Hello community, here is the log from the commit of package csync2 for openSUSE:12.1 checked in at 2011-10-26 15:22:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1/csync2 (Old) and /work/SRC/openSUSE:12.1/.csync2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "csync2", Maintainer is "j...@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1/csync2/csync2.changes 2011-10-24 12:34:09.000000000 +0200 +++ /work/SRC/openSUSE:12.1/.csync2.new/csync2.changes 2011-10-28 15:36:42.000000000 +0200 @@ -1,0 +2,15 @@ +Wed Oct 26 09:19:16 UTC 2011 - tser...@suse.com + +- Remove explicit lib dependencies from spec file + +------------------------------------------------------------------- +Tue Sep 20 12:41:40 UTC 2011 - tser...@suse.com + +- Add csync2-rm-ssl-cert helper script (bnc#709811) + +------------------------------------------------------------------- +Sun Sep 18 00:06:31 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- New: ---- csync2-rm-ssl-cert ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ csync2.spec ++++++ --- /var/tmp/diff_new_pack.JuJKBL/_old 2011-10-28 15:36:43.000000000 +0200 +++ /var/tmp/diff_new_pack.JuJKBL/_new 2011-10-28 15:36:43.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package csync2 (Version 1.34) +# spec file for package csync2 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,13 @@ Name: csync2 Version: 1.34 -Release: 1 +Release: 2 Group: Productivity/Clustering/HA License: GPLv2+ ; LGPLv2.1+ Url: http://oss.linbit.com/csync2/ Source0: http://oss.linbit.com/csync2/%{name}-%{version}.tar.gz Source1: csync2-README.quickstart +Source2: csync2-rm-ssl-cert Patch0: csync2-fix-xinetd.patch Patch1: fix-missing-sentinels.diff %if 0%{?suse_version} > 1120 @@ -34,7 +35,7 @@ %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(post): openssl -Requires: xinetd libgnutls26 libgnutls-extra26 gnutls sqlite2 librsync libtasn1-3 +Requires: xinetd gnutls sqlite2 BuildRequires: bison flex libgnutls-devel libgnutls-extra-devel librsync libtasn1-devel sqlite2-devel %description @@ -44,12 +45,6 @@ detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms. - - -Authors: --------- - Clifford Wolf <cliff...@clifford.at> - %prep %setup -q %patch0 -p1 -b .fix-xinetd @@ -64,17 +59,14 @@ make %{?_smp_mflags} %install -rm -rf %{buildroot} make install DESTDIR=%{buildroot} mkdir -p %{buildroot}%{_var}/lib/csync2 install -p -D -m 644 csync2.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/csync2 +install -p -m 755 %{SOURCE2} %{buildroot}%{_sbindir}/csync2-rm-ssl-cert # We need these empty files to be able to %%ghost them touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_key.pem touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem -%clean -rm -rf %{buildroot} - %post umask 077 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then @@ -112,6 +104,7 @@ %ghost %config %{_sysconfdir}/csync2/csync2_ssl_cert.pem %{_sbindir}/csync2 %{_sbindir}/csync2-compare +%{_sbindir}/csync2-rm-ssl-cert %{_mandir}/man1/csync2.1* %dir %{_var}/lib/csync2/ ++++++ csync2-README.quickstart ++++++ --- /var/tmp/diff_new_pack.JuJKBL/_old 2011-10-28 15:36:43.000000000 +0200 +++ /var/tmp/diff_new_pack.JuJKBL/_new 2011-10-28 15:36:43.000000000 +0200 @@ -29,6 +29,13 @@ /etc/csync2/csync2_ssl_key.pem /etc/csync2/csync2_ssl_cert.pem +Note that the common name (CN) in each node's SSL certificate must be the +same, or the SSL connection will fail. If you ever replace a node, and its +SSL key changes, existing nodes will still have a cached copy of the old key, +and the connection will fail. To remove the old key from an existing node's +cache, run the following command on each existing node: + csync2-rm-ssl-cert <replaced-hostname> + The csync2 service is disabled by default. To start it on both your hosts : chkconfig csync2 on chkconfig --level 345 xinetd on ++++++ csync2-rm-ssl-cert ++++++ #!/bin/bash if [ $# -eq 0 -o "$1" = "-h" ]; then cat <<END Remove a peer's SSL certificate from csync2's local database. Use this after replacing a peer node (or regenerating its SSL certificate). Usage: $0 [-h] <hostname> Options: -h Display this usage information END exit 0 fi DBFILE=/var/lib/csync2/$(hostname).db if [ ! -f "$DBFILE" ]; then echo "Local csync2 database ($DBFILE) not found." exit 1 fi # Strip double and single quotes from hostname so they can't interfere with the SQL PEERNAME=$(echo $1 | sed -e "s/['\"]//g") certcount() { echo "SELECT COUNT(peername) FROM x509_cert WHERE peername='$1';" | sqlite $DBFILE } if [ $(certcount "$PEERNAME") -eq 0 ]; then echo "Certificate for '$PEERNAME' not in local database." exit 0 fi echo "DELETE FROM x509_cert WHERE peername='$PEERNAME';" | sqlite $DBFILE if [ $(certcount "$PEERNAME") -ne 0 ]; then echo "Error removing certificate for '$PEERNAME' from local database." exit 1 fi echo "Certificate for '$PEERNAME' removed from local database." -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org