From aa91b8005107c71cc9864f70123b7b432e465bee Mon Sep 17 00:00:00 2001 From: manu Date: Fri, 16 Dec 2011 05:40:46 +0000 Subject: - SSL bug fixes - Use secondary groups --- filesystems/glusterfs/Makefile | 4 +- filesystems/glusterfs/distinfo | 5 +- filesystems/glusterfs/files/ssl.patch | 264 +++++++++++++++++++++++---------- filesystems/glusterfs/patches/patch-bw | 2 +- filesystems/glusterfs/patches/patch-bx | 2 +- filesystems/glusterfs/patches/patch-ca | 2 +- filesystems/glusterfs/patches/patch-cb | 17 --- filesystems/glusterfs/patches/patch-cc | 31 ++++ filesystems/glusterfs/patches/patch-ce | 75 ++++++++++ 9 files changed, 296 insertions(+), 106 deletions(-) delete mode 100644 filesystems/glusterfs/patches/patch-cb create mode 100644 filesystems/glusterfs/patches/patch-cc create mode 100644 filesystems/glusterfs/patches/patch-ce (limited to 'filesystems') diff --git a/filesystems/glusterfs/Makefile b/filesystems/glusterfs/Makefile index fd442524a9d..d6e5518e5e7 100644 --- a/filesystems/glusterfs/Makefile +++ b/filesystems/glusterfs/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.25 2011/12/09 16:57:44 manu Exp $ +# $NetBSD: Makefile,v 1.26 2011/12/16 05:40:46 manu Exp $ # DISTNAME= glusterfs-3.2.5 -PKGREVISION= 4 +PKGREVISION= 9 CATEGORIES= filesystems MASTER_SITES= http://download.gluster.com/pub/gluster/glusterfs/3.2/3.2.5/ diff --git a/filesystems/glusterfs/distinfo b/filesystems/glusterfs/distinfo index 4a705f61bd1..0af267f0bf2 100644 --- a/filesystems/glusterfs/distinfo +++ b/filesystems/glusterfs/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.22 2011/12/09 16:57:44 manu Exp $ +$NetBSD: distinfo,v 1.23 2011/12/16 05:40:46 manu Exp $ SHA1 (glusterfs-3.2.5.tar.gz) = 10f2e81ec7f118432c279236509fc3d89ab8f690 RMD160 (glusterfs-3.2.5.tar.gz) = 13d0f8c1a2a1e7d39a43899bc9d09f7f13fea844 @@ -32,4 +32,5 @@ SHA1 (patch-bv) = 2c3b654e5858bf0948307ca6ae7048e276fca9ef SHA1 (patch-bw) = dca12eb81163fd1a0ada13165e990ddcb8fefbf2 SHA1 (patch-bx) = b2aca473091bb64d14c6da046379d33ca8a5785e SHA1 (patch-ca) = 7b87f5b1a34eaa9a74f21bc40c794585817070ae -SHA1 (patch-cb) = 5f574e743869478efd0a8bc958ea7dd8fbcad57a +SHA1 (patch-cc) = ed6b1fe1860514bfae944c74589d5c4bb8e78177 +SHA1 (patch-ce) = a1bfec3d057a27cefc4eb70d46a42202637d973f diff --git a/filesystems/glusterfs/files/ssl.patch b/filesystems/glusterfs/files/ssl.patch index 7c2f2b6321b..eb598906ad4 100644 --- a/filesystems/glusterfs/files/ssl.patch +++ b/filesystems/glusterfs/files/ssl.patch @@ -1,10 +1,84 @@ -$NetBSD: ssl.patch,v 1.1 2011/12/09 16:57:44 manu Exp $ +$NetBSD: ssl.patch,v 1.2 2011/12/16 05:40:46 manu Exp $ SSL support pulled from not yet committed upstream patch http://review.gluster.com/#change,362 ---- rpc/rpc-transport/socket/src/Makefile.am.orig 2011-11-14 14:46:00.000000000 +0100 -+++ rpc/rpc-transport/socket/src/Makefile.am 2011-12-03 06:46:39.000000000 +0100 +--- ./xlators/performance/write-behind/src/write-behind.c.orig 2011-11-14 