From 518aa2062fee37cbe42e710000ee2e3c5b7811ad Mon Sep 17 00:00:00 2001 From: Jan Pokorný Date: Dec 02 2016 19:39:41 +0000 Subject: 1.1.16-1 - Update for new upstream tarball: Pacemaker-1.1.16, ... for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.16 - Adapt spec file more akin to upstream version including: . clarify licensing, especially for -doc (f01f734) . fix pacemaker-remote upgrade (779e0e3) . require python >= 2.6 (31ef7f0) . older libqb is sufficient (based on 30fe1ce) . remove openssl-devel and libselinux-devel as BRs (2e05c17) . make systemd BR pkgconfig-driven (6285924) . defines instead of some globals + error suppression (625d427) - Rectify -nagios-plugins-metadata declared license and install also respective license text --- diff --git a/001-makefile-cleanup.patch b/001-makefile-cleanup.patch deleted file mode 100644 index c2f5746..0000000 --- a/001-makefile-cleanup.patch +++ /dev/null @@ -1,535 +0,0 @@ -From d720014c2cf7ff00004b64ca9cf817ffc00e6ffb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Fri, 10 Jun 2016 15:00:03 +0200 -Subject: [PATCH 1/5] Build: Makefile.common to define MAINTAINERCLEANFILES + - AM_CPPFLAGS - -Fallout after 89fba95. ---- - attrd/Makefile.am | 5 +---- - lib/cib/Makefile.am | 5 +---- - lib/cluster/Makefile.am | 5 +---- - lib/common/Makefile.am | 8 +++----- - lib/fencing/Makefile.am | 6 +----- - lib/lrmd/Makefile.am | 8 +------- - lib/pengine/Makefile.am | 5 +---- - lib/transition/Makefile.am | 5 +---- - lrmd/Makefile.am | 1 - - 9 files changed, 10 insertions(+), 38 deletions(-) - -diff --git a/attrd/Makefile.am b/attrd/Makefile.am -index 9d5e223..0c5d456 100644 ---- a/attrd/Makefile.am -+++ b/attrd/Makefile.am -@@ -15,10 +15,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl -+include $(top_srcdir)/Makefile.common - - halibdir = $(CRM_DAEMON_DIR) - halib_PROGRAMS = attrd -diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am -index 1ebd7b0..687b9f3 100644 ---- a/lib/cib/Makefile.am -+++ b/lib/cib/Makefile.am -@@ -15,10 +15,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl -+include $(top_srcdir)/Makefile.common - - ## libraries - lib_LTLIBRARIES = libcib.la -diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am -index 5b6f3f7..f5f40bc 100644 ---- a/lib/cluster/Makefile.am -+++ b/lib/cluster/Makefile.am -@@ -15,10 +15,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl -+include $(top_srcdir)/Makefile.common - - headerdir=$(pkgincludedir)/crm/cluster - -diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am -index 8ef08db..7ae1dc8 100644 ---- a/lib/common/Makefile.am -+++ b/lib/common/Makefile.am -@@ -15,12 +15,10 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -+include $(top_srcdir)/Makefile.common - --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \ -- -I$(top_builddir)/lib/gnu -I$(top_srcdir)/lib/gnu \ -- -DSBINDIR=\"$(sbindir)\" -+AM_CPPFLAGS += -I$(top_builddir)/lib/gnu -I$(top_srcdir)/lib/gnu \ -+ -DSBINDIR=\"$(sbindir)\" - - ## libraries - lib_LTLIBRARIES = libcrmcommon.la -diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am -index 3320466..aa57ba5 100644 ---- a/lib/fencing/Makefile.am -+++ b/lib/fencing/Makefile.am -@@ -16,11 +16,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \ -- -I$(top_builddir) -I$(top_srcdir) -+include $(top_srcdir)/Makefile.common - - lib_LTLIBRARIES = libstonithd.la - -diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am -index d5ae2f4..8c76a78 100644 ---- a/lib/lrmd/Makefile.am -+++ b/lib/lrmd/Makefile.am -@@ -14,13 +14,7 @@ - # License along with this library; if not, write to the Free Software - # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - # --# -- --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl \ -- -I$(top_builddir) -I$(top_srcdir) -+include $(top_srcdir)/Makefile.common - - lib_LTLIBRARIES = liblrmd.la - -diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am -index b9191d5..4544377 100644 ---- a/lib/pengine/Makefile.am -+++ b/lib/pengine/Makefile.am -@@ -15,10 +15,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl -+include $(top_srcdir)/Makefile.common - - ## libraries - lib_LTLIBRARIES = libpe_rules.la libpe_status.la -diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am -index 4447f1b..6cc9bca 100644 ---- a/lib/transition/Makefile.am -+++ b/lib/transition/Makefile.am -@@ -15,10 +15,7 @@ - # along with this program; if not, write to the Free Software - # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - # --MAINTAINERCLEANFILES = Makefile.in -- --AM_CPPFLAGS = -I$(top_builddir)/include -I$(top_srcdir)/include \ -- -I$(top_builddir)/libltdl -I$(top_srcdir)/libltdl -+include $(top_srcdir)/Makefile.common - - ## libraries - lib_LTLIBRARIES = libtransitioner.la -diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am -index a8fb07a..556d48a 100644 ---- a/lrmd/Makefile.am -+++ b/lrmd/Makefile.am -@@ -14,7 +14,6 @@ - # License along with this library; if not, write to the Free Software - # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - # -- - include $(top_srcdir)/Makefile.common - - testdir = $(datadir)/$(PACKAGE)/tests/lrmd --- -1.8.3.1 - - -From bfad92c9e23f3bf7a73e86017eed46ba7fd63c12 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Fri, 10 Jun 2016 17:38:46 +0200 -Subject: [PATCH 2/5] Build: Makefile.am files: drop extraneous variables + - targets - -- empty variables -- non-fitting .PHONY definitions -- unemployed install-exec-local + uninstall-local target pairs (per file) -- AM_CFLAGS unnecessarily initialized with current AM_CPPFLAGS value -- empty header_HEADERS variable + superfluous headerdir definition ---- - Makefile.am | 2 -- - attrd/Makefile.am | 8 -------- - fencing/Makefile.am | 2 -- - include/crm/Makefile.am | 1 - - include/crm/fencing/Makefile.am | 3 --- - lib/cib/Makefile.am | 5 ----- - lib/cluster/Makefile.am | 8 -------- - lib/common/Makefile.am | 4 ---- - lib/fencing/Makefile.am | 2 -- - lib/lrmd/Makefile.am | 3 --- - lib/pengine/Makefile.am | 4 ---- - lib/services/Makefile.am | 2 -- - lib/transition/Makefile.am | 5 ----- - tools/Makefile.am | 11 ----------- - 14 files changed, 60 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 0edf0c9..5d1a689 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -73,5 +73,3 @@ dist-clean-local: - - maintainer-clean-local: - rm -f libltdl.tar -- --.PHONY: rpm pkg handy handy-copy -diff --git a/attrd/Makefile.am b/attrd/Makefile.am -index 0c5d456..9a841e5 100644 ---- a/attrd/Makefile.am -+++ b/attrd/Makefile.am -@@ -21,8 +21,6 @@ halibdir = $(CRM_DAEMON_DIR) - halib_PROGRAMS = attrd - ## SOURCES - --noinst_HEADERS = -- - attrd_SOURCES = - attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(top_builddir)/lib/common/libcrmcommon.la \ -@@ -37,9 +35,3 @@ endif - - clean-generic: - rm -f *.log *.debug *.xml *~ -- --install-exec-local: -- --uninstall-local: -- --.PHONY: install-exec-hook -diff --git a/fencing/Makefile.am b/fencing/Makefile.am -index 383c217..bef6e6e 100644 ---- a/fencing/Makefile.am -+++ b/fencing/Makefile.am -@@ -17,8 +17,6 @@ - # - include $(top_srcdir)/Makefile.common - --SUBDIRS = -- - ## binary progs - testdir = $(datadir)/$(PACKAGE)/tests/fencing - test_SCRIPTS = regression.py -diff --git a/include/crm/Makefile.am b/include/crm/Makefile.am -index ef96011..bdb627c 100644 ---- a/include/crm/Makefile.am -+++ b/include/crm/Makefile.am -@@ -19,7 +19,6 @@ MAINTAINERCLEANFILES = Makefile.in - - headerdir=$(pkgincludedir)/crm - --noinst_HEADERS = - header_HEADERS = crm.h cib.h attrd.h msg_xml.h transition.h stonith-ng.h cluster.h lrmd.h services.h error.h compatibility.h - - SUBDIRS = common pengine cib fencing cluster -diff --git a/include/crm/fencing/Makefile.am b/include/crm/fencing/Makefile.am -index f85c842..57a787b 100644 ---- a/include/crm/fencing/Makefile.am -+++ b/include/crm/fencing/Makefile.am -@@ -17,7 +17,4 @@ - # - MAINTAINERCLEANFILES = Makefile.in - --headerdir=$(pkgincludedir)/crm/fencing -- - noinst_HEADERS = internal.h --header_HEADERS = -diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am -index 687b9f3..07bf261 100644 ---- a/lib/cib/Makefile.am -+++ b/lib/cib/Makefile.am -@@ -21,7 +21,6 @@ include $(top_srcdir)/Makefile.common - lib_LTLIBRARIES = libcib.la - - ## SOURCES --noinst_HEADERS = - libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c - libcib_la_SOURCES += cib_file.c cib_remote.c - -@@ -31,7 +30,3 @@ libcib_la_CFLAGS = -I$(top_srcdir) - - clean-generic: - rm -f *.log *.debug *.xml *~ -- --install-exec-local: -- --uninstall-local: -diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am -index f5f40bc..dcc1fbd 100644 ---- a/lib/cluster/Makefile.am -+++ b/lib/cluster/Makefile.am -@@ -17,10 +17,6 @@ - # - include $(top_srcdir)/Makefile.common - --headerdir=$(pkgincludedir)/crm/cluster -- --header_HEADERS = -- - ## libraries - lib_LTLIBRARIES = libcrmcluster.la - -@@ -45,7 +41,3 @@ endif - - clean-generic: - rm -f *.log *.debug *.xml *~ -- --install-exec-local: -- --uninstall-local: -diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am -index 7ae1dc8..111628f 100644 ---- a/lib/common/Makefile.am -+++ b/lib/common/Makefile.am -@@ -44,7 +44,3 @@ libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c - - clean-generic: - rm -f *.log *.debug *.xml *~ -- --install-exec-local: -- --uninstall-local: -diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am -index aa57ba5..a9f9874 100644 ---- a/lib/fencing/Makefile.am -+++ b/lib/fencing/Makefile.am -@@ -23,5 +23,3 @@ lib_LTLIBRARIES = libstonithd.la - libstonithd_la_SOURCES = st_client.c - libstonithd_la_LDFLAGS = -version-info 4:1:2 - libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -- --AM_CFLAGS = $(AM_CPPFLAGS) -diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am -index 8c76a78..c23fef5 100644 ---- a/lib/lrmd/Makefile.am -+++ b/lib/lrmd/Makefile.am -@@ -23,6 +23,3 @@ liblrmd_la_LDFLAGS = -version-info 4:0:3 - liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/services/libcrmservice.la \ - $(top_builddir)/lib/fencing/libstonithd.la -- -- --AM_CFLAGS = $(AM_CPPFLAGS) -diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am -index 4544377..a0d19e5 