diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..9e15ced --- /dev/null +++ b/gating.yaml @@ -0,0 +1,15 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + diff --git a/pacemaker.spec b/pacemaker.spec index 367d2fb..80f9904 100644 --- a/pacemaker.spec +++ b/pacemaker.spec @@ -5,7 +5,11 @@ %global gname haclient ## Where to install Pacemaker documentation +%if 0%{?rhel} +%global pcmk_docdir %{_docdir}/%{name}-doc +%else %global pcmk_docdir %{_docdir}/%{name} +%endif ## GitHub entity that distributes source (for ease of using a fork) %global github_owner ClusterLabs @@ -13,20 +17,55 @@ ## Upstream pacemaker version, and its package version (specversion ## can be incremented to build packages reliably considered "newer" ## than previously built packages with the same pcmkversion) -%global pcmkversion 2.0.4 -%global specversion 1 +%global pcmkversion 2.0.5 +%global specversion 5 ## Upstream commit (or git tag, such as "Pacemaker-" plus the ## {pcmkversion} macro for an official release) to use for this package -%global commit Pacemaker-2.0.4 +%global commit Pacemaker-2.0.5-rc2 ## Since git v2.11, the extent of abbreviation is autoscaled by default ## (used to be constant of 7), so we need to convey it for non-tags, too. %global commit_abbrev 9 +# Define conditionals so that "rpmbuild --with " and +# "rpmbuild --without " can enable and disable specific features + +## NOTE: skip --with stonithd + +## Add option to enable support for storing sensitive information outside CIB +%bcond_with cibsecrets + +## Add option to create binaries suitable for use with profiling tools +%bcond_with profiling + +## Add option to create binaries with coverage analysis +%bcond_with coverage + +## Add option to skip/enable generating documentation +## (the build tools aren't available everywhere) +%if 0%{?rhel} + %bcond_with doc +%else + %bcond_without doc +%endif + +## Add option to prefix package version with "0." +## (so later "official" packages will be considered updates) +%bcond_without pre_release + +## NOTE: skip --with upstart_job + +## Add option to turn off hardening of libraries and daemon executables +%bcond_without hardening + +## Add option to disable links for legacy daemon names +%bcond_without legacy_links + + ## Nagios source control identifiers %global nagios_name nagios-agents-metadata %global nagios_hash 105ab8a7b2c16b9a29cf1c1596b80136eeef332b - +%global nagios_archive_github_url %{nagios_hash}#/%{nagios_name}-%{nagios_hash}.tar.gz # Define globals for convenient use later @@ -34,18 +73,26 @@ %global lparen ( %global rparen ) -## Short version of git commit -%define shortcommit %(c=%{commit}; case ${c} in - Pacemaker-*%{rparen} echo ${c:10};; - *%{rparen} echo ${c:0:%{commit_abbrev}};; esac) - -## Whether this is a tagged release -%define tag_release %([ %{commit} != Pacemaker-%{shortcommit} ]; echo $?) +## Whether this is a tagged release (final or release candidate) +%define tag_release %(c=%{commit}; case ${c} in Pacemaker-*%{rparen} echo 1 ;; + *%{rparen} echo 0 ;; esac) -## Whether this is a release candidate (in case of a tagged release) -%define pre_release %([ "%{tag_release}" -eq 0 ] || { - case "%{shortcommit}" in *-rc[[:digit:]]*%{rparen} false;; - esac; }; echo $?) +## Portion of export/dist tarball name after "pacemaker-", and release version +%if 0%{tag_release} +%define archive_version %{commit} +%define archive_github_url %{commit}#/%{name}-%{archive_version}.tar.gz +%define pcmk_release %(c=%{commit}; case $c in *-rc[[:digit:]]*%{rparen} + echo 0.%{specversion}.${c: -3} ;; + *%{rparen} echo %{specversion} ;; esac) +%else +%define archive_version %(c=%{commit}; echo ${c:0:%{commit_abbrev}}) +%define archive_github_url %{archive_version}#/%{name}-%{archive_version}.tar.gz +%if %{with pre_release} +%define pcmk_release 0.%{specversion}.%{archive_version}.git +%else +%define pcmk_release %{specversion}.%{archive_version}.git +%endif +%endif ## Heuristic used to infer bleeding-edge deployments that are ## less likely to have working versions of the documentation tools @@ -71,40 +118,12 @@ %endif ## Values that differ by Python major version -%global python_path /usr/bin/python%{?python3_pkgversion}%{!?python3_pkgversion:3} -%global python_pkg python3 +%global python_name python3 +%global python_path %{?__python3}%{!?