14:46:02.000000000 +0100 ++++ ./xlators/performance/write-behind/src/write-behind.c 2011-12-15 03:22:43.000000000 +0100 +@@ -371,8 +371,13 @@ + + local = frame->local; + winds = &local->winds; + ++ /* ++ * I don't know how we get here without "local" being valid, but we ++ * do sometimes during disconnect processing. ++ */ ++ GF_VALIDATE_OR_GOTO (this->name, local, out); + file = local->file; + GF_VALIDATE_OR_GOTO (this->name, file, out); + + LOCK (&file->lock); +--- ./xlators/mgmt/glusterd/src/glusterd-volgen.c.orig 2011-11-14 14:46:02.000000000 +0100 ++++ ./xlators/mgmt/glusterd/src/glusterd-volgen.c 2011-12-14 20:47:10.000000000 +0100 +@@ -187,8 +187,12 @@ + + {VKEY_FEATURES_QUOTA, "features/marker", "quota", "off", NO_DOC, OPT_FLAG_FORCE}, + {VKEY_FEATURES_LIMIT_USAGE, "features/quota", "limit-set", NULL, NO_DOC, 0}, + {"features.quota-timeout", "features/quota", "timeout", "0", DOC, 0}, ++ { "server.ssl", "protocol/server", ++"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, ++ { "client.ssl", "protocol/client", ++"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, + {NULL, } + }; + + +--- ./xlators/mgmt/glusterd/src/glusterd.c.orig 2011-12-15 03:16:25.000000000 +0100 ++++ ./xlators/mgmt/glusterd/src/glusterd.c 2011-12-15 03:17:31.000000000 +0100 +@@ -691,16 +691,21 @@ + ret = configure_syncdaemon (conf); + if (ret) + goto out; + +- ret = glusterd_restore (); +- if (ret < 0) +- goto out; + + glusterd_friend_sm_init (); + glusterd_op_sm_init (); + glusterd_opinfo_init (); + ++ /* ++ * This uses some of the fields initialized in glusterd_*_init, so ++ * do it *after* those. ++ */ ++ ret = glusterd_restore (); ++ if (ret < 0) ++ goto out; ++ + ret = glusterd_handle_upgrade_downgrade (this->options, conf); + if (ret) + goto out; + +--- ./xlators/protocol/server/src/server3_1-fops.c.orig 2011-11-14 14:46:03.000000000 +0100 ++++ ./xlators/protocol/server/src/server3_1-fops.c 2011-12-14 20:47:10.000000000 +0100 +@@ -3129,8 +3129,13 @@ + goto out; + } + + conn = req->trans->xl_private; ++ if (!conn) { ++ /* Handshake is not complete yet. */ ++ req->rpc_err = SYSTEM_ERR; ++ goto out; ++ } + gf_fd_put (conn->fdtable, args.fd); + + server_submit_reply (NULL, req, &rsp, NULL, 0, NULL, + xdr_serialize_common_rsp); +--- ./rpc/rpc-transport/socket/src/Makefile.am.orig 2011-11-14 14:46:00.000000000 +0100 ++++ ./rpc/rpc-transport/socket/src/Makefile.am 2011-12-14 20:47:10.000000000 +0100 @@ -2,9 +2,9 @@ rpctransport_LTLIBRARIES = socket.la @@ -16,8 +90,8 @@ http://review.gluster.com/#change,362 socket_la_SOURCES = socket.c name.c socket_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la ---- rpc/rpc-transport/socket/src/Makefile.in.orig 2011-11-14 14:46:14.000000000 +0100 -+++ rpc/rpc-transport/socket/src/Makefile.in 2011-12-03 06:46:39.000000000 +0100 +--- ./rpc/rpc-transport/socket/src/Makefile.in.orig 2011-11-14 14:46:14.000000000 +0100 ++++ ./rpc/rpc-transport/socket/src/Makefile.in 2011-12-14 