi
+else
+ AC_MSG_NOTICE([Hardening: using custom flags])
+fi
+
CFLAGS="$CFLAGS $CC_EXTRAS"
NON_FATAL_CFLAGS="$CFLAGS"
@@ -1978,5 +2097,9 @@ AC_MSG_RESULT([ HA group name = ${CRM_DAEMON_GROUP}])
AC_MSG_RESULT([ HA user name = ${CRM_DAEMON_USER}])
AC_MSG_RESULT([])
AC_MSG_RESULT([ CFLAGS = ${CFLAGS}])
+AC_MSG_RESULT([ CFLAGS_HARDENED_EXE = ${CFLAGS_HARDENED_EXE}])
+AC_MSG_RESULT([ CFLAGS_HARDENED_LIB = ${CFLAGS_HARDENED_LIB}])
+AC_MSG_RESULT([ LDFLAGS_HARDENED_EXE = ${LDFLAGS_HARDENED_EXE}])
+AC_MSG_RESULT([ LDFLAGS_HARDENED_LIB = ${LDFLAGS_HARDENED_LIB}])
AC_MSG_RESULT([ Libraries = ${LIBS}])
AC_MSG_RESULT([ Stack Libraries = ${CLUSTERLIBS}])
diff --git a/crmd/Makefile.am b/crmd/Makefile.am
index 979e266..6d5ee9a 100644
--- a/crmd/Makefile.am
+++ b/crmd/Makefile.am
@@ -28,6 +28,9 @@ noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \
fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \
crmd_lrm.h te_callbacks.h tengine.h
+crmd_CFLAGS = $(CFLAGS_HARDENED_EXE)
+crmd_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \
$(top_builddir)/lib/transition/libtransitioner.la \
$(top_builddir)/lib/pengine/libpe_rules.la \
diff --git a/fencing/Makefile.am b/fencing/Makefile.am
index 1d591fc..c53ead6 100644
--- a/fencing/Makefile.am
+++ b/fencing/Makefile.am
@@ -52,6 +52,9 @@ stonith_admin_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
stonithd_CPPFLAGS = -I$(top_srcdir)/pengine $(AM_CPPFLAGS)
stonithd_YFLAGS = -d
+stonithd_CFLAGS = $(CFLAGS_HARDENED_EXE)
+stonithd_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/cluster/libcrmcluster.la \
$(top_builddir)/lib/fencing/libstonithd.la \
diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am
index e414a7f..637ea8c 100644
--- a/lib/cib/Makefile.am
+++ b/lib/cib/Makefile.am
@@ -27,6 +27,9 @@ libcib_la_SOURCES += cib_file.c cib_remote.c
libcib_la_LDFLAGS = -version-info 5:1:1
libcib_la_CPPFLAGS = -I$(top_srcdir) $(AM_CPPFLAGS)
+libcib_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libcib_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la
clean-generic:
diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am
index 06d7066..9a57bbb 100644
--- a/lib/cluster/Makefile.am
+++ b/lib/cluster/Makefile.am
@@ -21,6 +21,10 @@ include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = libcrmcluster.la
libcrmcluster_la_LDFLAGS = -version-info 6:0:2
+
+libcrmcluster_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libcrmcluster_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS)
libcrmcluster_la_SOURCES = election.c cluster.c membership.c
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
index 7550ec1..0e1ad29 100644
--- a/lib/common/Makefile.am
+++ b/lib/common/Makefile.am
@@ -32,6 +32,10 @@ lib_LTLIBRARIES = libcrmcommon.la
CFLAGS = $(CFLAGS_COPY:-Wcast-qual=) -fPIC
libcrmcommon_la_LDFLAGS = -version-info 9:0:6
+
+libcrmcommon_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libcrmcommon_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm
libcrmcommon_la_SOURCES = compat.c digest.c ipc.c io.c procfs.c utils.c xml.c \
diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am
index 85ae40a..dc15799 100644
--- a/lib/fencing/Makefile.am
+++ b/lib/fencing/Makefile.am
@@ -21,5 +21,9 @@ include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = libstonithd.la
libstonithd_la_LDFLAGS = -version-info 4:1:2
+
+libstonithd_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libstonithd_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
libstonithd_la_SOURCES = st_client.c
diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am
index 25f3d55..611675e 100644
--- a/lib/lrmd/Makefile.am
+++ b/lib/lrmd/Makefile.am
@@ -19,6 +19,10 @@ include $(top_srcdir)/Makefile.common
lib_LTLIBRARIES = liblrmd.la
liblrmd_la_LDFLAGS = -version-info 4:0:3
+
