Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package csync2 for openSUSE:Factory checked in at 2021-04-08 21:32:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/csync2 (Old) and /work/SRC/openSUSE:Factory/.csync2.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "csync2" Thu Apr 8 21:32:12 2021 rev:24 rq:883785 version:2.0+git.1600444747.83b3644 Changes: -------- --- /work/SRC/openSUSE:Factory/csync2/csync2.changes 2019-05-28 09:42:41.365856242 +0200 +++ /work/SRC/openSUSE:Factory/.csync2.new.2401/csync2.changes 2021-04-08 21:32:20.535818763 +0200 @@ -1,0 +2,22 @@ +Wed Apr 7 19:21:54 UTC 2021 - Peter Varkoly <vark...@suse.com> + +- Update to 2.0+git.1600444747.83b3644: + * VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS + (bsc#1147137) + * VUL-1: CVE-2019-15523: csync2: incorrect TLS handshake error handling + (bsc#1147139 + * use standard %lld instead of non-standard %Ld format specifier + * try to avoid (temporary) -rw------- root:root files on receiving side + * fix diff mode truncation to first 512 byte + * disable xinetd template by default as preparation for systemd socket unit + * add systemd csync2.socket and csync2@.service templates + * escape peername in SQL statements +- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032) + Adapt suggested changes in %post section. + Do not hide output on standard error during generating the keys. +- Remove patches contained by update: + * 0003-Set-AC_PROG_CPP-in-configure.ac.patch + * 0002-Patch-sonames.patch + * 0001-Add-COPYING-as-docfile.patch + +------------------------------------------------------------------- Old: ---- 0001-Add-COPYING-as-docfile.patch 0002-Patch-sonames.patch 0003-Set-AC_PROG_CPP-in-configure.ac.patch csync2-2.0+git.1542296533.b974921.tar.bz2 csync2.socket csync2@.service New: ---- csync2-2.0+git.1600444747.83b3644.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ csync2.spec ++++++ --- /var/tmp/diff_new_pack.5qitnm/_old 2021-04-08 21:32:21.035819312 +0200 +++ /var/tmp/diff_new_pack.5qitnm/_new 2021-04-08 21:32:21.035819312 +0200 @@ -1,7 +1,7 @@ # # spec file for package csync2 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,24 +17,16 @@ Name: csync2 -Version: 2.0+git.1542296533.b974921 +Version: 2.0+git.1600444747.83b3644 Release: 0 Summary: Cluster synchronization tool License: GPL-2.0-or-later Group: Productivity/Clustering/HA -Url: http://oss.linbit.com/csync2/ +URL: http://oss.linbit.com/csync2/ #Source0: http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.bz2 Source1: csync2-README.quickstart Source2: csync2-rm-ssl-cert -Source3: csync2.socket -Source4: csync2@.service -# PATCH-FIX-UPSTREAM -- tser...@suse.com -- fix ugly ./configure warnings about missing headers -Patch10: 0003-Set-AC_PROG_CPP-in-configure.ac.patch -# PATCH-FIX-UPSTREAM -- tser...@suse.com -- use properly versioned sonames in dlopen() -Patch12: 0002-Patch-sonames.patch -# PATCH-FIX-UPSTREAM -- tser...@suse.com -- ensure COPYING is present in docfiles and thus %doc -Patch13: 0001-Add-COPYING-as-docfile.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: bison @@ -59,14 +51,12 @@ %prep %setup -q -%patch10 -p1 -%patch12 -p1 -%patch13 -p1 %build autoreconf -fvi %configure \ --enable-sqlite3 \ + --enable-systemd \ --sysconfdir=%{_sysconfdir}/csync2 \ --docdir=%{_docdir}/%{name} make %{?_smp_mflags} @@ -77,41 +67,44 @@ install -p -m 644 %{SOURCE1} %{buildroot}%{_docdir}/%{name}/README.quickstart install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert mkdir -p %{buildroot}%{_unitdir} -install -p -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/ -install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/ # We need these empty files to be able to %%ghost them touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem %pre -%service_add_pre csync2.socket +%service_add_pre csync2.socket csync2@.service %post -%service_add_post csync2.socket +%service_add_post csync2.socket csync2@.service umask 077 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then - %{_bindir}/openssl genrsa -out %{_sysconfdir}/csync2/csync2_ssl_key.pem 1024 + %{_bindir}/openssl ecparam -genkey -name secp384r1 -out %{_sysconfdir}/csync2/csync2_ssl_key.pem fi FQDN=`hostname` if [ "x${FQDN}" = "x" ]; then FQDN=localhost.localdomain fi if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then - yes '' | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -out %{_sysconfdir}/csync2/csync2_ssl_cert.csr - %{_bindir}/openssl x509 -req -days 3000 -in %{_sysconfdir}/csync2/csync2_ssl_cert.csr -signkey %{_sysconfdir}/csync2/csync2_ssl_key.pem \ - -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem - rm %{_sysconfdir}/csync2/csync2_ssl_cert.csr +cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -x509 -days 3000 -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem +-- +SomeState +SomeCity +SomeOrganization +SomeOrganization +SomeName +n...