20:47:10.000000000 +0100 @@ -226,9 +226,9 @@ target_alias = @target_alias@ noinst_HEADERS = socket.h name.h @@ -29,15 +103,15 @@ http://review.gluster.com/#change,362 socket_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la AM_CFLAGS = -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall -D$(GF_HOST_OS)\ -I$(top_srcdir)/libglusterfs/src -I$(top_srcdir)/rpc/rpc-lib/src/ \ ---- rpc/rpc-transport/socket/src/socket.c.orig 2011-12-07 02:20:01.000000000 +0100 -+++ rpc/rpc-transport/socket/src/socket.c 2011-12-07 02:19:21.000000000 +0100 -@@ -42,12 +42,36 @@ +--- ./rpc/rpc-transport/socket/src/socket.c.orig 2011-12-14 20:46:23.000000000 +0100 ++++ ./rpc/rpc-transport/socket/src/socket.c 2011-12-15 03:31:03.000000000 +0100 +@@ -42,12 +42,35 @@ #include #include #include #include +- +#include - #define GF_LOG_ERRNO(errno) ((errno == ENOTCONN) ? GF_LOG_DEBUG : GF_LOG_ERROR) #define SA(ptr) ((struct sockaddr *)ptr) @@ -47,6 +121,7 @@ http://review.gluster.com/#change,362 +#define SSL_CA_LIST_OPT "transport.socket.ssl-ca-list" +#define OWN_THREAD_OPT "transport.socket.own-thread" + ++/* TBD: do automake substitutions etc. (ick) to set these. */ +#if !defined(DEFAULT_CERT_PATH) +#define DEFAULT_CERT_PATH "/etc/ssl/glusterfs.pem" +#endif @@ -63,12 +138,11 @@ http://review.gluster.com/#change,362 + +typedef int SSL_unary_func (SSL *); +typedef int SSL_trinary_func (SSL *, void *, int); -+ #define __socket_proto_reset_pending(priv) do { \ memset (&priv->incoming.frag.vector, 0, \ sizeof (priv->incoming.frag.vector)); \ -@@ -132,11 +156,143 @@ +@@ -132,11 +155,158 @@ } \ __socket_proto_update_priv_after_read (priv, ret, bytes_read); \ } @@ -102,9 +176,24 @@ http://review.gluster.com/#change,362 + + for (;;) { + if (buf) { ++ if (priv->connected == -1) { ++ /* ++ * Fields in the SSL structure (especially ++ * the BIO pointers) are not valid at this ++ * point, so we'll segfault if we pass them ++ * to SSL_read/SSL_write. ++ */ ++ gf_log(this->name,GF_LOG_INFO, ++ "lost connection in %s", __func__); ++ break; ++ } + r = func(priv->ssl_ssl,buf,len); + } + else { ++ /* ++ * We actually need these functions to get to ++ * priv->connected == 1. ++ */ + r = ((SSL_unary_func *)func)(priv->ssl_ssl); + } + switch (SSL_get_error(priv->ssl_ssl,r)) { @@ -213,7 +302,7 @@ http://review.gluster.com/#change,362 * return value: * 0 = success (completed) * -1 = error -@@ -167,19 +323,43 @@ +@@ -167,19 +337,43 @@ if (bytes != NULL) { *bytes = 0; } @@ -221,11 +310,11 @@ http://review.gluster.com/#change,362 - while (opcount) { + while (opcount > 0) { + if (opvector->iov_len == 0) { -+ gf_log(this->name,GF_LOG_WARNING, ++ gf_log(this->name,GF_LOG_DEBUG, + "would have passed zero length to read/write"); + ++opvector; + --opcount; -+ break; ++ continue; + } if (write) { - ret = writev (sock, opvector, opcount); @@ -260,7 +349,7 @@ http://review.gluster.com/#change,362 /* done for now */ break; } -@@ -201,8 +381,11 @@ +@@ -201,8 +395,11 @@ gf_log (this->name, GF_LOG_WARNING, "%s failed (%s)", write ? "writev" : "readv", @@ -272,13 +361,13 @@ http://review.gluster.com/#change,362 break; } -@@ -212,8 +395,19 @@ +@@ -212,8 +409,19 @@ moved = 0; while (moved < ret) { + if (!opcount) { -+ gf_log(this->name,GF_LOG_WARNING, ++ gf_log(this->name,GF_LOG_DEBUG, + "ran out of iov, moved %d/%d", + moved, ret); + goto ran_out; @@ -292,7 +381,7 @@ http://review.gluster.com/#change,362 moved += opvector[0].iov_len; opvector++; opcount--; -@@ -221,15 +415,13 @@ +@@ -221,15 +429,13 @@ opvector[0].iov_len -= (ret - moved); opvector[0].iov_base += (ret - moved); moved += (ret - moved); @@ -310,7 +399,7 @@ http://review.gluster.com/#change,362 *pending_vector = opvector; if (pending_count) -@@ -287,8 +479,22 @@ +@@ -287,8 +493,22 @@ gf_log (this->name, GF_LOG_DEBUG, "shutdown() returned %d. %s", ret, strerror (errno)); @@ -333,7 +422,7 @@ http://review.gluster.com/#change,362 out: return ret; -@@ -364,9 +570,8 @@ +@@ -364,9 +584,8 @@ return ret; } @@ -343,7 +432,7 @@ http://review.gluster.com/#change,362 __socket_nodelay (int fd) { int on = 1; -@@ -620,11 +825,13 @@ +@@ -620,11 +839,13 @@ } @@ -359,7 +448,7 @@ http://review.gluster.com/#change,362 ret = __socket_writev (this, entry->pending_vector, entry->pending_count, &entry->pending_vector, -@@ -633,8 +840,20 @@ +@@ -633,8 +854,20 @@ if (ret == 0) { /* current entry was completely written */ GF_ASSERT (entry->pending_count == 0); @@ -380,7 +469,7 @@ http://review.gluster.com/#change,362 return ret; } -@@ -655,15 +874,15 @@ +@@ -655,15 +888,15 @@ while (!list_empty (&priv->ioq)) { /* pick next entry */ entry = priv->ioq_next; @@ -398,7 +487,7 @@ http://review.gluster.com/#change,362 priv->idx = event_select_on (this->ctx->event_pool, priv->sock, priv->idx, -1, 0); } -@@ -1645,9 +1864,8 @@ +@@ -1645,9 +1878,8 @@ if (pollin != NULL) { ret = rpc_transport_notify (this, RPC_TRANSPORT_MSG_RECEIVED, @@ -408,7 +497,18 @@ http://review.gluster.com/#change,362 } return ret; -@@ -1730,11 +1948,11 @@ +@@ -1668,9 +1900,9 @@ + priv = this->private; + + pthread_mutex_lock (&priv->lock); + { +- if (priv->connected) ++ if (priv->connected != 0) + goto unlock; + + ret = __socket_connect_finish (priv->sock); + +@@ -1730,11 +1962,11 @@ int socket_event_handler (int fd, int idx, void *data, int poll_in, int poll_out, int poll_err) @@ -422,7 +522,7 @@ http://review.gluster.com/#change,362 this = data; GF_VALIDATE_OR_GOTO ("socket", this, out); GF_VALIDATE_OR_GOTO ("socket", this->private, out); -@@ -1742,18 +1960,15 @@ +@@ -1742,18 +1974,15 @@ THIS = this->xl; priv = this->private; @@ -437,12 +537,12 @@ http://review.gluster.com/#change,362 - if (!priv->connected) { - ret = socket_connect_finish (this); - } -+ ret = priv->connected ? 0 : socket_connect_finish(this); ++ ret = (priv->connected == 1) ? 