import pcp-5.3.7-16.el8

This commit is contained in:
CentOS Sources 2023-03-28 12:27:10 +00:00 committed by Stepan Oksanichenko
parent b08758c338
commit c04e6ce074
9 changed files with 64742 additions and 126 deletions

View File

@ -372,88 +372,3 @@ index 183db5afa..009a00cd9 100644
__int32_t v6only;
char skmem_str[64];
__int32_t skmem_rmem_alloc;
commit 77ba20d5e76ada83283a262dd2083b2fc284b5f8
Author: Nathan Scott <nathans@redhat.com>
Date: Thu May 5 09:33:46 2022 +1000
selinux: policy updates needed for the pmdasockets metrics
Thanks to Jan Kurík and Miloš Malík we have the additional
selinux policy requirements - without these we see QE test
failures for this agent with pcp-ss(1) on RHEL.
Related to Red Hat BZ #1981886.
diff --git a/qa/917.out.in b/qa/917.out.in
index 3bd1dc15e..6a4356a12 100644
--- a/qa/917.out.in
+++ b/qa/917.out.in
@@ -154,9 +154,9 @@ Checking policies.
# -- end logging_watch_journal_dirs(pcp_domain) expansion
allow [pcp_pmcd_t] [cluster_tmpfs_t] : [file] { write };
allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans };
- allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
- allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
- allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { bind create getattr nlmsg_read setopt };
+! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
+! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write };
allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl };
allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read };
diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs
index 1a1b1428c..1462c5ccb 100644
--- a/src/selinux/GNUlocaldefs
+++ b/src/selinux/GNUlocaldefs
@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket {
endif
ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true"
-PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };"
-PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };"
+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
endif
ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"
commit a6222992fe5f97f94bdddd928ce9557be1918bfd
Author: Jan Kurik <jkurik@redhat.com>
Date: Fri May 6 08:04:46 2022 +1000
selinux: fine-tune netlink_tcpdiag_socket policy for all platforms
Previous policy set did not apply correctly on ppc64le and aarch64
architectures. After some tweaking the following set of permissions
was found to work on all the supported architectures and fixes the
behavior of the sockets PMDA.
Related to Red Hat BZ #1981886.
diff --git a/qa/917.out.in b/qa/917.out.in
index 6a4356a12..723193aa2 100644
--- a/qa/917.out.in
+++ b/qa/917.out.in
@@ -156,7 +156,7 @@ Checking policies.
allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans };
! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
-! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };
allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write };
allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl };
allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read };
diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs
index 1462c5ccb..9733aead9 100644
--- a/src/selinux/GNUlocaldefs
+++ b/src/selinux/GNUlocaldefs
@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket {
endif
ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true"
-PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
-PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
endif
ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"

View File

@ -0,0 +1,74 @@
diff -Naurp pcp-5.3.7.orig/src/pcp/dstat/pcp-dstat.1 pcp-5.3.7/src/pcp/dstat/pcp-dstat.1
--- pcp-5.3.7.orig/src/pcp/dstat/pcp-dstat.1 2021-05-26 17:43:26.000000000 +1000
+++ pcp-5.3.7/src/pcp/dstat/pcp-dstat.1 2022-10-20 08:57:02.176922290 +1100
@@ -1,6 +1,6 @@
'\"macro stdmacro
.\"
-.\" Copyright (c) 2018-2020 Red Hat.
+.\" Copyright (c) 2018-2022 Red Hat.
.\"
.\" This program is free software; you can redistribute it and/or modify it
.\" under the terms of the GNU General Public License as published by the
@@ -34,6 +34,7 @@
[\f3\-\-integer\f1]
[\f3\-\-nocolor\f1]
[\f3\-\-noheaders\f1]
+[\f3\-\-nomissed\f1]
[\f3\-\-noupdate\f1]
[\f3\-\-list\f1]
[\f3\-\-pidfile\f1 \f2pid-file\f1]
@@ -404,6 +405,9 @@ disable colors
\fB\-\-noheaders\fR
disable repetitive headers
.TP
+\fB\-\-nomissed\fR
+disable missed ticks warnings for intermediate samples.
+.TP
\fB\-\-noupdate\fR
disable intermediate updates when \fIdelay\fR greater than 1.
.TP
diff -Naurp pcp-5.3.7.orig/src/pcp/dstat/pcp-dstat.py pcp-5.3.7/src/pcp/dstat/pcp-dstat.py
--- pcp-5.3.7.orig/src/pcp/dstat/pcp-dstat.py 2022-04-05 09:05:43.000000000 +1000
+++ pcp-5.3.7/src/pcp/dstat/pcp-dstat.py 2022-10-20 08:57:02.176922290 +1100
@@ -455,6 +455,7 @@ class DstatTool(object):
# Internal
self.missed = 0
+ self.nomissed = False # report missed ticks by default
self.runtime = -1
self.plugins = [] # list of requested plugin names
self.allplugins = [] # list of all known plugin names
@@ -783,7 +784,8 @@ class DstatTool(object):
opts.pmSetLongOption('color', 0, '', '', 'force colors')
opts.pmSetLongOption('nocolor', 0, '', '', 'disable colors')
opts.pmSetLongOption('noheaders', 0, '', '', 'disable repetitive headers')
- opts.pmSetLongOption('noupdate', 0, '', '', 'disable intermediate headers')
+ opts.pmSetLongOption('noupdate', 0, '', '', 'disable intermediate updates')
+ opts.pmSetLongOption('nomissed', 0, '', '', 'disable missed ticks warnings')
opts.pmSetLongOption('output', 1, 'o', 'file', 'write CSV output to file')
opts.pmSetLongOption('version', 0, 'V', '', '')
opts.pmSetLongOption('debug', 1, None, '', '')
@@ -920,6 +922,8 @@ class DstatTool(object):
self.header = False
elif opt in ['noupdate']:
self.update = False
+ elif opt in ['nomissed']:
+ self.nomissed = True
elif opt in ['o', 'output']:
self.output = arg
elif opt in ['pidfile']:
@@ -1773,12 +1777,12 @@ class DstatTool(object):
outputfile = open(self.output, omode)
outputfile.write(oline)
- if self.missed > 0:
+ if self.missed > 0 and self.nomissed is False:
line = 'missed ' + str(self.missed + 1) + ' ticks'
sys.stdout.write(' ' + THEME['error'] + line + THEME['input'])
if self.output and step == self.delay:
outputfile.write(',"' + line + '"')
- self.missed = 0
+ self.missed = 0
# Finish the line
if not op.update and self.novalues is False:
sys.stdout.write('\n')