+liblrmd_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+liblrmd_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/services/libcrmservice.la \
$(top_builddir)/lib/fencing/libstonithd.la
diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am
index de760c3..ad5c5c3 100644
--- a/lib/pengine/Makefile.am
+++ b/lib/pengine/Makefile.am
@@ -24,10 +24,18 @@ lib_LTLIBRARIES = libpe_rules.la libpe_status.la
noinst_HEADERS = unpack.h variant.h
libpe_rules_la_LDFLAGS = -version-info 2:6:0
+
+libpe_rules_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libpe_rules_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libpe_rules_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
libpe_rules_la_SOURCES = rules.c common.c
libpe_status_la_LDFLAGS = -version-info 11:0:1
+
+libpe_status_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libpe_status_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la
libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \
group.c clone.c rules.c common.c remote.c
diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am
index c789fbd..b3208c2 100644
--- a/lib/services/Makefile.am
+++ b/lib/services/Makefile.am
@@ -27,6 +27,9 @@ libcrmservice_la_LDFLAGS = -version-info 4:1:1
libcrmservice_la_CPPFLAGS = -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\" $(AM_CPPFLAGS)
libcrmservice_la_CFLAGS = $(GIO_CFLAGS)
+libcrmservice_la_CFLAGS += $(CFLAGS_HARDENED_LIB)
+libcrmservice_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS)
libcrmservice_la_SOURCES = services.c services_linux.c
diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am
index 9bc039e..4d6cd23 100644
--- a/lib/transition/Makefile.am
+++ b/lib/transition/Makefile.am
@@ -25,6 +25,9 @@ lib_LTLIBRARIES = libtransitioner.la
libtransitioner_la_LDFLAGS = -version-info 2:5:0
libtransitioner_la_CPPFLAGS = -I$(top_builddir) $(AM_CPPFLAGS)
+libtransitioner_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libtransitioner_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la
libtransitioner_la_SOURCES = unpack.c graph.c utils.c
diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am
index 64df105..5846503 100644
--- a/lrmd/Makefile.am
+++ b/lrmd/Makefile.am
@@ -30,6 +30,9 @@ if BUILD_SYSTEMD
systemdunit_DATA = pacemaker_remote.service
endif
+lrmd_CFLAGS = $(CFLAGS_HARDENED_EXE)
+lrmd_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
lrmd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \
$(top_builddir)/lib/services/libcrmservice.la \
$(top_builddir)/lib/lrmd/liblrmd.la \
@@ -38,6 +41,9 @@ lrmd_SOURCES = main.c lrmd.c
pacemaker_remoted_CPPFLAGS = -DSUPPORT_REMOTE $(AM_CPPFLAGS)
+pacemaker_remoted_CFLAGS = $(CFLAGS_HARDENED_EXE)
+pacemaker_remoted_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
pacemaker_remoted_LDADD = $(lrmd_LDADD)
pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c
diff --git a/mcp/Makefile.am b/mcp/Makefile.am
index 195530a..074d251 100644
--- a/mcp/Makefile.am
+++ b/mcp/Makefile.am
@@ -31,6 +31,9 @@ endif
noinst_HEADERS = pacemaker.h
+pacemakerd_CFLAGS = $(CFLAGS_HARDENED_EXE)
+pacemakerd_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
+
pacemakerd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la $(top_builddir)/lib/common/libcrmcommon.la
pacemakerd_LDADD += $(CLUSTERLIBS)
pacemakerd_SOURCES = pacemaker.c corosync.c
diff --git a/pacemaker.spec.in b/pacemaker.spec.in
index 6024514..a607588 100644
--- a/pacemaker.spec.in
+++ b/pacemaker.spec.in
@@ -63,6 +63,9 @@
# Turn off cman support on platforms that normally ship with it
%bcond_without cman
+# Turn off hardening of libraries and daemon executables
+%bcond_without hardening
+
%if %{with profiling}
# This disables -debuginfo package creation and also the stripping binaries/libraries
# Useful if you want sane profiling data
@@ -168,6 +171,7 @@ resource health.