100644 ---- a/lib/pengine/Makefile.am -+++ b/lib/pengine/Makefile.am -@@ -34,7 +34,3 @@ libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.l - - clean-generic: - rm -f *.log *.debug *~ -- --install-exec-local: -- --uninstall-local: -diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am -index a9fe26d..2797b53 100644 ---- a/lib/services/Makefile.am -+++ b/lib/services/Makefile.am -@@ -39,5 +39,3 @@ endif - if BUILD_SYSTEMD - libcrmservice_la_SOURCES += systemd.c - endif -- --AM_CFLAGS = $(AM_CPPFLAGS) -diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am -index 6cc9bca..7bcfc1a 100644 ---- a/lib/transition/Makefile.am -+++ b/lib/transition/Makefile.am -@@ -21,7 +21,6 @@ include $(top_srcdir)/Makefile.common - lib_LTLIBRARIES = libtransitioner.la - - ## SOURCES --noinst_HEADERS = - libtransitioner_la_SOURCES = unpack.c graph.c utils.c - - libtransitioner_la_LDFLAGS = -version-info 2:5:0 -@@ -30,7 +29,3 @@ libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la - - clean-generic: - rm -f *~ -- --install-exec-local: -- --uninstall-local: -diff --git a/tools/Makefile.am b/tools/Makefile.am -index 555b1db..59ce743 100644 ---- a/tools/Makefile.am -+++ b/tools/Makefile.am -@@ -26,9 +26,6 @@ COMMONLIBS = \ - $(top_builddir)/lib/cib/libcib.la \ - $(CURSESLIBS) $(CLUSTERLIBS) - --headerdir = $(pkgincludedir)/crm --header_HEADERS = -- - pcmkdir = $(datadir)/$(PACKAGE) - pcmk_DATA = report.common report.collector - -@@ -57,8 +54,6 @@ endif - - ## SOURCES - --noinst_HEADERS = -- - MAN8DEPS = crm_attribute crm_node - - crmadmin_SOURCES = crmadmin.c -@@ -143,10 +138,4 @@ ipmiservicelogd_CFLAGS = $(OPENIPMI_SERVICELOG_CFLAGS) $(SERVICELOG_CFLAGS) - ipmiservicelogd_LDFLAGS = $(top_builddir)/lib/common/libcrmcommon.la $(OPENIPMI_SERVICELOG_LIBS) $(SERVICELOG_LIBS) - endif - --install-exec-local: -- --uninstall-local: -- --.PHONY: install-exec-hook -- - CLEANFILES = $(man8_MANS) --- -1.8.3.1 - - -From 048efbf21a84568816b35522ed5f7b84f9ffdc41 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Mon, 20 Jun 2016 15:10:34 +0200 -Subject: [PATCH 3/5] Build: drop superfluous libcrmcluster_la_DEPENDENCIES var - ---- - lib/cluster/Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am -index dcc1fbd..ffa2a73 100644 ---- a/lib/cluster/Makefile.am -+++ b/lib/cluster/Makefile.am -@@ -23,7 +23,6 @@ lib_LTLIBRARIES = libcrmcluster.la - libcrmcluster_la_SOURCES = election.c cluster.c membership.c - libcrmcluster_la_LDFLAGS = -version-info 6:0:2 - libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS) --libcrmcluster_la_DEPENDENCIES = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la - - if BUILD_CS_SUPPORT - libcrmcluster_la_SOURCES += cpg.c --- -1.8.3.1 - - -From f5042bf76d048cb1fb77f9a60253cbf5a0ee9fc1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Mon, 20 Jun 2016 21:09:00 +0200 -Subject: [PATCH 4/5] Build: cib/Makefile.am: avoid second-guessing Libtool - -Explicitly referring to location that is an implementation detail of -Libtool is not very reasonable and appears to be working regardless. ---- - lib/cib/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am -index 07bf261..0c57eee 100644 ---- a/lib/cib/Makefile.am -+++ b/lib/cib/Makefile.am -@@ -24,7 +24,7 @@ lib_LTLIBRARIES = libcib.la - libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c - libcib_la_SOURCES += cib_file.c cib_remote.c - --libcib_la_LDFLAGS = -version-info 5:1:1 -L$(top_builddir)/lib/pengine/.libs -+libcib_la_LDFLAGS = -version-info 5:1:1 - libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la - libcib_la_CFLAGS = -I$(top_srcdir) - --- -1.8.3.1 - - -From 8a86b03d1dbb8bab4a38f39544c519a2e7e85136 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Fri, 10 Jun 2016 17:55:57 +0200 -Subject: [PATCH 5/5] Build: Makefile.am f.: move/drop comments to reflect - previous commits - -* "# lex/yacc issues": -- introduced with 800b0c3 ("CFLAGS = $(CFLAGS_COPY:-Werror=)") -- comment + the statement got separated as of ae6fb13 - -* "# utils.h pengine.h" -- introduced with a4d9634 -- became superfluous as of ef1f2e2 ---- - fencing/Makefile.am | 4 +--- - pengine/Makefile.am | 2 +- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/fencing/Makefile.am b/fencing/Makefile.am -index bef6e6e..79fe2ed 100644 ---- a/fencing/Makefile.am -+++ b/fencing/Makefile.am -@@ -56,9 +56,6 @@ BUILT_SOURCES = standalone_config.h - - stonithd_SOURCES += standalone_config.c config.y config.l - stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c -- --# lex/yacc issues: -- - endif - stonithd_YFLAGS = -d - -@@ -69,6 +66,7 @@ stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/pengine/libpengine.la \ - $(CRYPTOLIB) $(CLUSTERLIBS) - -+# lex/yacc issues: - CFLAGS = $(CFLAGS_COPY:-Werror=) - - CLEANFILES = $(man7_MANS) $(man8_MANS) -diff --git a/pengine/Makefile.am b/pengine/Makefile.am -index 172a86b..170b728 100644 ---- a/pengine/Makefile.am -+++ b/pengine/Makefile.am -@@ -58,8 +58,8 @@ man7_MANS = pengine.7 - endif - - ## SOURCES -+ - noinst_HEADERS = allocate.h utils.h pengine.h --#utils.h pengine.h - - libpengine_la_LDFLAGS = -version-info 11:0:1 - # -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version --- -1.8.3.1 - diff --git a/002-build-cleanup.patch b/002-build-cleanup.patch deleted file mode 100644 index 6fe5701..0000000 --- a/002-build-cleanup.patch +++ /dev/null @@ -1,678 +0,0 @@ -From f4305372f80faafb5a1856f68b06c4dd87f8f521 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Fri, 17 Jun 2016 21:47:34 +0200 -Subject: [PATCH 1/3] Build: drop acinclude.m4 never ever used by pacemaker - proper - -It was rather used by the management tool being part of heartbeat -project -- pacemaker's precursor -- hence the shared codebase that -just wasn't split carefully. - -[note that hearbeat also mistakenly carries that file along while - the reason disappeared as of: - http://hg.linux-ha.org/heartbeat-STABLE_3_0/rev/cf17a3d4167b#l1.39] ---- - acinclude.m4 | 39 --------------------------------------- - 1 file changed, 39 deletions(-) - delete mode 100644 acinclude.m4 - -diff --git a/acinclude.m4 b/acinclude.m4 -deleted file mode 100644 -index fa8fef2..0000000 ---- a/acinclude.m4 -+++ /dev/null -@@ -1,39 +0,0 @@ --dnl --dnl local autoconf/automake macros needed for heartbeat --dnl Started by David Lee February 2006 --dnl --dnl License: GNU General Public License (GPL) -- -- --dnl AM_CHECK_PYTHON_HEADERS: Find location of python include files. --dnl Taken from: --dnl http://source.macgimp.org/ --dnl which is GPL and is attributed to James Henstridge. --dnl --dnl AM_CHECK_PYTHON_HEADERS([ACTION-IF-POSSIBLE], [ACTION-IF-NOT-POSSIBLE]) --dnl Imports: --dnl $PYTHON --dnl Exports: --dnl PYTHON_INCLUDES -- --AC_DEFUN([AM_CHECK_PYTHON_HEADERS], --[AC_REQUIRE([AM_PATH_PYTHON]) --AC_MSG_CHECKING(for headers required to compile python extensions) --dnl deduce PYTHON_INCLUDES --py_prefix=`$PYTHON -c "import sys; print sys.prefix"` --py_exec_prefix=`$PYTHON -c "import sys; print sys.exec_prefix"` --PYTHON_INCLUDES="-I${py_prefix}/include/python${PYTHON_VERSION}" --if test "$py_prefix" != "$py_exec_prefix"; then -- PYTHON_INCLUDES="$PYTHON_INCLUDES -I${py_exec_prefix}/include/python${PYTHON_VERSION}" --fi --AC_SUBST(PYTHON_INCLUDES) --dnl check if the headers exist: --save_CPPFLAGS="$CPPFLAGS" --CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES" --AC_TRY_CPP([#include ],dnl --[AC_MSG_RESULT(found) --$1],dnl --[AC_MSG_RESULT(not found) --$2]) --CPPFLAGS="$save_CPPFLAGS" --]) --- -1.8.3.1 - - -From 4e0d5c81dae95be2bd3598d2f0dd639b64e5486a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Fri, 17 Jun 2016 22:59:42 +0200 -Subject: [PATCH 2/3] Build: configure.ac: drop unused CC_ERRORS, move - CC_EXTRAS - -... so as not to delimit the comment and respective code with unrelated -stuff. ---- - configure.ac | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 1a393fc..c5b30dc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1703,10 +1703,6 @@ dnl not have CFLAGS in their environment then this should have - dnl no effect. However if CFLAGS was exported from the user's - dnl environment, then the new CFLAGS will also be exported - dnl to sub processes. -- --CC_ERRORS="" --CC_EXTRAS="" -- - if export | fgrep " CFLAGS=" > /dev/null; then - SAVED_CFLAGS="$CFLAGS" - unset CFLAGS -@@ -1714,6 +1710,8 @@ if export | fgrep " CFLAGS=" > /dev/null; then - unset SAVED_CFLAGS - fi - -+CC_EXTRAS="" -+ - if test "$GCC" != yes; then - CFLAGS="$CFLAGS -g" - enable_fatal_warnings=no --- -1.8.3.1 - - -From 9632cd73b758dd4d41c2dbf2b9f10679cc3ee1a2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Tue, 21 Jun 2016 19:05:52 +0200 -Subject: [PATCH 3/3] Refactor: sanitizing touch on makefiles about to receive - hardening - -* whitespace cleanup -* internally provided -D... and -I... switches belong to CPPFLAGS rather - than CFLAGS -* use a following order of the per-target flags: - - CPPFLAGS - - YFLAGS - - CFLAGS - - LDFLAGS - - LDADD/LIBADD - - SOURCES - -This is in part to reflect common conditional inclusion of additional -sources (which should preferably immediately follow the main SOURCES -definition) sometimes connected with extending other flags as well. ---- - attrd/Makefile.am | 12 ++++++------ - cib/Makefile.am | 18 +++++++++--------- - crmd/Makefile.am | 31 +++++++++++++++---------------- - fencing/Makefile.am | 30 ++++++++++++++++-------------- - lib/cib/Makefile.am | 9 +++++---- - lib/cluster/Makefile.am | 3 +-- - lib/common/Makefile.am | 8 ++++---- - lib/fencing/Makefile.am | 8 ++++---- - lib/lrmd/Makefile.am | 10 +++++----- - lib/pengine/Makefile.am | 12 ++++++------ - lib/services/Makefile.am | 24 ++++++++++++------------ - lib/transition/Makefile.am | 9 +++++---- - lrmd/Makefile.am | 46 ++++++++++++++++++++++------------------------ - mcp/Makefile.am | 4 ++-- - pengine/Makefile.am | 16 +++++++--------- - 15 files changed, 119 insertions(+), 121 deletions(-) - -diff --git a/attrd/Makefile.am b/attrd/Makefile.am -index 9a841e5..a116e0e 100644 ---- a/attrd/Makefile.am -+++ b/attrd/Makefile.am -@@ -17,16 +17,16 @@ - # - include $(top_srcdir)/Makefile.common - --halibdir = $(CRM_DAEMON_DIR) --halib_PROGRAMS = attrd -+halibdir = $(CRM_DAEMON_DIR) -+halib_PROGRAMS = attrd - ## SOURCES - --attrd_SOURCES = --attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ -- $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/cib/libcib.la \ -+attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ -+ $(top_builddir)/lib/common/libcrmcommon.la \ -+ $(top_builddir)/lib/cib/libcib.la \ - $(CLUSTERLIBS) - -+attrd_SOURCES = - if BUILD_ATOMIC_ATTRD - attrd_SOURCES += main.c commands.c - else -diff --git a/cib/Makefile.am b/cib/Makefile.am -index 8508223..fcb8ce9 100644 ---- a/cib/Makefile.am -+++ b/cib/Makefile.am -@@ -23,23 +23,23 @@ hadir = $(sysconfdir)/ha.d - halibdir = $(CRM_DAEMON_DIR) - commmoddir = $(halibdir)/modules/comm - --COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/cib/libcib.la -+COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \ -+ $(top_builddir)/lib/cib/libcib.la - - ## binary progs - halib_PROGRAMS = cib cibmon - - ## SOURCES --noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h -+noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h - --cib_SOURCES = io.c messages.c notify.c \ -- callbacks.c main.c remote.c common.c -+cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ -+ $(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS) - --cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ -- $(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS) -+cib_SOURCES = io.c messages.c notify.c \ -+ callbacks.c main.c remote.c common.c - --cibmon_SOURCES = cibmon.c --cibmon_LDADD = $(COMMONLIBS) -+cibmon_LDADD = $(COMMONLIBS) -+cibmon_SOURCES = cibmon.c - - clean-generic: - rm -f *.log *.debug *.xml *~ -diff --git a/crmd/Makefile.am b/crmd/Makefile.am -index c28da0b..979e266 100644 ---- a/crmd/Makefile.am -+++ b/crmd/Makefile.am -@@ -24,20 +24,10 @@ halib_PROGRAMS = crmd - - ## SOURCES - --noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \ -- fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \ -+noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \ -+ fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \ - crmd_lrm.h te_callbacks.h tengine.h - --crmd_SOURCES = main.c crmd.c corosync.c notify.c \ -- fsa.c control.c messages.c membership.c callbacks.c \ -- election.c join_client.c join_dc.c subsystems.c throttle.c \ -- cib.c pengine.c tengine.c lrm.c lrm_state.c remote_lrmd_ra.c \ -- utils.c misc.c te_events.c te_actions.c te_utils.c te_callbacks.c -- --if BUILD_HEARTBEAT_SUPPORT --crmd_SOURCES += heartbeat.c --endif -- - crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \ - $(top_builddir)/lib/transition/libtransitioner.la \ - $(top_builddir)/lib/pengine/libpe_rules.la \ -@@ -45,19 +35,28 @@ crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \ - $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/services/libcrmservice.la \ -- $(top_builddir)/lib/lrmd/liblrmd.la \ -+ $(top_builddir)/lib/lrmd/liblrmd.la \ - $(CLUSTERLIBS) - -+crmd_SOURCES = main.c crmd.c corosync.c notify.c \ -+ fsa.c control.c messages.c membership.c callbacks.c \ -+ election.c join_client.c join_dc.c subsystems.c throttle.c \ -+ cib.c pengine.c tengine.c lrm.c lrm_state.c remote_lrmd_ra.c \ -+ utils.c misc.c te_events.c te_actions.c te_utils.c te_callbacks.c -+if BUILD_HEARTBEAT_SUPPORT -+crmd_SOURCES += heartbeat.c -+endif -+ - if BUILD_XML_HELP --man7_MANS = crmd.7 -+man7_MANS = crmd.7 - endif - --graphs: fsa_inputs.png fsa_inputs_by_action.png fsa_actions_by_state.png -+graphs: fsa_inputs.png fsa_inputs_by_action.png fsa_actions_by_state.png - - %.png: %.dot - dot -Tpng $< > $@ - --%.dot : fsa_matrix.h make_dot.pl -+%.dot: fsa_matrix.h make_dot.pl - perl $(top_srcdir)/crmd/make_dot.pl $(top_srcdir)/crmd/fsa_matrix.h $(top_builddir)/crmd - - CLEANFILES = $(man7_MANS) -diff --git a/fencing/Makefile.am b/fencing/Makefile.am -index 79fe2ed..1d591fc 100644 ---- a/fencing/Makefile.am -+++ b/fencing/Makefile.am -@@ -24,13 +24,13 @@ test_SCRIPTS = regression.py - halibdir = $(CRM_DAEMON_DIR) - halib_PROGRAMS = stonithd stonith-test - --sbin_PROGRAMS = stonith_admin --sbin_SCRIPTS = fence_legacy fence_pcmk -+sbin_PROGRAMS = stonith_admin -+sbin_SCRIPTS = fence_legacy fence_pcmk - --noinst_HEADERS = internal.h -+noinst_HEADERS = internal.h - - if BUILD_XML_HELP --man7_MANS = stonithd.7 -+man7_MANS = stonithd.7 - endif - - stonith_test_SOURCES = test.c -@@ -49,23 +49,25 @@ stonith_admin_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/fencing/libstonithd.la \ - $(CRYPTOLIB) $(CLUSTERLIBS) - --stonithd_CFLAGS = -I$(top_srcdir)/pengine --stonithd_SOURCES = main.c commands.c remote.c --if BUILD_STONITH_CONFIG --BUILT_SOURCES = standalone_config.h -- --stonithd_SOURCES += standalone_config.c config.y config.l --stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c --endif --stonithd_YFLAGS = -d -+stonithd_CPPFLAGS = -I$(top_srcdir)/pengine $(AM_CPPFLAGS) -+stonithd_YFLAGS = -d - - stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(top_builddir)/lib/fencing/libstonithd.la \ - $(top_builddir)/lib/pengine/libpe_status.la \ -- $(top_builddir)/pengine/libpengine.la \ -+ $(top_builddir)/pengine/libpengine.la \ - $(CRYPTOLIB) $(CLUSTERLIBS) - -+stonithd_SOURCES = main.c commands.c remote.c -+ -+if BUILD_STONITH_CONFIG -+BUILT_SOURCES = standalone_config.h -+ -+stonithd_SOURCES += standalone_config.c config.y config.l -+stonithd_AM_LFLAGS = -o$(LEX_OUTPUT_ROOT).c -+endif -+ - # lex/yacc issues: - CFLAGS = $(CFLAGS_COPY:-Werror=) - -diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am -index 0c57eee..e414a7f 100644 ---- a/lib/cib/Makefile.am -+++ b/lib/cib/Makefile.am -@@ -18,15 +18,16 @@ - include $(top_srcdir)/Makefile.common - - ## libraries --lib_LTLIBRARIES = libcib.la -+lib_LTLIBRARIES = libcib.la - - ## SOURCES - libcib_la_SOURCES = cib_ops.c cib_utils.c cib_client.c cib_native.c cib_attrs.c --libcib_la_SOURCES += cib_file.c cib_remote.c -+libcib_la_SOURCES += cib_file.c cib_remote.c - - libcib_la_LDFLAGS = -version-info 5:1:1 --libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la --libcib_la_CFLAGS = -I$(top_srcdir) -+libcib_la_CPPFLAGS = -I$(top_srcdir) $(AM_CPPFLAGS) -+ -+libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la - - clean-generic: - rm -f *.log *.debug *.xml *~ -diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am -index ffa2a73..06d7066 100644 ---- a/lib/cluster/Makefile.am -+++ b/lib/cluster/Makefile.am -@@ -20,10 +20,10 @@ include $(top_srcdir)/Makefile.common - ## libraries - lib_LTLIBRARIES = libcrmcluster.la - --libcrmcluster_la_SOURCES = election.c cluster.c membership.c - libcrmcluster_la_LDFLAGS = -version-info 6:0:2 - libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS) - -+libcrmcluster_la_SOURCES = election.c cluster.c membership.c - if BUILD_CS_SUPPORT - libcrmcluster_la_SOURCES += cpg.c - if BUILD_CS_PLUGIN -@@ -32,7 +32,6 @@ else - libcrmcluster_la_SOURCES += corosync.c - endif - endif -- - if BUILD_HEARTBEAT_SUPPORT - libcrmcluster_la_SOURCES += heartbeat.c - #libcrmcluster_la_LIBADD += -ldl -diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am -index 111628f..7550ec1 100644 ---- a/lib/common/Makefile.am -+++ b/lib/common/Makefile.am -@@ -31,16 +31,16 @@ lib_LTLIBRARIES = libcrmcommon.la - - CFLAGS = $(CFLAGS_COPY:-Wcast-qual=) -fPIC - -+libcrmcommon_la_LDFLAGS = -version-info 9:0:6 -+libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm -+ - libcrmcommon_la_SOURCES = compat.c digest.c ipc.c io.c procfs.c utils.c xml.c \ - iso8601.c remote.c mainloop.c logging.c watchdog.c \ - xpath.c - if BUILD_CIBSECRETS - libcrmcommon_la_SOURCES += cib_secrets.c - endif -- --libcrmcommon_la_LDFLAGS = -version-info 9:0:6 --libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm --libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c -+libcrmcommon_la_SOURCES += $(top_builddir)/lib/gnu/md5.c - - clean-generic: - rm -f *.log *.debug *.xml *~ -diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am -index a9f9874..85ae40a 100644 ---- a/lib/fencing/Makefile.am -+++ b/lib/fencing/Makefile.am -@@ -18,8 +18,8 @@ - # - include $(top_srcdir)/Makefile.common - --lib_LTLIBRARIES = libstonithd.la -+lib_LTLIBRARIES = libstonithd.la - --libstonithd_la_SOURCES = st_client.c --libstonithd_la_LDFLAGS = -version-info 4:1:2 --libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -+libstonithd_la_LDFLAGS = -version-info 4:1:2 -+libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -+libstonithd_la_SOURCES = st_client.c -diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am -index c23fef5..25f3d55 100644 ---- a/lib/lrmd/Makefile.am -+++ b/lib/lrmd/Makefile.am -@@ -16,10 +16,10 @@ - # - include $(top_srcdir)/Makefile.common - --lib_LTLIBRARIES = liblrmd.la -+lib_LTLIBRARIES = liblrmd.la - --liblrmd_la_SOURCES = lrmd_client.c proxy_common.c --liblrmd_la_LDFLAGS = -version-info 4:0:3 --liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/services/libcrmservice.la \ -+liblrmd_la_LDFLAGS = -version-info 4:0:3 -+liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \ -+ $(top_builddir)/lib/services/libcrmservice.la \ - $(top_builddir)/lib/fencing/libstonithd.la -+liblrmd_la_SOURCES = lrmd_client.c proxy_common.c -diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am -index a0d19e5..de760c3 100644 ---- a/lib/pengine/Makefile.am -+++ b/lib/pengine/Makefile.am -@@ -18,19 +18,19 @@ - include $(top_srcdir)/Makefile.common - - ## libraries --lib_LTLIBRARIES = libpe_rules.la libpe_status.la -+lib_LTLIBRARIES = libpe_rules.la libpe_status.la - - ## SOURCES --noinst_HEADERS = unpack.h variant.h -+noinst_HEADERS = unpack.h variant.h - - libpe_rules_la_LDFLAGS = -version-info 2:6:0 --libpe_rules_la_SOURCES = rules.c common.c - libpe_rules_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -+libpe_rules_la_SOURCES = rules.c common.c - - libpe_status_la_LDFLAGS = -version-info 11:0:1 --libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \ -- group.c clone.c rules.c common.c remote.c --libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la -+libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la -+libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \ -+ group.c clone.c rules.c common.c remote.c - - clean-generic: - rm -f *.log *.debug *~ -diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am -index 2797b53..c789fbd 100644 ---- a/lib/services/Makefile.am -+++ b/lib/services/Makefile.am -@@ -18,24 +18,24 @@ - - MAINTAINERCLEANFILES = Makefile.in - --AM_CPPFLAGS = -I$(top_builddir)/include -+AM_CPPFLAGS = -I$(top_builddir)/include - --lib_LTLIBRARIES = libcrmservice.la --noinst_HEADERS = upstart.h systemd.h services_private.h -+lib_LTLIBRARIES = libcrmservice.la -+noinst_HEADERS = upstart.h systemd.h services_private.h - --libcrmservice_la_SOURCES = services.c services_linux.c --libcrmservice_la_LDFLAGS = -version-info 4:1:1 --libcrmservice_la_CFLAGS = $(GIO_CFLAGS) -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\" --libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS) -+libcrmservice_la_LDFLAGS = -version-info 4:1:1 -+libcrmservice_la_CPPFLAGS = -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\" $(AM_CPPFLAGS) -+libcrmservice_la_CFLAGS = $(GIO_CFLAGS) - -+libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS) -+ -+libcrmservice_la_SOURCES = services.c services_linux.c - if BUILD_DBUS --libcrmservice_la_SOURCES += dbus.c -+libcrmservice_la_SOURCES += dbus.c - endif -- - if BUILD_UPSTART --libcrmservice_la_SOURCES += upstart.c -+libcrmservice_la_SOURCES += upstart.c - endif -- - if BUILD_SYSTEMD --libcrmservice_la_SOURCES += systemd.c -+libcrmservice_la_SOURCES += systemd.c - endif -diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am -index 7bcfc1a..9bc039e 100644 ---- a/lib/transition/Makefile.am -+++ b/lib/transition/Makefile.am -@@ -18,14 +18,15 @@ - include $(top_srcdir)/Makefile.common - - ## libraries --lib_LTLIBRARIES = libtransitioner.la -+lib_LTLIBRARIES = libtransitioner.la - - ## SOURCES --libtransitioner_la_SOURCES = unpack.c graph.c utils.c - - libtransitioner_la_LDFLAGS = -version-info 2:5:0 --libtransitioner_la_CFLAGS = -I$(top_builddir) --libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -+libtransitioner_la_CPPFLAGS = -I$(top_builddir) $(AM_CPPFLAGS) -+ -+libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la -+libtransitioner_la_SOURCES = unpack.c graph.c utils.c - - clean-generic: - rm -f *~ -diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am -index 556d48a..64df105 100644 ---- a/lrmd/Makefile.am -+++ b/lrmd/Makefile.am -@@ -19,45 +19,43 @@ include $(top_srcdir)/Makefile.common - testdir = $(datadir)/$(PACKAGE)/tests/lrmd - test_SCRIPTS = regression.py - --lrmdlibdir = $(CRM_DAEMON_DIR) --lrmdlib_PROGRAMS = lrmd lrmd_test lrmd_internal_ctl -+lrmdlibdir = $(CRM_DAEMON_DIR) -+lrmdlib_PROGRAMS = lrmd lrmd_test lrmd_internal_ctl - --initdir = $(INITDIR) --init_SCRIPTS = pacemaker_remote --sbin_PROGRAMS = pacemaker_remoted -+initdir = $(INITDIR) -+init_SCRIPTS = pacemaker_remote -+sbin_PROGRAMS = pacemaker_remoted - - if BUILD_SYSTEMD --systemdunit_DATA = pacemaker_remote.service -+systemdunit_DATA = pacemaker_remote.service - endif - --lrmd_SOURCES = main.c lrmd.c - lrmd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/services/libcrmservice.la \ -- $(top_builddir)/lib/lrmd/liblrmd.la \ -+ $(top_builddir)/lib/services/libcrmservice.la \ -+ $(top_builddir)/lib/lrmd/liblrmd.la \ - $(top_builddir)/lib/fencing/libstonithd.la ${COMPAT_LIBS} -+lrmd_SOURCES = main.c lrmd.c - -+pacemaker_remoted_CPPFLAGS = -DSUPPORT_REMOTE $(AM_CPPFLAGS) - --pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c --pacemaker_remoted_CFLAGS = -DSUPPORT_REMOTE - pacemaker_remoted_LDADD = $(lrmd_LDADD) -+pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c - -- -+lrmd_internal_ctl_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ -+ $(top_builddir)/lib/lrmd/liblrmd.la \ -+ $(top_builddir)/lib/cib/libcib.la \ -+ $(top_builddir)/lib/services/libcrmservice.la \ -+ $(top_builddir)/lib/pengine/libpe_status.la \ -+ $(top_builddir)/pengine/libpengine.la - lrmd_internal_ctl_SOURCES = remote_ctl.c --lrmd_internal_ctl_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/lrmd/liblrmd.la \ -- $(top_builddir)/lib/cib/libcib.la \ -- $(top_builddir)/lib/services/libcrmservice.la \ -- $(top_builddir)/lib/pengine/libpe_status.la \ -- $(top_builddir)/pengine/libpengine.la - -- --lrmd_test_SOURCES = test.c - lrmd_test_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/lrmd/liblrmd.la \ -- $(top_builddir)/lib/cib/libcib.la \ -- $(top_builddir)/lib/services/libcrmservice.la \ -- $(top_builddir)/lib/pengine/libpe_status.la \ -+ $(top_builddir)/lib/lrmd/liblrmd.la \ -+ $(top_builddir)/lib/cib/libcib.la \ -+ $(top_builddir)/lib/services/libcrmservice.la \ -+ $(top_builddir)/lib/pengine/libpe_status.la \ - $(top_builddir)/pengine/libpengine.la -+lrmd_test_SOURCES = test.c - - noinst_HEADERS = lrmd_private.h - -diff --git a/mcp/Makefile.am b/mcp/Makefile.am -index 1b3720a..195530a 100644 ---- a/mcp/Makefile.am -+++ b/mcp/Makefile.am -@@ -24,16 +24,16 @@ init_SCRIPTS = pacemaker - sbin_PROGRAMS = pacemakerd - - if BUILD_SYSTEMD --systemdunit_DATA = pacemaker.service -+systemdunit_DATA = pacemaker.service - endif - - ## SOURCES - - noinst_HEADERS = pacemaker.h - --pacemakerd_SOURCES = pacemaker.c corosync.c - pacemakerd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la $(top_builddir)/lib/common/libcrmcommon.la - pacemakerd_LDADD += $(CLUSTERLIBS) -+pacemakerd_SOURCES = pacemaker.c corosync.c - - endif - -diff --git a/pengine/Makefile.am b/pengine/Makefile.am -index 170b728..96c914f 100644 ---- a/pengine/Makefile.am -+++ b/pengine/Makefile.am -@@ -17,7 +17,7 @@ - # - include $(top_srcdir)/Makefile.common - --AM_CPPFLAGS += -I$(top_builddir) -I$(top_srcdir) -+AM_CPPFLAGS += -I$(top_builddir) -I$(top_srcdir) - - halibdir = $(CRM_DAEMON_DIR) - -@@ -30,9 +30,8 @@ test_DATA = regression.core.sh - test10dir = $(datadir)/$(PACKAGE)/tests/pengine/test10 - test10_DATA = $(PE_TESTS) $(PE_TESTS:%.scores=%.xml) $(PE_TESTS:%.scores=%.exp) $(PE_TESTS:%.scores=%.dot) $(PE_TESTS:%.scores=%.summary) $(wildcard test10/*.stderr) - --COMMONLIBS = \ -- $(top_builddir)/lib/common/libcrmcommon.la \ -- $(top_builddir)/lib/pengine/libpe_status.la \ -+COMMONLIBS = $(top_builddir)/lib/common/libcrmcommon.la \ -+ $(top_builddir)/lib/pengine/libpe_status.la \ - libpengine.la $(CURSESLIBS) $(CLUSTERLIBS) - - beekhof: -@@ -62,17 +61,16 @@ endif - noinst_HEADERS = allocate.h utils.h pengine.h - - libpengine_la_LDFLAGS = -version-info 11:0:1 -+libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \ -+ $(top_builddir)/lib/cib/libcib.la - # -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version - libpengine_la_SOURCES = pengine.c allocate.c utils.c constraints.c --libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c -+libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c - --libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \ -- $(top_builddir)/lib/cib/libcib.la -- --pengine_SOURCES = main.c - pengine_LDADD = $(top_builddir)/lib/cib/libcib.la $(COMMONLIBS) - # libcib for get_object_root() - # $(top_builddir)/lib/hbclient/libhbclient.la -+pengine_SOURCES = main.c - - install-exec-local: - $(mkinstalldirs) $(DESTDIR)/$(PE_STATE_DIR) --- -1.8.3.1 - diff --git a/003-harden-toolchain.patch b/003-harden-toolchain.patch deleted file mode 100644 index 5f5153a..0000000 --- a/003-harden-toolchain.patch +++ /dev/null @@ -1,603 +0,0 @@ -From 658fff9445711b8402029bc2916fccbc5d6fd8fc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Tue, 21 Jun 2016 19:16:43 +0200 -Subject: [PATCH 1/2] Feature: conditional hardening, especially for daemons + - libraries - -So far the build system has not been concerned with run-time hardening -measures the typical toolchains provide (beside unconditional enforcing -of -fstack-protector-all). Hence make a step in that direction, -enabling following if available and anticipating more to come: - -[$LD -z relro] -- daemons incl. libs -- make some parts of Global Offset Table (GOT) read-only - -[$CC -fPIE + ld -pie] -- daemons -- benefit from Address Space Layout Randomization (ASLR) for code - areas - -[$LD -z now] -- daemons incl. libs, only when the former two features are supported -- all symbols are resolved initially to that complete GOT is read-only - -[$CC -fstack-protector-strong/-fstack-protector-all/-fstack-protector] -- universal -- extra run-time checks for buffer overflows -- NOTE: - in case -fstack-protector-strong is supported, this is effectively - a weakening of previously enforced -fstack-protector-all, but note - that this variant comes with not entirely negligible performance - penalty [1], making "strong" variant a reasonable tradeoff for - something that is not in the prime line of possible attacks - -For details on how to instruct configure script to do the right -thing (for when the default won't cut it), see detailed comment -in configure.ac under "Hardening flags" section. - -[1] http://nvlpubs.nist.gov/nistpubs/TechnicalNotes/NIST.TN.1860.pdf ---- - acinclude.m4 | 25 +++++++++ - attrd/Makefile.am | 3 + - cib/Makefile.am | 3 + - configure.ac | 135 +++++++++++++++++++++++++++++++++++++++++++-- - crmd/Makefile.am | 3 + - fencing/Makefile.am | 3 + - lib/cib/Makefile.am | 3 + - lib/cluster/Makefile.am | 4 ++ - lib/common/Makefile.am | 4 ++ - lib/fencing/Makefile.am | 4 ++ - lib/lrmd/Makefile.am | 4 ++ - lib/pengine/Makefile.am | 8 +++ - lib/services/Makefile.am | 3 + - lib/transition/Makefile.am | 3 + - lrmd/Makefile.am | 6 ++ - mcp/Makefile.am | 3 + - pacemaker.spec.in | 17 ++++++ - pengine/Makefile.am | 6 ++ - 18 files changed, 231 insertions(+), 6 deletions(-) - create mode 100644 acinclude.m4 - -diff --git a/acinclude.m4 b/acinclude.m4 -new file mode 100644 -index 0000000..ecaa1dd ---- /dev/null -+++ b/acinclude.m4 -@@ -0,0 +1,25 @@ -+dnl -+dnl local autoconf/automake macros for pacemaker -+dnl -+ -+dnl Check if the flag is supported by linker (cacheable) -+dnl CC_CHECK_LDFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) -+dnl -+dnl Origin (declared license: GPLv2+ with less restrictive exception): -+dnl