View File

@ -0,0 +1,135 @@
commit 55e8c83ee5920ab30644f54f7a525255b1de4b84
Author: Nathan Scott <nathans@redhat.com>
Date: Mon Aug 29 14:25:03 2022 +1000
docs: describe working sudoers configuration with requiretty
When /etc/sudoers is configured with 'Defaults requiretty',
pmlogctl cannot invoke pmlogger_check in the normal fashion.
Symptoms of the problem are the following system log message:
pmlogctl[PID]: sudo: sorry, you must have a tty to run sudo
pmiectl and pmie_check are similarly affected. The simplest
solution is to add an additional configuration line excluding
these commands from requiring a tty; this is the approach now
documented.
Note these PCP commands are not interactive (require no tty)
and the unprivileged 'pcp' account uses nologin(8) as a shell
anyway, so requiretty offers no advantages here. Note also
there's debate about whether requiretty is a useful security
measure in general as it can be trivially bypassed; further
details: https://bugzilla.redhat.com/show_bug.cgi?id=1020147
Resolves Red Hat BZ #2093751
diff -Naurp pcp-5.3.7.orig/man/man1/pmie_check.1 pcp-5.3.7/man/man1/pmie_check.1
--- pcp-5.3.7.orig/man/man1/pmie_check.1 2021-11-04 08:26:15.000000000 +1100
+++ pcp-5.3.7/man/man1/pmie_check.1 2022-08-31 11:17:52.362276530 +1000
@@ -406,6 +406,42 @@ no
entries are needed as the timer mechanism provided by
.B systemd
is used instead.
+.PP
+The
+.BR pmiectl (1)
+utility may invoke
+.B pmie_check
+using the
+.BR sudo (1)
+command to run it under the $PCP_USER ``pcp'' account.
+If
+.B sudo
+is configured with the non-default
+.I requiretty
+option (see below),
+.B pmie_check
+may fail to run due to not having a tty configured.
+This issue can be resolved by adding a second line
+(expand $PCP_BINADM_DIR according to your platform)
+to the
+.I /etc/sudoers
+configuration file as follows:
+.P
+.ft CW
+.nf
+.in +0.5i
+Defaults requiretty
+Defaults!$PCP_BINADM_DIR/pmie_check !requiretty
+.in
+.fi
+.ft 1
+.P
+Note that the unprivileged PCP account under which these
+commands run uses
+.I /sbin/nologin
+as the shell, so the
+.I requiretty
+option is ineffective here and safe to disable in this way.
.SH FILES
.TP 5
.I $PCP_PMIECONTROL_PATH
diff -Naurp pcp-5.3.7.orig/man/man1/pmlogger_check.1 pcp-5.3.7/man/man1/pmlogger_check.1
--- pcp-5.3.7.orig/man/man1/pmlogger_check.1 2022-04-05 09:05:43.000000000 +1000
+++ pcp-5.3.7/man/man1/pmlogger_check.1 2022-08-31 11:20:52.470086724 +1000
@@ -830,6 +830,42 @@ no
entries are needed as the timer mechanism provided by
.B systemd
is used instead.
+.PP
+The
+.BR pmlogctl (1)
+utility may invoke
+.B pmlogger_check
+using the
+.BR sudo (1)
+command to run it under the $PCP_USER ``pcp'' account.
+If
+.B sudo
+is configured with the non-default
+.I requiretty
+option (see below),
+.B pmlogger_check
+may fail to run due to not having a tty configured.
+This issue can be resolved by adding a second line
+(expand $PCP_BINADM_DIR according to your platform)
+to the
+.I /etc/sudoers
+configuration file as follows:
+.P
+.ft CW
+.nf
+.in +0.5i
+Defaults requiretty
+Defaults!$PCP_BINADM_DIR/pmlogger_check !requiretty
+.in
+.fi
+.ft 1
+.P
+Note that the unprivileged PCP account under which these
+commands run uses
+.I /sbin/nologin
+as the shell, so the
+.I requiretty
+option is ineffective here and safe to disable in this way.
.SH FILES
.TP 5
.I $PCP_PMLOGGERCONTROL_PATH
@@ -926,7 +962,7 @@ instances for
.I hostname
have been launched in the interim.
Because the cron-driven PCP archive management scripts run under
-the uid of the user ``pcp'',
+the $PCP_USER account ``pcp'',
.BI $PCP_ARCHIVE_DIR/ hostname /SaveLogs
typically needs to be owned by the user ``pcp''.
.TP
@@ -994,6 +1030,7 @@ platforms.
.BR pmlogmv (1),
.BR pmlogrewrite (1),
.BR pmsocks (1),
+.BR sudo (1),
.BR systemd (1),
.BR xz (1)
and