@example.com +EOF fi %preun -%service_del_preun csync2.socket +%service_del_preun csync2.socket csync2@.service # Cleanup all databases upon last removal if [ $1 -eq 0 ]; then rm -f %{_localstatedir}/lib/csync2/* fi %postun -%service_del_postun csync2.socket +%service_del_postun csync2.socket csync2@.service %files %{_sbindir}/csync2 ++++++ csync2-2.0+git.1542296533.b974921.tar.bz2 -> csync2-2.0+git.1600444747.83b3644.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/Makefile.am new/csync2-2.0+git.1600444747.83b3644/Makefile.am --- old/csync2-2.0+git.1542296533.b974921/Makefile.am 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/Makefile.am 2020-09-18 17:59:07.000000000 +0200 @@ -32,6 +32,13 @@ EXTRA_DIST = csync2.cfg csync2.xinetd +INSTALL_TARGETS = install-config-files + +if USE_SYSTEMD +EXTRA_DIST += csync2.socket csync2@.service +INSTALL_TARGETS += install-systemd-files +endif + AM_YFLAGS = -d BUILT_SOURCES = cfgfile_parser.h LIBS += -ldl @@ -40,7 +47,7 @@ DISTCLEANFILES = config.status config.h .deps/*.Po stamp-h1 Makefile Makefile.in configure -docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc +docfiles = ChangeLog README.adoc AUTHORS.adoc doc/csync2.adoc COPYING doc_DATA = $(docfiles) dist_doc_DATA = $(docfiles) @@ -62,12 +69,19 @@ AM_CPPFLAGS = -D'DBDIR="$(localstatedir)/lib/csync2"' AM_CPPFLAGS += -D'ETCDIR="$(sysconfdir)"' -install-data-local: +install-config-files: $(mkinstalldirs) $(DESTDIR)$(sysconfdir) $(mkinstalldirs) $(DESTDIR)$(localstatedir)/lib/csync2 test -e $(DESTDIR)$(sysconfdir)/csync2.cfg || \ $(INSTALL_DATA) $(srcdir)/csync2.cfg $(DESTDIR)$(sysconfdir)/csync2.cfg +install-systemd-files: + $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNITDIR) + $(INSTALL_DATA) csync2.socket $(DESTDIR)$(SYSTEMD_UNITDIR)/csync2.socket + $(INSTALL_DATA) csync2@.service $(DESTDIR)$(SYSTEMD_UNITDIR)/csync2@.service + +install-data-local: $(INSTALL_TARGETS) + cert: $(mkinstalldirs) $(DESTDIR)$(sysconfdir) openssl genrsa -out $(DESTDIR)$(sysconfdir)/csync2_ssl_key.pem 1024 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/README.adoc new/csync2-2.0+git.1600444747.83b3644/README.adoc --- old/csync2-2.0+git.1542296533.b974921/README.adoc 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/README.adoc 2020-09-18 17:59:07.000000000 +0200 @@ -13,6 +13,12 @@ The csync2 git tree can be found at https://github.com/LINBIT/csync2/. +Documentation +------------- + +You should definitely read the documentation before trying to setup csync2, + +see <<doc/csync2#>> + Copyright --------- @@ -25,12 +31,6 @@ ------- SPDX-License-Identifier: GPL-2.0-or-later -Documentation -------------- - -You should definitely read the documentation before trying to setup csync2, + -see <<doc/csync2#>> - Mailing List ------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/autogen.sh new/csync2-2.0+git.1600444747.83b3644/autogen.sh --- old/csync2-2.0+git.1542296533.b974921/autogen.sh 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/autogen.sh 2020-09-18 17:59:07.000000000 +0200 @@ -23,6 +23,17 @@ automake --add-missing --copy autoconf +my_defaults=( + --prefix=/usr + --localstatedir=/var + --sysconfdir=/etc/csync2/ + --enable-sqlite3 + --enable-mysql + --enable-postgres + --enable-systemd +) + + if [ "$1" = clean ]; then ./configure && make distclean rm -rf librsync[.-]* libsqlite.* sqlite-* @@ -33,12 +44,12 @@ rm -rf cygwin/librsync-0.9.7.tar.gz rm -rf cygwin/sqlite-2.8.16.tar.gz else - ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc + ./configure "${my_defaults[@]}" + set +x echo "" echo "Configured as" - echo "./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc" + echo "./configure ${my_defaults[*]}" echo "" - echo "reconfigure, if you want it different" + echo "reconfigure, if you don't like that" fi - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/checktxt.c new/csync2-2.0+git.1600444747.83b3644/checktxt.c --- old/csync2-2.0+git.1542296533.b974921/checktxt.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/checktxt.c 2020-09-18 17:59:07.000000000 +0200 @@ -49,7 +49,7 @@ xxprintf("v1"); if ( !S_ISLNK(st->st_mode) && !S_ISDIR(st->st_mode) ) - xxprintf(":mtime=%Ld", ign_mtime ? (long long)0 : (long long)st->st_mtime); + xxprintf(":mtime=%lld", ign_mtime ? (long long)0 : (long long)st->st_mtime); if ( !csync_ignore_mod ) xxprintf(":mode=%d", (int)st->st_mode); @@ -61,7 +61,7 @@ xxprintf(":gid=%d", (int)st->st_gid); if ( S_ISREG(st->st_mode) ) - xxprintf(":type=reg:size=%Ld", (long long)st->st_size); + xxprintf(":type=reg:size=%lld", (long long)st->st_size); if ( S_ISDIR(st->st_mode) ) xxprintf(":type=dir"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/configure.ac new/csync2-2.0+git.1600444747.83b3644/configure.ac --- old/csync2-2.0+git.1542296533.b974921/configure.ac 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/configure.ac 2020-09-18 17:59:07.000000000 +0200 @@ -17,7 +17,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Process this file with autoconf to produce a configure script. -AC_INIT(csync2, 2.0, csy...@lists.linbit.com) +AC_INIT(csync2, 2.1-0rc1, csy...