__python3:/usr/bin/python%{?python3_pkgversion}%{!?python3_pkgversion:3}} +%define python_site %{?python3_sitelib}%{!?python3_sitelib:%( + %{python_path} -c 'from distutils.sysconfig import get_python_lib as gpl; print(gpl(1))' 2>/dev/null)} %global python_min 3.2 -%define py_site %{?python3_sitelib}%{!?python3_sitelib:%( - python3 -c 'from distutils.sysconfig import get_python_lib as gpl; print(gpl(1))' 2>/dev/null)} - - -# Define conditionals so that "rpmbuild --with " and -# "rpmbuild --without " can enable and disable specific features - -## NOTE: skip --with stonith - -## Add option to create binaries suitable for use with profiling tools -%bcond_with profiling - -## Add option to create binaries with coverage analysis -%bcond_with coverage - -## Add option to skip generating documentation -## (the build tools aren't available everywhere) -%bcond_without doc - -## Add option to prefix package version with "0." -## (so later "official" packages will be considered updates) -%bcond_with pre_release - -## NOTE: skip --with upstart_job - -## Add option to turn off hardening of libraries and daemon executables -%bcond_without hardening - -## Add option to disable links for legacy daemon names -%bcond_without legacy_links - +# python_min still required? # Keep sane profiling data if requested %if %{with profiling} @@ -115,35 +134,17 @@ %endif -# Define the release version -# (do not look at externally enforced pre-release flag for tagged releases -# as only -rc tags, captured with the second condition, implies that then) -%if (!%{tag_release} && %{with pre_release}) || 0%{pre_release} -%if 0%{pre_release} -%define pcmk_release 0.%{specversion}.%(s=%{shortcommit}; echo ${s: -3}) -%else -%define pcmk_release 0.%{specversion}.%{shortcommit}.git -%endif -%else -%if 0%{tag_release} -%define pcmk_release %{specversion} -%else -%define pcmk_release %{specversion}.%{shortcommit}.git -%endif -%endif - Name: pacemaker Summary: Scalable High-Availability cluster resource manager Version: %{pcmkversion} Release: %{pcmk_release}%{?dist} License: GPLv2+ and LGPLv2+ -Url: http://www.clusterlabs.org +Url: https://www.clusterlabs.org # Hint: use "spectool -s 0 pacemaker.spec" (rpmdevtools) to check the final URL -Source0: https://github.com/%{github_owner}/%{name}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -Source1: https://github.com/%{github_owner}/%{nagios_name}/archive/%{nagios_hash}/%{nagios_name}-%{nagios_hash}.tar.gz +Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{archive_github_url} +Source1: https://codeload.github.com/%{github_owner}/%{nagios_name}/tar.gz/%{nagios_archive_github_url} # --- -Patch0: Fix-libpacemaker-Don-t-allow-a-potential-NULL-in-a-f.patch Requires: resource-agents Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -152,8 +153,8 @@ Requires: %{name}-cli = %{version}-%{release} %{?systemd_requires} # Pacemaker requires a minimum Python functionality -Requires: %{python_pkg} >= %{python_min} -BuildRequires: %{python_pkg}-devel >= %{python_min} +Requires: %{python_name} >= %{python_min} +BuildRequires: %{python_name}-devel >= %{python_min} # Pacemaker requires a minimum libqb functionality Requires: libqb >= 0.13.0 @@ -188,7 +189,7 @@ BuildRequires: asciidoc inkscape publican %endif # git-style patch application -BuildRequires: git +#BuildRequires: git Provides: pcmk-cluster-manager = %{version}-%{release} Provides: pcmk-cluster-manager%{?_isa} = %{version}-%{release} @@ -208,15 +209,16 @@ when related resources fail and can be configured to periodically check resource health. Available rpmbuild rebuild options: - --with(out) : coverage doc hardening pre_release profiling + --with(out) : cibsecrets coverage doc hardening pre_release profiling %package cli License: GPLv2+ and LGPLv2+ Summary: Command line tools for controlling Pacemaker clusters Requires: %{name}-libs%{?_isa} = %{version}-%{release} -%if 0%{?fedora} > 22 || 0%{?rhel} > 7 Recommends: pcmk-cluster-manager = %{version}-%{release} -%endif +# For crm_report +Recommends: tar +Recommends: bzip2 Requires: perl-TimeDate Requires: procps-ng Requires: psmisc @@ -297,19 +299,20 @@ for developing tools for Pacemaker. %package cts License: GPLv2+ and LGPLv2+ Summary: Test framework for cluster-related technologies like Pacemaker -Requires: %{python_pkg} >= %{python_min} +Requires: %{python_path} +Requires: %{python_name} >= %{python_min} Requires: %{name}-libs = %{version}-%{release} Requires: procps-ng Requires: psmisc BuildArch: noarch -Requires: %{python_pkg}-systemd +Requires: %{python_name}-systemd %description cts Test framework for cluster-related technologies like Pacemaker %package doc -License: CC-BY-SA +License: CC-BY-SA-4.0 Summary: Documentation for Pacemaker BuildArch: noarch @@ -335,11 +338,11 @@ License: GPLv3 Summary: Pacemaker Nagios Metadata BuildArch: noarch # NOTE below are the plugins this metadata uses. -Requires: nagios-plugins-http -Requires: nagios-plugins-ldap -Requires: nagios-plugins-mysql -Requires: nagios-plugins-pgsql -Requires: nagios-plugins-tcp +# Requires: nagios-plugins-http +# Requires: nagios-plugins-ldap +# Requires: nagios-plugins-mysql +# Requires: nagios-plugins-pgsql +# Requires: nagios-plugins-tcp Requires: pcmk-cluster-manager %description nagios-plugins-metadata @@ -347,16 +350,10 @@ The metadata files required for Pacemaker to execute the nagios plugin monitor resources. %prep -%setup -q -a 1 -n %{name}-%{commit} -%global __scm git_am -%__scm_setup_git -%autopatch -p1 +%setup -q -a 1 -n %{name}-%{archive_version} %build -# Early versions of autotools (e.g. RHEL <= 5) do not support --docdir -export docdir=%{pcmk_docdir} - export systemdsystemunitdir=%{?_unitdir}%{!?_unitdir:no} %if %{with hardening} @@ -382,8 +379,10 @@ export CPPFLAGS="-UPCMK_TIME_EMERGENCY_CGT $CPPFLAGS" %{!?with_legacy_links: --disable-legacy-links} \ %{?with_profiling: --with-profiling} \ %{?with_coverage: --with-coverage} \ + %{?with_cibsecrets: --with-cibsecrets} \ %{!?with_doc: --with-brand=} \ %{?gnutls_priorities: --with-gnutls-priorities="%{gnutls_priorities}"} \ + --disable-static \ --with-initdir=%{_initrddir} \ --with-runstatedir=%{_rundir} \ --localstatedir=%{_var} \ @@ -396,6 +395,7 @@ export CPPFLAGS="-UPCMK_TIME_EMERGENCY_CGT $CPPFLAGS" make %{_smp_mflags} V=1 %check +make %{_smp_mflags} check { cts/cts-scheduler --run load-stopped-loop \ && cts/cts-cli \ && touch .CHECKED @@ -448,7 +448,7 @@ rm -f %{buildroot}/%{_initrddir}/pacemaker_remote %if %{defined py_byte_compile} && %{defined python_path} %{py_byte_compile %{python_path} %{buildroot}%{_datadir}/pacemaker/tests} %if !%{defined _python_bytecompile_extra} -%{py_byte_compile %{python_path} %{buildroot}%{py_site}/cts} +%{py_byte_compile %{python_path} %{buildroot}%{python_site}/cts} %endif %endif @@ -582,6 +582,9 @@ exit 0 %{_sbindir}/attrd_updater %{_sbindir}/cibadmin +%if %{with cibsecrets} +%{_sbindir}/cibsecret +%endif %{_sbindir}/crm_diff %{_sbindir}/crm_error %{_sbindir}/crm_failcount @@ -677,7 +680,7 @@ exit 0 %license licenses/CC-BY-SA-4.0 %files cts -%{py_site}/cts +%{python_site}/cts %{_datadir}/pacemaker/tests %{_libexecdir}/pacemaker/cts-log-watcher @@ -713,7 +716,21 @@ exit 0 %license %{nagios_name}-%{nagios_hash}/COPYING %changelog -* Tue Jun 23 2020 Chris Lumens - 2.0.4-1 + +* Sun Nov 1 2020 Klaus Wenninger - 2.0.5-0.5.rc2 +- Update for new upstream tarball for release candidate: Pacemaker-2.0.5-rc2, + includes fix for CVE-2020-25654 + for full details, see included ChangeLog file or + https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.5-rc2 +- Remove dependencies to nagios-plugins from metadata-package +- some sync with structure of upstream spec-file +- removed some legacy conditionals +- added with-cibsecrets +- enable some basic gating-tests +- remove building documentation using publican from ELN +- rename doc-dir for ELN + +* Tue Jun 16 2020 Chris Lumens - 2.0.4-1 - Update for new upstream tarball: Pacemaker-2.0.4 for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.4 diff --git a/sources b/sources index edd15c0..19d2b5b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (pacemaker-2.0.4.tar.gz) = fbff3b5ab05ad52d469304d5bc7fca518df2f491a1176a24735cd1a9b46f7ff90dc5aeae65e5e29feb86e8a210e69e528261138847d6f8773933fb557e71133d SHA512 (nagios-agents-metadata-105ab8a7b2c16b9a29cf1c1596b80136eeef332b.tar.gz) = 11ddeb48a4929e7642b6dfa9c7962aa1d7a1af1c569830f55ed6cd6773abac13377317327bc1db8411c8077884f83f81cc54d746c834b63a99fa6dc219b5caad +SHA512 (pacemaker-Pacemaker-2.0.5-rc2.tar.gz) = 67fe1ca539f4a690c8b9860c9b82679d77a77294ee9278c384b68099f788ba4db4d2c35bf34d1340daa6d3bac7aae550ef06527046da601a7bde30b78ee110a7 diff --git a/tests/inventory b/tests/inventory new file mode 100755 index 0000000..52687db --- /dev/null +++ b/tests/inventory @@ -0,0 +1,4 @@ +#!/bin/bash +export TEST_DOCKER_EXTRA_ARGS="--network host" +exec merge-standard-inventory "$@" + diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..71d4612 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,14 @@ +--- +- hosts: localhost + roles: + - role: standard-test-basic + tags: + - classic + - container + tests: + - cts-regression: + dir: . + run: /usr/share/pacemaker/tests/cts-regression cli scheduler + required_packages: + - pacemaker + - pacemaker-cts