View File

@ -0,0 +1,103 @@
From 73c024c64f7db68fdcd224c27c1711fa6dd1d254 Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@redhat.com>
Date: Tue, 28 Jun 2022 10:06:06 +1000
Subject: [PATCH] pmlogger_farm: add default configuration file for farm
loggers
Provide a mechanism whereby the farm loggers can be configured.
There has been reluctance in the past to sharing configuration
of the local primary logger, so these are now done separately.
Makes sense to me as the primary pmlogger may need to use more
frequent sampling, may not want to allow remote pmlc, etc.
Resolves Red Hat BZ #2101574
---
src/pmlogger/GNUmakefile | 1 +
src/pmlogger/pmlogger.defaults | 2 ++
src/pmlogger/pmlogger_check.sh | 5 +++--
src/pmlogger/pmlogger_farm.defaults | 27 +++++++++++++++++++++++++++
4 files changed, 33 insertions(+), 2 deletions(-)
create mode 100644 src/pmlogger/pmlogger_farm.defaults
diff -Naurp pcp-5.3.7.orig/src/pmlogger/GNUmakefile pcp-5.3.7/src/pmlogger/GNUmakefile
--- pcp-5.3.7.orig/src/pmlogger/GNUmakefile 2022-02-02 11:53:05.000000000 +1100
+++ pcp-5.3.7/src/pmlogger/GNUmakefile 2022-08-31 11:23:08.758672970 +1000
@@ -45,6 +45,7 @@ install:: $(SUBDIRS)
install:: default
$(INSTALL) -m 775 -o $(PCP_USER) -g $(PCP_GROUP) -d $(PCP_VAR_DIR)/config/pmlogger
+ $(INSTALL) -m 644 pmlogger_farm.defaults $(PCP_SYSCONFIG_DIR)/pmlogger_farm
$(INSTALL) -m 644 pmlogger.defaults $(PCP_SYSCONFIG_DIR)/pmlogger
$(INSTALL) -m 755 -d $(PCP_SHARE_DIR)/zeroconf
$(INSTALL) -m 644 pmlogger.zeroconf $(PCP_SHARE_DIR)/zeroconf/pmlogger
diff -Naurp pcp-5.3.7.orig/src/pmlogger/pmlogger_check.sh pcp-5.3.7/src/pmlogger/pmlogger_check.sh
--- pcp-5.3.7.orig/src/pmlogger/pmlogger_check.sh 2022-04-05 09:05:43.000000000 +1000
+++ pcp-5.3.7/src/pmlogger/pmlogger_check.sh 2022-08-31 11:23:08.758672970 +1000
@@ -1,6 +1,6 @@
#! /bin/sh
#
-# Copyright (c) 2013-2016,2018,2020-2021 Red Hat.
+# Copyright (c) 2013-2016,2018,2020-2022 Red Hat.
# Copyright (c) 1995-2000,2003 Silicon Graphics, Inc. All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
PMLOGGER="$PCP_BINADM_DIR/pmlogger"
PMLOGCONF="$PCP_BINADM_DIR/pmlogconf"
PMLOGGERENVS="$PCP_SYSCONFIG_DIR/pmlogger"
+PMLOGGERFARMENVS="$PCP_SYSCONFIG_DIR/pmlogger_farm"
PMLOGGERZEROCONFENVS="$PCP_SHARE_DIR/zeroconf/pmlogger"
# error messages should go to stderr, not the GUI notifiers
@@ -972,8 +973,8 @@ END { print m }'`
continue
fi
else
+ envs=`grep -h ^PMLOGGER "$PMLOGGERFARMENVS" 2>/dev/null`
args="-h $host $args"
- envs=""
iam=""
fi
diff -Naurp pcp-5.3.7.orig/src/pmlogger/pmlogger.defaults pcp-5.3.7/src/pmlogger/pmlogger.defaults
--- pcp-5.3.7.orig/src/pmlogger/pmlogger.defaults 2022-02-03 16:11:40.000000000 +1100
+++ pcp-5.3.7/src/pmlogger/pmlogger.defaults 2022-08-31 11:23:08.758672970 +1000
@@ -1,5 +1,7 @@
# Environment variables for the primary pmlogger daemon. See also
# the pmlogger control file and pmlogconf(1) for additional details.
+# Also see separate pmlogger_farm configuration for the non-primary
+# logger configuration settings, separate to this file.
# Settings defined in this file will override any settings in the
# pmlogger zeroconf file (if present).
diff -Naurp pcp-5.3.7.orig/src/pmlogger/pmlogger_farm.defaults pcp-5.3.7/src/pmlogger/pmlogger_farm.defaults
--- pcp-5.3.7.orig/src/pmlogger/pmlogger_farm.defaults 1970-01-01 10:00:00.000000000 +1000
+++ pcp-5.3.7/src/pmlogger/pmlogger_farm.defaults 2022-08-31 11:23:08.758672970 +1000
@@ -0,0 +1,27 @@
+# Environment variables for the pmlogger farm daemons. See also
+# pmlogger control file(s) and pmlogconf(1) for additional details.
+# Also see separate pmlogger configuration for the primary logger
+# configuration settings, separate to this file.
+
+# Behaviour regarding listening on external-facing interfaces;
+# unset PMLOGGER_LOCAL to allow connections from remote hosts.
+# A value of 0 permits remote connections, 1 permits local only.
+# PMLOGGER_LOCAL=1
+
+# Max length to which the queue of pending connections may grow
+# A value of 5 is the default.
+# PMLOGGER_MAXPENDING=5
+
+# Default sampling interval pmlogger uses when no more specific
+# interval is requested. A value of 60 seconds is the default.
+# Both pmlogger command line (via control file) and also pmlogger
+# configuration file directives will override this value.
+# PMLOGGER_INTERVAL=60
+
+# The default behaviour, when pmlogger configuration comes from
+# pmlogconf(1), is to regenerate the configuration file and check for
+# changes whenever pmlogger is started from pmlogger_check(1).
+# If the PMDA configuration is stable, this is not necessary, and
+# setting PMLOGGER_CHECK_SKIP_LOGCONF to yes disables the regeneration
+# and checking.
+# PMLOGGER_CHECK_SKIP_LOGCONF=yes