Available rpmbuild rebuild options:
--with(out) : cman stonithd doc coverage profiling pre_release upstart_job
+ hardening
%package cli
License: GPLv2+ and LGPLv2+
@@ -301,6 +305,18 @@ find . -exec touch \{\} \;
# Early versions of autotools (e.g. RHEL <= 5) do not support --docdir
export docdir=%{pcmk_docdir}
+%if %{with hardening}
+# prefer distro-provided hardening flags in case they are defined
+# through _hardening_{c,ld}flags macros, configure script will
+# use its own defaults otherwise; if such hardenings are completely
+# undesired, rpmbuild using "--without hardening"
+# (or "--define '_without_hardening 1'")
+export CFLAGS_HARDENED_EXE="%{?_hardening_cflags}"
+export CFLAGS_HARDENED_LIB="%{?_hardening_cflags}"
+export LDFLAGS_HARDENED_EXE="%{?_hardening_ldflags}"
+export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}"
+%endif
+
./autogen.sh
%{configure} \
@@ -309,6 +325,7 @@ export docdir=%{pcmk_docdir}
%{!?with_cman: --without-cman} \
--without-heartbeat \
%{!?with_doc: --with-brand=} \
+ %{!?with_hardening: --disable-hardening} \
--with-initdir=%{_initrddir} \
--localstatedir=%{_var} \
--with-version=%{version}-%{release}
diff --git a/pengine/Makefile.am b/pengine/Makefile.am
index 96c914f..d4dbfb9 100644
--- a/pengine/Makefile.am
+++ b/pengine/Makefile.am
@@ -61,12 +61,18 @@ endif
noinst_HEADERS = allocate.h utils.h pengine.h
libpengine_la_LDFLAGS = -version-info 11:0:1
+
+libpengine_la_CFLAGS = $(CFLAGS_HARDENED_LIB)
+libpengine_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB)
+
libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \
$(top_builddir)/lib/cib/libcib.la
# -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version
libpengine_la_SOURCES = pengine.c allocate.c utils.c constraints.c
libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c
+pengine_CFLAGS = $(CFLAGS_HARDENED_EXE)
+pengine_LDFLAGS = $(LDFLAGS_HARDENED_EXE)
pengine_LDADD = $(top_builddir)/lib/cib/libcib.la $(COMMONLIBS)
# libcib for get_object_root()
# $(top_builddir)/lib/hbclient/libhbclient.la
--
1.8.3.1
From 35ec27112452f2bd06ae8b395d8543db935e2b05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Wed, 22 Jun 2016 15:18:00 +0200
Subject: [PATCH 2/2] Build: configure.ac: prefer as-needed linking in case of
"-z now"
Slight optimization of a default toolchain-flags-based hardening.
---
configure.ac | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index edf6a91..4beb877 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1914,7 +1914,10 @@ elif test "x${HARDENING}" = "xyes" \
pie=1]
)
fi
- # daemons incl. libs: full RELRO if sensible
+ # daemons incl. libs: full RELRO if sensible + as-needed linking
+ # so as to possibly mitigate startup performance
+ # hit caused by excessive linking with unneeded
+ # libraries
if test "${relro}" = 1 && test "${pie}" = 1; then
flag="-Wl,-z,now"
CC_CHECK_LDFLAGS(["${flag}"],
@@ -1923,6 +1926,13 @@ elif test "x${HARDENING}" = "xyes" \
bindnow=1]
)
fi
+ if test "${bindnow}" = 1; then
+ flag="-Wl,--as-needed"
+ CC_CHECK_LDFLAGS(["${flag}"],
+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}";
+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}"]
+ )
+ fi
# universal: prefer strong > all > default stack protector if possible
flag=
if cc_supports_flag -fstack-protector-strong; then
--
1.8.3.1

78
CVE-2016-7035-improper-IPC-guarding.patch
View File

@ -1,78 +0,0 @@
From 5a20855d6054ebaae590c09262b328d957cc1fc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= <jpokorny@redhat.com>
Date: Thu, 3 Nov 2016 11:16:37 +0100
Subject: [PATCH] High: libcrmcommon: fix CVE-2016-7035 (improper IPC guarding)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It was discovered that at some not so uncommon circumstances, some
pacemaker daemons could be talked to, via libqb-facilitated IPC, by
unprivileged clients due to flawed authorization decision. Depending
on the capabilities of affected daemons, this might equip unauthorized
user with local privilege escalation or up to cluster-wide remote
execution of possibly arbitrary commands when such user happens to
reside at standard or remote/guest cluster node, respectively.