https://git.gnome.org/browse/glib/tree/m4macros/attributes.m4?h=2.49.1 -+dnl (AC_LANG_PROGRAM substituted by Jan Pokorny ) -+ -+AC_DEFUN([CC_CHECK_LDFLAGS], [ -+ AC_CACHE_CHECK([if $CC supports $1 flag], -+ AS_TR_SH([cc_cv_ldflags_$1]), -+ [ac_save_LDFLAGS="$LDFLAGS" -+ LDFLAGS="$LDFLAGS $1" -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], -+ [eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"], -+ [eval "AS_TR_SH([cc_cv_ldflags_$1])="]) -+ LDFLAGS="$ac_save_LDFLAGS" -+ ]) -+ -+ AS_IF([eval test x$]AS_TR_SH([cc_cv_ldflags_$1])[ = xyes], -+ [$2], [$3]) -+]) -diff --git a/attrd/Makefile.am b/attrd/Makefile.am -index a116e0e..6eaaae2 100644 ---- a/attrd/Makefile.am -+++ b/attrd/Makefile.am -@@ -21,6 +21,9 @@ halibdir = $(CRM_DAEMON_DIR) - halib_PROGRAMS = attrd - ## SOURCES - -+attrd_CFLAGS = $(CFLAGS_HARDENED_EXE) -+attrd_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - attrd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/cib/libcib.la \ -diff --git a/cib/Makefile.am b/cib/Makefile.am -index fcb8ce9..4273191 100644 ---- a/cib/Makefile.am -+++ b/cib/Makefile.am -@@ -32,6 +32,9 @@ halib_PROGRAMS = cib cibmon - ## SOURCES - noinst_HEADERS = callbacks.h cibio.h cibmessages.h common.h notify.h - -+cib_CFLAGS = $(CFLAGS_HARDENED_EXE) -+cib_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - cib_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(COMMONLIBS) $(CRYPTOLIB) $(CLUSTERLIBS) - -diff --git a/configure.ac b/configure.ac -index c5b30dc..edf6a91 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -196,6 +196,13 @@ AC_ARG_ENABLE([systemd], - [ --enable-systemd - Do not build support for the Systemd init system [default=yes]]) - -+AC_ARG_ENABLE(hardening, -+ [ --with-hardening -+ Harden the resulting executables/libraries (best effort by default)], -+ [ HARDENING="${enableval}" ], -+ [ HARDENING=try ], -+) -+ - AC_ARG_WITH(ais, - [ --with-ais - Support the Corosync messaging and membership layer ], -@@ -1710,6 +1717,12 @@ if export | fgrep " CFLAGS=" > /dev/null; then - unset SAVED_CFLAGS - fi - -+AC_ARG_VAR([CFLAGS_HARDENED_LIB], [extra C compiler flags for hardened libraries]) -+AC_ARG_VAR([LDFLAGS_HARDENED_LIB], [extra linker flags for hardened libraries]) -+ -+AC_ARG_VAR([CFLAGS_HARDENED_EXE], [extra C compiler flags for hardened executables]) -+AC_ARG_VAR([LDFLAGS_HARDENED_EXE], [extra linker flags for hardened executables]) -+ - CC_EXTRAS="" - - if test "$GCC" != yes; then -@@ -1785,12 +1798,6 @@ dnl otherwise none of both - # Additional warnings it might be nice to enable one day - # -Wshadow - # -Wunreachable-code -- case "$host_os" in -- *solaris*) ;; -- *) EXTRA_FLAGS="$EXTRA_FLAGS -- -fstack-protector-all" -- ;; -- esac - for j in $EXTRA_FLAGS - do - if -@@ -1829,6 +1836,118 @@ dnl System specific options - AC_MSG_NOTICE(Activated additional gcc flags: ${CC_EXTRAS}) - fi - -+dnl -+dnl Hardening flags -+dnl -+dnl The prime control of whether to apply (targeted) hardening build flags and -+dnl which ones is --{enable,disable}-hardening option passed to ./configure: -+dnl -+dnl --enable-hardening=try (default): -+dnl depending on whether any of CFLAGS_HARDENED_EXE, LDFLAGS_HARDENED_EXE, -+dnl CFLAGS_HARDENED_LIB or LDFLAGS_HARDENED_LIB environment variables -+dnl (see below) is set and non-null, all these custom flags (even if not -+dnl set) are used as are, otherwise the best effort is made to offer -+dnl reasonably strong hardening in several categories (RELRO, PIE, -+dnl "bind now", stack protector) according to what the selected toolchain -+dnl can offer -+dnl -+dnl --enable-hardening: -+dnl same effect as --enable-hardening=try when the environment variables -+dnl in question are suppressed -+dnl -+dnl --disable-hardening: -+dnl do not apply any targeted hardening measures at all -+dnl -+dnl The user-injected environment variables that regulate the hardening in -+dnl default case are as follows: -+dnl -+dnl * CFLAGS_HARDENED_EXE, LDFLAGS_HARDENED_EXE -+dnl compiler and linker flags (respectively) for daemon programs -+dnl (attrd, cib, crmd, lrmd, stonithd, pacemakerd, pacemaker_remoted, -+dnl pengine) -+dnl -+dnl * CFLAGS_HARDENED_LIB, LDFLAGS_HARDENED_LIB -+dnl compiler and linker flags (respectively) for libraries linked -+dnl with the daemon programs -+dnl -+dnl Note that these are purposedly targeted variables (addressing particular -+dnl targets all over the scattered Makefiles) and have no effect outside of -+dnl the predestined scope (e.g., CLI utilities). For a global reach, -+dnl use CFLAGS, LDFLAGS, etc. as usual. -+dnl -+dnl For guidance on the suitable flags consult, for instance: -+dnl https://fedoraproject.org/wiki/Changes/Harden_All_Packages#Detailed_Harden_Flags_Description -+dnl https://owasp.org/index.php/C-Based_Toolchain_Hardening#GCC.2FBinutils -+dnl -+ -+if test "x${HARDENING}" != "xtry"; then -+ unset CFLAGS_HARDENED_EXE -+ unset CFLAGS_HARDENED_LIB -+ unset LDFLAGS_HARDENED_EXE -+ unset LDFLAGS_HARDENED_LIB -+fi -+if test "x${HARDENING}" = "xno"; then -+ AC_MSG_NOTICE([Hardening: explicitly disabled]) -+elif test "x${HARDENING}" = "xyes" \ -+ || test "$(env | grep -Ec '^(C|LD)FLAGS_HARDENED_(EXE|LIB)=.')" = 0; then -+ dnl We'll figure out on our own... -+ CFLAGS_HARDENED_EXE= -+ CFLAGS_HARDENED_LIB= -+ LDFLAGS_HARDENED_EXE= -+ LDFLAGS_HARDENED_LIB= -+ relro=0 -+ pie=0 -+ bindnow=0 -+ # daemons incl. libs: partial RELRO -+ flag="-Wl,-z,relro" -+ CC_CHECK_LDFLAGS(["${flag}"], -+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}"; -+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}"; -+ relro=1] -+ ) -+ # daemons: PIE for both CFLAGS and LDFLAGS -+ if cc_supports_flag -fPIE; then -+ flag="-pie" -+ CC_CHECK_LDFLAGS(["${flag}"], -+ [CFLAGS_HARDENED_EXE="${CFLAGS_HARDENED_EXE} -fPIE"; -+ LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}"; -+ pie=1] -+ ) -+ fi -+ # daemons incl. libs: full RELRO if sensible -+ if test "${relro}" = 1 && test "${pie}" = 1; then -+ flag="-Wl,-z,now" -+ CC_CHECK_LDFLAGS(["${flag}"], -+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}"; -+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}"; -+ bindnow=1] -+ ) -+ fi -+ # universal: prefer strong > all > default stack protector if possible -+ flag= -+ if cc_supports_flag -fstack-protector-strong; then -+ flag="-fstack-protector-strong" -+ elif cc_supports_flag -fstack-protector-all; then -+ flag="-fstack-protector-all" -+ elif cc_supports_flag -fstack-protector; then -+ flag="-fstack-protector" -+ fi -+ if test -n "${flag}"; then -+ CC_EXTRAS="${CC_EXTRAS} ${flag}" -+ stackprot=1 -+ fi -+ if test "${relro}" = 1 \ -+ || test "${pie}" = 1 \ -+ || test "${stackprot}" = 1; then -+ AC_MSG_NOTICE( -+ [Hardening: relro=${relro} pie=${pie} bindnow=${bindnow} stackprot=${flag}]) -+ else -+ AC_MSG_WARN([Hardening: no suitable features in the toolchain detected]) -+ fi -+else -+ AC_MSG_NOTICE([Hardening: using custom flags]) -+fi -+ - CFLAGS="$CFLAGS $CC_EXTRAS" - - NON_FATAL_CFLAGS="$CFLAGS" -@@ -1978,5 +2097,9 @@ AC_MSG_RESULT([ HA group name = ${CRM_DAEMON_GROUP}]) - AC_MSG_RESULT([ HA user name = ${CRM_DAEMON_USER}]) - AC_MSG_RESULT([]) - AC_MSG_RESULT([ CFLAGS = ${CFLAGS}]) -+AC_MSG_RESULT([ CFLAGS_HARDENED_EXE = ${CFLAGS_HARDENED_EXE}]) -+AC_MSG_RESULT([ CFLAGS_HARDENED_LIB = ${CFLAGS_HARDENED_LIB}]) -+AC_MSG_RESULT([ LDFLAGS_HARDENED_EXE = ${LDFLAGS_HARDENED_EXE}]) -+AC_MSG_RESULT([ LDFLAGS_HARDENED_LIB = ${LDFLAGS_HARDENED_LIB}]) - AC_MSG_RESULT([ Libraries = ${LIBS}]) - AC_MSG_RESULT([ Stack Libraries = ${CLUSTERLIBS}]) -diff --git a/crmd/Makefile.am b/crmd/Makefile.am -index 979e266..6d5ee9a 100644 ---- a/crmd/Makefile.am -+++ b/crmd/Makefile.am -@@ -28,6 +28,9 @@ noinst_HEADERS = crmd.h crmd_fsa.h crmd_messages.h fsa_defines.h \ - fsa_matrix.h fsa_proto.h crmd_utils.h crmd_callbacks.h \ - crmd_lrm.h te_callbacks.h tengine.h - -+crmd_CFLAGS = $(CFLAGS_HARDENED_EXE) -+crmd_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - crmd_LDADD = $(top_builddir)/lib/fencing/libstonithd.la \ - $(top_builddir)/lib/transition/libtransitioner.la \ - $(top_builddir)/lib/pengine/libpe_rules.la \ -diff --git a/fencing/Makefile.am b/fencing/Makefile.am -index 1d591fc..c53ead6 100644 ---- a/fencing/Makefile.am -+++ b/fencing/Makefile.am -@@ -52,6 +52,9 @@ stonith_admin_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - stonithd_CPPFLAGS = -I$(top_srcdir)/pengine $(AM_CPPFLAGS) - stonithd_YFLAGS = -d - -+stonithd_CFLAGS = $(CFLAGS_HARDENED_EXE) -+stonithd_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - stonithd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/cluster/libcrmcluster.la \ - $(top_builddir)/lib/fencing/libstonithd.la \ -diff --git a/lib/cib/Makefile.am b/lib/cib/Makefile.am -index e414a7f..637ea8c 100644 ---- a/lib/cib/Makefile.am -+++ b/lib/cib/Makefile.am -@@ -27,6 +27,9 @@ libcib_la_SOURCES += cib_file.c cib_remote.c - libcib_la_LDFLAGS = -version-info 5:1:1 - libcib_la_CPPFLAGS = -I$(top_srcdir) $(AM_CPPFLAGS) - -+libcib_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libcib_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libcib_la_LIBADD = $(CRYPTOLIB) $(top_builddir)/lib/pengine/libpe_rules.la $(top_builddir)/lib/common/libcrmcommon.la - - clean-generic: -diff --git a/lib/cluster/Makefile.am b/lib/cluster/Makefile.am -index 06d7066..9a57bbb 100644 ---- a/lib/cluster/Makefile.am -+++ b/lib/cluster/Makefile.am -@@ -21,6 +21,10 @@ include $(top_srcdir)/Makefile.common - lib_LTLIBRARIES = libcrmcluster.la - - libcrmcluster_la_LDFLAGS = -version-info 6:0:2 -+ -+libcrmcluster_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libcrmcluster_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libcrmcluster_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la $(top_builddir)/lib/fencing/libstonithd.la $(CLUSTERLIBS) - - libcrmcluster_la_SOURCES = election.c cluster.c membership.c -diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am -index 7550ec1..0e1ad29 100644 ---- a/lib/common/Makefile.am -+++ b/lib/common/Makefile.am -@@ -32,6 +32,10 @@ lib_LTLIBRARIES = libcrmcommon.la - CFLAGS = $(CFLAGS_COPY:-Wcast-qual=) -fPIC - - libcrmcommon_la_LDFLAGS = -version-info 