@lists.linbit.com) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR(csync2.c) @@ -29,19 +29,11 @@ # Checks for programs. AC_PROG_CC +AC_PROG_CPP AC_PROG_INSTALL AC_PROG_YACC AM_PROG_LEX -# Check for presence of pdfLaTeX -AC_CHECK_PROG(PDFLATEX, pdflatex, pdflatex) -if test -z "$PDFLATEX"; then - AC_MSG_WARN([Unable to create PDF version of the user manual.]) -fi - -AM_CONDITIONAL([HAVE_PDFLATEX], test -n "$PDFLATEX") - - dnl inspired by rsync's configure.ac AC_CHECK_FUNCS(fchmod setmode open64 mkstemp64 strlcpy) AC_CACHE_CHECK([for secure mkstemp],csync_cv_HAVE_SECURE_MKSTEMP,[ @@ -116,9 +108,9 @@ [AS_HELP_STRING([--disable-gnutls],[enable/disable GNU TLS support (default is enabled)])], [], [ enable_gnutls=yes ]) +PKG_PROG_PKG_CONFIG if test "$enable_gnutls" != no then - PKG_PROG_PKG_CONFIG PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.6.0], [ AC_DEFINE([HAVE_LIBGNUTLS], 1, [Define to 1 when using GNU TLS library]) ]) @@ -137,21 +129,33 @@ if test "$enable_mysql" == yes then # Check for mysql. - # This is a bloody hack for fedora core - CFLAGS="$CFLAGS `mysql_config --cflags`" + CFLAGS="$CFLAGS `pkg-config --cflags mysqlclient`" # Check MySQL development header - AC_CHECK_HEADERS([mysql/mysql.h], , [AC_MSG_ERROR([[mysql header not found; install mysql-devel and dependencies for MySQL Support]])]) + AC_CHECK_HEADERS([mysql.h], , [AC_MSG_ERROR([[mysql header not found; install mysql-devel and dependencies for MySQL Support]])]) AC_DEFINE([HAVE_MYSQL], 1, [Define if mysql support is wanted]) + + # [] quotes, or autofoo will strip the character class [] in sed, breaking the regex. + [LIBMYSQLCLIENT_SO=$( readlink $(pkg-config --variable=libdir mysqlclient)/libmysqlclient.so | sed -e 's,^.*/,,;s/\(\.so\.[0-9]*\)\..*$/\1/')] + test -n "$LIBMYSQLCLIENT_SO" || AC_MSG_ERROR([Could not determine library name to be used in dlopen for mysql support]) fi +AC_DEFINE_UNQUOTED([LIBMYSQLCLIENT_SO], ["$LIBMYSQLCLIENT_SO"], [library name to be used in dlopen for mysql support]) if test "$enable_postgres" == yes then + CFLAGS="$CFLAGS `pkg-config --cflags libpq`" AC_CHECK_HEADERS([libpq-fe.h], , [AC_MSG_ERROR([[postgres header not found; install libpq-dev and dependencies for Postgres support]])]) AC_DEFINE([HAVE_POSTGRES], 1, [Define if postgres support is wanted]) + + # Hmpf. libdir not included in libpq.pc; use pg_config + # LIBPQ_SO=$( readlink $(pkg-config --variable=libdir libpq)/libpq.so | sed -e 's,^.*/,,;s/\(\.so\.[0-9]*\)\..*$/\1/') + # [] quotes, or autofoo will strip the character class [] in sed, breaking the regex. + [LIBPQ_SO=$( readlink $(pg_config --libdir)/libpq.so | sed -e 's,^.*/,,;s/\(\.so\.[0-9]*\)\..*$/\1/')] + test -n "$LIBPQ_SO" || AC_MSG_ERROR([Could not determine library name to be used in dlopen for postgres support]) fi +AC_DEFINE_UNQUOTED([LIBPQ_SO], ["$LIBPQ_SO"], [library name to be used in dlopen for postgres support]) # at least one db backend must be configured. @@ -161,5 +165,17 @@ AC_MSG_ERROR([No database backend configured. Please enable either sqlite, sqlite3, mysql or postgres.]) fi +AC_ARG_ENABLE([systemd], + AS_HELP_STRING([--enable-systemd], [enable systemd support]), + [use_systemd=$enableval], [use_systemd=no]) +AM_CONDITIONAL(USE_SYSTEMD, test "x$use_systemd" != "xno") +AC_SUBST(USE_SYSTEMD) + +AC_ARG_WITH([systemd-unitdir], + AS_HELP_STRING([--with-systemd-unitdir=PATH], + [specify exact directory for systemd service files, defaults to PREFIX/lib/systemd/system/]), + [SYSTEMD_UNITDIR=$withval], [SYSTEMD_UNITDIR="${prefix}/lib/systemd/system"]) +AC_SUBST(SYSTEMD_UNITDIR) + AC_CONFIG_FILES([Makefile]) AC_OUTPUT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/conn.c new/csync2-2.0+git.1600444747.83b3644/conn.c --- old/csync2-2.0+git.1542296533.b974921/conn.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/conn.c 2020-09-18 17:59:07.000000000 +0200 @@ -276,6 +276,7 @@ char *ssl_keyfile; char *ssl_certfile; int err; + int handshake_repeat = 0; if (csync_conn_usessl) return 0; @@ -333,40 +334,46 @@ (gnutls_transport_ptr_t)(long)conn_fd_out ); - err = gnutls_handshake(conn_tls_session); - switch(err) { - case GNUTLS_E_SUCCESS: - break; - - case GNUTLS_E_WARNING_ALERT_RECEIVED: - alrt = gnutls_alert_get(conn_tls_session); - fprintf( - csync_debug_out, - "SSL: warning alert received from peer: %d (%s).\n", - alrt, gnutls_alert_get_name(alrt) - ); - break; - case GNUTLS_E_FATAL_ALERT_RECEIVED: - alrt = gnutls_alert_get(conn_tls_session); - fprintf( - csync_debug_out, - "SSL: fatal alert received from peer: %d (%s).\n", - alrt, gnutls_alert_get_name(alrt) - ); + do { + handshake_repeat = 0; + err = gnutls_handshake(conn_tls_session); + switch(err) { + case GNUTLS_E_SUCCESS: + break; + + case GNUTLS_E_WARNING_ALERT_RECEIVED: + alrt = gnutls_alert_get(conn_tls_session); + fprintf( + csync_debug_out, + "SSL: warning alert received from peer: %d (%s).\n", + alrt, gnutls_alert_get_name(alrt) + ); + handshake_repeat = 1; + break; - default: - gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); - gnutls_deinit(conn_tls_session); - gnutls_certificate_free_credentials(conn_x509_cred); - gnutls_global_deinit(); + case GNUTLS_E_FATAL_ALERT_RECEIVED: + alrt = gnutls_alert_get(conn_tls_session); + fprintf( + csync_debug_out, + "SSL: fatal alert received from peer: %d (%s).