1 |
commit: 99748ee7bf5dedea9ac0af33f482fe65aea11c96 |
2 |
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jul 31 19:03:31 2017 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jul 31 19:04:00 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99748ee7 |
7 |
|
8 |
sys-cluster/ceph: Revision bump, pull in fix for CVE-2017-7519 |
9 |
|
10 |
Also add envd file when tcmalloc USE flags is enabled to set |
11 |
TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=134217728 |
12 |
|
13 |
This is recommended by upstream. Install file to sysctl.d to update |
14 |
kernel.pid_max to 257256, and sync conf.d file with init.d. |
15 |
|
16 |
Package-Manager: Portage-2.3.6, Repoman-2.3.3 |
17 |
|
18 |
sys-cluster/ceph/ceph-10.2.9-r1.ebuild | 298 +++++++++++++++++++++ |
19 |
...triper_fix_format_injection_vulnerability.patch | 35 +++ |
20 |
sys-cluster/ceph/files/ceph.confd-r3 | 2 +- |
21 |
sys-cluster/ceph/files/envd-tcmalloc | 1 + |
22 |
sys-cluster/ceph/files/sysctld | 2 + |
23 |
5 files changed, 337 insertions(+), 1 deletion(-) |
24 |
|
25 |
diff --git a/sys-cluster/ceph/ceph-10.2.9-r1.ebuild b/sys-cluster/ceph/ceph-10.2.9-r1.ebuild |
26 |
new file mode 100644 |
27 |
index 00000000000..9650b2dff20 |
28 |
--- /dev/null |
29 |
+++ b/sys-cluster/ceph/ceph-10.2.9-r1.ebuild |
30 |
@@ -0,0 +1,298 @@ |
31 |
+# Copyright 1999-2017 Gentoo Foundation |
32 |
+# Distributed under the terms of the GNU General Public License v2 |
33 |
+ |
34 |
+EAPI=6 |
35 |
+PYTHON_COMPAT=( python{2_7,3_{4,5,6}} ) |
36 |
+ |
37 |
+inherit check-reqs autotools eutils python-r1 udev user \ |
38 |
+ readme.gentoo-r1 systemd versionator flag-o-matic |
39 |
+ |
40 |
+if [[ ${PV} == *9999* ]]; then |
41 |
+ inherit git-r3 |
42 |
+ EGIT_REPO_URI="https://github.com/ceph/ceph.git" |
43 |
+ SRC_URI="" |
44 |
+else |
45 |
+ SRC_URI="https://download.ceph.com/tarballs/${P}.tar.gz" |
46 |
+ KEYWORDS="~amd64 ~arm64 ~x86" |
47 |
+fi |
48 |
+ |
49 |
+DESCRIPTION="Ceph distributed filesystem" |
50 |
+HOMEPAGE="https://ceph.com/" |
51 |
+ |
52 |
+LICENSE="LGPL-2.1" |
53 |
+SLOT="0" |
54 |
+ |
55 |
+IUSE="babeltrace cephfs cryptopp debug fuse gtk jemalloc ldap +libaio" |
56 |
+IUSE+=" libatomic lttng +nss +radosgw static-libs +tcmalloc test xfs zfs" |
57 |
+ |
58 |
+# unbundling code commented out pending bugs 584056 and 584058 |
59 |
+#>=dev-libs/jerasure-2.0.0-r1 |
60 |
+#>=dev-libs/gf-complete-2.0.0 |
61 |
+COMMON_DEPEND=" |
62 |
+ app-arch/snappy:= |
63 |
+ sys-libs/zlib:= |
64 |
+ app-arch/lz4:= |
65 |
+ app-arch/bzip2:= |
66 |
+ app-arch/zstd:= |
67 |
+ dev-libs/boost:=[threads] |
68 |
+ dev-libs/libaio:= |
69 |
+ dev-libs/leveldb:=[snappy] |
70 |
+ nss? ( dev-libs/nss:= ) |
71 |
+ libatomic? ( dev-libs/libatomic_ops:= ) |
72 |
+ cryptopp? ( dev-libs/crypto++:= ) |
73 |
+ sys-apps/keyutils |
74 |
+ sys-apps/util-linux |
75 |
+ dev-libs/libxml2:= |
76 |
+ radosgw? ( dev-libs/fcgi:= ) |