The original vulnerability was introduced in an attempt to allow
unprivileged IPC clients to clean up the file system materialized
leftovers in case the server (otherwise responsible for the lifecycle
of these files) crashes. While the intended part of such behavior is
now effectively voided (along with the unintended one), a best-effort
fix to address this corner case systemically at libqb is coming along
(https://github.com/ClusterLabs/libqb/pull/231).
Affected versions: 1.1.10-rc1 (2013-04-17) - 1.1.15 (2016-06-21)
Impact: Important
CVSSv3 ranking: 8.8 : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Credits for independent findings, in chronological order:
Jan "poki" Pokorný, of Red Hat
Alain Moulle, of ATOS/BULL
---
lib/common/ipc.c | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/lib/common/ipc.c b/lib/common/ipc.c
index f060fcd..2949837 100644
--- a/lib/common/ipc.c
+++ b/lib/common/ipc.c
@@ -293,7 +293,6 @@ crm_client_disconnect_all(qb_ipcs_service_t *service)
crm_client_t *
crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
{
- static uid_t uid_server = 0;
static gid_t gid_cluster = 0;
crm_client_t *client = NULL;
@@ -304,7 +303,6 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
}
if (gid_cluster == 0) {
- uid_server = getuid();
if(crm_user_lookup(CRM_DAEMON_USER, NULL, &gid_cluster) < 0) {
static bool have_error = FALSE;
if(have_error == FALSE) {
@@ -314,16 +312,10 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client)
}
}
- if(gid_cluster != 0 && gid_client != 0) {
- uid_t best_uid = -1; /* Passing -1 to chown(2) means don't change */
-
- if(uid_client == 0 || uid_server == 0) { /* Someone is priveliged, but the other may not be */
- best_uid = QB_MAX(uid_client, uid_server);
- crm_trace("Allowing user %u to clean up after disconnect", best_uid);
- }
-
+ if (uid_client != 0) {
crm_trace("Giving access to group %u", gid_cluster);
- qb_ipcs_connection_auth_set(c, best_uid, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+ /* Passing -1 to chown(2) means don't change */
+ qb_ipcs_connection_auth_set(c, -1, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
}
crm_client_init();
--
2.4.11

314
pacemaker.spec
View File

@ -1,77 +1,115 @@
%global gname haclient
# Globals and defines to control package behavior (configure these as desired)
## User and group to use for nonprivileged services
%global uname hacluster
%global gname haclient
## Where to install Pacemaker documentation
%global pcmk_docdir %{_docdir}/%{name}
%global specversion 3
%global pcmkversion 1.1.15
# set following to the actual commit or, for final release, concatenate
# "pcmkversion" macro to "Pacemaker-" (will yield a tag per the convention)
%global commit Pacemaker-1.1.15
%global lparen (
%global rparen )
%global shortcommit %(c=%{commit}; case ${c} in
Pacemaker-*%{rparen} echo ${c:10};;
*%{rparen} echo ${c:0:7};; esac)
%global pre_release %(s=%{shortcommit}; [ ${s: -4:3} != -rc ]; echo $?)
%global post_release %([ %{commit} = Pacemaker-%{shortcommit} ]; echo $?)
## GitHub entity that distributes source (for ease of using a fork)
%global github_owner ClusterLabs
## Upstream pacemaker version, and its package version (specversion
## can be incremented to build packages reliably considered "newer"
## than previously built packages with the same pcmkversion)
%global pcmkversion 1.1.16
%global specversion 1
## Upstream commit (or git tag, such as "Pacemaker-" plus the
## {pcmkversion} macro for an official release) to use for this package
%global commit Pacemaker-%{pcmkversion}
## Nagios source control identifiers
%global nagios_name nagios-agents-metadata
%global nagios_hash 105ab8a7b2c16b9a29cf1c1596b80136eeef332b
# Turn off the auto compilation of python files not in the site-packages directory
# Needed so that the -devel package is multilib compliant
# py_auto_byte_compile macro: https://bugzilla.redhat.com/574437
%if %{defined py_auto_byte_compile}
# Define globals for convenient use later
## Workaround to use parentheses in other globals
%global lparen (
%global rparen )
## Short version of git commit
%define shortcommit %(c=%{commit}; case ${c} in
Pacemaker-*%{rparen} echo ${c:10};;
*%{rparen} echo ${c:0:7};; esac)
## Whether this is a release candidate
%define pre_release %(s=%{shortcommit}; [ ${s: -4:3} != -rc ]; echo $?)