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,534 @@
diff -Naurp pcp-5.3.7.orig/qa/1985 pcp-5.3.7/qa/1985
--- pcp-5.3.7.orig/qa/1985 1970-01-01 10:00:00.000000000 +1000
+++ pcp-5.3.7/qa/1985 2022-10-19 21:32:03.971832371 +1100
@@ -0,0 +1,38 @@
+#!/bin/sh
+# PCP QA Test No. 1985
+# Exercise a pmfind fix - valgrind-enabled variant.
+#
+# Copyright (c) 2022 Red Hat. All Rights Reserved.
+#
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+# get standard environment, filters and checks
+. ./common.product
+. ./common.filter
+. ./common.check
+
+_check_valgrind
+
+_cleanup()
+{
+ cd $here
+ $sudo rm -rf $tmp $tmp.*
+}
+
+status=0 # success is the default!
+$sudo rm -rf $tmp $tmp.* $seq.full
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# real QA test starts here
+export seq
+./1986 --valgrind \
+| $PCP_AWK_PROG '
+skip == 1 && $1 == "===" { skip = 0 }
+/^=== std err ===/ { skip = 1 }
+skip == 0 { print }
+skip == 1 { print >>"'$here/$seq.full'" }'
+
+# success, all done
+exit
diff -Naurp pcp-5.3.7.orig/qa/1985.out pcp-5.3.7/qa/1985.out
--- pcp-5.3.7.orig/qa/1985.out 1970-01-01 10:00:00.000000000 +1000
+++ pcp-5.3.7/qa/1985.out 2022-10-19 21:32:03.971832371 +1100
@@ -0,0 +1,11 @@
+QA output created by 1985
+QA output created by 1986 --valgrind
+=== std out ===
+SOURCE HOSTNAME
+=== filtered valgrind report ===
+Memcheck, a memory error detector
+Command: pmfind -S -m probe=127.0.0.1/32
+LEAK SUMMARY:
+definitely lost: 0 bytes in 0 blocks
+indirectly lost: 0 bytes in 0 blocks
+ERROR SUMMARY: 0 errors from 0 contexts ...
diff -Naurp pcp-5.3.7.orig/qa/1986 pcp-5.3.7/qa/1986
--- pcp-5.3.7.orig/qa/1986 1970-01-01 10:00:00.000000000 +1000
+++ pcp-5.3.7/qa/1986 2022-10-19 21:32:03.971832371 +1100
@@ -0,0 +1,62 @@
+#!/bin/sh
+# PCP QA Test No. 1986
+# Exercise libpcp_web timers pmfind regression fix.
+#
+# Copyright (c) 2022 Red Hat. All Rights Reserved.
+#
+
+if [ $# -eq 0 ]
+then
+ seq=`basename $0`
+ echo "QA output created by $seq"
+else
+ # use $seq from caller, unless not set
+ [ -n "$seq" ] || seq=`basename $0`
+ echo "QA output created by `basename $0` $*"
+fi
+
+# get standard environment, filters and checks
+. ./common.product
+. ./common.filter
+. ./common.check
+
+do_valgrind=false
+if [ "$1" = "--valgrind" ]
+then
+ _check_valgrind
+ do_valgrind=true
+fi
+
+test -x $PCP_BIN_DIR/pmfind || _notrun No support for pmfind
+
+_cleanup()
+{
+ cd $here
+ $sudo rm -rf $tmp $tmp.*
+}
+
+status=0 # success is the default!
+hostname=`hostname || echo localhost`
+$sudo rm -rf $tmp $tmp.* $seq.full
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+_filter()
+{
+ sed \
+ -e "s@$tmp@TMP@g" \
+ -e "s/ $hostname/ HOSTNAME/" \
+ -e 's/^[a-f0-9][a-f0-9]* /SOURCE /' \
+ # end
+}
+
+# real QA test starts here
+if $do_valgrind
+then
+ _run_valgrind pmfind -S -m probe=127.0.0.1/32
+else
+ pmfind -S -m probe=127.0.0.1/32
+fi \
+| _filter
+
+# success, all done
+exit
diff -Naurp pcp-5.3.7.orig/qa/1986.out pcp-5.3.7/qa/1986.out
--- pcp-5.3.7.orig/qa/1986.out 1970-01-01 10:00:00.000000000 +1000
+++ pcp-5.3.7/qa/1986.out 2022-10-19 21:32:03.971832371 +1100
@@ -0,0 +1,2 @@
+QA output created by 1986
+SOURCE HOSTNAME
diff -Naurp pcp-5.3.7.orig/qa/group pcp-5.3.7/qa/group
--- pcp-5.3.7.orig/qa/group 2022-10-19 20:49:42.638708707 +1100
+++ pcp-5.3.7/qa/group 2022-10-19 21:32:03.972832359 +1100
@@ -1974,4 +1974,6 @@ x11
1957 libpcp local valgrind
1978 atop local
1984 pmlogconf pmda.redis local
+1985 pmfind local valgrind
+1986 pmfind local
4751 libpcp threads valgrind local pcp helgrind
diff -Naurp pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c pcp-5.3.7/src/libpcp_web/src/webgroup.c
--- pcp-5.3.7.orig/src/libpcp_web/src/webgroup.c 2021-11-01 13:02:26.000000000 +1100
+++ pcp-5.3.7/src/libpcp_web/src/webgroup.c 2022-10-19 21:32:03.973832346 +1100
@@ -287,11 +287,24 @@ webgroup_new_context(pmWebGroupSettings
}
static void
+webgroup_timers_stop(struct webgroups *groups)
+{
+ if (groups->active) {
+ uv_timer_stop(&groups->timer);
+ uv_close((uv_handle_t *)&groups->timer, NULL);
+ pmWebTimerRelease(groups->timerid);
+ groups->timerid = -1;
+ groups->active = 0;
+ }
+}
+
+static void
webgroup_garbage_collect(struct webgroups *groups)
{
dictIterator *iterator;
dictEntry *entry;
context_t *cp;
+ unsigned int count = 0, drops = 0;
if (pmDebugOptions.http || pmDebugOptions.libweb)
fprintf(stderr, "%s: started\n", "webgroup_garbage_collect");
@@ -308,33 +321,40 @@ webgroup_garbage_collect(struct webgroup
uv_mutex_unlock(&groups->mutex);
webgroup_drop_context(cp, groups);
uv_mutex_lock(&groups->mutex);
+ drops++;
}
+ count++;
}
dictReleaseIterator(iterator);
+
+ /* if dropping the last remaining context, do cleanup */
+ if (groups->active && drops == count) {
+ if (pmDebugOptions.http || pmDebugOptions.libweb)
+ fprintf(stderr, "%s: freezing\n", "webgroup_garbage_collect");
+ webgroup_timers_stop(groups);
+ }
uv_mutex_unlock(&groups->mutex);
}
if (pmDebugOptions.http || pmDebugOptions.libweb)
- fprintf(stderr, "%s: finished\n", "webgroup_garbage_collect");
+ fprintf(stderr, "%s: finished [%u drops from %u entries]\n",
+ "webgroup_garbage_collect", drops, count);
}
static void
refresh_maps_metrics(void *data)
{
struct webgroups *groups = (struct webgroups *)data;
+ unsigned int value;