77 |
+ ldap? ( net-nds/openldap:= ) |
78 |
+ babeltrace? ( dev-util/babeltrace ) |
79 |
+ fuse? ( sys-fs/fuse:0= ) |
80 |
+ xfs? ( sys-fs/xfsprogs:= ) |
81 |
+ zfs? ( sys-fs/zfs:= ) |
82 |
+ gtk? ( |
83 |
+ x11-libs/gtk+:2= |
84 |
+ dev-cpp/gtkmm:2.4 |
85 |
+ gnome-base/librsvg:= |
86 |
+ ) |
87 |
+ radosgw? ( |
88 |
+ dev-libs/fcgi:= |
89 |
+ dev-libs/expat:= |
90 |
+ net-misc/curl:= |
91 |
+ ) |
92 |
+ jemalloc? ( dev-libs/jemalloc:= ) |
93 |
+ !jemalloc? ( =dev-util/google-perftools-2.4*:= ) |
94 |
+ lttng? ( dev-util/lttng-ust:= ) |
95 |
+ ${PYTHON_DEPS} |
96 |
+ " |
97 |
+DEPEND="${COMMON_DEPEND} |
98 |
+ dev-python/cython[${PYTHON_USEDEP}] |
99 |
+ app-arch/cpio |
100 |
+ virtual/pkgconfig |
101 |
+ dev-python/sphinx |
102 |
+ test? ( |
103 |
+ sys-fs/btrfs-progs |
104 |
+ sys-apps/grep[pcre] |
105 |
+ dev-python/tox[${PYTHON_USEDEP}] |
106 |
+ dev-python/virtualenv[${PYTHON_USEDEP}] |
107 |
+ )" |
108 |
+RDEPEND="${COMMON_DEPEND} |
109 |
+ sys-apps/hdparm |
110 |
+ sys-block/parted |
111 |
+ sys-fs/cryptsetup |
112 |
+ sys-apps/gptfdisk |
113 |
+ dev-python/flask[${PYTHON_USEDEP}] |
114 |
+ dev-python/requests[${PYTHON_USEDEP}] |
115 |
+ " |
116 |
+REQUIRED_USE=" |
117 |
+ $(python_gen_useflags 'python2*') |
118 |
+ ${PYTHON_REQUIRED_USE} |
119 |
+ ^^ ( nss cryptopp ) |
120 |
+ ?? ( jemalloc tcmalloc ) |
121 |
+ " |
122 |
+ |
123 |
+# work around bug in ceph compilation (rgw/ceph_dencoder-rgw_dencoder.o... undefined reference to `vtable for RGWZoneGroup') |
124 |
+REQUIRED_USE+=" radosgw" |
125 |
+ |
126 |
+#RESTRICT="test? ( userpriv )" |
127 |
+ |
128 |
+# distribution tarball does not include everything needed for tests |
129 |
+RESTRICT+=" test" |
130 |
+ |
131 |
+STRIP_MASK="/usr/lib*/rados-classes/*" |
132 |
+ |
133 |
+UNBUNDLE_LIBS=( |
134 |
+ src/erasure-code/jerasure/jerasure |
135 |
+ src/erasure-code/jerasure/gf-complete |
136 |
+) |
137 |
+ |
138 |
+PATCHES=( |
139 |
+ "${FILESDIR}/ceph-10.2.0-dont-use-virtualenvs.patch" |
140 |
+ #"${FILESDIR}/ceph-10.2.1-unbundle-jerasure.patch" |
141 |
+ "${FILESDIR}/${PN}-10.2.1-libzfs.patch" |
142 |
+ "${FILESDIR}/${PN}-10.2.3-build-without-openldap.patch" |
143 |
+ "${FILESDIR}/${PN}-10.2.5-Make-RBD-Python-bindings-compatible-with-Python-3.patch" |
144 |
+ "${FILESDIR}/${PN}-10.2.5-Make-CephFS-bindings-and-tests-compatible-with-Python-3.patch" |
145 |
+ "${FILESDIR}/${PN}-10.2.7-fix-compilation-with-zstd.patch" |
146 |
+ "${FILESDIR}/${PN}-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch" |
147 |
+) |
148 |
+ |
149 |
+check-reqs_export_vars() { |
150 |
+ if use debug; then |
151 |
+ CHECKREQS_DISK_BUILD="23G" |
152 |
+ CHECKREQS_DISK_USR="7G" |
153 |
+ elif use amd64; then |
154 |
+ CHECKREQS_DISK_BUILD="12G" |
155 |
+ CHECKREQS_DISK_USR="450M" |
156 |
+ else |
157 |
+ CHECKREQS_DISK_BUILD="1400M" |
158 |
+ CHECKREQS_DISK_USR="450M" |
159 |
+ fi |
160 |
+ |
161 |