0 : socket_connect_finish(this); if (!ret && poll_out) { ret = socket_event_poll_out (this); } -@@ -1767,15 +1982,114 @@ +@@ -1767,15 +1996,114 @@ gf_log ("transport", ((ret >= 0) ? GF_LOG_INFO : GF_LOG_DEBUG), "disconnecting now"); socket_event_poll_err (this); @@ -468,7 +568,7 @@ http://review.gluster.com/#change,362 + + orig_gen = ++(priv->socket_gen); + -+ if (!priv->connected) { ++ if (priv->connected == 0) { + THIS = this->xl; + ret = socket_connect_finish (this); + } @@ -559,7 +659,7 @@ http://review.gluster.com/#change,362 socket_server_event_handler (int fd, int idx, void *data, int poll_in, int poll_out, int poll_err) { -@@ -1812,21 +2126,8 @@ +@@ -1812,21 +2140,8 @@ priv->sock, strerror (errno)); goto unlock; } @@ -581,22 +681,22 @@ http://review.gluster.com/#change,362 ret = __socket_nodelay (new_sock); if (ret == -1) { gf_log (this->name, GF_LOG_WARNING, -@@ -1871,9 +2172,13 @@ +@@ -1871,9 +2186,13 @@ goto unlock; } get_transport_identifiers (new_trans); - socket_init (new_trans); + ret = socket_init (new_trans); -+ if (ret != 0) { -+ close(new_sock); -+ goto unlock; -+ } ++ if (ret != 0) { ++ close(new_sock); ++ goto unlock; ++ } new_trans->ops = this->ops; new_trans->init = this->init; new_trans->fini = this->fini; new_trans->ctx = ctx; -@@ -1882,22 +2187,63 @@ +@@ -1882,22 +2201,63 @@ new_trans->notify = this->notify; new_trans->listener = this; new_priv = new_trans->private; @@ -668,32 +768,32 @@ http://review.gluster.com/#change,362 pthread_mutex_unlock (&new_priv->lock); if (ret == -1) { gf_log ("", GF_LOG_WARNING, -@@ -1984,8 +2330,24 @@ +@@ -1984,8 +2344,24 @@ if (port > 0) ((struct sockaddr_in *) (&sockaddr))->sin_port = htons (port); -+ if (ntohs(((struct sockaddr_in *) (&sockaddr))->sin_port) == -+ GF_DEFAULT_SOCKET_LISTEN_PORT) { -+ if (priv->use_ssl) { -+ gf_log(this->name,GF_LOG_DEBUG, -+ "disabling SSL for portmapper connection"); -+ priv->use_ssl = _gf_false; -+ } -+ } -+ else { -+ if (priv->ssl_enabled && !priv->use_ssl) { -+ gf_log(this->name,GF_LOG_DEBUG, -+ "re-enabling SSL for I/O connection"); -+ priv->use_ssl = _gf_true; -+ } -+ } ++ if (ntohs(((struct sockaddr_in *) (&sockaddr))->sin_port) == ++ GF_DEFAULT_SOCKET_LISTEN_PORT) { ++ if (priv->use_ssl) { ++ gf_log(this->name,GF_LOG_DEBUG, ++ "disabling SSL for portmapper connection"); ++ priv->use_ssl = _gf_false; ++ } ++ } ++ else { ++ if (priv->ssl_enabled && !priv->use_ssl) { ++ gf_log(this->name,GF_LOG_DEBUG, ++ "re-enabling SSL for I/O connection"); ++ priv->use_ssl = _gf_true; ++ } ++ } + pthread_mutex_lock (&priv->lock); { if (priv->sock != -1) { gf_log (this->name, GF_LOG_TRACE, -@@ -2034,21 +2396,8 @@ +@@ -2034,21 +2410,8 @@ strerror (errno)); } } @@ -715,14 +815,12 @@ http://review.gluster.com/#change,362 ret = __socket_keepalive (priv->sock, priv->keepaliveintvl, priv->keepaliveidle); -@@ -2082,19 +2431,58 @@ +@@ -2082,19 +2445,58 @@ priv->sock = -1; goto unlock; } - priv->connected = 0; -- -- rpc_transport_ref (this); + if (priv->use_ssl) { + ret = ssl_setup_connection(this,0); + if (ret < 0) { @@ -773,6 +871,8 @@ http://review.gluster.com/#change,362 + } + } +- rpc_transport_ref (this); +- - priv->idx = event_register (ctx->event_pool, priv->sock, - socket_event_handler, this, 1, 1); - if (priv->idx == -1) { @@ -784,7 +884,7 @@ http://review.gluster.com/#change,362 unlock: pthread_mutex_unlock (&priv->lock); -@@ -2258,8 +2646,9 @@ +@@ -2258,8 +2660,9 @@ char need_poll_out = 0; char need_append = 1; struct ioq *entry = NULL; @@ -794,7 +894,7 @@ http://review.gluster.com/#change,362 GF_VALIDATE_OR_GOTO ("socket", this, out); GF_VALIDATE_OR_GOTO ("socket", this->private, out); -@@ -2283,23 +2672,33 @@ +@@ -2283,23 +2686,33 @@ if (!entry) goto unlock; @@ -834,7 +934,7 @@ http://review.gluster.com/#change,362 priv->idx = event_select_on (ctx->event_pool, priv->sock, priv->idx, -1, 1); -@@ -2321,8 +2720,9 @@ +@@ -2321,8 +2734,9 @@ char need_poll_out = 0; char need_append = 1; struct ioq *entry = NULL; @@ -844,7 +944,7 @@ http://review.gluster.com/#change,362 GF_VALIDATE_OR_GOTO ("socket", this, out); GF_VALIDATE_OR_GOTO ("socket", this->private, out); -@@ -2339,35 +2739,46 @@ +@@ -2339,35 +2753,46 @@ priv->submit_log = 1; } goto unlock; @@ -898,7 +998,7 @@ http://review.gluster.com/#change,362 pthread_mutex_unlock (&priv->lock); out: -@@ -2513,8 +2924,9 @@ +@@ -2513,8 +2938,9 @@ uint64_t windowsize = GF_DEFAULT_SOCKET_WINDOW_SIZE; char *optstr = NULL; uint32_t keepalive = 0; @@ -908,7 +1008,7 @@ http://review.gluster.com/#change,362 if (this->private) { gf_log_callingfn (this->name, GF_LOG_ERROR, "double init attempted"); -@@ -2627,12 +3039,131 @@ +@@ -2627,12 +3053,131 @@ priv->backlog = backlog; } @@ -1041,7 +1141,7 @@ http://review.gluster.com/#change,362 void -@@ -2656,8 +3187,17 @@ +@@ -2656,8 +3201,17 @@ gf_log (this->name, GF_LOG_TRACE, "transport %p destroyed", this); @@ -1059,11 +1159,14 @@ http://review.gluster.com/#change,362 } this->private = NULL; -@@ -2731,6 +3271,18 @@ +@@ -2731,6 +3285,21 @@ }, { .key = {"transport.socket.listen-backlog"}, .type = GF_OPTION_TYPE_INT }, ++ { .key = {SSL_ENABLED_OPT}, ++ .type = GF_OPTION_TYPE_BOOL ++ }, + { .key = {SSL_OWN_CERT_OPT}, + .type = GF_OPTION_TYPE_STR + }, @@ -1078,8 +1181,8 @@ http://review.gluster.com/#change,362 + }, { .key = {NULL} } }; ---- rpc/rpc-transport/socket/src/socket.h.orig 2011-11-14 14:46:00.000000000 +0100 -+++ rpc/rpc-transport/socket/src/socket.h 2011-12-03 06:46:39.000000000 +0100 +--- ./rpc/rpc-transport/socket/src/socket.h.orig 2011-11-14 14:46:00.000000000 +0100 ++++ ./rpc/rpc-transport/socket/src/socket.h 2011-12-14 20:47:10.000000000 +0100 @@ -19,8 +19,10 @@ #ifndef _SOCKET_H @@ -1091,7 +1194,19 @@ http://review.gluster.com/#change,362 #ifndef _CONFIG_H #define _CONFIG_H #include "config.h" -@@ -192,8 +194,22 @@ +@@ -143,9 +145,10 @@ + + typedef struct { + int32_t sock; + int32_t idx; +- unsigned char connected; // -1 = not connected. 0 = in progress. 1 = connected ++ // -1 = not connected. 0 = in progress. 