## Whether this is a development branch
%define post_release %([ %{commit} = Pacemaker-%{shortcommit} ]; echo $?)
## Turn off auto-compilation of python files outside site-packages directory,
## so that the -libs-devel package is multilib-compliant (no *.py[co] files)
## (py_auto_byte_compile macro: https://bugzilla.redhat.com/574437)
%undefine py_auto_byte_compile
%else
%global __os_install_post %(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g')
%endif
%global rawhide %(test ! -e /etc/yum.repos.d/fedora-rawhide.repo; echo $?)
%global cs_version %(pkg-config corosync --modversion | awk -F . '{print $1}')
# It has to be eventually decided whether to use Python2 or Python3
%global py_site %{?python_sitearch}%{!?python_sitearch:%(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
## Heuristic used to infer bleeding-edge deployments that are
## less likely to have working versions of the documentation tools
%define bleeding %(test ! -e /etc/yum.repos.d/fedora-rawhide.repo; echo $?)
# Conditionals
# Invoke "rpmbuild --without <feature>" or "rpmbuild --with <feature>"
# to disable or enable specific features
## Corosync version
%define cs_version %(pkg-config corosync --modversion 2>/dev/null | awk -F . '{print $1}')
# Build with/without support for profiling tools
## Where to install python site libraries (currently, this uses the unversioned
## python_sitearch macro to get the default system python, but at some point,
## we should explicitly choose python2_sitearch or python3_sitearch -- or both)
%define py_site %{?python_sitearch}%{!?python_sitearch:%(
python -c 'from distutils.sysconfig import get_python_lib as gpl; print(gpl(1))' 2>/dev/null)}
## NOTE: skip cman_native (false) and systemd_native (true) decisions
# Define conditionals so that "rpmbuild --with <feature>" and
# "rpmbuild --without <feature>" can enable and disable specific features
## NOTE: skip --with stonith
## Add option to create binaries suitable for use with profiling tools
%bcond_with profiling
# Include Build with/without support for performing coverage analysis
## Add option to create binaries with coverage analysis
%bcond_with coverage
# We generate docs using Publican, Asciidoc and Inkscape, but they're not available everywhere
## Add option to skip generating documentation
## (the build tools aren't available everywhere)
%bcond_without doc
# Use a different versioning scheme
## Add option to prefix package version with "0."
## (so later "official" packages will be considered updates)
%bcond_with pre_release
# Ship an Upstart job file
## Add option to ship Upstart job files
%bcond_with upstart_job
# Turn off hardening of libraries and daemon executables
## NOTE: skip --without cman
## Add option to turn off hardening of libraries and daemon executables
%bcond_without hardening
# Keep sane profiling data if requested
%if %{with profiling}
# This disables -debuginfo package creation and also the stripping binaries/libraries
# Useful if you want sane profiling data
%global debug_package %{nil}
## Disable -debuginfo package and stripping binaries/libraries
%define debug_package %{nil}
%endif
# Define the release version
%if %{with pre_release} || 0%{pre_release}
%if 0%{pre_release}
%global pcmk_release 0.%{specversion}.%(s=%{shortcommit}; echo ${s: -3})
%define pcmk_release 0.%{specversion}.%(s=%{shortcommit}; echo ${s: -3})
%else
%global pcmk_release 0.%{specversion}.%{shortcommit}.git
%define pcmk_release 0.%{specversion}.%{shortcommit}.git
%endif
%else
%if 0%{post_release}
%global pcmk_release %{specversion}.%{shortcommit}.git
%define pcmk_release %{specversion}.%{shortcommit}.git
%else
%global pcmk_release %{specversion}
%define pcmk_release %{specversion}
%endif
%endif
@ -83,18 +121,13 @@ License: GPLv2+ and LGPLv2+
Url: http://www.clusterlabs.org
Group: System Environment/Daemons
# Hint: use "spectool -s 0 pacemaker.spec" (rpmdevtools) to check the final URL
Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