\n", + alrt, gnutls_alert_get_name(alrt) + ); + // fall-through! - csync_fatal( - "SSL: handshake failed: %s (%s)\n", - gnutls_strerror(err), - gnutls_strerror_name(err) - ); - } + default: + gnutls_bye(conn_tls_session, GNUTLS_SHUT_RDWR); + gnutls_deinit(conn_tls_session); + gnutls_certificate_free_credentials(conn_x509_cred); + gnutls_global_deinit(); + + csync_fatal( + "SSL: handshake failed: %s (%s)\n", + gnutls_strerror(err), + gnutls_strerror_name(err) + ); + } + } while (handshake_repeat); csync_conn_usessl = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2.1 new/csync2-2.0+git.1600444747.83b3644/csync2.1 --- old/csync2-2.0+git.1542296533.b974921/csync2.1 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2.1 2020-09-18 17:59:07.000000000 +0200 @@ -17,11 +17,11 @@ .B csync2 command. .RS 0 -A verbose manual can be found on the +A verbose manual can be found in the .B csync2 -homepage: +source: .IP -.B http://oss.linbit.com/csync2/paper.pdf +.B https://github.com/LINBIT/csync2/blob/master/doc/csync2.adoc .PP \fBcsync2\fP is a program for cluster wide file synchronization. .SH OPTIONS @@ -202,7 +202,7 @@ .SH "SEE ALSO" .PD 0 .TP -http://oss.linbit.com/csync2/paper.pdf +https://github.com/LINBIT/csync2/blob/master/doc/csync2.adoc .TP http://git.linbit.com/csync2.git/?a=blob;f=AUTHORS .PD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2.cfg new/csync2-2.0+git.1600444747.83b3644/csync2.cfg --- old/csync2-2.0+git.1542296533.b974921/csync2.cfg 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2.cfg 2020-09-18 17:59:07.000000000 +0200 @@ -2,7 +2,7 @@ # --------------------------------- # # Please read the documentation: -# http://oss.linbit.com/csync2/paper.pdf +# https://github.com/LINBIT/csync2/blob/master/doc/csync2.adoc # group mygroup # { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2.socket new/csync2-2.0+git.1600444747.83b3644/csync2.socket --- old/csync2-2.0+git.1542296533.b974921/csync2.socket 1970-01-01 01:00:00.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2.socket 2020-09-18 17:59:07.000000000 +0200 @@ -0,0 +1,6 @@ +[Socket] +ListenStream=30865 +Accept=yes + +[Install] +WantedBy=sockets.target diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2.spec new/csync2-2.0+git.1600444747.83b3644/csync2.spec --- old/csync2-2.0+git.1542296533.b974921/csync2.spec 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2.spec 2020-09-18 17:59:07.000000000 +0200 @@ -1,41 +1,38 @@ -# csync2 - cluster synchronization tool, 2nd generation -# Copyright (C) 2004 - 2015 LINBIT Information Technologies GmbH -# http://www.linbit.com; see also AUTHORS # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. +# spec file for package csync2 # -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# Copyright 2004-2020 LINBIT, Vienna, Austria # -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# SPDX-License-Identifier: GPL-2.0-or-later -# -# spec file for package csync2 (Version 2.0) -# - -# norootforbuild -# neededforbuild openssl openssl-devel +Summary: Cluster synchronization tool +License: GPL-2.0-or-later +Group: Productivity/Clustering/HA + +Name: csync2 +Version: 2.1 +Release: 0rc1 +URL: https://github.com/LINBIT/csync2#readme +Source0: %{name}-%{version}-%{release}.tar.gz + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: bison +BuildRequires: flex +BuildRequires: libgnutls-devel +BuildRequires: librsync-devel +BuildRequires: hostname +# openssl required at build time due to rpmlint checks which run postinstall script which uses openssl +BuildRequires: openssl +BuildRequires: pkgconfig +BuildRequires: sqlite3-devel +Requires: openssl +Requires: sqlite3 +%if 0%{?suse_version} >= 1210 || 0%{?rhel} >= 7 +BuildRequires: systemd +%endif -BuildRequires: sqlite-devel sqlite librsync gnutls-devel librsync-devel - -Name: csync2 -License: GPL -Group: System/Monitoring -Requires: sqlite openssl librsync -Autoreqprov: on -Version: 2.0 -Release: 1 -Source0: csync2-%{version}.tar.gz -URL: http://oss.linbit.com/csync2 -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: Cluster sync tool +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Csync2 is a cluster synchronization tool. It can be used to keep files on @@ -50,29 +47,30 @@ %build export CFLAGS="$RPM_OPT_FLAGS -I/usr/kerberos/include" if ! [ -f configure ]; then ./autogen.sh; fi -%configure --enable-mysql --enable-postgres --enable-sqlite3 +%configure --enable-mysql --enable-postgres --enable-sqlite3 \ + --sysconfdir=%{_sysconfdir}/csync2 --docdir=%{_docdir}/%{name} -make all +make %{?