diff options
| author | manu <manu@pkgsrc.org> | 2011-12-09 16:57:44 +0000 |
|---|---|---|
| committer | manu <manu@pkgsrc.org> | 2011-12-09 16:57:44 +0000 |
| commit | 00ab1d24be06d2e7d7f48ad68f995d3198362cc0 (patch) | |
| tree | a2c45684a1ae9d86fb4dbdfac188066c35466995 | |
| parent | 97733d08f6d6b54d700d3f6c7e668d1133536ef3 (diff) | |
| download | pkgsrc-00ab1d24be06d2e7d7f48ad68f995d3198362cc0.tar.gz | |
- Add experimental support for SSL
- Ignore again .attribute (a patch part that was lost in last upgrade)
| -rw-r--r-- | filesystems/glusterfs/MESSAGE.ssl | 9 | ||||
| -rw-r--r-- | filesystems/glusterfs/Makefile | 5 | ||||
| -rw-r--r-- | filesystems/glusterfs/PLIST | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/distinfo | 6 | ||||
| -rwxr-xr-x | filesystems/glusterfs/files/glusterd.sh | 4 | ||||
| -rwxr-xr-x | filesystems/glusterfs/files/glusterfsd.sh | 4 | ||||
| -rw-r--r-- | filesystems/glusterfs/files/ssl.patch | 1131 | ||||
| -rw-r--r-- | filesystems/glusterfs/options.mk | 19 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-ae | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-be | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-bq | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-br | 33 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-bw | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-bx | 2 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-ca | 25 | ||||
| -rw-r--r-- | filesystems/glusterfs/patches/patch-cb | 17 |
16 files changed, 1245 insertions, 20 deletions
diff --git a/filesystems/glusterfs/MESSAGE.ssl b/filesystems/glusterfs/MESSAGE.ssl new file mode 100644 index 00000000000..b76d1644466 --- /dev/null +++ b/filesystems/glusterfs/MESSAGE.ssl @@ -0,0 +1,9 @@ +=========================================================================== +$NetBSD: MESSAGE.ssl,v 1.1 2011/12/09 16:57:44 manu Exp $ + +The following paths are used for SSL key, certificate and CA: + ${PKG_SYSCONFDIR}/openssl/private/gluster.key + ${PKG_SYSCONFDIR}/openssl/certs/gluster.crt + ${PKG_SYSCONFDIR}/openssl/certs/gluster-ca.crt + +=========================================================================== diff --git a/filesystems/glusterfs/Makefile b/filesystems/glusterfs/Makefile index 1210766fe67..fd442524a9d 100644 --- a/filesystems/glusterfs/Makefile +++ b/filesystems/glusterfs/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.24 2011/11/28 08:42:38 manu Exp $ +# $NetBSD: Makefile,v 1.25 2011/12/09 16:57:44 manu Exp $ # DISTNAME= glusterfs-3.2.5 +PKGREVISION= 4 CATEGORIES= filesystems MASTER_SITES= http://download.gluster.com/pub/gluster/glusterfs/3.2/3.2.5/ @@ -73,6 +74,8 @@ BUILD_DEFS+= VARBASE RCD_SCRIPTS= glusterfsd glusterd PLIST_SRC= ${PLIST_SRC_DFLT} +MESSAGE_SRC= ${PKGDIR}/MESSAGE.${OPSYS} + post-build: cp ${WRKSRC}/doc/glusterd.vol ${WRKSRC}/doc/glusterd.vol.sample diff --git a/filesystems/glusterfs/PLIST b/filesystems/glusterfs/PLIST index 6d91c4c7993..b58d7739cf6 100644 --- a/filesystems/glusterfs/PLIST +++ b/filesystems/glusterfs/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.9 2011/11/28 08:42:38 manu Exp $ +@comment $NetBSD: PLIST,v 1.10 2011/12/09 16:57:44 manu Exp $ etc/glusterfs/xattr-init.sh etc/glusterfs/glusterfs.vol.sample etc/glusterfs/glusterfsd.vol.sample diff --git a/filesystems/glusterfs/distinfo b/filesystems/glusterfs/distinfo index da311e2345b..4a705f61bd1 100644 --- a/filesystems/glusterfs/distinfo +++ b/filesystems/glusterfs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2011/11/28 14:58:44 manu Exp $ +$NetBSD: distinfo,v 1.22 2011/12/09 16:57:44 manu Exp $ SHA1 (glusterfs-3.2.5.tar.gz) = 10f2e81ec7f118432c279236509fc3d89ab8f690 RMD160 (glusterfs-3.2.5.tar.gz) = 13d0f8c1a2a1e7d39a43899bc9d09f7f13fea844 @@ -25,9 +25,11 @@ SHA1 (patch-bn) = 98ce48be2239f42edc4ef8e26644305f6aa0a5eb SHA1 (patch-bo) = be0dcdcc0acb6a5e54664372c34a28f1307fbd00 SHA1 (patch-bp) = 77463ea7d739d532e20dbe5bd66d58c22ba0c248 SHA1 (patch-bq) = 083f22383b88890f9e6f2c90a4435657ccd10579 -SHA1 (patch-br) = 5cd1d2692e34173f7e9f60b170373d499067d224 +SHA1 (patch-br) = 153aa644c306407e3135620f31d0ff918bfdb1e5 SHA1 (patch-bs) = d2f79ef19143f74f5a12187ea2dfd9e1ed92b726 SHA1 (patch-bt) = 58f8e5ce66e6b691dd9972bd649dc18f7d5a258a SHA1 (patch-bv) = 2c3b654e5858bf0948307ca6ae7048e276fca9ef SHA1 (patch-bw) = dca12eb81163fd1a0ada13165e990ddcb8fefbf2 SHA1 (patch-bx) = b2aca473091bb64d14c6da046379d33ca8a5785e +SHA1 (patch-ca) = 7b87f5b1a34eaa9a74f21bc40c794585817070ae +SHA1 (patch-cb) = 5f574e743869478efd0a8bc958ea7dd8fbcad57a diff --git a/filesystems/glusterfs/files/glusterd.sh b/filesystems/glusterfs/files/glusterd.sh index a786bcf0634..b52c991b459 100755 --- a/filesystems/glusterfs/files/glusterd.sh +++ b/filesystems/glusterfs/files/glusterd.sh @@ -1,6 +1,6 @@ -#!@RCD_SCRIPTS_SHELL@ +#!/bin/sh # -# $NetBSD: glusterd.sh,v 1.8 2011/10/07 22:37:03 shattered Exp $ +# $NetBSD: glusterd.sh,v 1.9 2011/12/09 16:57:44 manu Exp $ # # PROVIDE: glusterd diff --git a/filesystems/glusterfs/files/glusterfsd.sh b/filesystems/glusterfs/files/glusterfsd.sh index 0b67605d098..1e314f68925 100755 --- a/filesystems/glusterfs/files/glusterfsd.sh +++ b/filesystems/glusterfs/files/glusterfsd.sh @@ -1,6 +1,6 @@ -#!