Source1: https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz
Patch1: 001-makefile-cleanup.patch
Patch2: 002-build-cleanup.patch
Patch3: 003-harden-toolchain.patch
Patch4: CVE-2016-7035-improper-IPC-guarding.patch
# ---
# keep following commented out for now
#Patch100: bz1179335-system-wide-crypto-policies.patch
# for docker-wrapper RA (and perhaps more)
Requires: python >= 2.4
Requires: resource-agents
Requires: %{name}-libs = %{version}-%{release}
Requires: %{name}-cluster-libs = %{version}-%{release}
@ -105,43 +138,44 @@ Provides: pcmk-cluster-manager
%systemd_requires
%endif
# Required for core functionality (python-devel depends on python)
# Pacemaker targets compatibility with python 2.6+ and 3.2+
Requires: python >= 2.6
BuildRequires: python-devel >= 2.6
# Pacemaker requires a minimum libqb functionality
Requires: libqb >= 0.13.0
BuildRequires: libqb-devel >= 0.13.0
# Basics required for the build (even if usually satisfied through other BRs)
BuildRequires: coreutils findutils grep sed
# Required for core functionality
BuildRequires: automake autoconf libtool pkgconfig libtool-ltdl-devel
BuildRequires: pkgconfig(glib-2.0) libxml2-devel libxslt-devel libuuid-devel
BuildRequires: python-devel bzip2-devel pam-devel
BuildRequires: bzip2-devel pam-devel
# Required for agent_config.h which specifies the correct scratch directory
BuildRequires: resource-agents
# We need reasonably recent versions of libqb
BuildRequires: libqb-devel > 0.17.0
Requires: libqb > 0.17.0
# Enables optional functionality
BuildRequires: ncurses-devel openssl-devel libselinux-devel docbook-style-xsl
BuildRequires: ncurses-devel docbook-style-xsl
BuildRequires: bison byacc flex help2man gnutls-devel pkgconfig(dbus-1)
%if %{defined _unitdir}
BuildRequires: systemd-devel
%endif
BuildRequires: pkgconfig(systemd)
Requires: corosync
BuildRequires: pkgconfig(libcpg)
BuildRequires: pkgconfig(libcfg)
%if !%{rawhide}
# More often than not, inkscape is busted on rawhide, don't even bother
## (note no avoiding effect when building through non-customized mock)
%if !%{bleeding}
%if %{with doc}
%ifarch %{ix86} x86_64
BuildRequires: publican inkscape asciidoc
%endif
%endif
%endif
# git-style patch application
BuildRequires: git
#BuildRequires: git
%description
Pacemaker is an advanced, scalable High-Availability cluster resource
@ -155,7 +189,7 @@ when related resources fail and can be configured to periodically check
resource health.
Available rpmbuild rebuild options:
--with(out) : doc coverage profiling upstart_job pre_release hardening
--with(out) : coverage doc hardening pre_release profiling
%package cli
License: GPLv2+ and LGPLv2+
@ -235,21 +269,32 @@ manager for Corosync, CMAN and/or Linux-HA.
The %{name}-libs-devel package contains headers and shared libraries
for developing tools for Pacemaker.
# NOTE: can be noarch if lrmd_test is moved to another subpackage
%package cts
License: GPLv2+ and LGPLv2+
Summary: Test framework for cluster-related technologies like Pacemaker
Group: System Environment/Daemons
Requires: python
Requires: python >= 2.6
Requires: %{name}-libs = %{version}-%{release}
# systemd python bindings are separate package in some distros
%if %{defined systemd_requires}
%if 0%{?fedora} > 22
Requires: python2-systemd
%else
%if 0%{?fedora} > 20 || 0%{?rhel} > 6
Requires: systemd-python
%endif
%endif
%endif
%description cts
Test framework for cluster-related technologies like Pacemaker
%package doc
License: GPLv2+ and LGPLv2+
License: CC-BY-SA
Summary: Documentation for Pacemaker
Group: Documentation
@ -260,7 +305,7 @@ Pacemaker is an advanced, scalable High-Availability cluster resource
manager for Corosync, CMAN and/or Linux-HA.
%package nagios-plugins-metadata
License: GPLv2+ and LGPLv2+
License: GPLv3
Summary: Pacemaker Nagios Metadata
Group: System Environment/Daemons
# NOTE below are the plugins this metadata uses.
@ -277,9 +322,9 @@ monitor resources.