1 = connected ++ unsigned char connected; + char bio; + char connect_finish_log; + char submit_log; + union { +@@ -192,8 +195,22 @@ int keepalive; int keepaliveidle; int keepaliveintvl; @@ -1114,18 +1229,3 @@ http://review.gluster.com/#change,362 #endif ---- xlators/mgmt/glusterd/src/glusterd-volgen.c.orig 2011-11-14 14:46:02.000000000 +0100 -+++ xlators/mgmt/glusterd/src/glusterd-volgen.c 2011-12-03 06:46:39.000000000 +0100 -@@ -187,8 +187,12 @@ - - {VKEY_FEATURES_QUOTA, "features/marker", "quota", "off", NO_DOC, OPT_FLAG_FORCE}, - {VKEY_FEATURES_LIMIT_USAGE, "features/quota", "limit-set", NULL, NO_DOC, 0}, - {"features.quota-timeout", "features/quota", "timeout", "0", DOC, 0}, -+ { "server.ssl", "protocol/server", -+"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, -+ { "client.ssl", "protocol/client", -+"transport.socket.ssl-enabled", NULL, NO_DOC, 0}, - {NULL, } - }; - - diff --git a/filesystems/glusterfs/patches/patch-bw b/filesystems/glusterfs/patches/patch-bw index e3531522b04..875aebf69b3 100644 --- a/filesystems/glusterfs/patches/patch-bw +++ b/filesystems/glusterfs/patches/patch-bw @@ -1,4 +1,4 @@ -$NetBSD: patch-bw,v 1.3 2011/12/09 16:57:44 manu Exp $ +$NetBSD: patch-bw,v 1.4 2011/12/16 05:40:46 manu Exp $ usleep(3) shall not be called with argument higher than 1s diff --git a/filesystems/glusterfs/patches/patch-bx b/filesystems/glusterfs/patches/patch-bx index 9a60742a279..624a3e54b4a 100644 --- a/filesystems/glusterfs/patches/patch-bx +++ b/filesystems/glusterfs/patches/patch-bx @@ -1,4 +1,4 @@ -$NetBSD: patch-bx,v 1.3 2011/12/09 16:57:44 manu Exp $ +$NetBSD: patch-bx,v 1.4 2011/12/16 05:40:46 manu Exp $ glusterfs may need lots of data, raise the limit and hope there's enough ram ... diff --git a/filesystems/glusterfs/patches/patch-ca b/filesystems/glusterfs/patches/patch-ca index ee7e07e4ad7..6327b32a52b 100644 --- a/filesystems/glusterfs/patches/patch-ca +++ b/filesystems/glusterfs/patches/patch-ca @@ -1,4 +1,4 @@ -$NetBSD: patch-ca,v 1.1 2011/12/09 16:57:44 manu Exp $ +$NetBSD: patch-ca,v 1.2 2011/12/16 05:40:46 manu Exp $ Fix race condition, pulled from upstream http://review.gluster.com/#change,77 diff --git a/filesystems/glusterfs/patches/patch-cb b/filesystems/glusterfs/patches/patch-cb deleted file mode 100644 index cde360136e6..00000000000 --- a/filesystems/glusterfs/patches/patch-cb +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-cb,v 1.1 2011/12/09 16:57:44 manu Exp $ - -Workaround SIGSEGV caused by race conditions when starting glusterd - ---- libglusterfs/src/list.h.orig 2011-12-03 08:24:04.000000000 +0100 -+++ libglusterfs/src/list.h 2011-12-03 08:41:06.000000000 +0100 -@@ -94,9 +94,9 @@ - - static inline int - list_empty (struct list_head *head) - { -- return (head->next == head); -+ return (!