_smp_mflags} %install -[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT%{_sbindir} -mkdir -p $RPM_BUILD_ROOT%{_var}/lib/csync2 -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d - %makeinstall -install -m 644 csync2.xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/csync2 -install -m 644 doc/csync2.adoc $RPM_BUILD_ROOT%{_docdir}/csync2/csync2.adoc +mkdir -p %{buildroot}%{_localstatedir}/lib/csync2 +install -m 644 doc/csync2.adoc %{buildroot}%{_docdir}/csync2/csync2.adoc +install -m 644 doc/csync2-quickstart.adoc %{buildroot}%{_docdir}/csync2/csync2-quickstart.adoc %clean [ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT make clean +%pre +%service_add_pre csync2.socket + %post if ! grep -q "^csync2" %{_sysconfdir}/services ; then echo "csync2 30865/tcp" >>%{_sysconfdir}/services fi +%service_add_post csync2.socket %files %defattr(-,root,root) @@ -88,5 +86,8 @@ %config(noreplace) %{_sysconfdir}/csync2.cfg %changelog +* Fri Sep 18 2020 Lars Ellenberg <lars.ellenb...@linbit.com> - 2.1-1 +- New upstream release + * Tue Jan 27 2015 Lars Ellenberg <lars.ellenb...@linbit.com> - 2.0-1 - New upstream release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2.xinetd new/csync2-2.0+git.1600444747.83b3644/csync2.xinetd --- old/csync2-2.0+git.1542296533.b974921/csync2.xinetd 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2.xinetd 2020-09-18 17:59:07.000000000 +0200 @@ -1,4 +1,4 @@ -# default: on +# default: off # description: csync2 service csync2 { @@ -9,7 +9,9 @@ group = root server = /usr/sbin/csync2 server_args = -i -l + port = 30865 + type = UNLISTED #log_on_failure += USERID - disable = no + disable = yes # only_from = 192.168.199.3 192.168.199.4 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/csync2@.service new/csync2-2.0+git.1600444747.83b3644/csync2@.service --- old/csync2-2.0+git.1542296533.b974921/csync2@.service 1970-01-01 01:00:00.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/csync2@.service 2020-09-18 17:59:07.000000000 +0200 @@ -0,0 +1,9 @@ +[Unit] +Description=csync2 connection handler +After=syslog.target + +[Service] +ExecStart=-/usr/sbin/csync2 -i -v +StandardInput=socket +StandardOutput=socket + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/daemon.c new/csync2-2.0+git.1600444747.83b3644/daemon.c --- old/csync2-2.0+git.1542296533.b974921/daemon.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/daemon.c 2020-09-18 17:59:07.000000000 +0200 @@ -77,7 +77,7 @@ struct stat st; SQL("Removing file from dirty db", "delete from dirty where filename = '%s' and peername = '%s'", - url_encode(filename), peername); + url_encode(filename), url_encode(peername)); if ( lstat_strict(prefixsubst(filename), &st) != 0 || csync_check_pure(filename) ) { SQL("Removing file from file db", "delete from file where filename = '%s'", @@ -747,6 +747,7 @@ goto conn_without_ssl_ok; } cmd_error = conn_response(CR_ERR_SSL_EXPECTED); + peer = NULL; } conn_without_ssl_ok:; #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/db_mysql.c new/csync2-2.0+git.1600444747.83b3644/db_mysql.c --- old/csync2-2.0+git.1542296533.b974921/db_mysql.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/db_mysql.c 2020-09-18 17:59:07.000000000 +0200 @@ -31,8 +31,8 @@ #include "dl.h" #ifdef HAVE_MYSQL -#include <mysql/mysql.h> -#include <mysql/mysqld_error.h> +#include <mysql.h> +#include <mysqld_error.h> static struct db_mysql_fns { MYSQL *(*mysql_init_fn) (MYSQL *); @@ -53,16 +53,16 @@ static void db_mysql_dlopen(void) { - csync_debug(2, "Opening shared library libmysqlclient.so\n"); - dl_handle = dlopen("libmysqlclient.so", RTLD_LAZY); + csync_debug(2, "Opening shared library " LIBMYSQLCLIENT_SO "\n"); + dl_handle = dlopen(LIBMYSQLCLIENT_SO, RTLD_LAZY); if (dl_handle == NULL) { csync_fatal - ("Could not open libmysqlclient.so: %s\n" + ("Could not open " LIBMYSQLCLIENT_SO ": %s\n" "Please install Mysql client library (libmysqlclient) or use other database (sqlite, postgres)\n", dlerror()); } - csync_debug(2, "Reading symbols from shared library libmysqlclient.so\n"); + csync_debug(2, "Reading symbols from shared library " LIBMYSQLCLIENT_SO "\n"); LOOKUP_SYMBOL(dl_handle, mysql_init); LOOKUP_SYMBOL(dl_handle, mysql_real_connect); @@ -206,8 +206,6 @@ int db_mysql_prepare(db_conn_p conn, const char *sql, db_stmt_p * stmt_p, char **pptail) { - int rc = DB_ERROR; - *stmt_p = NULL; if (!conn) @@ -219,7 +217,7 @@ } db_stmt_p stmt = malloc(sizeof(*stmt)); /* TODO avoid strlen, use configurable limit? */ - rc = f.mysql_query_fn(conn->private, sql); + f.mysql_query_fn(conn->private, sql); if (f.mysql_warning_count_fn(conn->private) > 0) { print_warnings(1, conn->private); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/db_postgres.c new/csync2-2.0+git.1600444747.83b3644/db_postgres.c --- old/csync2-2.0+git.1542296533.b974921/db_postgres.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/db_postgres.c 2020-09-18 17:59:07.000000000 +0200 @@ -58,16 +58,16 @@ static void db_postgres_dlopen(void) { - csync_debug(2, "Opening shared library libpq.so\n"); + csync_debug(2, "Opening shared library " LIBPQ_SO "\n"); - dl_handle = dlopen("libpq.so", RTLD_LAZY); + dl_handle = dlopen(LIBPQ_SO, RTLD_LAZY); if (dl_handle == NULL) { csync_fatal - ("Could not open libpq.so: %s\n" + ("Could not open " LIBPQ_SO ": %s\n" "Please install postgres client library (libpg) or use other database (sqlite, mysql)\n", dlerror()); } - csync_debug(2, "Reading symbols from shared library libpq.so\n"); + csync_debug(2, "Reading symbols from shared library " LIBPQ_SO "\n"); LOOKUP_SYMBOL(dl_handle, PQconnectdb); LOOKUP_SYMBOL(dl_handle, PQstatus); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/debian/changelog new/csync2-2.0+git.1600444747.83b3644/debian/changelog --- old/csync2-2.0+git.1542296533.b974921/debian/changelog 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/debian/changelog 2020-09-18 17:59:07.000000000 +0200 @@ -1,3 +1,9 @@ +csync2 (2.1~0rc1) unstable; urgency=low + + * Preparing new Upstream Version. + + -- Lars Ellenberg <lars.ellenb...