diff --git a/0001-gperftools-deprecated-google-includes.patch b/0001-gperftools-deprecated-google-includes.patch new file mode 100644 index 0000000..40cfc9c --- /dev/null +++ b/0001-gperftools-deprecated-google-includes.patch @@ -0,0 +1,27 @@ +From 6c280200b42758d3e84cfd1a5b256171cab132d1 Mon Sep 17 00:00:00 2001 +From: Boris Ranto +Date: Wed, 14 Jan 2015 07:46:56 +0100 +Subject: [PATCH 1/3] gperftools deprecated google/* includes + +--- + src/perfglue/heap_profiler.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/perfglue/heap_profiler.cc b/src/perfglue/heap_profiler.cc +index 6b079b8..cdd5ccb 100644 +--- a/src/perfglue/heap_profiler.cc ++++ b/src/perfglue/heap_profiler.cc +@@ -12,8 +12,8 @@ + * + */ + +-#include +-#include ++#include ++#include + #include "heap_profiler.h" + #include "common/environment.h" + #include "common/LogClient.h" +-- +1.9.3 + diff --git a/0002-Wno-format-causes-compiler-options-collision.patch b/0002-Wno-format-causes-compiler-options-collision.patch new file mode 100644 index 0000000..dd24eda --- /dev/null +++ b/0002-Wno-format-causes-compiler-options-collision.patch @@ -0,0 +1,25 @@ +From 213613337d56bf1b1257f043c7b737ee86b0e1be Mon Sep 17 00:00:00 2001 +From: Boris Ranto +Date: Wed, 14 Jan 2015 07:47:47 +0100 +Subject: [PATCH 2/3] -Wno-format causes compiler options collision + +--- + src/test/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/test/Makefile.am b/src/test/Makefile.am +index 69f9e84..9ede275 100644 +--- a/src/test/Makefile.am ++++ b/src/test/Makefile.am +@@ -646,7 +646,7 @@ bin_DEBUGPROGRAMS += ceph_test_librbd + if LINUX + ceph_test_librbd_fsx_SOURCES = test/librbd/fsx.c + ceph_test_librbd_fsx_LDADD = $(LIBRBD) $(LIBRADOS) -lm +-ceph_test_librbd_fsx_CFLAGS = ${AM_CFLAGS} -Wno-format ++ceph_test_librbd_fsx_CFLAGS = ${AM_CFLAGS} + bin_DEBUGPROGRAMS += ceph_test_librbd_fsx + endif + +-- +1.9.3 + diff --git a/0003-Backport-pull-request-2937-to-firefly.patch b/0003-Backport-pull-request-2937-to-firefly.patch new file mode 100644 index 0000000..c61c63b --- /dev/null +++ b/0003-Backport-pull-request-2937-to-firefly.patch @@ -0,0 +1,27 @@ +From 149481ac6dc52a852fb53800384a99e3d69ad11a Mon Sep 17 00:00:00 2001 +From: Boris Ranto +Date: Mon, 8 Dec 2014 08:36:37 +0100 +Subject: [PATCH 3/3] Backport pull request #2937 to firefly + +--- + src/common/RWLock.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/common/RWLock.h b/src/common/RWLock.h +index f901ac0..f4d1937 100644 +--- a/src/common/RWLock.h ++++ b/src/common/RWLock.h +@@ -36,7 +36,9 @@ public: + } + + virtual ~RWLock() { +- pthread_rwlock_unlock(&L); ++ // The following check is racy but we are about to destroy ++ // the object and we assume that there are no other users. ++ //assert(!is_locked()); -- hacky backport, no is_locked in firefly + pthread_rwlock_destroy(&L); + } + +-- +1.9.3 + diff --git a/ceph-google-gperftools.patch b/ceph-google-gperftools.patch deleted file mode 100644 index 5c24871..0000000 --- a/ceph-google-gperftools.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- ceph-0.80.5/src/perfglue/heap_profiler.cc.orig 2014-08-15 16:05:00.161794290 +0200 -+++ ceph-0.80.5/src/perfglue/heap_profiler.cc 2014-08-15 16:05:04.691794305 +0200 -@@ -12,8 +12,8 @@ - * - */ - --#include --#include -+#include -+#include - #include "heap_profiler.h" - #include "common/environment.h" - #include "common/LogClient.h" diff --git a/ceph-no-format-security.patch b/ceph-no-format-security.patch deleted file mode 100644 index 20cf90e..0000000 --- a/ceph-no-format-security.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ceph-0.80.5/src/test/Makefile.am.orig 2014-08-15 16:30:18.831799418 +0200 -+++ ceph-0.80.5/src/test/Makefile.am 2014-08-15 16:23:17.758464663 +0200 -@@ -642,7 +642,7 @@ bin_DEBUGPROGRAMS += ceph_test_librbd - if LINUX - ceph_test_librbd_fsx_SOURCES = test/librbd/fsx.c - ceph_test_librbd_fsx_LDADD = $(LIBRBD) $(LIBRADOS) -lm --ceph_test_librbd_fsx_CFLAGS = ${AM_CFLAGS} -Wno-format -+ceph_test_librbd_fsx_CFLAGS = ${AM_CFLAGS} - bin_DEBUGPROGRAMS += ceph_test_librbd_fsx - endif - diff --git a/ceph.spec b/ceph.spec index c2ea9ed..94c3598 100644 --- a/ceph.spec +++ b/ceph.spec @@ -5,20 +5,23 @@ %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} %endif +%global _hardened_build 1 + ################################################################################# # common ################################################################################# Name: ceph Version: 0.80.8 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 1 Summary: User space components of the Ceph file system License: GPLv2 Group: System Environment/Base URL: http://ceph.com/ Source0: http://ceph.com/download/%{name}-%{version}.tar.bz2 -Patch0: ceph-google-gperftools.patch -Patch1: ceph-no-format-security.patch +Patch1: 0001-gperftools-deprecated-google-includes.patch +Patch2: 0002-Wno-format-causes-compiler-options-collision.patch +Patch3: 0003-Backport-pull-request-2937-to-firefly.patch Requires: librbd1 = %{epoch}:%{version}-%{release} Requires: librados2 = %{epoch}:%{version}-%{release} Requires: libcephfs1 = %{epoch}:%{version}-%{release} @@ -387,8 +390,9 @@ python-cephfs instead. ################################################################################# %prep %setup -q -%patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build # Find jni.h @@ -662,7 +666,6 @@ fi # Package removal cleanup if [ "$1" -eq "0" ] ; then rm -rf /var/log/ceph - rm -rf /etc/ceph fi ################################################################################# @@ -769,10 +772,6 @@ fi %post -n librbd1 /sbin/ldconfig -# First, cleanup -rm -f /usr/lib64/qemu/librbd.so.1 -rmdir /usr/lib64/qemu 2>/dev/null || true -rmdir /usr/lib64/ 2>/dev/null || true # If x86_64 and rhel6+, link the library to /usr/lib64/qemu -- rhel hack %ifarch x86_64 %if 0%{?rhel} >= 6 @@ -876,6 +875,12 @@ ln -sf %{_libdir}/librbd.so.1 /usr/lib64/qemu/librbd.so.1 %files -n python-ceph-compat %changelog +* Wed Mar 4 2015 Boris Ranto - 1:0.80.8-2 +- Perform a hardened build +- Use git-formatted patches +- Do not remove conf files on uninstall +- Remove the cleanup post-script function + * Mon Feb 23 2015 Boris Ranto - 1:0.80.8-1 - Rebase to latest upstream firefly version - Require yasm, the SELinux yasm issue was fixed in .8 release