@RCD_SCRIPTS_SHELL@ +#!/bin/sh # -# $NetBSD: glusterfsd.sh,v 1.8 2011/10/07 22:37:03 shattered Exp $ +# $NetBSD: glusterfsd.sh,v 1.9 2011/12/09 16:57:44 manu Exp $ # # PROVIDE: glusterfsd diff --git a/filesystems/glusterfs/files/ssl.patch b/filesystems/glusterfs/files/ssl.patch new file mode 100644 index 00000000000..7c2f2b6321b --- /dev/null +++ b/filesystems/glusterfs/files/ssl.patch @@ -0,0 +1,1131 @@ +$NetBSD: ssl.patch,v 1.1 2011/12/09 16:57:44 manu Exp $ + +SSL support pulled from not yet committed upstream patch +http://review.gluster.com/#change,362 + +--- rpc/rpc-transport/socket/src/Makefile.am.orig 2011-11-14 14:46:00.000000000 +0100 ++++ rpc/rpc-transport/socket/src/Makefile.am 2011-12-03 06:46:39.000000000 +0100 +@@ -2,9 +2,9 @@ + + rpctransport_LTLIBRARIES = socket.la + rpctransportdir = $(libdir)/glusterfs/$(PACKAGE_VERSION)/rpc-transport + +-socket_la_LDFLAGS = -module -avoidversion ++socket_la_LDFLAGS = -module -avoidversion -lssl + + socket_la_SOURCES = socket.c name.c + socket_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la + +--- rpc/rpc-transport/socket/src/Makefile.in.orig 2011-11-14 14:46:14.000000000 +0100 ++++ rpc/rpc-transport/socket/src/Makefile.in 2011-12-03 06:46:39.000000000 +0100 +@@ -226,9 +226,9 @@ + target_alias = @target_alias@ + noinst_HEADERS = socket.h name.h + rpctransport_LTLIBRARIES = socket.la + rpctransportdir = $(libdir)/glusterfs/$(PACKAGE_VERSION)/rpc-transport +-socket_la_LDFLAGS = -module -avoidversion ++socket_la_LDFLAGS = -module -avoidversion -lssl + socket_la_SOURCES = socket.c name.c + socket_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la + AM_CFLAGS = -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall -D$(GF_HOST_OS)\ + -I$(top_srcdir)/libglusterfs/src -I$(top_srcdir)/rpc/rpc-lib/src/ \ +--- rpc/rpc-transport/socket/src/socket.c.orig 2011-12-07 02:20:01.000000000 +0100 ++++ rpc/rpc-transport/socket/src/socket.c 2011-12-07 02:19:21.000000000 +0100 +@@ -42,12 +42,36 @@ + #include <fcntl.h> + #include <errno.h> + #include <netinet/tcp.h> + #include <rpc/xdr.h> ++#include <sys/ioctl.h> + + #define GF_LOG_ERRNO(errno) ((errno == ENOTCONN) ? GF_LOG_DEBUG : GF_LOG_ERROR) + #define SA(ptr) ((struct sockaddr *)ptr) + ++#define SSL_ENABLED_OPT "transport.socket.ssl-enabled" ++#define SSL_OWN_CERT_OPT "transport.socket.ssl-own-cert" ++#define SSL_PRIVATE_KEY_OPT "transport.socket.ssl-private-key" ++#define SSL_CA_LIST_OPT "transport.socket.ssl-ca-list" ++#define OWN_THREAD_OPT "transport.socket.own-thread" ++ ++#if !defined(DEFAULT_CERT_PATH) ++#define DEFAULT_CERT_PATH "/etc/ssl/glusterfs.pem" ++#endif ++#if !defined(DEFAULT_KEY_PATH) ++#define DEFAULT_KEY_PATH "/etc/ssl/glusterfs.key" ++#endif ++#if !defined(DEFAULT_CA_PATH) ++#define DEFAULT_CA_PATH "/etc/ssl/glusterfs.ca" ++#endif ++ ++#define POLL_MASK_INPUT (POLLIN | POLLPRI) ++#define POLL_MASK_OUTPUT (POLLOUT) ++#define POLL_MASK_ERROR (POLLERR | POLLHUP | POLLNVAL) ++ ++typedef int SSL_unary_func (SSL *); ++typedef int SSL_trinary_func (SSL *, void *, int); ++ + + #define __socket_proto_reset_pending(priv) do { \ + memset (&priv->incoming.frag.vector, 0, \ + sizeof (priv->incoming.frag.vector)); \ +@@ -132,11 +156,143 @@ + } \ + __socket_proto_update_priv_after_read (priv, ret, bytes_read); \ + } + +- + int socket_init (rpc_transport_t *this); + ++void ++ssl_dump_error_stack (const char *caller) ++{ ++ unsigned long errnum = 0; ++ char errbuf[120] = {0,}; ++ ++ /* OpenSSL docs explicitly give 120 as the error-string length. */ ++ ++ while ((errnum = ERR_get_error())) { ++ ERR_error_string(errnum,errbuf); ++ gf_log(caller,GF_LOG_ERROR," %s",errbuf); ++ } ++} ++ ++int ++ssl_do (rpc_transport_t *this, void *buf, size_t len, SSL_trinary_func *func) ++{ ++ int r = (-1); ++ struct pollfd pfd = {-1,}; ++ socket_private_t *priv = NULL; ++ ++ GF_VALIDATE_OR_GOTO(this->name,this->private,out); ++ priv = this->private; ++ ++ for (;;) { ++ if (buf) { ++ r = func(priv->ssl_ssl,buf,len); ++ } ++ else { ++ r = ((SSL_unary_func *)func)(priv->ssl_ssl); ++ } ++ switch (SSL_get_error(priv->ssl_ssl,r)) { ++ case SSL_ERROR_NONE: ++ return r; ++ case SSL_ERROR_WANT_READ: ++ pfd.fd = priv->sock; ++ pfd.events = POLLIN; ++ if (poll(&pfd,1,-1) < 0) { ++ gf_log(this->name,GF_LOG_ERROR,"poll error %d", ++ errno); ++ } ++ break; ++ case SSL_ERROR_WANT_WRITE: ++ pfd.fd = priv->sock; ++ pfd.events = POLLOUT; ++ if (poll(&pfd,1,-1) < 0) { ++ gf_log(this->name,GF_LOG_ERROR,"poll error %d", ++ errno); ++ } ++ break; ++ case SSL_ERROR_SYSCALL: ++ /* This is what we get when remote disconnects. */ ++ gf_log(this->name,GF_LOG_DEBUG, ++ "syscall error (probably remote disconnect)"); ++ errno = ENODATA; ++ goto out; ++ default: ++ errno = EIO; ++ goto out; /* "break" would just loop again */ ++ } ++ } ++out: ++ return -1; ++} ++ ++#define ssl_connect_one(t) ssl_do((t),NULL,0,(SSL_trinary_func *)SSL_connect) ++#define ssl_accept_one(t) ssl_do((t),NULL,0,(SSL_trinary_func *)SSL_accept) ++#define ssl_read_one(t,b,l) ssl_do((t),(b),(l),(SSL_trinary_func *)SSL_read) ++#define ssl_write_one(t,b,l) ssl_do((t),(b),(l),(SSL_trinary_func *)SSL_write) ++ ++int ++ssl_setup_connection (rpc_transport_t *this, int server) ++{ ++ X509 *peer = NULL; ++ char peer_CN[256] = ""; ++ int ret = -1; ++ socket_private_t *priv = NULL; ++ ++ GF_VALIDATE_OR_GOTO(this->name,this->private,done); ++ priv = this->private; ++ ++ priv->ssl_ssl = SSL_new(priv->ssl_ctx); ++ if (!priv->ssl_ssl) { ++ gf_log(this->name,GF_LOG_ERROR,"SSL_new failed"); ++ ssl_dump_error_stack(this->name); ++ goto done; ++ } ++ priv->ssl_sbio = BIO_new_socket(priv->sock,BIO_NOCLOSE); ++ if (!priv->ssl_sbio) { ++ gf_log(this->name,GF_LOG_ERROR,"BIO_new_socket failed"); ++ ssl_dump_error_stack(this->name); ++ goto free_ssl; ++ } ++ SSL_set_bio(priv->ssl_ssl,priv->ssl_sbio,priv->ssl_sbio); ++ ++ if (server) { ++ ret = ssl_accept_one(this); ++ } ++ else { ++ ret = ssl_connect_one(this); ++ } ++ ++ /* Make sure _the call_ succeeded. */ ++ if (ret < 0) { ++ goto ssl_error; ++ } ++ ++ /* Make sure _SSL verification_ succeeded, yielding an identity. */ ++ if (SSL_get_verify_result(priv->ssl_ssl) != X509_V_OK) { ++ goto ssl_error; ++ } ++ peer = SSL_get_peer_certificate(priv->ssl_ssl); ++ if (!peer) { ++ goto ssl_error; ++ } ++ ++ /* Finally, everything seems OK. */ ++ X509_NAME_get_text_by_NID(X509_get_subject_name(peer), ++ NID_commonName, peer_CN, sizeof(peer_CN)-1); ++ peer_CN[sizeof(peer_CN)-1] = '\0'; ++ gf_log(this->name,GF_LOG_INFO,"peer CN = %s", peer_CN); ++ return 0; ++ ++ /* Error paths. */ ++ssl_error: ++ gf_log(this->name,GF_LOG_ERROR,"SSL connect error"); ++ ssl_dump_error_stack(this->name); ++free_ssl: ++ SSL_free(priv->ssl_ssl); ++done: ++ return ret; ++} ++ + /* + * return value: + * 0 = success (completed) + * -1 = error +@@ -167,19 +323,43 @@ + if (bytes != NULL) { + *bytes = 0; + } + +- while (opcount) { ++ while (opcount > 0) { ++ if (opvector->iov_len == 0) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "would have passed zero length to read/write"); ++ ++opvector; ++ --opcount; ++ break; ++ } + if (write) { +- ret = writev (sock, opvector, opcount); ++ if (priv->use_ssl) { ++ ret = ssl_write_one(this, ++ opvector->iov_base, opvector->iov_len); ++ } ++ else { ++ ret = writev (sock, opvector, opcount); ++ } + + if (ret == 0 || (ret == -1 && errno == EAGAIN)) { + /* done for now */ + break; + } + this->total_bytes_write += ret; + } else { +- ret = readv (sock, opvector, opcount); ++ if (priv->use_ssl) { ++ ret = ssl_read_one(this, ++ opvector->iov_base, opvector->iov_len); ++ } ++ else { ++ ret = readv (sock, opvector, opcount); ++ } ++ if (ret == 0) { ++ gf_log(this->name,GF_LOG_DEBUG,"EOF on socket"); ++ errno = ENODATA; ++ ret = -1; ++ } + if (ret == -1 && errno == EAGAIN) { + /* done for now */ + break; + } +@@ -201,8 +381,11 @@ + + gf_log (this->name, GF_LOG_WARNING, + "%s failed (%s)", write ? "writev" : "readv", + strerror (errno)); ++ if (priv->use_ssl) { ++ ssl_dump_error_stack(this->name); ++ } + opcount = -1; + break; + } + +@@ -212,8 +395,19 @@ + + moved = 0; + + while (moved < ret) { ++ if (!opcount) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "ran out of iov, moved %d/%d", ++ moved, ret); ++ goto ran_out; ++ } ++ if (!opvector[0].iov_len) { ++ opvector++; ++ opcount--; ++ continue; ++ } + if ((ret - moved) >= opvector[0].iov_len) { + moved += opvector[0].iov_len; + opvector++; + opcount--; +@@ -221,15 +415,13 @@ + opvector[0].iov_len -= (ret - moved); + opvector[0].iov_base += (ret - moved); + moved += (ret - moved); + } +- while (opcount && !opvector[0].iov_len) { +- opvector++; +- opcount--; +- } + } + } + ++ran_out: ++ + if (pending_vector) + *pending_vector = opvector; + + if (pending_count) +@@ -287,8 +479,22 @@ + gf_log (this->name, GF_LOG_DEBUG, + "shutdown() returned %d. %s", + ret, strerror (errno)); + } ++ if (priv->use_ssl) { ++ SSL_shutdown(priv->ssl_ssl); ++ SSL_clear(priv->ssl_ssl); ++ SSL_free(priv->ssl_ssl); ++ } ++ if (priv->own_thread) { ++ /* ++ * Without this, reconnect (= disconnect + connect) ++ * won't work except by accident. ++ */ ++ close(priv->sock); ++ priv->sock = -1; ++ ++(priv->socket_gen); ++ } + } + + out: + return ret; +@@ -364,9 +570,8 @@ + + return ret; + } + +- + int + __socket_nodelay (int fd) + { + int on = 1; +@@ -620,11 +825,13 @@ + } + + + int +-__socket_ioq_churn_entry (rpc_transport_t *this, struct ioq *entry) ++__socket_ioq_churn_entry (rpc_transport_t *this, struct ioq *entry, int direct) + { +- int ret = -1; ++ int ret = -1; ++ socket_private_t *priv = NULL; ++ char a_byte = 0; + + ret = __socket_writev (this, entry->pending_vector, + entry->pending_count, + &entry->pending_vector, +@@ -633,8 +840,20 @@ + if (ret == 0) { + /* current entry was completely written */ + GF_ASSERT (entry->pending_count == 0); + __socket_ioq_entry_free (entry); ++ priv = this->private; ++ if (priv->own_thread) { ++ /* ++ * The pipe should only remain readable if there are ++ * more entries after this, so drain the byte ++ * representing this entry. ++ */ ++ if (!direct && read(priv->pipe[0],&a_byte,1) < 1) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "read error on pipe"); ++ } ++ } + } + + return ret; + } +@@ -655,15 +874,15 @@ + while (!list_empty (&priv->ioq)) { + /* pick next entry */ + entry = priv->ioq_next; + +- ret = __socket_ioq_churn_entry (this, entry); ++ ret = __socket_ioq_churn_entry (this, entry, 0); + + if (ret != 0) + break; + } + +- if (list_empty (&priv->ioq)) { ++ if (!priv->own_thread && list_empty (&priv->ioq)) { + /* all pending writes done, not interested in POLLOUT */ + priv->idx = event_select_on (this->ctx->event_pool, + priv->sock, priv->idx, -1, 0); + } +@@ -1645,9 +1864,8 @@ + + if (pollin != NULL) { + ret = rpc_transport_notify (this, RPC_TRANSPORT_MSG_RECEIVED, + pollin); +- + rpc_transport_pollin_destroy (pollin); + } + + return ret; +@@ -1730,11 +1948,11 @@ + int + socket_event_handler (int fd, int idx, void *data, + int poll_in, int poll_out, int poll_err) + { +- rpc_transport_t *this = NULL; ++ rpc_transport_t *this = NULL; + socket_private_t *priv = NULL; +- int ret = 0; ++ int ret = -1; + + this = data; + GF_VALIDATE_OR_GOTO ("socket", this, out); + GF_VALIDATE_OR_GOTO ("socket", this->private, out); +@@ -1742,18 +1960,15 @@ + + THIS = this->xl; + priv = this->private; + +- + pthread_mutex_lock (&priv->lock); + { + priv->idx = idx; + } + pthread_mutex_unlock (&priv->lock); + +- if (!priv->connected) { +- ret = socket_connect_finish (this); +- } ++ ret = priv->connected ? 0 : socket_connect_finish(this); + + if (!ret && poll_out) { + ret = socket_event_poll_out (this); + } +@@ -1767,15 +1982,114 @@ + gf_log ("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG), + "disconnecting now"); + socket_event_poll_err (this); + rpc_transport_unref (this); +- } ++ } + + out: +- return 0; ++ return ret; ++} ++ ++ ++void * ++socket_poller (void *ctx) ++{ ++ rpc_transport_t *this = ctx; ++ socket_private_t *priv = this->private; ++ struct pollfd pfd[2] = {{0,},}; ++ gf_boolean_t to_write = _gf_false; ++ int ret = 0; ++ int orig_gen; ++ ++ orig_gen = ++(priv->socket_gen); ++ ++ if (!priv->connected) { ++ THIS = this->xl; ++ ret = socket_connect_finish (this); ++ } ++ ++ for (;;) { ++ if (priv->socket_gen != orig_gen) { ++ gf_log(this->name,GF_LOG_DEBUG, ++ "redundant poller exiting"); ++ return NULL; ++ } ++ pthread_mutex_lock(&priv->lock); ++ to_write = !list_empty(&priv->ioq); ++ pthread_mutex_unlock(&priv->lock); ++ pfd[0].fd = priv->pipe[0]; ++ pfd[0].events = POLL_MASK_ERROR; ++ pfd[0].revents = 0; ++ pfd[1].fd = priv->sock; ++ pfd[1].events = POLL_MASK_INPUT | POLL_MASK_ERROR; ++ pfd[1].revents = 0; ++ if (to_write) { ++ pfd[1].events |= POLL_MASK_OUTPUT; ++ } ++ else { ++ pfd[0].events |= POLL_MASK_INPUT; ++ } ++ if (poll(pfd,2,-1) < 0) { ++ gf_log(this->name,GF_LOG_ERROR,"poll failed"); ++ break; ++ } ++ if (pfd[0].revents & POLL_MASK_ERROR) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "poll error on pipe"); ++ break; ++ } ++ /* Only glusterd actually seems to need this. */ ++ THIS = this->xl; ++ if (pfd[1].revents & POLL_MASK_INPUT) { ++ ret = socket_event_poll_in(this); ++ if (ret >= 0) { ++ /* Suppress errors while making progress. */ ++ pfd[1].revents &= ~POLL_MASK_ERROR; ++ } ++ else if (errno == ENOTCONN) { ++ ret = 0; ++ } ++ } ++ else if (pfd[1].revents & POLL_MASK_OUTPUT) { ++ ret = socket_event_poll_out(this); ++ if (ret >= 0) { ++ /* Suppress errors while making progress. */ ++ pfd[1].revents &= ~POLL_MASK_ERROR; ++ } ++ else if (errno == ENOTCONN) { ++ ret = 0; ++ } ++ } ++ else { ++ /* ++ * This usually means that we left poll() because ++ * somebody pushed a byte onto our pipe. That wakeup ++ * is why the pipe is there, but once awake we can do ++ * all the checking we need on the next iteration. ++ */ ++ ret = 0; ++ } ++ if (pfd[1].revents & POLL_MASK_ERROR) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "poll error on socket"); ++ break; ++ } ++ if (ret < 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "error in polling loop"); ++ break; ++ } ++ } ++ ++ /* All (and only) I/O errors should come here. */ ++ __socket_disconnect (this); ++ rpc_transport_notify (this, RPC_TRANSPORT_DISCONNECT, this); ++ rpc_transport_unref (this); ++ return NULL; + } + + ++ + int + socket_server_event_handler (int fd, int idx, void *data, + int poll_in, int poll_out, int poll_err) + { +@@ -1812,21 +2126,8 @@ + priv->sock, strerror (errno)); + goto unlock; + } + +- if (!priv->bio) { +- ret = __socket_nonblock (new_sock); +- +- if (ret == -1) { +- gf_log (this->name, GF_LOG_WARNING, +- "NBIO on %d failed (%s)", +- new_sock, strerror (errno)); +- +- close (new_sock); +- goto unlock; +- } +- } +- + if (priv->nodelay) { + ret = __socket_nodelay (new_sock); + if (ret == -1) { + gf_log (this->name, GF_LOG_WARNING, +@@ -1871,9 +2172,13 @@ + goto unlock; + } + + get_transport_identifiers (new_trans); +- socket_init (new_trans); ++ ret = socket_init (new_trans); ++ if (ret != 0) { ++ close(new_sock); ++ goto unlock; ++ } + new_trans->ops = this->ops; + new_trans->init = this->init; + new_trans->fini = this->fini; + new_trans->ctx = ctx; +@@ -1882,22 +2187,63 @@ + new_trans->notify = this->notify; + new_trans->listener = this; + new_priv = new_trans->private; + ++ new_priv->use_ssl = priv->use_ssl; ++ new_priv->sock = new_sock; ++ new_priv->own_thread = priv->own_thread; ++ ++ if (priv->use_ssl) { ++ new_priv->ssl_ctx = priv->ssl_ctx; ++ if (ssl_setup_connection(new_trans,1) < 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "server setup failed"); ++ close(new_sock); ++ goto unlock; ++ } ++ } ++ ++ if (!priv->bio) { ++ ret = __socket_nonblock (new_sock); ++ ++ if (ret == -1) { ++ gf_log (this->name, GF_LOG_WARNING, ++ "NBIO on %d failed (%s)", ++ new_sock, strerror (errno)); ++ ++ close (new_sock); ++ goto unlock; ++ } ++ } ++ + pthread_mutex_lock (&new_priv->lock); + { +- new_priv->sock = new_sock; + new_priv->connected = 1; + rpc_transport_ref (new_trans); + +- new_priv->idx = +- event_register (ctx->event_pool, +- new_sock, +- socket_event_handler, +- new_trans, 1, 0); ++ if (new_priv->own_thread) { ++ if (pipe(new_priv->pipe) < 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not create pipe"); ++ } ++ if (pthread_create(&new_priv->thread, ++ NULL, socket_poller, ++ new_trans) != 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not create poll thread"); ++ } ++ } ++ else { ++ new_priv->idx = ++ event_register (ctx->event_pool, ++ new_sock, ++ socket_event_handler, ++ new_trans, ++ 1, 0); ++ if (new_priv->idx == -1) ++ ret = -1; ++ } + +- if (new_priv->idx == -1) +- ret = -1; + } + pthread_mutex_unlock (&new_priv->lock); + if (ret == -1) { + gf_log ("", GF_LOG_WARNING, +@@ -1984,8 +2330,24 @@ + + if (port > 0) + ((struct sockaddr_in *) (&sockaddr))->sin_port = htons (port); + ++ if (ntohs(((struct sockaddr_in *) (&sockaddr))->sin_port) == ++ GF_DEFAULT_SOCKET_LISTEN_PORT) { ++ if (priv->use_ssl) { ++ gf_log(this->name,GF_LOG_DEBUG, ++ "disabling SSL for portmapper connection"); ++ priv->use_ssl = _gf_false; ++ } ++ } ++ else { ++ if (priv->ssl_enabled && !priv->use_ssl) { ++ gf_log(this->name,GF_LOG_DEBUG, ++ "re-enabling SSL for I/O connection"); ++ priv->use_ssl = _gf_true; ++ } ++ } ++ + pthread_mutex_lock (&priv->lock); + { + if (priv->sock != -1) { + gf_log (this->name, GF_LOG_TRACE, +@@ -2034,21 +2396,8 @@ + strerror (errno)); + } + } + +- if (!priv->bio) { +- ret = __socket_nonblock (priv->sock); +- +- if (ret == -1) { +- gf_log (this->name, GF_LOG_ERROR, +- "NBIO on %d failed (%s)", +- priv->sock, strerror (errno)); +- close (priv->sock); +- priv->sock = -1; +- goto unlock; +- } +- } +- + if (priv->keepalive) { + ret = __socket_keepalive (priv->sock, + priv->keepaliveintvl, + priv->keepaliveidle); +@@ -2082,19 +2431,58 @@ + priv->sock = -1; + goto unlock; + } + +- priv->connected = 0; +- +- rpc_transport_ref (this); ++ if (priv->use_ssl) { ++ ret = ssl_setup_connection(this,0); ++ if (ret < 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "client setup failed"); ++ close(priv->sock); ++ priv->sock = -1; ++ goto unlock; ++ } ++ } ++ ++ if (!priv->bio) { ++ ret = __socket_nonblock (priv->sock); ++ ++ if (ret == -1) { ++ gf_log (this->name, GF_LOG_ERROR, ++ "NBIO on %d failed (%s)", ++ priv->sock, strerror (errno)); ++ close (priv->sock); ++ priv->sock = -1; ++ goto unlock; ++ } ++ } ++ ++ priv->connected = 0; ++ rpc_transport_ref (this); ++ ++ if (priv->own_thread) { ++ if (pipe(priv->pipe) < 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not create pipe"); ++ } ++ ++ if (pthread_create(&priv->thread,NULL, ++ socket_poller, this) != 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not create poll thread"); ++ } ++ } ++ else { ++ priv->idx = event_register (ctx->event_pool, priv->sock, ++ socket_event_handler, ++ this, 1, 1); ++ if (priv->idx == -1) { ++ gf_log ("", GF_LOG_WARNING, ++ "failed to register the event"); ++ ret = -1; ++ } ++ } + +- priv->idx = event_register (ctx->event_pool, priv->sock, +- socket_event_handler, this, 1, 1); +- if (priv->idx == -1) { +- gf_log ("", GF_LOG_WARNING, +- "failed to register the event"); +- ret = -1; +- } + } + unlock: + pthread_mutex_unlock (&priv->lock); + +@@ -2258,8 +2646,9 @@ + char need_poll_out = 0; + char need_append = 1; + struct ioq *entry = NULL; + glusterfs_ctx_t *ctx = NULL; ++ char a_byte = 'j'; + + GF_VALIDATE_OR_GOTO ("socket", this, out); + GF_VALIDATE_OR_GOTO ("socket", this->private, out); + +@@ -2283,23 +2672,33 @@ + if (!entry) + goto unlock; + + if (list_empty (&priv->ioq)) { +- ret = __socket_ioq_churn_entry (this, entry); ++ ret = __socket_ioq_churn_entry (this, entry, 1); + +- if (ret == 0) ++ if (ret == 0) { + need_append = 0; +- +- if (ret > 0) ++ } ++ if (ret > 0) { + need_poll_out = 1; ++ } + } + + if (need_append) { + list_add_tail (&entry->list, &priv->ioq); ++ if (priv->own_thread) { ++ /* ++ * Make sure the polling thread wakes up, by ++ * writing a byte to represent this entry. ++ */ ++ if (write(priv->pipe[1],&a_byte,1) < 1) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "write error on pipe"); ++ } ++ } + ret = 0; + } +- +- if (need_poll_out) { ++ if (!priv->own_thread && need_poll_out) { + /* first entry to wait. continue writing on POLLOUT */ + priv->idx = event_select_on (ctx->event_pool, + priv->sock, + priv->idx, -1, 1); +@@ -2321,8 +2720,9 @@ + char need_poll_out = 0; + char need_append = 1; + struct ioq *entry = NULL; + glusterfs_ctx_t *ctx = NULL; ++ char a_byte = 'd'; + + GF_VALIDATE_OR_GOTO ("socket", this, out); + GF_VALIDATE_OR_GOTO ("socket", this->private, out); + +@@ -2339,35 +2739,46 @@ + priv->submit_log = 1; + } + goto unlock; + } ++ + priv->submit_log = 0; + entry = __socket_ioq_new (this, &reply->msg); + if (!entry) + goto unlock; ++ + if (list_empty (&priv->ioq)) { +- ret = __socket_ioq_churn_entry (this, entry); ++ ret = __socket_ioq_churn_entry (this, entry, 1); + +- if (ret == 0) ++ if (ret == 0) { + need_append = 0; +- +- if (ret > 0) ++ } ++ if (ret > 0) { + need_poll_out = 1; ++ } + } + + if (need_append) { + list_add_tail (&entry->list, &priv->ioq); ++ if (priv->own_thread) { ++ /* ++ * Make sure the polling thread wakes up, by ++ * writing a byte to represent this entry. ++ */ ++ if (write(priv->pipe[1],&a_byte,1) < 1) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "write error on pipe"); ++ } ++ } + ret = 0; + } +- +- if (need_poll_out) { ++ if (!priv->own_thread && need_poll_out) { + /* first entry to wait. continue writing on POLLOUT */ + priv->idx = event_select_on (ctx->event_pool, + priv->sock, + priv->idx, -1, 1); + } + } +- + unlock: + pthread_mutex_unlock (&priv->lock); + + out: +@@ -2513,8 +2924,9 @@ + uint64_t windowsize = GF_DEFAULT_SOCKET_WINDOW_SIZE; + char *optstr = NULL; + uint32_t keepalive = 0; + uint32_t backlog = 0; ++ int session_id = 0; + + if (this->private) { + gf_log_callingfn (this->name, GF_LOG_ERROR, + "double init attempted"); +@@ -2627,12 +3039,131 @@ + priv->backlog = backlog; + } + + priv->windowsize = (int)windowsize; ++ ++ priv->ssl_enabled = _gf_false; ++ if (dict_get_str(this->options,SSL_ENABLED_OPT,&optstr) == 0) { ++ if (gf_string2boolean (optstr, &priv->ssl_enabled) != 0) { ++ gf_log (this->name, GF_LOG_ERROR, ++ "invalid value given for ssl-enabled boolean"); ++ } ++ } ++ ++ priv->ssl_own_cert = DEFAULT_CERT_PATH; ++ if (dict_get_str(this->options,SSL_OWN_CERT_OPT,&optstr) == 0) { ++ if (!priv->ssl_enabled) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "%s specified without %s (ignored)", ++ SSL_OWN_CERT_OPT, SSL_ENABLED_OPT); ++ } ++ priv->ssl_own_cert = optstr; ++ } ++ priv->ssl_own_cert = gf_strdup(priv->ssl_own_cert); ++ ++ priv->ssl_private_key = DEFAULT_KEY_PATH; ++ if (dict_get_str(this->options,SSL_PRIVATE_KEY_OPT,&optstr) == 0) { ++ if (!priv->ssl_enabled) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "%s specified without %s (ignored)", ++ SSL_PRIVATE_KEY_OPT, SSL_ENABLED_OPT); ++ } ++ priv->ssl_private_key = optstr; ++ } ++ priv->ssl_private_key = gf_strdup(priv->ssl_private_key); ++ ++ priv->ssl_ca_list = DEFAULT_CA_PATH; ++ if (dict_get_str(this->options,SSL_CA_LIST_OPT,&optstr) == 0) { ++ if (!priv->ssl_enabled) { ++ gf_log(this->name,GF_LOG_WARNING, ++ "%s specified without %s (ignored)", ++ SSL_CA_LIST_OPT, SSL_ENABLED_OPT); ++ } ++ priv->ssl_ca_list = optstr; ++ } ++ priv->ssl_ca_list = gf_strdup(priv->ssl_ca_list); ++ ++ gf_log(this->name,GF_LOG_INFO,"SSL support is %s", ++ priv->ssl_enabled ? "ENABLED" : "NOT enabled"); ++ /* ++ * This might get overridden temporarily in socket_connect (q.v.) ++ * if we're using the glusterd portmapper. ++ */ ++ priv->use_ssl = priv->ssl_enabled; ++ ++ priv->own_thread = priv->use_ssl; ++ if (dict_get_str(this->options,OWN_THREAD_OPT,&optstr) == 0) { ++ if (gf_string2boolean (optstr, &priv->own_thread) != 0) { ++ gf_log (this->name, GF_LOG_ERROR, ++ "invalid value given for own-thread boolean"); ++ } ++ } ++ gf_log(this->name,GF_LOG_INFO,"using %s polling thread", ++ priv->own_thread ? "private" : "system"); ++ ++ if (priv->use_ssl) { ++ SSL_library_init(); ++ SSL_load_error_strings(); ++ priv->ssl_meth = (SSL_METHOD *)TLSv1_method(); ++ priv->ssl_ctx = SSL_CTX_new(priv->ssl_meth); ++ ++ if (SSL_CTX_set_cipher_list(priv->ssl_ctx, ++ "HIGH:-SSLv2") == 0) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "failed to find any valid ciphers"); ++ goto err; ++ } ++ ++ if (!SSL_CTX_use_certificate_chain_file(priv->ssl_ctx, ++ priv->ssl_own_cert)) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not load our cert"); ++ goto err; ++ } ++ ++ if (!SSL_CTX_use_PrivateKey_file(priv->ssl_ctx, ++ priv->ssl_private_key, ++ SSL_FILETYPE_PEM)) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not load private key"); ++ goto err; ++ } ++ ++ if (!SSL_CTX_load_verify_locations(priv->ssl_ctx, ++ priv->ssl_ca_list,0)) { ++ gf_log(this->name,GF_LOG_ERROR, ++ "could not load CA list"); ++ goto err; ++ } ++ ++#if (OPENSSL_VERSION_NUMBER < 