@linbit.com> Fri, 18 Sep 2020 14:39:57 +0200 + csync2 (2.0-1) unstable; urgency=low * Preparing new Upstream Version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/debian/compat new/csync2-2.0+git.1600444747.83b3644/debian/compat --- old/csync2-2.0+git.1542296533.b974921/debian/compat 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/debian/compat 2020-09-18 17:59:07.000000000 +0200 @@ -1 +1 @@ -4 +9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/debian/control new/csync2-2.0+git.1600444747.83b3644/debian/control --- old/csync2-2.0+git.1542296533.b974921/debian/control 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/debian/control 2020-09-18 17:59:07.000000000 +0200 @@ -1,8 +1,8 @@ Source: csync2 Section: admin Priority: optional -Maintainer: Philipp Richter <philipp.rich...@linbit.com> -Build-Depends: debhelper (>= 4.0.0), librsync-dev, libsqlite3-dev, libc6-dev, libgnutls-dev, bison, flex +Maintainer: Lars Ellenberg <lars.ellenb...@linbit.com> +Build-Depends: debhelper (>= 4.0.0), librsync-dev, libsqlite3-dev, libc6-dev, libgnutls28-dev, bison, flex Standards-Version: 3.6.2 Package: csync2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/debian/docs new/csync2-2.0+git.1600444747.83b3644/debian/docs --- old/csync2-2.0+git.1542296533.b974921/debian/docs 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/debian/docs 2020-09-18 17:59:07.000000000 +0200 @@ -1,3 +1,4 @@ README.adoc AUTHORS.adoc doc/csync2.adoc +doc/csync2-quickstart.adoc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/doc/csync2-quickstart.adoc new/csync2-2.0+git.1600444747.83b3644/doc/csync2-quickstart.adoc --- old/csync2-2.0+git.1542296533.b974921/doc/csync2-quickstart.adoc 1970-01-01 01:00:00.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/doc/csync2-quickstart.adoc 2020-09-18 17:59:07.000000000 +0200 @@ -0,0 +1,82 @@ +Getting started with Csync^2^ +============================= + +All commands detailed here need to be executed as root, so be extra careful. + +The config file for Csync^2^ is `/etc/csync2/csync2.cfg`. Here is an example: + +.... +mygroup { + host host1; + host host2; + key /etc/csync2/mygroup.key; + include /etc/csync2/csync2.cfg; + include /etc/testfile; +} +.... + +This will sync the Csync^2^ configuration and `/etc/testfile` between `host1` and +`host2`. Create the file on `host1`. Note that hostnames should typically be the FQDN +returned by `hostname` footnote:[ +Technically correct: when talking to a peer, Csync^2^ "introduces" itself with +its "hostname"; the peer then does a forward name lookup on this provided name, +and double checks that the client address returned by the `getpeername()` +socket api matches this forward lookup for the introduction.]. + +Generate the pre-shared key used for authentication: +``` + csync2 -k /etc/csync2/mygroup.key +``` + +Copy the configuration file and the pre-shared key to host2: +``` + scp /etc/csync2/csync2.cfg /etc/csync2/mygroup.key host2:/etc/csync2/ +``` + +The SSL key and certificate may be generated upon package installation, +but you can create your own if you like. The files are: +``` + /etc/csync2/csync2_ssl_key.pem + /etc/csync2/csync2_ssl_cert.pem +``` + +Note that the common name (CN) in each node's SSL certificate should match +the hostname, or the SSL connection may fail. If you ever replace a node, and its +SSL key changes, existing nodes will still have a cached copy of the old key, +and the connection will fail. To remove the old key from an existing node's +cache, run the following command on each existing node: +``` + csync2 --ls-ssl-cert <some-hostname> + csync2 --rm-ssl-cert <replaced-hostname> +``` + +The Csync^2^ service is disabled by default. To start it on both your hosts +using systemd (preferred): +``` + systemctl enable csync2.socket + systemctl start csync2.socket +``` + +If you would prefer to do it the old way with xinetd, run: +``` + chkconfig csync2 on + chkconfig --level 345 xinetd on + service xinetd restart +``` + +If you are running iptables, you need to open tcp port 30865 on both hosts so +that the other host can connect. + +Now you should be able to run and initial verbose sync on both hosts: +``` + csync2 -xv +``` + +Once everything looks good, you can add a file with the following line as +`/etc/cron.d/csync2` or add it to `/etc/crontab`: +``` +*/5 * * * * root csync2 -x +``` + +Happy syncing! + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/doc/csync2.adoc