- if (groups->metrics) {
- unsigned int value;
-
- value = dictSize(contextmap);
- mmv_set(groups->map, groups->metrics[CONTEXT_MAP_SIZE], &value);
- value = dictSize(namesmap);
- mmv_set(groups->map, groups->metrics[NAMES_MAP_SIZE], &value);
- value = dictSize(labelsmap);
- mmv_set(groups->map, groups->metrics[LABELS_MAP_SIZE], &value);
- value = dictSize(instmap);
- mmv_set(groups->map, groups->metrics[INST_MAP_SIZE], &value);
- }
+ value = contextmap? dictSize(contextmap) : 0;
+ mmv_set(groups->map, groups->metrics[CONTEXT_MAP_SIZE], &value);
+ value = namesmap? dictSize(namesmap) : 0;
+ mmv_set(groups->map, groups->metrics[NAMES_MAP_SIZE], &value);
+ value = labelsmap? dictSize(labelsmap) : 0;
+ mmv_set(groups->map, groups->metrics[LABELS_MAP_SIZE], &value);
+ value = instmap? dictSize(instmap) : 0;
+ mmv_set(groups->map, groups->metrics[INST_MAP_SIZE], &value);
}
static void
@@ -487,6 +507,7 @@ pmWebGroupDestroy(pmWebGroupSettings *se
if (pmDebugOptions.libweb)
fprintf(stderr, "%s: destroy context %p gp=%p\n", "pmWebGroupDestroy", cp, gp);
+ webgroup_deref_context(cp);
webgroup_drop_context(cp, gp);
}
sdsfree(msg);
@@ -2394,17 +2415,12 @@ pmWebGroupClose(pmWebGroupModule *module
if (groups) {
/* walk the contexts, stop timers and free resources */
- if (groups->active) {
- groups->active = 0;
- uv_timer_stop(&groups->timer);
- pmWebTimerRelease(groups->timerid);
- groups->timerid = -1;
- }
iterator = dictGetIterator(groups->contexts);
while ((entry = dictNext(iterator)) != NULL)
webgroup_drop_context((context_t *)dictGetVal(entry), NULL);
dictReleaseIterator(iterator);
dictRelease(groups->contexts);
+ webgroup_timers_stop(groups);
memset(groups, 0, sizeof(struct webgroups));
free(groups);
}
diff -Naurp pcp-5.3.7.orig/src/pmfind/source.c pcp-5.3.7/src/pmfind/source.c
--- pcp-5.3.7.orig/src/pmfind/source.c 2021-02-17 15:27:41.000000000 +1100
+++ pcp-5.3.7/src/pmfind/source.c 2022-10-19 21:32:03.973832346 +1100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020 Red Hat.
+ * Copyright (c) 2020,2022 Red Hat.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -25,6 +25,7 @@ static pmWebGroupSettings settings;
typedef struct {
sds source;
sds hostspec;
+ unsigned int refcount;
} context_t;
typedef struct {
@@ -38,22 +39,34 @@ typedef struct {
} sources_t;
static void
+source_release(sources_t *sp, context_t *cp, sds ctx)
+{
+ pmWebGroupDestroy(&settings, ctx, sp);
+ sdsfree(cp->hostspec);
+ sdsfree(cp->source);
+ free(cp);
+}
+
+static void
sources_release(void *arg, const struct dictEntry *entry)
{
sources_t *sp = (sources_t *)arg;
context_t *cp = (context_t *)dictGetVal(entry);
sds ctx = (sds)entry->key;
- pmWebGroupDestroy(&settings, ctx, sp);
- sdsfree(cp->hostspec);
- sdsfree(cp->source);
+ if (pmDebugOptions.discovery)
+ fprintf(stderr, "releasing context %s\n", ctx);
+
+ source_release(sp, cp, ctx);
}
static void
-sources_containers(sources_t *sp, sds id, dictEntry *uniq)
+sources_containers(sources_t *sp, context_t *cp, sds id, dictEntry *uniq)
{
uv_mutex_lock(&sp->mutex);
- sp->count++; /* issuing another PMWEBAPI request */
+ /* issuing another PMWEBAPI request */
+ sp->count++;
+ cp->refcount++;
uv_mutex_unlock(&sp->mutex);
pmWebGroupScrape(&settings, id, sp->params, sp);
@@ -75,6 +88,7 @@ on_source_context(sds id, pmWebSource *s
cp->source = sdsdup(src->source);
cp->hostspec = sdsdup(src->hostspec);
+ cp->refcount = 1;
uv_mutex_lock(&sp->mutex);
dictAdd(sp->contexts, id, cp);
@@ -84,7 +98,7 @@ on_source_context(sds id, pmWebSource *s
if (entry) { /* source just discovered */
printf("%s %s\n", src->source, src->hostspec);
if (containers)
- sources_containers(sp, id, entry);
+ sources_containers(sp, cp, id, entry);
}
}
@@ -116,7 +130,9 @@ static void
on_source_done(sds context, int status, sds message, void *arg)
{
sources_t *sp = (sources_t *)arg;
- int count = 0, release = 0;
+ context_t *cp;
+ dictEntry *he;
+ int remove = 0, count = 0, release = 0;
if (pmDebugOptions.discovery)
fprintf(stderr, "done on context %s (sts=%d)\n", context, status);
@@ -127,19 +143,26 @@ on_source_done(sds context, int status,
uv_mutex_lock(&sp->mutex);
if ((count = --sp->count) <= 0)
release = 1;
+ if ((he = dictFind(sp->contexts, context)) != NULL &&
+ (cp = (context_t *)dictGetVal(he)) != NULL &&
+ (--cp->refcount <= 0))
+ remove = 1;
uv_mutex_unlock(&sp->mutex);
+ if (remove) {
+ if (pmDebugOptions.discovery)
+ fprintf(stderr, "remove context %s\n", context);
+ source_release(sp, cp, context);
+ dictDelete(sp->contexts, context);
+ }
+
if (release) {
unsigned long cursor = 0;
-
- if (pmDebugOptions.discovery)
- fprintf(stderr, "release context %s (sts=%d)\n", context, status);
do {
cursor = dictScan(sp->contexts, cursor, sources_release, NULL, sp);
} while (cursor);
- } else {
- if (pmDebugOptions.discovery)
- fprintf(stderr, "not yet releasing (count=%d)\n", count);
+ } else if (pmDebugOptions.discovery) {
+ fprintf(stderr, "not yet releasing (count=%d)\n", count);
}
}
@@ -190,6 +213,7 @@ sources_discovery_start(uv_timer_t *arg)
}
dictRelease(dp);
+ pmWebTimerClose();
}
/*
@@ -214,8 +238,8 @@ source_discovery(int count, char **urls)
uv_mutex_init(&find.mutex);
find.urls = urls;
find.count = count; /* at least one PMWEBAPI request for each url */