0x00905100L) ++ SSL_CTX_set_verify_depth(ctx,1); ++#endif ++ ++ priv->ssl_session_id = ++session_id; ++ SSL_CTX_set_session_id_context(priv->ssl_ctx, ++ (void *)&priv->ssl_session_id, ++ sizeof(priv->ssl_session_id)); ++ ++ SSL_CTX_set_verify(priv->ssl_ctx,SSL_VERIFY_PEER,0); ++ } ++ + out: + this->private = priv; +- + return 0; ++ ++err: ++ if (priv->ssl_own_cert) { ++ GF_FREE(priv->ssl_own_cert); ++ } ++ if (priv->ssl_private_key) { ++ GF_FREE(priv->ssl_private_key); ++ } ++ if (priv->ssl_ca_list) { ++ GF_FREE(priv->ssl_ca_list); ++ } ++ GF_FREE(priv); ++ return -1; + } + + + void +@@ -2656,8 +3187,17 @@ + gf_log (this->name, GF_LOG_TRACE, + "transport %p destroyed", this); + + pthread_mutex_destroy (&priv->lock); ++ if (priv->ssl_private_key) { ++ GF_FREE(priv->ssl_private_key); ++ } ++ if (priv->ssl_own_cert) { ++ GF_FREE(priv->ssl_own_cert); ++ } ++ if (priv->ssl_ca_list) { ++ GF_FREE(priv->ssl_ca_list); ++ } + GF_FREE (priv); + } + + this->private = NULL; +@@ -2731,6 +3271,18 @@ + }, + { .key = {"transport.socket.listen-backlog"}, + .type = GF_OPTION_TYPE_INT + }, ++ { .key = {SSL_OWN_CERT_OPT}, ++ .type = GF_OPTION_TYPE_STR ++ }, ++ { .key = {SSL_PRIVATE_KEY_OPT}, ++ .type = GF_OPTION_TYPE_STR ++ }, ++ { .key = {SSL_CA_LIST_OPT}, ++ .type = GF_OPTION_TYPE_STR ++ }, ++ { .key = {OWN_THREAD_OPT}, ++ .type = GF_OPTION_TYPE_BOOL ++ }, + { .key = {NULL} } + }; +--- rpc/rpc-transport/socket/src/socket.h.orig 2011-11-14 14:46:00.000000000 +0100 ++++ rpc/rpc-transport/socket/src/socket.h 2011-12-03 06:46:39.000000000 +0100 +@@ -19,8 +19,10 @@ + + #ifndef _SOCKET_H + #define _SOCKET_H + ++#include <openssl/ssl.h> ++#include <openssl/err.h> + + #ifndef _CONFIG_H + #define _CONFIG_H + #include "config.h" +@@ -192,8 +194,22 @@ + int keepalive; + int keepaliveidle; + int keepaliveintvl; + uint32_t backlog; ++ gf_boolean_t ssl_enabled; ++ gf_boolean_t use_ssl; ++ SSL_METHOD *ssl_meth; ++ SSL_CTX *ssl_ctx; ++ int ssl_session_id; ++ BIO *ssl_sbio; ++ SSL *ssl_ssl; ++ char *ssl_own_cert; ++ char *ssl_private_key; ++ char *ssl_ca_list; ++ pthread_t thread; ++ int pipe[2]; ++ gf_boolean_t own_thread; ++ volatile int socket_gen; + } socket_private_t; + + + #endif +--- xlators/mgmt/glusterd/src/glusterd-volgen.c.orig 2011-11-14 14:46:02.000000000 +0100 ++++ xlators/mgmt/glusterd/src/glusterd-volgen.c 2011-12-03 06:46:39.000000000 +0100 +@@ -187,8 +187,12 @@ + + {VKEY_FEATURES_QUOTA, "features/marker", "quota", "off", NO_DOC, OPT_FLAG_FORCE}, + {VKEY_FEATURES_LIMIT_USAGE, "features/quota", "limit-set", NULL, NO_DOC, 0}, + {"features.quota-timeout", "features/quota", "timeout", "0", DOC, 0}, ++ { "server.ssl", "protocol/server", ++"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, ++ { "client.ssl", "protocol/client", ++"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, + {NULL, } + }; + + diff --git a/filesystems/glusterfs/options.mk b/filesystems/glusterfs/options.mk index 40f98c4267f..ce3f4ebf817 100644 --- a/filesystems/glusterfs/options.mk +++ b/filesystems/glusterfs/options.mk @@ -1,7 +1,7 @@ -# $NetBSD: options.mk,v 1.5 2011/12/04 00:24:35 brook Exp $ +# $NetBSD: options.mk,v 1.6 2011/12/09 16:57:44 manu Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.glusterfs -PKG_SUPPORTED_OPTIONS= georeplication +PKG_SUPPORTED_OPTIONS= georeplication ssl .include "../../mk/bsd.options.mk" @@ -9,5 +9,18 @@ PKG_SUPPORTED_OPTIONS= georeplication CONFIGURE_ARGS+= --enable-georeplication PLIST_SRC+= ${PKGDIR}/PLIST.georeplication .else -CONFIGURE_ARGS+= --disable-georeplication +CONFIGURE_ARGS+= --disable-georeplication .endif + +.if !empty(PKG_OPTIONS:Mssl) +MESSAGE_SRC+= ${PKGDIR}/MESSAGE.ssl +USE_TOOLS+= patch +SSL_PATCH= ${FILESDIR}/ssl.patch +OPENSSL_SYSCONFDIR?= ${PKG_SYSCONFDIR}/openssl +CFLAGS+= -DDEFAULT_CERT_PATH=\"${OPENSSL_SYSCONFDIR}/certs/gluster.crt\" +CFLAGS+= -DDEFAULT_KEY_PATH=\"${OPENSSL_SYSCONFDIR}/private/gluster.key\" +CFLAGS+= -DDEFAULT_CA_PATH=\"${OPENSSL_SYSCONFDIR}/certs/gluster-ca.crt\" +post-patch: + ${PATCH} -d ${WRKSRC} --forward --quiet < ${SSL_PATCH} +.endif + diff --git a/filesystems/glusterfs/patches/patch-ae b/filesystems/glusterfs/patches/patch-ae index ad22ecba1de..480bdcfbe32 100644 --- a/filesystems/glusterfs/patches/patch-ae +++ b/filesystems/glusterfs/patches/patch-ae @@ -1,4 +1,4 @@ -$NetBSD: patch-ae,v 1.10 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-ae,v 1.11 2011/12/09 16:57:44 manu Exp $ On NetBSD use libperfuse(3), rename umount2(2) as unmount(2), and skip inexistant /etc/mtab management. diff --git a/filesystems/glusterfs/patches/patch-be b/filesystems/glusterfs/patches/patch-be index b1c0cf401cf..913657a853b 100644 --- a/filesystems/glusterfs/patches/patch-be +++ b/filesystems/glusterfs/patches/patch-be @@ -1,4 +1,4 @@ -$NetBSD: patch-be,v 1.7 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-be,v 1.8 2011/12/09 16:57:44 manu Exp $ basename() and dirname() are not supposed to be thread-safe, and NetBSD's implementation is not. glusterfs assume the functions are thread-safe. diff --git