+ export CHECKREQS_DISK_BUILD CHECKREQS_DISK_USR |
162 |
+} |
163 |
+ |
164 |
+user_setup() { |
165 |
+ enewgroup ceph ${CEPH_GID} |
166 |
+ enewuser ceph "${CEPH_UID:--1}" -1 /var/lib/ceph ceph |
167 |
+} |
168 |
+ |
169 |
+emake_python_bindings() { |
170 |
+ local action="${1}" params binding module |
171 |
+ shift |
172 |
+ params=("${@}") |
173 |
+ |
174 |
+ __emake_python_bindings_do_impl() { |
175 |
+ ceph_run_econf "${EPYTHON}" |
176 |
+ emake "${params[@]}" PYTHON="${EPYTHON}" "${binding}-pybind-${action}" |
177 |
+ |
178 |
+ # these don't work and aren't needed on python3 |
179 |
+ if [[ ${EBUILD_PHASE} == install ]]; then |
180 |
+ for module in "${S}"/src/pybind/*.py; do |
181 |
+ module_basename="$(basename "${module}")" |
182 |
+ if [[ ${module_basename} == ceph_volume_client.py ]] && ! use cephfs; then |
183 |
+ continue |
184 |
+ elif [[ ! -e "${ED}/$(python_get_sitedir)/${module_basename}" ]]; then |
185 |
+ python_domodule ${module} |
186 |
+ fi |
187 |
+ done |
188 |
+ fi |
189 |
+ } |
190 |
+ |
191 |
+ pushd "${S}/src" |
192 |
+ for binding in rados rbd $(use cephfs && echo cephfs); do |
193 |
+ python_foreach_impl __emake_python_bindings_do_impl |
194 |
+ done |
195 |
+ popd |
196 |
+ |
197 |
+ unset __emake_python_bindings_do_impl |
198 |
+} |
199 |
+ |
200 |
+pkg_pretend() { |
201 |
+ check-reqs_export_vars |
202 |
+ check-reqs_pkg_pretend |
203 |
+} |
204 |
+ |
205 |
+pkg_setup() { |
206 |
+ python_setup |
207 |
+ check-reqs_export_vars |
208 |
+ check-reqs_pkg_setup |
209 |
+ user_setup |
210 |
+} |
211 |
+ |
212 |
+src_prepare() { |
213 |
+ default |
214 |
+ |
215 |
+ # remove tests that need root access |
216 |
+ rm src/test/cli/ceph-authtool/cap*.t |
217 |
+ |
218 |
+ #rm -rf "${UNBUNDLE_LIBS[@]}" |
219 |
+ |
220 |
+ append-flags -fPIC |
221 |
+ eautoreconf |
222 |
+} |
223 |
+ |
224 |
+src_configure() { |
225 |
+ ECONFARGS=( |
226 |
+ --without-hadoop |
227 |
+ --includedir=/usr/include |
228 |
+ $(use_with cephfs) |
229 |
+ $(use_with debug) |
230 |
+ $(use_with fuse) |
231 |
+ $(use_with libaio) |
232 |
+ $(use_with libatomic libatomic-ops) |
233 |
+ $(use_with nss) |
234 |
+ $(use_with cryptopp) |
235 |
+ $(use_with radosgw) |
236 |
+ $(use_with gtk gtk2) |
237 |
+ $(use_enable static-libs static) |
238 |
+ $(use_with jemalloc) |
239 |
+ $(use_with xfs libxfs) |
240 |
+ $(use_with zfs libzfs) |
241 |
+ $(use_with lttng ) |
242 |
+ $(use_with babeltrace) |
243 |
+ $(use_with ldap openldap) |
244 |
+ $(use jemalloc || usex tcmalloc " --with-tcmalloc" " --with-tcmalloc-minimal") |
245 |
+ --with-mon |
246 |
+ --with-eventfd |
247 |
+ --with-cython |
248 |
+ --without-kinetic |
249 |
+ --without-librocksdb |
250 |
+ --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" |
251 |
+ ) |
252 |
+ |
253 |
+ # we can only use python2.7 for building at the moment |
254 |
+ ceph_run_econf "python2*" |
255 |
+} |
256 |