new/csync2-2.0+git.1600444747.83b3644/doc/csync2.adoc --- old/csync2-2.0+git.1542296533.b974921/doc/csync2.adoc 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/doc/csync2.adoc 2020-09-18 17:59:07.000000000 +0200 @@ -217,8 +217,11 @@ are talking with each other for the first time, they add each other to the database. -The Csync^2^ TCP port 30865 needs to be added to the /etc/services file -and inetd needs to be told about Csync^2^ by adding +We recommend to add the Csync^2^ TCP port 30865 to the /etc/services file, +so you can use `csync2` as named port. You can use csync2 with systemd socket units, +as standalone server, or via `inetd` or `xinetd`. Templates for systemd and +xinetd are included [see also <<csync2-quickstart#>>]. +If you use inetd, it needs to be told about Csync^2^ by adding .... csync2 stream tcp nowait root \ @@ -227,6 +230,15 @@ to /etc/inetd.conf. + +[[configuration-file]] +Configuration File +~~~~~~~~~~~~~~~~~~ + +A simple Csync^2^ configuration file. The configuration +filename is /etc/csync2.cfg when no -C _configname_ option has been +passed and /etc/csync2__configname_.cfg with a -C _configname_ option. + .... group mygroup # A synchronization group (see 3.4.1) { @@ -263,29 +275,6 @@ } .... -.... -csync2 -cr / -if csync2 -M; then - echo "!!" - echo "!! There are unsynced changes! Type 'yes' if you still want to" - echo "!! exit (or press crtl-c) and anything else if you want to start" - echo "!! a new login shell instead." - echo "!!" - if read -p "Do you really want to logout? " in && - [ ".$in" != ".yes" ]; then - exec bash --login - fi -fi -.... - -[[configuration-file]] -Configuration File -~~~~~~~~~~~~~~~~~~ - -Figure 1 shows a simple Csync^2^ configuration file. The configuration -filename is /etc/csync2.cfg when no -C _configname_ option has been -passed and /etc/csync2__configname_.cfg with a -C _configname_ option. - [[synchronization-groups]] Synchronization Groups ^^^^^^^^^^^^^^^^^^^^^^ @@ -489,33 +478,6 @@ slightly randomized with a jitter of up to 6 seconds based on the respective process id. -.... -CREATE TABLE file ( - filename, checktxt, - UNIQUE ( filename ) ON CONFLICT REPLACE -); - -CREATE TABLE dirty ( - filename, force, myname, peername, - UNIQUE ( filename, peername ) ON CONFLICT IGNORE -); - -CREATE TABLE hint ( - filename, recursive, - UNIQUE ( filename, recursive ) ON CONFLICT IGNORE -); - -CREATE TABLE action ( - filename, command, logfile, - UNIQUE ( filename, command ) ON CONFLICT IGNORE -); - -CREATE TABLE x509_cert ( - peername, certdata, - UNIQUE ( peername ) ON CONFLICT IGNORE -); -.... - [[backing-up]] Backing up ^^^^^^^^^^ @@ -542,7 +504,21 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Csync^2^ sources contain a little script called csync2_locheck.sh -(Figure 2). + +.... +csync2 -cr / +if csync2 -M; then + echo "!!" + echo "!! There are unsynced changes! Type 'yes' if you still want to" + echo "!! exit (or press crtl-c) and anything else if you want to start" + echo "!! a new login shell instead." + echo "!!" + if read -p "Do you really want to logout? " in && + [ ".$in" != ".yes" ]; then + exec bash --login + fi +fi +.... If you copy that script into your ~/.bash_logout script (or include it using the source shell command), the shell will not let you log out if @@ -552,7 +528,34 @@ Database Schema --------------- -Figure 3 shows the Csync^2^ database schema. The database can be +.... +CREATE TABLE file ( + filename, checktxt, + UNIQUE ( filename ) ON CONFLICT REPLACE +); + +CREATE TABLE dirty ( + filename, force, myname, peername, + UNIQUE ( filename, peername ) ON CONFLICT IGNORE +); + +CREATE TABLE hint ( + filename, recursive, + UNIQUE ( filename, recursive ) ON CONFLICT IGNORE +); + +CREATE TABLE action ( + filename, command, logfile, + UNIQUE ( filename, command ) ON CONFLICT IGNORE +); + +CREATE TABLE x509_cert ( + peername, certdata, + UNIQUE ( peername ) ON CONFLICT IGNORE +); +.... + +This shows the Csync^2^ database schema. The database can be accessed using the sqlite command line shell. All string values are URL encoded in the database. @@ -596,6 +599,10 @@ Running Csync^2^ ---------------- +Simply calling csync2 without any additional arguments prints out a help +message (see below). A more detailed description of the most important +usage scenarios is given in the next sections. + .... csync2 2.0 - cluster synchronization tool, 2nd generation Copyright (C) 2004 - 2018 LINBIT Information Technologies GmbH @@ -728,10 +735,6 @@ $CSYNC2_SYSTEM_DIR/csync2.lock .... -Simply calling csync2 without any additional arguments prints out a help -message (Figure 4). A more detailed description of the most important -usage scenarios is given in the next sections. - [[just-synchronizing-the-files]] Just synchronizing the files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/release.sh new/csync2-2.0+git.1600444747.83b3644/release.sh --- old/csync2-2.0+git.1542296533.b974921/release.sh 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/release.sh 2020-09-18 17:59:07.000000000 +0200 @@ -23,7 +23,7 @@ # and creating the source tar file. PACKAGE=csync2 -URL=http://git.linbit.com/csync2.git +URL=https://github.com/LINBIT/csync2 case "$1" in -*) @@ -38,11 +38,9 @@ [[ $RELEASE = $VERSION ]] && RELEASE=1 set -ex - which pdflatex - LANG=C LC_ALL=C date "+csync2 ($VERSION-$RELEASE) unstable; urgency=low%n%n` ` * New Upstream Version.