- find.uniq = dictCreate(&sdsDictCallBacks, NULL);
- find.params = dictCreate(&sdsDictCallBacks, NULL);
+ find.uniq = dictCreate(&sdsKeyDictCallBacks, NULL);
+ find.params = dictCreate(&sdsOwnDictCallBacks, NULL);
dictAdd(find.params, sdsnew("name"), sdsnew("containers.state.running"));
find.contexts = dictCreate(&sdsKeyDictCallBacks, NULL);
@@ -230,6 +254,7 @@ source_discovery(int count, char **urls)
pmWebGroupSetup(&settings.module);
pmWebGroupSetEventLoop(&settings.module, loop);
+ pmWebTimerSetEventLoop(loop);
/*
* Start a one-shot timer to add a start function into the loop
@@ -244,7 +269,9 @@ source_discovery(int count, char **urls)
/*
* Finished, release all resources acquired so far
*/
+ pmWebGroupClose(&settings.module);
uv_mutex_destroy(&find.mutex);
+ dictRelease(find.uniq);
dictRelease(find.params);
dictRelease(find.contexts);
return find.status;
diff -Naurp pcp-5.3.7.orig/src/pmproxy/src/server.c pcp-5.3.7/src/pmproxy/src/server.c
--- pcp-5.3.7.orig/src/pmproxy/src/server.c 2022-04-05 09:05:43.000000000 +1000
+++ pcp-5.3.7/src/pmproxy/src/server.c 2022-10-19 21:31:43.831093354 +1100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019,2021 Red Hat.
+ * Copyright (c) 2018-2019,2021-2022 Red Hat.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
@@ -310,17 +310,21 @@ on_write_callback(uv_callback_t *handle,
struct client *client = (struct client *)request->writer.data;
int sts;
+ (void)handle;
if (pmDebugOptions.af)
fprintf(stderr, "%s: client=%p\n", "on_write_callback", client);
if (client->stream.secure == 0) {
sts = uv_write(&request->writer, (uv_stream_t *)&client->stream,
&request->buffer[0], request->nbuffers, request->callback);
- if (sts != 0)
- fprintf(stderr, "%s: ERROR uv_write failed\n", "on_write_callback");
+ if (sts != 0) {
+ pmNotifyErr(LOG_ERR, "%s: %s - uv_write failed [%s]: %s\n",
+ pmGetProgname(), "on_write_callback",
+ uv_err_name(sts), uv_strerror(sts));
+ client_close(client);
+ }
} else
secure_client_write(client, request);
- (void)handle;
return 0;
}
@@ -455,14 +459,16 @@ on_client_connection(uv_stream_t *stream
uv_handle_t *handle;
if (status != 0) {
- fprintf(stderr, "%s: client connection failed: %s\n",
- pmGetProgname(), uv_strerror(status));
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "on_client_connection", "connection",
+ uv_err_name(status), uv_strerror(status));
return;
}
if ((client = calloc(1, sizeof(*client))) == NULL) {
- fprintf(stderr, "%s: out-of-memory for new client\n",
- pmGetProgname());
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "on_client_connection", "calloc",
+ "ENOMEM", strerror(ENOMEM));
return;
}
if (pmDebugOptions.context | pmDebugOptions.af)
@@ -476,16 +482,18 @@ on_client_connection(uv_stream_t *stream
status = uv_tcp_init(proxy->events, &client->stream.u.tcp);
if (status != 0) {
- fprintf(stderr, "%s: client tcp init failed: %s\n",
- pmGetProgname(), uv_strerror(status));
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "on_client_connection", "uv_tcp_init",
+ uv_err_name(status), uv_strerror(status));
client_put(client);
return;
}
status = uv_accept(stream, (uv_stream_t *)&client->stream.u.tcp);
if (status != 0) {
- fprintf(stderr, "%s: client tcp init failed: %s\n",
- pmGetProgname(), uv_strerror(status));
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "on_client_connection", "uv_accept",
+ uv_err_name(status), uv_strerror(status));
client_put(client);
return;
}
@@ -496,8 +504,9 @@ on_client_connection(uv_stream_t *stream
status = uv_read_start((uv_stream_t *)&client->stream.u.tcp,
on_buffer_alloc, on_client_read);
if (status != 0) {
- fprintf(stderr, "%s: client read start failed: %s\n",
- pmGetProgname(), uv_strerror(status));
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "on_client_connection", "uv_read_start",
+ uv_err_name(status), uv_strerror(status));
client_close(client);
}
}
@@ -530,8 +539,9 @@ open_request_port(struct proxy *proxy, s
sts = uv_listen((uv_stream_t *)&stream->u.tcp, maxpending, on_client_connection);
if (sts != 0) {
- fprintf(stderr, "%s: socket listen error %s\n",
- pmGetProgname(), uv_strerror(sts));
+ pmNotifyErr(LOG_ERR, "%s: %s - uv_listen failed [%s]: %s\n",
+ pmGetProgname(), "open_request_port",
+ uv_err_name(sts), uv_strerror(sts));
uv_close(handle, NULL);
return -ENOTCONN;
}
@@ -554,15 +564,23 @@ open_request_local(struct proxy *proxy,
uv_pipe_init(proxy->events, &stream->u.local, 0);
handle = (uv_handle_t *)&stream->u.local;
handle->data = (void *)proxy;
- uv_pipe_bind(&stream->u.local, name);
+ sts = uv_pipe_bind(&stream->u.local, name);
+ if (sts != 0) {
+ pmNotifyErr(LOG_ERR, "%s: %s - uv_pipe_bind %s failed [%s]: %s\n",
+ pmGetProgname(), "open_request_local", name,
+ uv_err_name(sts), uv_strerror(sts));
+ uv_close(handle, NULL);
+ return -ENOTCONN;
+ }
#ifdef HAVE_UV_PIPE_CHMOD
uv_pipe_chmod(&stream->u.local, UV_READABLE | UV_WRITABLE);
#endif
sts = uv_listen((uv_stream_t *)&stream->u.local, maxpending, on_client_connection);
if (sts != 0) {
- fprintf(stderr, "%s: local listen error %s\n",
- pmGetProgname(), uv_strerror(sts));
+ pmNotifyErr(LOG_ERR, "%s: %s - %s failed [%s]: %s\n",
+ pmGetProgname(), "open_request_local", "uv_listen",
+ uv_err_name(sts), uv_strerror(sts));
uv_close(handle, NULL);
return -ENOTCONN;
}