+ |
257 |
+ceph_run_econf() { |
258 |
+ [[ -z ${ECONFARGS} ]] && die "called ${FUNCNAME[0]} with ECONFARGS unset" |
259 |
+ [[ -z ${1} ]] && die "called ${FUNCNAME[0]} without passing python implementation" |
260 |
+ |
261 |
+ pushd "${S}" >/dev/null || die |
262 |
+ # |
263 |
+ # This generates a QA warning about running econf in src_compile |
264 |
+ # and src_install. Unfortunately the only other way to do this would |
265 |
+ # involve building all of for each python implementation times, which |
266 |
+ # wastes a _lot_ of CPU time and disk space. This hack will no longer |
267 |
+ # be needed with >=ceph-11.2. |
268 |
+ # |
269 |
+ python_setup "${1}" |
270 |
+ econf "${ECONFARGS[@]}" |
271 |
+ |
272 |
+ popd >/dev/null || die |
273 |
+} |
274 |
+ |
275 |
+src_compile() { |
276 |
+ emake |
277 |
+ emake_python_bindings all |
278 |
+ |
279 |
+ use test && emake check-local |
280 |
+} |
281 |
+ |
282 |
+src_test() { |
283 |
+ make check || die "make check failed" |
284 |
+} |
285 |
+ |
286 |
+src_install() { |
287 |
+ default |
288 |
+ emake_python_bindings install-exec "DESTDIR=\"${D}\"" |
289 |
+ |
290 |
+ prune_libtool_files --all |
291 |
+ |
292 |
+ exeinto /usr/$(get_libdir)/ceph |
293 |
+ newexe src/init-ceph ceph_init.sh |
294 |
+ |
295 |
+ insinto /etc/logrotate.d/ |
296 |
+ newins "${FILESDIR}"/ceph.logrotate ${PN} |
297 |
+ |
298 |
+ keepdir /var/lib/${PN}{,/tmp} /var/log/${PN}/stat |
299 |
+ |
300 |
+ fowners -R ceph:ceph /var/lib/ceph /var/log/ceph |
301 |
+ |
302 |
+ newinitd "${FILESDIR}/rbdmap.initd" rbdmap |
303 |
+ newinitd "${FILESDIR}/${PN}.initd-r5" ${PN} |
304 |
+ newconfd "${FILESDIR}/${PN}.confd-r3" ${PN} |
305 |
+ |
306 |
+ insinto /etc/sysctl.d |
307 |
+ newins "${FILESDIR}"/sysctld 90-${PN}.conf |
308 |
+ |
309 |
+ use tcmalloc && newenvd "${FILESDIR}"/envd-tcmalloc ${PN}-tcmalloc |
310 |
+ |
311 |
+ systemd_install_serviced "${FILESDIR}/ceph-mds_at.service.conf" "ceph-mds@.service" |
312 |
+ systemd_install_serviced "${FILESDIR}/ceph-osd_at.service.conf" "ceph-osd@.service" |
313 |
+ |
314 |
+ udev_dorules udev/*.rules |
315 |
+ |
316 |
+ readme.gentoo_create_doc |
317 |
+ |
318 |
+ python_setup 'python2*' |
319 |
+ python_fix_shebang "${ED}"/usr/{,s}bin/ |
320 |
+ |
321 |
+ # python_fix_shebang apparently is not idempotent |
322 |
+ sed -i -r 's:(/usr/lib/python-exec/python[0-9]\.[0-9]/python)[0-9]\.[0-9]:\1:' \ |
323 |
+ "${ED}"/usr/{sbin/ceph-disk,bin/ceph-detect-init} || die "sed failed" |
324 |
+} |
325 |
+ |
326 |
+pkg_postinst() { |
327 |
+ readme.gentoo_print_elog |
328 |
+} |
329 |
|
330 |
diff --git a/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch b/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch |
331 |
new file mode 100644 |
332 |
index 00000000000..eaf18c35783 |
333 |
--- /dev/null |
334 |
+++ b/sys-cluster/ceph/files/ceph-10.2.9-libradosstriper_fix_format_injection_vulnerability.patch |