%n%n -- Lars Ellenberg ` - `<lars+csy...@linbit.com> %a, %d %b %Y ` + `<lars.ellenb...@linbit.com> %a, %d %b %Y ` `%H:%M:%S %z%n" > debian/changelog.new cat debian/changelog >> debian/changelog.new mv debian/changelog.new debian/changelog @@ -51,18 +49,16 @@ configure.ac perl -pi -e "s/^Version:.*/Version: $VERSION/;s/^Release:.*/Release: $RELEASE/" csync2.spec - # # generate an uptodate copy of the paper - # git commit -m "Preparing version $VERSION" \ - # debian/changelog \ - # configure.ac \ - # csync2.spec - - # git tag -a -m "$PACKAGE-$VERSION" $PACKAGE-$VERSION - - # include paper.pdf in tarball - # tar cvzf $PACKAGE-$VERSION.tar.gz \ - # --owner=0 --group=0 $PACKAGE-$VERSION - # rm -rf $PACKAGE-$VERSION + : git commit -m "Preparing version $VERSION" \ + debian/changelog \ + configure.ac \ + csync2.spec + + : git tag -a -m "$PACKAGE-$VERSION" $PACKAGE-$VERSION + + : tar cvzf $PACKAGE-$VERSION.tar.gz \ + --owner=0 --group=0 $PACKAGE-$VERSION + : rm -rf $PACKAGE-$VERSION ;; esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/rsync.c new/csync2-2.0+git.1600444747.83b3644/rsync.c --- old/csync2-2.0+git.1542296533.b974921/rsync.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/rsync.c 2020-09-18 17:59:07.000000000 +0200 @@ -686,6 +686,45 @@ return -1; } +/* The "temporary" newfname typically has been created as "-rw------- root:root". + * Before we rename it into place, "clone" the permissions and ownership of the + * old file to avoid files already with the "correct name", but root owned and + * unreadable by the applications, if even for a short time. + * If the old file does not exist (or cannot be stat()ed), ignore. + * If we cannot rename into place, but have to truncate/rewrite, + * we keep the existing file anyways, so no ownership/permission change happens. + * If permissions and/or ownership has also changed, in addition to + * content, those will be explicitly synced "soon". + * If there are errors while cloning the ownership or permissions, so what? + * Ignore, it stays at root:root 0600, and won't be worse than before. + * + * Can we do better? + * Until we change the ugly ad-hoc csync2 "protocol" to use "transaction" like + * semantics, and know all of the changed content, plus ownership, permissions, + * mtime, ACLs and other meta data as context information before starting to + * act on it on the receiving side, I don't see how. + */ +static void clone_ownership_and_permissions(const char *newfname, const char *oldfname) +{ + struct stat sbuf; + int uid, gid; + if (stat(oldfname, &sbuf)) + return; /* At least we tried */ + uid = csync_ignore_uid ? -1 : sbuf.st_uid; + gid = csync_ignore_gid ? -1 : sbuf.st_gid; + csync_debug(3, "Cloning ownership and permissions to tmp file: 0o%03o %d:%d %s [%s]\n", + sbuf.st_mode, uid, gid, newfname, oldfname); + if (chown(newfname, uid, gid)) + csync_debug(3, "Error '%s' for chown(%s,%d,%d) rsync-patch: %s\n", + strerror(errno), newfname, uid, gid, oldfname); + if (chmod(newfname, sbuf.st_mode)) + csync_debug(3, "Error '%s' for chmod(%s,0o%03o) rsync-patch: %s\n", + strerror(errno), newfname, sbuf.st_mode, oldfname); + + /* FIXME also "clone" acls; + * as long as csync2 is no acl aware, there is no point, though */ +} + int csync_rs_patch(const char *filename) { FILE *basis_file = 0, *delta_file = 0, *new_file = 0; @@ -758,6 +797,8 @@ } #endif + clone_ownership_and_permissions(newfname, prefixsubst(filename)); + if (rename(newfname, prefixsubst(filename))) { char buffer[512]; int rc; @@ -784,7 +825,7 @@ */ rewind(new_file); while ( (rc = fread(buffer, 1, 512, new_file)) > 0 - && fwrite(buffer, rc, 1, basis_file) == rc ) + && fwrite(buffer, 1, rc, basis_file) == rc ) ; /* at least retain the temp file, if something went wrong. */ if (ferror(new_file) || ferror(basis_file)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/csync2-2.0+git.1542296533.b974921/update.c new/csync2-2.0+git.1600444747.83b3644/update.c --- old/csync2-2.0+git.1542296533.b974921/update.c 2018-11-15 16:42:13.000000000 +0100 +++ new/csync2-2.0+git.1600444747.83b3644/update.c 2020-09-18 17:59:07.000000000 +0200 @@ -469,7 +469,7 @@ skip_action: if ( !S_ISLNK(st.st_mode) ) { - conn_printf("SETIME %s %s %Ld\n", + conn_printf("SETIME %s %s %lld\n", url_encode(key), url_encode(filename), (long long)st.st_mtime); last_conn_status = read_conn_status(filename, peername); @@ -1156,11 +1156,12 @@ const struct csync_group_host *h; const char *filename = url_decode(SQL_V(0)); + const char *peername = url_decode(SQL_V(2)); while ((g=csync_find_next(g, filename)) != 0) { if (!strcmp(g->myname, SQL_V(1))) for (h = g->host; h; h = h->next) { - if (!strcmp(h->hostname, SQL_V(2))) + if (!strcmp(h->hostname, peername)) goto this_dirty_record_is_ok; } }