a/filesystems/glusterfs/patches/patch-bq b/filesystems/glusterfs/patches/patch-bq index 2c165002e07..7cfa6aac5f6 100644 --- a/filesystems/glusterfs/patches/patch-bq +++ b/filesystems/glusterfs/patches/patch-bq @@ -1,4 +1,4 @@ -$NetBSD: patch-bq,v 1.8 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-bq,v 1.9 2011/12/09 16:57:44 manu Exp $ Make sure gluseterfsd listens on the same address family as glusterd diff --git a/filesystems/glusterfs/patches/patch-br b/filesystems/glusterfs/patches/patch-br index e8678cc17cd..a3f028eeb8a 100644 --- a/filesystems/glusterfs/patches/patch-br +++ b/filesystems/glusterfs/patches/patch-br @@ -1,4 +1,4 @@ -$NetBSD: patch-br,v 1.9 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-br,v 1.10 2011/12/09 16:57:44 manu Exp $ Use linkat(2) if available so that we can make a hardlink to symlink itself, instead of symlink destination, like link(2) does. This is @@ -8,10 +8,12 @@ glusterfsd really wants to hardlink the symlink and not its target. If linkat(2) is inavailable, then moving a symlink on distributed volumes fails. -Correctly cas gfid when producing inode to avoid it getting garbled +Correctly cast gfid when producing inode to avoid it getting garbled + +Ignore .attribute because chaos occurs if it gets distributed --- xlators/storage/posix/src/posix.c.orig 2011-11-14 14:46:03.000000000 +0100 -+++ xlators/storage/posix/src/posix.c 2011-11-27 10:09:03.000000000 +0100 ++++ xlators/storage/posix/src/posix.c 2011-12-09 03:45:17.000000000 +0100 @@ -36,8 +36,12 @@ #ifndef GF_BSD_HOST_OS #include <alloca.h> @@ -71,7 +73,30 @@ Correctly cas gfid when producing inode to avoid it getting garbled op_errno = errno; gf_log (this->name, GF_LOG_ERROR, "link %s to %s failed: %s", -@@ -4455,14 +4475,15 @@ +@@ -4329,8 +4349,22 @@ + if ((!strcmp (real_path, base_path)) + && (!strcmp (entry->d_name, GF_REPLICATE_TRASH_DIR))) + continue; + ++#ifdef __NetBSD__ ++ /* ++ * NetBSD with UFS1 backend uses backing files for ++ * extended attributes. They can be found in a ++ * .attribute file located at the root of the filesystem ++ * We hide it to glusterfs clients, since chaos will occur ++ * when the cluster/dht xlator decides to distribute ++ * exended attribute backing file accross storage servers. ++ */ ++ if ((!strcmp(real_path, base_path)) ++ && (!strcmp(entry->d_name, ".attribute"))) ++ continue; ++#endif /* __NetBSD__ */ ++ + if ((!strcmp (real_path, base_path)) + && (!strncmp (GF_HIDDEN_PATH, entry->d_name, + strlen (GF_HIDDEN_PATH)))) { + snprintf (hidden_path, PATH_MAX, "%s/%s", real_path, +@@ -4455,14 +4489,15 @@ /* pick ENOENT to indicate EOF */ op_errno = errno; diff --git a/filesystems/glusterfs/patches/patch-bw b/filesystems/glusterfs/patches/patch-bw index 233bdb0a70f..e3531522b04 100644 --- a/filesystems/glusterfs/patches/patch-bw +++ b/filesystems/glusterfs/patches/patch-bw @@ -1,4 +1,4 @@ -$NetBSD: patch-bw,v 1.2 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-bw,v 1.3 2011/12/09 16:57:44 manu Exp $ usleep(3) shall not be called with argument higher than 1s diff --git a/filesystems/glusterfs/patches/patch-bx b/filesystems/glusterfs/patches/patch-bx index 37609ef33cd..9a60742a279 100644 --- a/filesystems/glusterfs/patches/patch-bx +++ b/filesystems/glusterfs/patches/patch-bx @@ -1,4 +1,4 @@ -$NetBSD: patch-bx,v 1.2 2011/11/28 08:42:39 manu Exp $ +$NetBSD: patch-bx,v 1.3 2011/12/09 16:57:44 manu Exp $ glusterfs may need lots of data, raise the limit and hope there's enough ram ... diff --git a/filesystems/glusterfs/patches/patch-ca b/filesystems/glusterfs/patches/patch-ca new file mode 100644 index 00000000000..ee7e07e4ad7 --- /dev/null +++ b/filesystems/glusterfs/patches/patch-ca @@ -0,0 +1,25 @@ +$NetBSD: patch-ca,v 1.1 2011/12/09 16:57:44 manu Exp $ + +Fix race condition, pulled from upstream +http://review.gluster.com/#change,77 + +--- glusterfsd/src/glusterfsd-mgmt.c.orig 2011-12-02 03:08:11.000000000 +0100 ++++ glusterfsd/src/glusterfsd-mgmt.c 2011-12-03 04:02:52.000000000 +0100 +@@ -889,13 +889,13 @@ + gf_log ("", GF_LOG_WARNING, "failed to register callback function"); + goto out; + } + +- ret = rpc_clnt_start (rpc); +- if (ret) +- goto out; +- ++ /* This value should be set before doing the 'rpc_clnt_start()' as ++ the notify function uses this variable */ + ctx->mgmt = rpc; ++ ++ ret = rpc_clnt_start (rpc); + out: + return ret; + } + diff --git a/filesystems/glusterfs/patches/patch-cb b/filesystems/glusterfs/patches/patch-cb new file mode 100644 index 00000000000..cde360136e6 --- /dev/null +++ b/filesystems/glusterfs/patches/patch-cb @@ -0,0 +1,17 @@ +$NetBSD: patch-cb,v 1.1 2011/12/09 16:57:44 manu Exp $ + +Workaround SIGSEGV caused by race conditions when starting glusterd + +--- libglusterfs/src/list.h.orig 2011-12-03 08:24:04.000000000 +0100 ++++ libglusterfs/src/list.h 2011-12-03 08:41:06.000000000 +0100 +@@ -94,9 +94,9 @@ + + static inline int + list_empty (struct list_head *head) + { +- return (head->next == head); ++ return (!(head->next) || (head->next == head)); + } + + + static inline void |