9:0:6 -+ -+libcrmcommon_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libcrmcommon_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libcrmcommon_la_LIBADD = @LIBADD_DL@ $(GNUTLSLIBS) -lm - - libcrmcommon_la_SOURCES = compat.c digest.c ipc.c io.c procfs.c utils.c xml.c \ -diff --git a/lib/fencing/Makefile.am b/lib/fencing/Makefile.am -index 85ae40a..dc15799 100644 ---- a/lib/fencing/Makefile.am -+++ b/lib/fencing/Makefile.am -@@ -21,5 +21,9 @@ include $(top_srcdir)/Makefile.common - lib_LTLIBRARIES = libstonithd.la - - libstonithd_la_LDFLAGS = -version-info 4:1:2 -+ -+libstonithd_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libstonithd_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libstonithd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la - libstonithd_la_SOURCES = st_client.c -diff --git a/lib/lrmd/Makefile.am b/lib/lrmd/Makefile.am -index 25f3d55..611675e 100644 ---- a/lib/lrmd/Makefile.am -+++ b/lib/lrmd/Makefile.am -@@ -19,6 +19,10 @@ include $(top_srcdir)/Makefile.common - lib_LTLIBRARIES = liblrmd.la - - liblrmd_la_LDFLAGS = -version-info 4:0:3 -+ -+liblrmd_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+liblrmd_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - liblrmd_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/services/libcrmservice.la \ - $(top_builddir)/lib/fencing/libstonithd.la -diff --git a/lib/pengine/Makefile.am b/lib/pengine/Makefile.am -index de760c3..ad5c5c3 100644 ---- a/lib/pengine/Makefile.am -+++ b/lib/pengine/Makefile.am -@@ -24,10 +24,18 @@ lib_LTLIBRARIES = libpe_rules.la libpe_status.la - noinst_HEADERS = unpack.h variant.h - - libpe_rules_la_LDFLAGS = -version-info 2:6:0 -+ -+libpe_rules_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libpe_rules_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libpe_rules_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la - libpe_rules_la_SOURCES = rules.c common.c - - libpe_status_la_LDFLAGS = -version-info 11:0:1 -+ -+libpe_status_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libpe_status_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libpe_status_la_LIBADD = @CURSESLIBS@ $(top_builddir)/lib/common/libcrmcommon.la - libpe_status_la_SOURCES = status.c unpack.c utils.c complex.c native.c \ - group.c clone.c rules.c common.c remote.c -diff --git a/lib/services/Makefile.am b/lib/services/Makefile.am -index c789fbd..b3208c2 100644 ---- a/lib/services/Makefile.am -+++ b/lib/services/Makefile.am -@@ -27,6 +27,9 @@ libcrmservice_la_LDFLAGS = -version-info 4:1:1 - libcrmservice_la_CPPFLAGS = -DOCF_ROOT_DIR=\"@OCF_ROOT_DIR@\" $(AM_CPPFLAGS) - libcrmservice_la_CFLAGS = $(GIO_CFLAGS) - -+libcrmservice_la_CFLAGS += $(CFLAGS_HARDENED_LIB) -+libcrmservice_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libcrmservice_la_LIBADD = $(GIO_LIBS) $(top_builddir)/lib/common/libcrmcommon.la $(DBUS_LIBS) - - libcrmservice_la_SOURCES = services.c services_linux.c -diff --git a/lib/transition/Makefile.am b/lib/transition/Makefile.am -index 9bc039e..4d6cd23 100644 ---- a/lib/transition/Makefile.am -+++ b/lib/transition/Makefile.am -@@ -25,6 +25,9 @@ lib_LTLIBRARIES = libtransitioner.la - libtransitioner_la_LDFLAGS = -version-info 2:5:0 - libtransitioner_la_CPPFLAGS = -I$(top_builddir) $(AM_CPPFLAGS) - -+libtransitioner_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libtransitioner_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libtransitioner_la_LIBADD = $(top_builddir)/lib/common/libcrmcommon.la - libtransitioner_la_SOURCES = unpack.c graph.c utils.c - -diff --git a/lrmd/Makefile.am b/lrmd/Makefile.am -index 64df105..5846503 100644 ---- a/lrmd/Makefile.am -+++ b/lrmd/Makefile.am -@@ -30,6 +30,9 @@ if BUILD_SYSTEMD - systemdunit_DATA = pacemaker_remote.service - endif - -+lrmd_CFLAGS = $(CFLAGS_HARDENED_EXE) -+lrmd_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - lrmd_LDADD = $(top_builddir)/lib/common/libcrmcommon.la \ - $(top_builddir)/lib/services/libcrmservice.la \ - $(top_builddir)/lib/lrmd/liblrmd.la \ -@@ -38,6 +41,9 @@ lrmd_SOURCES = main.c lrmd.c - - pacemaker_remoted_CPPFLAGS = -DSUPPORT_REMOTE $(AM_CPPFLAGS) - -+pacemaker_remoted_CFLAGS = $(CFLAGS_HARDENED_EXE) -+pacemaker_remoted_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - pacemaker_remoted_LDADD = $(lrmd_LDADD) - pacemaker_remoted_SOURCES = main.c lrmd.c tls_backend.c ipc_proxy.c - -diff --git a/mcp/Makefile.am b/mcp/Makefile.am -index 195530a..074d251 100644 ---- a/mcp/Makefile.am -+++ b/mcp/Makefile.am -@@ -31,6 +31,9 @@ endif - - noinst_HEADERS = pacemaker.h - -+pacemakerd_CFLAGS = $(CFLAGS_HARDENED_EXE) -+pacemakerd_LDFLAGS = $(LDFLAGS_HARDENED_EXE) -+ - pacemakerd_LDADD = $(top_builddir)/lib/cluster/libcrmcluster.la $(top_builddir)/lib/common/libcrmcommon.la - pacemakerd_LDADD += $(CLUSTERLIBS) - pacemakerd_SOURCES = pacemaker.c corosync.c -diff --git a/pacemaker.spec.in b/pacemaker.spec.in -index 6024514..a607588 100644 ---- a/pacemaker.spec.in -+++ b/pacemaker.spec.in -@@ -63,6 +63,9 @@ - # Turn off cman support on platforms that normally ship with it - %bcond_without cman - -+# Turn off hardening of libraries and daemon executables -+%bcond_without hardening -+ - %if %{with profiling} - # This disables -debuginfo package creation and also the stripping binaries/libraries - # Useful if you want sane profiling data -@@ -168,6 +171,7 @@ resource health. - - Available rpmbuild rebuild options: - --with(out) : cman stonithd doc coverage profiling pre_release upstart_job -+ hardening - - %package cli - License: GPLv2+ and LGPLv2+ -@@ -301,6 +305,18 @@ find . -exec touch \{\} \; - # Early versions of autotools (e.g. RHEL <= 5) do not support --docdir - export docdir=%{pcmk_docdir} - -+%if %{with hardening} -+# prefer distro-provided hardening flags in case they are defined -+# through _hardening_{c,ld}flags macros, configure script will -+# use its own defaults otherwise; if such hardenings are completely -+# undesired, rpmbuild using "--without hardening" -+# (or "--define '_without_hardening 1'") -+export CFLAGS_HARDENED_EXE="%{?_hardening_cflags}" -+export CFLAGS_HARDENED_LIB="%{?_hardening_cflags}" -+export LDFLAGS_HARDENED_EXE="%{?_hardening_ldflags}" -+export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}" -+%endif -+ - ./autogen.sh - - %{configure} \ -@@ -309,6 +325,7 @@ export docdir=%{pcmk_docdir} - %{!?with_cman: --without-cman} \ - --without-heartbeat \ - %{!?with_doc: --with-brand=} \ -+ %{!?with_hardening: --disable-hardening} \ - --with-initdir=%{_initrddir} \ - --localstatedir=%{_var} \ - --with-version=%{version}-%{release} -diff --git a/pengine/Makefile.am b/pengine/Makefile.am -index 96c914f..d4dbfb9 100644 ---- a/pengine/Makefile.am -+++ b/pengine/Makefile.am -@@ -61,12 +61,18 @@ endif - noinst_HEADERS = allocate.h utils.h pengine.h - - libpengine_la_LDFLAGS = -version-info 11:0:1 -+ -+libpengine_la_CFLAGS = $(CFLAGS_HARDENED_LIB) -+libpengine_la_LDFLAGS += $(LDFLAGS_HARDENED_LIB) -+ - libpengine_la_LIBADD = $(top_builddir)/lib/pengine/libpe_status.la \ - $(top_builddir)/lib/cib/libcib.la - # -L$(top_builddir)/lib/pils -lpils -export-dynamic -module -avoid-version - libpengine_la_SOURCES = pengine.c allocate.c utils.c constraints.c - libpengine_la_SOURCES += native.c group.c clone.c master.c graph.c utilization.c - -+pengine_CFLAGS = $(CFLAGS_HARDENED_EXE) -+pengine_LDFLAGS = $(LDFLAGS_HARDENED_EXE) - pengine_LDADD = $(top_builddir)/lib/cib/libcib.la $(COMMONLIBS) - # libcib for get_object_root() - # $(top_builddir)/lib/hbclient/libhbclient.la --- -1.8.3.1 - - -From 35ec27112452f2bd06ae8b395d8543db935e2b05 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Wed, 22 Jun 2016 15:18:00 +0200 -Subject: [PATCH 2/2] Build: configure.ac: prefer as-needed linking in case of - "-z now" - -Slight optimization of a default toolchain-flags-based hardening. ---- - configure.ac | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index edf6a91..4beb877 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1914,7 +1914,10 @@ elif test "x${HARDENING}" = "xyes" \ - pie=1] - ) - fi -- # daemons incl. libs: full RELRO if sensible -+ # daemons incl. libs: full RELRO if sensible + as-needed linking -+ # so as to possibly mitigate startup performance -+ # hit caused by excessive linking with unneeded -+ # libraries - if test "${relro}" = 1 && test "${pie}" = 1; then - flag="-Wl,-z,now" - CC_CHECK_LDFLAGS(["${flag}"], -@@ -1923,6 +1926,13 @@ elif test "x${HARDENING}" = "xyes" \ - bindnow=1] - ) - fi -+ if test "${bindnow}" = 1; then -+ flag="-Wl,--as-needed" -+ CC_CHECK_LDFLAGS(["${flag}"], -+ [LDFLAGS_HARDENED_EXE="${LDFLAGS_HARDENED_EXE} ${flag}"; -+ LDFLAGS_HARDENED_LIB="${LDFLAGS_HARDENED_LIB} ${flag}"] -+ ) -+ fi - # universal: prefer strong > all > default stack protector if possible - flag= - if cc_supports_flag -fstack-protector-strong; then --- -1.8.3.1 - diff --git a/CVE-2016-7035-improper-IPC-guarding.patch b/CVE-2016-7035-improper-IPC-guarding.patch deleted file mode 100644 index 8dafae4..0000000 --- a/CVE-2016-7035-improper-IPC-guarding.