%prep
%setup -q -a 1 -n %{name}-%{commit}
%global __scm git
%__scm_setup_git
%autopatch -p1
#global __scm git
#__scm_setup_git
#autopatch -p1
# Force the local time
#
@ -294,6 +339,8 @@ find . -exec touch \{\} \;
# Early versions of autotools (e.g. RHEL <= 5) do not support --docdir
export docdir=%{pcmk_docdir}
export systemdunitdir=%{?_unitdir}%{?!_unitdir:no}
%if %{with hardening}
# prefer distro-provided hardening flags in case they are defined
# through _hardening_{c,ld}flags macros, configure script will
@ -327,7 +374,7 @@ make %{_smp_mflags} V=1 all
./BasicSanity.sh -V pengine cli 2>&1 | sed s/[fF]ail/faiil/g
%install
make DESTDIR=%{buildroot} V=1 install
make DESTDIR=%{buildroot} docdir=%{pcmk_docdir} V=1 install
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
install -m 644 mcp/pacemaker.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/pacemaker
@ -345,6 +392,8 @@ install -m 644 mcp/pacemaker.combined.upstart ${RPM_BUILD_ROOT}%{_sysconfdir}/in
install -m 644 tools/crm_mon.upstart ${RPM_BUILD_ROOT}%{_sysconfdir}/init/crm_mon.conf
%endif
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/rpm-state/%{name}
# Scripts that should be executable
chmod a+x %{buildroot}/%{_datadir}/pacemaker/tests/cts/CTSlab.py
@ -362,10 +411,8 @@ rm -f %{buildroot}/%{_mandir}/man8/fence_legacy.*
find %{buildroot} -name 'o2cb*' -type f -print0 | xargs -0 rm -f
# Don't ship init scripts for systemd based platforms
%if %{defined _unitdir}
rm -f %{buildroot}/%{_initrddir}/pacemaker
rm -f %{buildroot}/%{_initrddir}/pacemaker_remote
%endif
# Don't ship fence_pcmk where it has no use
rm -f %{buildroot}/%{_sbindir}/fence_pcmk
@ -380,8 +427,6 @@ find . -name '*.gcno' -type f | while read F ; do
done
%endif
%if %{defined _unitdir}
%post
%systemd_post pacemaker.service
@ -391,6 +436,19 @@ done
%postun
%systemd_postun_with_restart pacemaker.service
%pre remote
# Stop the service before anything is touched, and remember to restart
# it as one of the last actions (compared to using systemd_postun_with_restart,
# this avoids suicide when sbd is in use)
systemctl --quiet is-active pacemaker_remote
if [ $? -eq 0 ] ; then
mkdir -p %{_localstatedir}/lib/rpm-state/%{name}
touch %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote
systemctl stop pacemaker_remote >/dev/null 2>&1
else
rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote
fi
%post remote
%systemd_post pacemaker_remote.service
@ -398,7 +456,20 @@ done
%systemd_preun pacemaker_remote.service
%postun remote
# This next line is a no-op, because we stopped the service earlier, but
# we leave it here because it allows us to revert to the standard behavior
# in the future if desired
%systemd_postun_with_restart pacemaker_remote.service
# Explicitly take care of removing the flag-file(s) upon final removal
if [ $1 -eq 0 ] ; then
rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote
fi
%posttrans remote
if [ -e %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote ] ; then
systemctl start pacemaker_remote >/dev/null 2>&1
rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote
fi
%post cli
%systemd_post crm_mon.service
@ -409,30 +480,6 @@ done
%postun cli
%systemd_postun_with_restart crm_mon.service
%else
%post
/sbin/chkconfig --add pacemaker || :
%preun
/sbin/service pacemaker stop || :
if [ $1 -eq 0 ]; then
# Package removal, not upgrade
/sbin/chkconfig --del pacemaker || :
fi
%post remote
/sbin/chkconfig --add pacemaker_remote || :
%preun remote
/sbin/service pacemaker_remote stop &>/dev/null || :
if [ $1 -eq 0 ]; then
# Package removal, not upgrade
/sbin/chkconfig --del pacemaker_remote || :
fi
%endif
%pre -n %{name}-libs
getent group %{gname} >/dev/null || groupadd -r %{gname} -g 189
@ -454,11 +501,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/sysconfig/pacemaker
%{_sbindir}/pacemakerd
%if %{defined _unitdir}