335 |
@@ -0,0 +1,35 @@ |
336 |
+diff --git a/src/libradosstriper/RadosStriperImpl.cc b/src/libradosstriper/RadosStriperImpl.cc |
337 |
+index 22352d9125..70dcb7569f 100644 |
338 |
+--- a/src/libradosstriper/RadosStriperImpl.cc |
339 |
++++ b/src/libradosstriper/RadosStriperImpl.cc |
340 |
+@@ -12,6 +12,8 @@ |
341 |
+ * |
342 |
+ */ |
343 |
+ |
344 |
++#include <boost/algorithm/string/replace.hpp> |
345 |
++ |
346 |
+ #include "libradosstriper/RadosStriperImpl.h" |
347 |
+ |
348 |
+ #include <errno.h> |
349 |
+@@ -466,7 +468,9 @@ int libradosstriper::RadosStriperImpl::aio_read(const std::string& soid, |
350 |
+ // get list of extents to be read from |
351 |
+ vector<ObjectExtent> *extents = new vector<ObjectExtent>(); |
352 |
+ if (read_len > 0) { |
353 |
+- std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT; |
354 |
++ std::string format = soid; |
355 |
++ boost::replace_all(format, "%", "%%"); |
356 |
++ format += RADOS_OBJECT_EXTENSION_FORMAT; |
357 |
+ file_layout_t l; |
358 |
+ l.from_legacy(layout); |
359 |
+ Striper::file_to_extents(cct(), format.c_str(), &l, off, read_len, |
360 |
+@@ -776,7 +780,9 @@ libradosstriper::RadosStriperImpl::internal_aio_write(const std::string& soid, |
361 |
+ if (len > 0) { |
362 |
+ // get list of extents to be written to |
363 |
+ vector<ObjectExtent> extents; |
364 |
+- std::string format = soid + RADOS_OBJECT_EXTENSION_FORMAT; |
365 |
++ std::string format = soid; |
366 |
++ boost::replace_all(format, "%", "%%"); |
367 |
++ format += RADOS_OBJECT_EXTENSION_FORMAT; |
368 |
+ file_layout_t l; |
369 |
+ l.from_legacy(layout); |
370 |
+ Striper::file_to_extents(cct(), format.c_str(), &l, off, len, 0, extents); |
371 |
|
372 |
diff --git a/sys-cluster/ceph/files/ceph.confd-r3 b/sys-cluster/ceph/files/ceph.confd-r3 |
373 |
index 491b1241ba6..54673c2688f 100644 |
374 |
--- a/sys-cluster/ceph/files/ceph.confd-r3 |
375 |
+++ b/sys-cluster/ceph/files/ceph.confd-r3 |
376 |
@@ -4,7 +4,7 @@ |
377 |
#ceph_conf="/etc/ceph/ceph.conf" |
378 |
|
379 |
# Set ulimits for Ceph services. |
380 |
-#rc_ulimit="-n 32768" |
381 |
+#rc_ulimit="-n 131072 -u 257256" |
382 |
|
383 |
# the directory under /run to store runtime information in |
384 |
#rundir=/run/ceph |
385 |
|
386 |
diff --git a/sys-cluster/ceph/files/envd-tcmalloc b/sys-cluster/ceph/files/envd-tcmalloc |
387 |
new file mode 100644 |
388 |
index 00000000000..bdb09670c63 |
389 |
--- /dev/null |
390 |
+++ b/sys-cluster/ceph/files/envd-tcmalloc |
391 |
@@ -0,0 +1 @@ |
392 |
+TCMALLOC_MAX_TOTAL_THREAD_CACHE_BYTES=134217728 |
393 |
|
394 |
diff --git a/sys-cluster/ceph/files/sysctld b/sys-cluster/ceph/files/sysctld |
395 |
new file mode 100644 |
396 |
index 00000000000..4d133264f55 |
397 |
--- /dev/null |
398 |
+++ b/sys-cluster/ceph/files/sysctld |
399 |
@@ -0,0 +1,2 @@ |
400 |
+# up the global pid max for ceph |
401 |
+kernel.pid_max = 257256 |