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 5a20855d6054ebaae590c09262b328d957cc1fc2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= -Date: Thu, 3 Nov 2016 11:16:37 +0100 -Subject: [PATCH] High: libcrmcommon: fix CVE-2016-7035 (improper IPC guarding) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It was discovered that at some not so uncommon circumstances, some -pacemaker daemons could be talked to, via libqb-facilitated IPC, by -unprivileged clients due to flawed authorization decision. Depending -on the capabilities of affected daemons, this might equip unauthorized -user with local privilege escalation or up to cluster-wide remote -execution of possibly arbitrary commands when such user happens to -reside at standard or remote/guest cluster node, respectively. - -The original vulnerability was introduced in an attempt to allow -unprivileged IPC clients to clean up the file system materialized -leftovers in case the server (otherwise responsible for the lifecycle -of these files) crashes. While the intended part of such behavior is -now effectively voided (along with the unintended one), a best-effort -fix to address this corner case systemically at libqb is coming along -(https://github.com/ClusterLabs/libqb/pull/231). - -Affected versions: 1.1.10-rc1 (2013-04-17) - 1.1.15 (2016-06-21) -Impact: Important -CVSSv3 ranking: 8.8 : AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H - -Credits for independent findings, in chronological order: - Jan "poki" Pokorný, of Red Hat - Alain Moulle, of ATOS/BULL ---- - lib/common/ipc.c | 14 +++----------- - 1 file changed, 3 insertions(+), 11 deletions(-) - -diff --git a/lib/common/ipc.c b/lib/common/ipc.c -index f060fcd..2949837 100644 ---- a/lib/common/ipc.c -+++ b/lib/common/ipc.c -@@ -293,7 +293,6 @@ crm_client_disconnect_all(qb_ipcs_service_t *service) - crm_client_t * - crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client) - { -- static uid_t uid_server = 0; - static gid_t gid_cluster = 0; - - crm_client_t *client = NULL; -@@ -304,7 +303,6 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client) - } - - if (gid_cluster == 0) { -- uid_server = getuid(); - if(crm_user_lookup(CRM_DAEMON_USER, NULL, &gid_cluster) < 0) { - static bool have_error = FALSE; - if(have_error == FALSE) { -@@ -314,16 +312,10 @@ crm_client_new(qb_ipcs_connection_t * c, uid_t uid_client, gid_t gid_client) - } - } - -- if(gid_cluster != 0 && gid_client != 0) { -- uid_t best_uid = -1; /* Passing -1 to chown(2) means don't change */ -- -- if(uid_client == 0 || uid_server == 0) { /* Someone is priveliged, but the other may not be */ -- best_uid = QB_MAX(uid_client, uid_server); -- crm_trace("Allowing user %u to clean up after disconnect", best_uid); -- } -- -+ if (uid_client != 0) { - crm_trace("Giving access to group %u", gid_cluster); -- qb_ipcs_connection_auth_set(c, best_uid, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); -+ /* Passing -1 to chown(2) means don't change */ -+ qb_ipcs_connection_auth_set(c, -1, gid_cluster, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); - } - - crm_client_init(); --- -2.4.11 - diff --git a/pacemaker.spec b/pacemaker.spec index e523d90..799bfe8 100644 --- a/pacemaker.spec +++ b/pacemaker.spec @@ -1,77 +1,115 @@ -%global gname haclient +# Globals and defines to control package behavior (configure these as desired) + +## User and group to use for nonprivileged services %global uname hacluster +%global gname haclient + +## Where to install Pacemaker documentation %global pcmk_docdir %{_docdir}/%{name} -%global specversion 3 -%global pcmkversion 1.1.15 -# set following to the actual commit or, for final release, concatenate -# "pcmkversion" macro to "Pacemaker-" (will yield a tag per the convention) -%global commit Pacemaker-1.1.15 +## GitHub entity that distributes source (for ease of using a fork) +%global github_owner ClusterLabs + +## Upstream pacemaker version, and its package version (specversion +## can be incremented to build packages reliably considered "newer" +## than previously built packages with the same pcmkversion) +%global pcmkversion 1.1.16 +%global specversion 1 + +## Upstream commit (or git tag, such as "Pacemaker-" plus the +## {pcmkversion} macro for an official release) to use for this package +%global commit Pacemaker-%{pcmkversion} + +## Nagios source control identifiers +%global nagios_name nagios-agents-metadata +%global nagios_hash 105ab8a7b2c16b9a29cf1c1596b80136eeef332b + +# Define globals for convenient use later + +## Workaround to use parentheses in other globals %global lparen ( %global rparen ) -%global shortcommit %(c=%{commit}; case ${c} in + +## Short version of git commit +%define shortcommit %(c=%{commit}; case ${c} in Pacemaker-*%{rparen} echo ${c:10};; *%{rparen} echo ${c:0:7};; esac) -%global pre_release %(s=%{shortcommit}; [ ${s: -4:3} != -rc ]; echo $?) -%global post_release %([ %{commit} = Pacemaker-%{shortcommit} ]; echo $?) -%global github_owner ClusterLabs -%global nagios_name nagios-agents-metadata -%global nagios_hash 105ab8a7b2c16b9a29cf1c1596b80136eeef332b +## Whether this is a release candidate +%define pre_release %(s=%{shortcommit}; [ ${s: -4:3} != -rc ]; echo $?) -# Turn off the auto compilation of python files not in the site-packages directory -# Needed so that the -devel package is multilib compliant -# py_auto_byte_compile macro: https://bugzilla.redhat.com/574437 -%if %{defined py_auto_byte_compile} +## Whether this is a development branch +%define post_release %([ %{commit} = Pacemaker-%{shortcommit} ]; echo $?) + +## Turn off auto-compilation of python files outside site-packages directory, +## so that the -libs-devel package is multilib-compliant (no *.py[co] files) +## (py_auto_byte_compile macro: https://bugzilla.redhat.com/574437) %undefine py_auto_byte_compile -%else -%global __os_install_post %(echo '%{__os_install_post}' | sed -e 's!/usr/lib[^[:space:]]*/brp-python-bytecompile[[:space:]].*$!!g') -%endif -%global rawhide %(test ! -e /etc/yum.repos.d/fedora-rawhide.repo; echo $?) -%global cs_version %(pkg-config corosync --modversion | awk -F . '{print $1}') -# It has to be eventually decided whether to use Python2 or Python3 -%global py_site %{?python_sitearch}%{!?python_sitearch:%(python -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} +## Heuristic used to infer bleeding-edge deployments that are +## less likely to have working versions of the documentation tools +%define bleeding %(test ! -e /etc/yum.repos.d/fedora-rawhide.repo; echo $?) + +## Corosync version +%define cs_version %(pkg-config corosync --modversion 2>/dev/null | awk -F . '{print $1}') + +## Where to install python site libraries (currently, this uses the unversioned +## python_sitearch macro to get the default system python, but at some point, +## we should explicitly choose python2_sitearch or python3_sitearch -- or both) +%define py_site %{?python_sitearch}%{!?python_sitearch:%( + python -c 'from distutils.sysconfig import get_python_lib as gpl; print(gpl(1))' 2>/dev/null)} -# Conditionals -# Invoke "rpmbuild --without " or "rpmbuild --with " -# to disable or enable specific features +## NOTE: skip cman_native (false) and systemd_native (true) decisions -# Build with/without support for profiling tools +# Define conditionals so that "rpmbuild --with " and +# "rpmbuild --without " can enable and disable specific features + +## NOTE: skip --with stonith + +## Add option to create binaries suitable for use with profiling tools %bcond_with profiling -# Include Build with/without support for performing coverage analysis +## Add option to create binaries with coverage analysis %bcond_with coverage -# We generate docs using Publican, Asciidoc and Inkscape, but they're not available everywhere +## Add option to skip generating documentation +## (the build tools aren't available everywhere) %bcond_without doc -# Use a different versioning scheme +## Add option to prefix package version with "0." +## (so later "official" packages will be considered updates) %bcond_with pre_release -# Ship an Upstart job file +## Add option to ship Upstart job files %bcond_with upstart_job -# Turn off hardening of libraries and daemon executables +## NOTE: skip --without cman + +## Add option to turn off hardening of libraries and daemon executables %bcond_without hardening + +# Keep sane profiling data if requested %if %{with profiling} -# This disables -debuginfo package creation and also the stripping binaries/libraries -# Useful if you want sane profiling data -%global debug_package %{nil} + +## Disable -debuginfo package and stripping binaries/libraries +%define debug_package %{nil} + %endif + +# Define the release version %if %{with pre_release} || 0%{pre_release} %if 0%{pre_release} -%global pcmk_release 0.%{specversion}.%(s=%{shortcommit}; echo ${s: -3}) +%define pcmk_release 0.%{specversion}.%(s=%{shortcommit}; echo ${s: -3}) %else -%global pcmk_release 0.%{specversion}.%{shortcommit}.git +%define pcmk_release 0.%{specversion}.%{shortcommit}.git %endif %else %if 0%{post_release} -%global pcmk_release %{specversion}.%{shortcommit}.git +%define pcmk_release %{specversion}.%{shortcommit}.git %else -%global pcmk_release %{specversion} +%define pcmk_release %{specversion} %endif %endif @@ -83,18 +121,13 @@ License: GPLv2+ and LGPLv2+ Url: http://www.clusterlabs.org Group: System Environment/Daemons +# Hint: use "spectool -s 0 pacemaker.spec" (rpmdevtools) to check the final URL Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source1: https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz -Patch1: 001-makefile-cleanup.patch -Patch2: 002-build-cleanup.patch -Patch3: 003-harden-toolchain.patch -Patch4: CVE-2016-7035-improper-IPC-guarding.patch # --- # keep following commented out for now #Patch100: bz1179335-system-wide-crypto-policies.patch -# for docker-wrapper RA (and perhaps more) -Requires: python >= 2.4 Requires: resource-agents Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-cluster-libs = %{version}-%{release} @@ -105,43 +138,44 @@ Provides: pcmk-cluster-manager %systemd_requires %endif -# Required for core functionality (python-devel depends on python) +# Pacemaker targets compatibility with python 2.6+ and 3.2+ +Requires: python >= 2.6 +BuildRequires: python-devel >= 2.6 + +# Pacemaker requires a minimum libqb functionality +Requires: libqb >= 0.13.0 +BuildRequires: libqb-devel >= 0.13.0 + +# Basics required for the build (even if usually satisfied through other BRs) +BuildRequires: coreutils findutils grep sed + +# Required for core functionality BuildRequires: automake autoconf libtool pkgconfig libtool-ltdl-devel BuildRequires: pkgconfig(glib-2.0) libxml2-devel libxslt-devel libuuid-devel -BuildRequires: python-devel bzip2-devel pam-devel +BuildRequires: bzip2-devel pam-devel # Required for agent_config.h which specifies the correct scratch directory BuildRequires: resource-agents -# We need reasonably recent versions of libqb -BuildRequires: libqb-devel > 0.17.0 -Requires: libqb > 0.17.0 - # Enables optional functionality -BuildRequires: ncurses-devel openssl-devel libselinux-devel docbook-style-xsl +BuildRequires: ncurses-devel docbook-style-xsl BuildRequires: bison byacc flex help2man gnutls-devel pkgconfig(dbus-1) -%if %{defined _unitdir} -BuildRequires: systemd-devel -%endif +BuildRequires: pkgconfig(systemd) Requires: corosync BuildRequires: pkgconfig(libcpg) BuildRequires: pkgconfig(libcfg) -%if !