View File

@ -0,0 +1,32 @@
commit 4014e295f7b5f541439774bd3c88924d3c061325
Author: Masatake YAMATO <yamato@redhat.com>
Date: Thu Oct 20 13:55:43 2022 +0900
pmdas/snmp: install the agent specific configuration file to PMDATMPDIR
When running ./Install of the agent, the following line is printed in
/var/log/pcp/pmcd/snmp.log.
Log for pmdasnmp on pcp-netsnmp started Tue Oct 18 22:45:23 2022
opening /var/lib/pcp/pmdas/snmp/snmp.conf No such file or directory at /var/lib/pcp/pmdas/snmp/pmdasnmp.pl line 90.
As a result, pmdasnmp.pl cannot read its configuration file though it
is "./Install"ed.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
diff --git a/src/pmdas/snmp/GNUmakefile b/src/pmdas/snmp/GNUmakefile
index ce0e3e8036..7bf5471a76 100644
--- a/src/pmdas/snmp/GNUmakefile
+++ b/src/pmdas/snmp/GNUmakefile
@@ -44,7 +44,7 @@ install_pcp install: default
$(INSTALL) -m 755 -t $(PMDATMPDIR) Install Remove $(PMDAADMDIR)
$(INSTALL) -m 644 -t $(PMDATMPDIR)/pmda$(IAM).pl pmda$(IAM).pl $(PMDAADMDIR)/pmda$(IAM).pl
$(INSTALL) -m 755 -d $(PMDACONFIG)
- $(INSTALL) -m 644 snmp.conf $(PMDACONFIG)/snmp.conf
+ $(INSTALL) -m 644 -t $(PMDATMPDIR)/$(IAM).conf $(IAM).conf $(PMDACONFIG)/$(IAM).conf
@$(INSTALL_MAN)
else
build-me:

View File

@ -0,0 +1,50 @@
diff --git a/src/pmdas/podman/.gitignore b/src/pmdas/podman/.gitignore
index a4f35e0f43..aea2c4052e 100644
--- a/src/pmdas/podman/.gitignore
+++ b/src/pmdas/podman/.gitignore
@@ -2,8 +2,6 @@ deps/
domain.h
pmdapodman
pmda_podman.so
-jsonsl.c
-jsonsl.h
help.dir
help.pag
exports
diff --git a/src/pmdas/podman/GNUmakefile b/src/pmdas/podman/GNUmakefile
index d6e58cfca5..1117a7a4e4 100644
--- a/src/pmdas/podman/GNUmakefile
+++ b/src/pmdas/podman/GNUmakefile
@@ -83,6 +83,7 @@ domain.h: ../../pmns/stdpmid
$(OBJECTS): domain.h
pmda.o: $(VERSION_SCRIPT)
pmda.o: $(TOPDIR)/src/include/pcp/libpcp.h
+podman.o: $(JSONSL_HFILES)
check:: $(CFILES) $(HFILES)
$(CLINT) $^
diff --git a/src/pmdas/root/.gitignore b/src/pmdas/root/.gitignore
index 21f507f0dd..b78b1fd28a 100644
--- a/src/pmdas/root/.gitignore
+++ b/src/pmdas/root/.gitignore
@@ -1,8 +1,6 @@
deps/
domain.h
pmdaroot
-jsonsl.c
-jsonsl.h
help.dir
help.pag
pmns
diff --git a/src/pmdas/root/GNUmakefile b/src/pmdas/root/GNUmakefile
index ed01a18fb8..b02d4ea834 100644
--- a/src/pmdas/root/GNUmakefile
+++ b/src/pmdas/root/GNUmakefile
@@ -83,6 +83,7 @@ pmns :
$(LN_S) -f root_root pmns
lxc.o root.o: $(TOPDIR)/src/include/pcp/libpcp.h
+podman.o: $(JSONSL_HFILES)
check:: $(CFILES) $(HFILES)
$(CLINT) $^