%{_unitdir}/pacemaker.service
%else
%{_initrddir}/pacemaker
%endif
%exclude %{_datadir}/pacemaker/nagios/plugins-metadata/*
@ -484,8 +527,8 @@ exit 0
%doc %{_datadir}/pacemaker/alerts
%license COPYING
%doc AUTHORS
%license licenses/GPLv2
%doc COPYING
%doc ChangeLog
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/cib
@ -494,20 +537,13 @@ exit 0
/usr/lib/ocf/resource.d/pacemaker/remote
/usr/lib/ocf/resource.d/.isolation
%if %{with upstart_job}
%config(noreplace) %{_sysconfdir}/init/pacemaker.conf
%config(noreplace) %{_sysconfdir}/init/pacemaker.combined.conf
%endif
%files cli
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/logrotate.d/pacemaker
%config(noreplace) %{_sysconfdir}/sysconfig/crm_mon
%if %{defined _unitdir}
%{_unitdir}/crm_mon.service
%endif
%if %{with upstart_job}
%config(noreplace) %{_sysconfdir}/init/crm_mon.conf
@ -558,8 +594,8 @@ exit 0
%exclude %{_mandir}/man8/pacemaker_remoted.*
%exclude %{_mandir}/man8/stonith_admin.*
%license COPYING
%doc AUTHORS
%license licenses/GPLv2
%doc COPYING
%doc ChangeLog
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker
@ -578,41 +614,46 @@ exit 0
%{_libdir}/libpengine.so.*
%{_libdir}/libstonithd.so.*
%{_libdir}/libtransitioner.so.*
%license COPYING.LIB
%doc AUTHORS
%license licenses/LGPLv2.1
%doc COPYING
%doc ChangeLog
%files -n %{name}-cluster-libs
%defattr(-,root,root)
%{_libdir}/libcrmcluster.so.*
%license COPYING.LIB
%doc AUTHORS
%license licenses/LGPLv2.1
%doc COPYING
%doc ChangeLog
%files remote
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/sysconfig/pacemaker
%if %{defined _unitdir}
# state directory is shared between the subpackets
# let rpm take care of removing it once it isn't
# referenced anymore and empty
%ghost %dir %{_localstatedir}/lib/rpm-state/%{name}
%{_unitdir}/pacemaker_remote.service
%else
%{_initrddir}/pacemaker_remote
%endif
%{_sbindir}/pacemaker_remoted
%{_mandir}/man8/pacemaker_remoted.*
%license COPYING
%doc AUTHORS
%license licenses/GPLv2
%doc COPYING
%doc ChangeLog
%files doc
%defattr(-,root,root)
%doc %{pcmk_docdir}
%license licenses/CC-BY-SA-4.0
%files cts
%defattr(-,root,root)
%{py_site}/cts
%{_datadir}/pacemaker/tests/cts
%{_libexecdir}/pacemaker/lrmd_test
%license COPYING
%doc AUTHORS
%license licenses/GPLv2
%doc COPYING
%doc ChangeLog
%files -n %{name}-libs-devel
%defattr(-,root,root)
@ -624,15 +665,32 @@ exit 0
%{_var}/lib/pacemaker/gcov
%endif
%{_libdir}/pkgconfig/*.pc
%license COPYING.LIB
%doc AUTHORS
%license licenses/LGPLv2.1
%doc COPYING
%doc ChangeLog
%files nagios-plugins-metadata
%defattr(-,root,root)
%dir %{_datadir}/pacemaker/nagios/plugins-metadata
%attr(0644,root,root) %{_datadir}/pacemaker/nagios/plugins-metadata/*
%license %{nagios_name}-%{nagios_hash}/COPYING
%changelog
* Fri Dec 02 2016 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 1.1.16-1
- Update for new upstream tarball: Pacemaker-1.1.16,
for full details, see included ChangeLog file or
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.16
- Adapt spec file more akin to upstream version including:
. clarify licensing, especially for -doc (f01f734)
. fix pacemaker-remote upgrade (779e0e3)
. require python >= 2.6 (31ef7f0)
. older libqb is sufficient (based on 30fe1ce)
. remove openssl-devel and libselinux-devel as BRs (2e05c17)
. make systemd BR pkgconfig-driven (6285924)
. defines instead of some globals + error suppression (625d427)
- Rectify -nagios-plugins-metadata declared license and install
also respective license text
* Thu Nov 03 2016 Jan Pokorný <jpokorny+rpm-pacemaker@redhat.com> - 1.1.15-3
- Apply fix for CVE-2016-7035 (improper IPC guarding)

2
sources
View File

@ -1,2 +1,2 @@
47e0853494978bb7366a657e1fdfb12f pacemaker-1.1.15.tar.gz
a3b9d075bc9114ff698966e57e50bb12 pacemaker-1.1.16.tar.gz
b914b3c0f16d2ba21339fb54e166500e nagios-agents-metadata-105ab8a7b2c16b9a29cf1c1596b80136eeef332b.tar.gz