%{rawhide} -# More often than not, inkscape is busted on rawhide, don't even bother - +## (note no avoiding effect when building through non-customized mock) +%if !%{bleeding} %if %{with doc} -%ifarch %{ix86} x86_64 BuildRequires: publican inkscape asciidoc %endif %endif -%endif - # git-style patch application -BuildRequires: git +#BuildRequires: git %description Pacemaker is an advanced, scalable High-Availability cluster resource @@ -155,7 +189,7 @@ when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: - --with(out) : doc coverage profiling upstart_job pre_release hardening + --with(out) : coverage doc hardening pre_release profiling %package cli License: GPLv2+ and LGPLv2+ @@ -235,21 +269,32 @@ manager for Corosync, CMAN and/or Linux-HA. The %{name}-libs-devel package contains headers and shared libraries for developing tools for Pacemaker. +# NOTE: can be noarch if lrmd_test is moved to another subpackage %package cts License: GPLv2+ and LGPLv2+ Summary: Test framework for cluster-related technologies like Pacemaker Group: System Environment/Daemons -Requires: python +Requires: python >= 2.6 Requires: %{name}-libs = %{version}-%{release} + +# systemd python bindings are separate package in some distros %if %{defined systemd_requires} + +%if 0%{?fedora} > 22 +Requires: python2-systemd +%else +%if 0%{?fedora} > 20 || 0%{?rhel} > 6 Requires: systemd-python %endif +%endif + +%endif %description cts Test framework for cluster-related technologies like Pacemaker %package doc -License: GPLv2+ and LGPLv2+ +License: CC-BY-SA Summary: Documentation for Pacemaker Group: Documentation @@ -260,7 +305,7 @@ Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. %package nagios-plugins-metadata -License: GPLv2+ and LGPLv2+ +License: GPLv3 Summary: Pacemaker Nagios Metadata Group: System Environment/Daemons # NOTE below are the plugins this metadata uses. @@ -277,9 +322,9 @@ monitor resources. %prep %setup -q -a 1 -n %{name}-%{commit} -%global __scm git -%__scm_setup_git -%autopatch -p1 +#global __scm git +#__scm_setup_git +#autopatch -p1 # Force the local time # @@ -294,6 +339,8 @@ find . -exec touch \{\} \; # Early versions of autotools (e.g. RHEL <= 5) do not support --docdir export docdir=%{pcmk_docdir} +export systemdunitdir=%{?_unitdir}%{?!_unitdir:no} + %if %{with hardening} # prefer distro-provided hardening flags in case they are defined # through _hardening_{c,ld}flags macros, configure script will @@ -327,7 +374,7 @@ make %{_smp_mflags} V=1 all ./BasicSanity.sh -V pengine cli 2>&1 | sed s/[fF]ail/faiil/g %install -make DESTDIR=%{buildroot} V=1 install +make DESTDIR=%{buildroot} docdir=%{pcmk_docdir} V=1 install mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig install -m 644 mcp/pacemaker.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/pacemaker @@ -345,6 +392,8 @@ install -m 644 mcp/pacemaker.combined.upstart ${RPM_BUILD_ROOT}%{_sysconfdir}/in install -m 644 tools/crm_mon.upstart ${RPM_BUILD_ROOT}%{_sysconfdir}/init/crm_mon.conf %endif +mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/rpm-state/%{name} + # Scripts that should be executable chmod a+x %{buildroot}/%{_datadir}/pacemaker/tests/cts/CTSlab.py @@ -362,10 +411,8 @@ rm -f %{buildroot}/%{_mandir}/man8/fence_legacy.* find %{buildroot} -name 'o2cb*' -type f -print0 | xargs -0 rm -f # Don't ship init scripts for systemd based platforms -%if %{defined _unitdir} rm -f %{buildroot}/%{_initrddir}/pacemaker rm -f %{buildroot}/%{_initrddir}/pacemaker_remote -%endif # Don't ship fence_pcmk where it has no use rm -f %{buildroot}/%{_sbindir}/fence_pcmk @@ -380,8 +427,6 @@ find . -name '*.gcno' -type f | while read F ; do done %endif -%if %{defined _unitdir} - %post %systemd_post pacemaker.service @@ -391,6 +436,19 @@ done %postun %systemd_postun_with_restart pacemaker.service +%pre remote +# Stop the service before anything is touched, and remember to restart +# it as one of the last actions (compared to using systemd_postun_with_restart, +# this avoids suicide when sbd is in use) +systemctl --quiet is-active pacemaker_remote +if [ $? -eq 0 ] ; then + mkdir -p %{_localstatedir}/lib/rpm-state/%{name} + touch %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote + systemctl stop pacemaker_remote >/dev/null 2>&1 +else + rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote +fi + %post remote %systemd_post pacemaker_remote.service @@ -398,7 +456,20 @@ done %systemd_preun pacemaker_remote.service %postun remote +# This next line is a no-op, because we stopped the service earlier, but +# we leave it here because it allows us to revert to the standard behavior +# in the future if desired %systemd_postun_with_restart pacemaker_remote.service +# Explicitly take care of removing the flag-file(s) upon final removal +if [ $1 -eq 0 ] ; then + rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote +fi + +%posttrans remote +if [ -e %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote ] ; then + systemctl start pacemaker_remote >/dev/null 2>&1 + rm -f %{_localstatedir}/lib/rpm-state/%{name}/restart_pacemaker_remote +fi %post cli %systemd_post crm_mon.service @@ -409,30 +480,6 @@ done %postun cli %systemd_postun_with_restart crm_mon.service -%else - -%post -/sbin/chkconfig --add pacemaker || : - -%preun -/sbin/service pacemaker stop || : -if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /sbin/chkconfig --del pacemaker || : -fi - -%post remote -/sbin/chkconfig --add pacemaker_remote || : - -%preun remote -/sbin/service pacemaker_remote stop &>/dev/null || : -if [ $1 -eq 0 ]; then - # Package removal, not upgrade - /sbin/chkconfig --del pacemaker_remote || : -fi - -%endif - %pre -n %{name}-libs getent group %{gname} >/dev/null || groupadd -r %{gname} -g 189 @@ -454,11 +501,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/pacemaker %{_sbindir}/pacemakerd -%if %{defined _unitdir} %{_unitdir}/pacemaker.service -%else -%{_initrddir}/pacemaker -%endif %exclude %{_datadir}/pacemaker/nagios/plugins-metadata/* @@ -484,8 +527,8 @@ exit 0 %doc %{_datadir}/pacemaker/alerts -%license COPYING -%doc AUTHORS +%license licenses/GPLv2 +%doc COPYING %doc ChangeLog %dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/cib @@ -494,20 +537,13 @@ exit 0 /usr/lib/ocf/resource.d/pacemaker/remote /usr/lib/ocf/resource.d/.isolation -%if %{with upstart_job} -%config(noreplace) %{_sysconfdir}/init/pacemaker.conf -%config(noreplace) %{_sysconfdir}/init/pacemaker.combined.conf -%endif - %files cli %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/pacemaker %config(noreplace) %{_sysconfdir}/sysconfig/crm_mon -%if %{defined _unitdir} %{_unitdir}/crm_mon.service -%endif %if %{with upstart_job} %config(noreplace) %{_sysconfdir}/init/crm_mon.conf @@ -558,8 +594,8 @@ exit 0 %exclude %{_mandir}/man8/pacemaker_remoted.* %exclude %{_mandir}/man8/stonith_admin.* -%license COPYING -%doc AUTHORS +%license licenses/GPLv2 +%doc COPYING %doc ChangeLog %dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker @@ -578,41 +614,46 @@ exit 0 %{_libdir}/libpengine.so.* %{_libdir}/libstonithd.so.* %{_libdir}/libtransitioner.so.* -%license COPYING.LIB -%doc AUTHORS +%license licenses/LGPLv2.1 +%doc COPYING +%doc ChangeLog %files -n %{name}-cluster-libs %defattr(-,root,root) %{_libdir}/libcrmcluster.so.* -%license COPYING.LIB -%doc AUTHORS +%license licenses/LGPLv2.1 +%doc COPYING +%doc ChangeLog %files remote %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/pacemaker -%if %{defined _unitdir} +# state directory is shared between the subpackets +# let rpm take care of removing it once it isn't +# referenced anymore and empty +%ghost %dir %{_localstatedir}/lib/rpm-state/%{name} %{_unitdir}/pacemaker_remote.service -%else -%{_initrddir}/pacemaker_remote -%endif %{_sbindir}/pacemaker_remoted %{_mandir}/man8/pacemaker_remoted.* -%license COPYING -%doc AUTHORS +%license licenses/GPLv2 +%doc COPYING +%doc ChangeLog %files doc %defattr(-,root,root) %doc %{pcmk_docdir} +%license licenses/CC-BY-SA-4.0 %files cts %defattr(-,root,root) %{py_site}/cts %{_datadir}/pacemaker/tests/cts %{_libexecdir}/pacemaker/lrmd_test -%license COPYING -%doc AUTHORS +%license licenses/GPLv2 +%doc COPYING +%doc ChangeLog %files -n %{name}-libs-devel %defattr(-,root,root) @@ -624,15 +665,32 @@ exit 0 %{_var}/lib/pacemaker/gcov %endif %{_libdir}/pkgconfig/*.pc -%license COPYING.LIB -%doc AUTHORS +%license licenses/LGPLv2.1 +%doc COPYING +%doc ChangeLog %files nagios-plugins-metadata %defattr(-,root,root) %dir %{_datadir}/pacemaker/nagios/plugins-metadata %attr(0644,root,root) %{_datadir}/pacemaker/nagios/plugins-metadata/* +%license %{nagios_name}-%{nagios_hash}/COPYING %changelog +* Fri Dec 02 2016 Jan Pokorný - 1.1.16-1 +- Update for new upstream tarball: Pacemaker-1.1.16, + for full details, see included ChangeLog file or + https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-1.1.16 +- Adapt spec file more akin to upstream version including: + . clarify licensing, especially for -doc (f01f734) + . fix pacemaker-remote upgrade (779e0e3) + . require python >= 2.6 (31ef7f0) + . older libqb is sufficient (based on 30fe1ce) + . remove openssl-devel and libselinux-devel as BRs (2e05c17) + . make systemd BR pkgconfig-driven (6285924) + . defines instead of some globals + error suppression (625d427) +- Rectify -nagios-plugins-metadata declared license and install + also respective license text + * Thu Nov 03 2016 Jan Pokorný - 1.1.15-3 - Apply fix for CVE-2016-7035 (improper IPC guarding) diff --git a/sources b/sources index c695c34..73a9d0f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -47e0853494978bb7366a657e1fdfb12f pacemaker-1.1.15.tar.gz +a3b9d075bc9114ff698966e57e50bb12 pacemaker-1.1.16.tar.gz b914b3c0f16d2ba21339fb54e166500e nagios-agents-metadata-105ab8a7b2c16b9a29cf1c1596b80136eeef332b.tar.gz