View File

@ -1,6 +1,6 @@
Name: pcp
Version: 5.3.7
Release: 7%{?dist}
Release: 16%{?dist}
Summary: System-level performance monitoring and performance management
License: GPLv2+ and LGPLv2+ and CC-BY
URL: https://pcp.io
@ -12,6 +12,13 @@ Patch1: redhat-bugzilla-1981886-pmdasockets-backporting.patch
Patch2: redhat-bugzilla-2059461-pmie-systemd-fixup.patch
Patch3: redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch
Patch4: redhat-bugzilla-2059463-pmdapostfix-harden.patch
Patch5: redhat-bugzilla-2083897-dstat-missed-ticks.patch
Patch6: redhat-bugzilla-2111742-selinux-policy.patch
Patch7: redhat-bugzilla-2093751-sudoers-docs.patch
Patch8: redhat-bugzilla-2101574-farm-config.patch
Patch9: redhat-bugzilla-2135314-pmfind-fix.patch
Patch10: redhat-bugzilla-2139012-pmdasnmp-config.patch
Patch11: redhat-build-jsonsl.patch
# The additional linker flags break out-of-tree PMDAs.
# https://bugzilla.redhat.com/show_bug.cgi?id=2043092
@ -294,36 +301,27 @@ BuildRequires: qt5-qtsvg-devel
Requires: bash xz gawk sed grep findutils which %{_hostname_executable}
Requires: pcp-libs = %{version}-%{release}
%if !%{disable_selinux}
%if !%{disable_selinux}
# rpm boolean dependencies are supported since RHEL 8
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 8
# This ensures that the pcp-selinux package and all it's dependencies are not pulled
# into containers and other systems that do not use SELinux
# This ensures that the pcp-selinux package and all its dependencies are
# not pulled into containers and other systems that do not use SELinux
Requires: (pcp-selinux = %{version}-%{release} if selinux-policy-targeted)
%else
Requires: pcp-selinux = %{version}-%{release}
%endif
%endif
%global _confdir %{_sysconfdir}/pcp
%global _logsdir %{_localstatedir}/log/pcp
%global _pmnsdir %{_localstatedir}/lib/pcp/pmns
%global _pmnsexecdir %{_libexecdir}/pcp/pmns
%global _tempsdir %{_localstatedir}/lib/pcp/tmp
%global _pmdasdir %{_localstatedir}/lib/pcp/pmdas
%global _pmdasexecdir %{_libexecdir}/pcp/pmdas
%global _testsdir %{_localstatedir}/lib/pcp/testsuite
%global _selinuxdir %{_localstatedir}/lib/pcp/selinux
%global _selinuxexecdir %{_libexecdir}/pcp/selinux
%global _logconfdir %{_localstatedir}/lib/pcp/config/pmlogconf
%global _ieconfigdir %{_localstatedir}/lib/pcp/config/pmie
%global _ieconfdir %{_localstatedir}/lib/pcp/config/pmieconf
%global _tapsetdir %{_datadir}/systemtap/tapset
%global _bashcompdir %{_datadir}/bash-completion/completions
%global _pixmapdir %{_datadir}/pcp-gui/pixmaps
%global _hicolordir %{_datadir}/icons/hicolor
%global _booksdir %{_datadir}/doc/pcp-doc
%global _selinuxdir %{_datadir}/selinux/packages/targeted
%if 0%{?fedora} >= 20 || 0%{?rhel} >= 8
%global _with_doc --with-docdir=%{_docdir}/%{name}
@ -444,13 +442,12 @@ else
fi
}
%global selinux_handle_policy() %{expand:
if [ %1 -ge 1 ]
%global run_pmieconf() %{expand:
if [ -w "%1" ]
then
%{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} install %2
elif [ %1 -eq 0 ]
then
%{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} remove %2
pmieconf -c enable "%2"
else
echo "WARNING: Cannot write to %1, skipping pmieconf enable of %2." >&2
fi
}
@ -2295,6 +2292,13 @@ updated policy package.
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build
# the buildsubdir macro gets defined in %setup and is apparently only available in the next step (i.e. the %build step)
@ -2442,7 +2446,7 @@ total_manifest | keep 'tutorials|/html/|pcp-doc|man.*\.[1-9].*' | cull 'out' >pc
total_manifest | keep 'testsuite|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files
basic_manifest | keep "$PCP_GUI|pcp-gui|applications|pixmaps|hicolor" | cull 'pmtime.h' >pcp-gui-files
basic_manifest | keep 'selinux' | cull 'tmp|GNUselinuxdefs' >pcp-selinux-files
basic_manifest | keep 'selinux' | cull 'tmp|testsuite' >pcp-selinux-files
basic_manifest | keep 'zeroconf|daily[-_]report|/sa$' >pcp-zeroconf-files
basic_manifest | grep -E -e 'pmiostat|pmrep|dstat|htop|pcp2csv' \
-e 'pcp-atop|pcp-dmcache|pcp-dstat|pcp-free|pcp-htop' \
@ -2686,6 +2690,9 @@ done
%endif
%pre testsuite
%if !%{disable_selinux}
%selinux_relabel_pre -s targeted
%endif
test -d %{_testsdir} || mkdir -p -m 755 %{_testsdir}
getent group pcpqa >/dev/null || groupadd -r pcpqa
getent passwd pcpqa >/dev/null || \
@ -2694,6 +2701,11 @@ chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
exit 0
%post testsuite
%if !%{disable_selinux}
semodule -r pcpqa >/dev/null 2>&1 || true
%selinux_modules_install -s targeted %{_selinuxdir}/pcp-testsuite.pp.bz2
%selinux_relabel_post -s targeted
%endif
chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
%if 0%{?rhel}
%if !%{disable_systemd}
@ -2708,6 +2720,14 @@ chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
%endif
exit 0
%if !%{disable_selinux}
%postun testsuite
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s targeted pcp-testsuite
%selinux_relabel_post -s targeted
fi
%endif
%pre
getent group pcp >/dev/null || groupadd -r pcp
getent passwd pcp >/dev/null || \
@ -2994,6 +3014,7 @@ fi
PCP_PMDAS_DIR=%{_pmdasdir}
PCP_SYSCONFIG_DIR=%{_sysconfdir}/sysconfig
PCP_PMCDCONF_PATH=%{_confdir}/pmcd/pmcd.conf
PCP_PMIECONFIG_DIR=%{_ieconfigdir}
# auto-install important PMDAs for RH Support (if not present already)
for PMDA in dm nfsclient openmetrics ; do
if ! grep -q "$PMDA/pmda$PMDA" "$PCP_PMCDCONF_PATH"
@ -3002,7 +3023,7 @@ for PMDA in dm nfsclient openmetrics ; do
fi
done
# auto-enable these usually optional pmie rules
pmieconf -c enable dmthin
%{run_pmieconf "$PCP_PMIECONFIG_DIR" dmthin}
%if 0%{?rhel}
%if !%{disable_systemd}
systemctl restart pmcd pmlogger pmie >/dev/null 2>&1
@ -3017,17 +3038,6 @@ pmieconf -c enable dmthin
%endif
%endif
%if !%{disable_selinux}
%post selinux
%{selinux_handle_policy "$1" "pcpupstream"}
%triggerin selinux -- docker-selinux
%{selinux_handle_policy "$1" "pcpupstream-docker"}
%triggerin selinux -- container-selinux
%{selinux_handle_policy "$1" "pcpupstream-container"}
%endif
%post
PCP_PMNS_DIR=%{_pmnsdir}
PCP_LOG_DIR=%{_logsdir}
@ -3066,14 +3076,21 @@ PCP_LOG_DIR=%{_logsdir}
%endif
%if !%{disable_selinux}
%preun selinux
%{selinux_handle_policy "$1" "pcpupstream"}
%pre selinux
%selinux_relabel_pre -s targeted
%triggerun selinux -- docker-selinux
%{selinux_handle_policy "$1" "pcpupstream-docker"}
%post selinux
semodule -r pcpupstream-container >/dev/null 2>&1 || true
semodule -r pcpupstream-docker >/dev/null 2>&1 || true
semodule -r pcpupstream >/dev/null 2>&1 || true
%selinux_modules_install -s targeted %{_selinuxdir}/pcp.pp.bz2
%selinux_relabel_post -s targeted
%triggerun selinux -- container-selinux
%{selinux_handle_policy "$1" "pcpupstream-container"}
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s targeted pcp
%selinux_relabel_post -s targeted
fi
%endif
%files -f pcp-files.rpm
@ -3092,6 +3109,7 @@ PCP_LOG_DIR=%{_logsdir}
%if !%{disable_selinux}
%files selinux -f pcp-selinux-files.rpm
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/targeted/active/modules/200/pcp
%endif
%if !%{disable_qt}
@ -3352,6 +3370,19 @@ PCP_LOG_DIR=%{_logsdir}
%files zeroconf -f pcp-zeroconf-files.rpm
%changelog
* Thu Nov 17 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-16
- Ensure SNMP metrics config symlink installed (BZ 2139012)
* Thu Oct 27 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-15
- Backport independent selinux policy rework (BZ 2111742)
- Fix invalid memory access in pmfind utility (BZ 2135314)
- Allow pcp-dstat(1) missed ticks suppression (BZ 2083897)
* Mon Sep 05 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-9
- Additional selinux policy rules for pmdabcc (BZ 2050094)
- Describe working sudoers requiretty configuration (BZ 2093751)
- Separate pmlogger_farm configuration mechanism (BZ 2101574)
* Mon May 09 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-7
- Additional selinux policy rules for pmdasockets (BZ 1981886)