(head->next) || (head->next == head)); - } - - - static inline void diff --git a/filesystems/glusterfs/patches/patch-cc b/filesystems/glusterfs/patches/patch-cc new file mode 100644 index 00000000000..63e68337bde --- /dev/null +++ b/filesystems/glusterfs/patches/patch-cc @@ -0,0 +1,31 @@ +$NetBSD: patch-cc,v 1.1 2011/12/16 05:40:46 manu Exp $ + +Fix from upstram: http://review.gluster.com/#change,784 + +--- xlators/protocol/client/src/client3_1-fops.c.orig 2011-11-14 14:46:02.000000000 +0100 ++++ xlators/protocol/client/src/client3_1-fops.c 2011-12-14 15:56:06.000000000 +0100 +@@ -3613,14 +3613,21 @@ + ret = client_submit_vec_request (this, &req, frame, conf->fops, GFS3_OP_WRITE, + client3_1_writev_cbk, + args->vector, args->count, + args->iobref, xdr_from_writev_req); +- if (ret) +- goto unwind; ++ if (ret) { ++ /* ++ * If the lower layers fail to submit a request, they'll also ++ * do the unwind for us (see rpc_clnt_submit), so don't unwind ++ * here in such cases. ++ */ ++ gf_log (this->name, GF_LOG_WARNING, ++ "failed to send the fop: %s", strerror (op_errno)); ++ } + + return 0; ++ + unwind: +- gf_log (this->name, GF_LOG_WARNING, "failed to send the fop: %s", strerror (op_errno)); + STACK_UNWIND_STRICT (writev, frame, -1, op_errno, NULL, NULL); + return 0; + } + diff --git a/filesystems/glusterfs/patches/patch-ce b/filesystems/glusterfs/patches/patch-ce new file mode 100644 index 00000000000..e290e04fde7 --- /dev/null +++ b/filesystems/glusterfs/patches/patch-ce @@ -0,0 +1,75 @@ +$NetBSD: patch-ce,v 1.1 2011/12/16 05:40:46 manu Exp $ + +Fetch secondary groups using sysctl(2) instead of /proc, to avoid +deadlocks + +--- xlators/mount/fuse/src/fuse-helpers.c.orig 2011-11-14 14:46:02.000000000 +0100 ++++ xlators/mount/fuse/src/fuse-helpers.c 2011-12-15 10:49:52.000000000 +0100 +@@ -17,8 +17,11 @@ + . + */ + + #include "fuse-bridge.h" ++#ifdef __NetBSD__ ++#include /* for sysctl(2) */ ++#endif /* __NetBSD__ */ + + xlator_t * + fuse_state_subvol (fuse_state_t *state) + { +@@ -134,10 +137,10 @@ + return state; + } + + +-void +-frame_fill_groups (call_frame_t *frame) ++static void ++frame_fill_groups_proc (call_frame_t *frame) + { + char filename[128]; + char line[128]; + char *ptr = NULL; +@@ -184,8 +187,42 @@ + fclose (fp); + return; + } + ++#ifdef __NetBSD__ ++static void ++frame_fill_groups_sysctl (call_frame_t *frame) ++{ ++ int name[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, frame->root->pid }; ++ size_t namelen = sizeof(name) / sizeof(*name); ++ struct kinfo_proc kp; ++ size_t kplen = sizeof(kp); ++ int i, ngroups; ++ ++ if (sysctl(name, namelen, &kp, &kplen, NULL, 0) != 0) ++ return; ++ ++ ngroups = MIN(kp.kp_eproc.e_ucred.cr_ngroups, GF_REQUEST_MAXGROUPS); ++ ++ for (i = 0; i < ngroups; i++) ++ frame->root->groups[i] = kp.kp_eproc.e_ucred.cr_groups[i]; ++ frame->root->ngrps = ngroups; ++ ++ ++ return; ++} ++#endif /* __NetBSD__ */ ++ ++void ++frame_fill_groups (call_frame_t *frame) ++{ ++#if defined(linux) ++ frame_fill_groups_proc(frame); ++#elif defined(__NetBSD__) ++ frame_fill_groups_sysctl(frame); ++#endif ++ return; ++} + + call_frame_t * + get_call_frame_for_req (fuse_state_t *state) + { -- cgit v1.2.3