From 638d31de1384f27bde7f0b8c55c1564f2cbddba5 Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Wed, 19 May 2021 15:13:31 -0700 Subject: ceph: update to 15.2.12 to address CVEs Updated sha* Fixes: CVE-2021-3509 Fixes: CVE-2021-3524 Fixes: CVE-2021-3531 Signed-off-by: Saul Wold Signed-off-by: Bruce Ashfield --- recipes-extended/ceph/ceph_15.2.12.bb | 144 +++++++++++++++++++++++++++++++++ recipes-extended/ceph/ceph_15.2.9.bb | 145 ---------------------------------- 2 files changed, 144 insertions(+), 145 deletions(-) create mode 100644 recipes-extended/ceph/ceph_15.2.12.bb delete mode 100644 recipes-extended/ceph/ceph_15.2.9.bb diff --git a/recipes-extended/ceph/ceph_15.2.12.bb b/recipes-extended/ceph/ceph_15.2.12.bb new file mode 100644 index 00000000..9ba72b40 --- /dev/null +++ b/recipes-extended/ceph/ceph_15.2.12.bb @@ -0,0 +1,144 @@ +SUMMARY = "User space components of the Ceph file system" +LICENSE = "LGPLv2.1 & GPLv2 & Apache-2.0 & MIT" +LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24 \ + file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \ +" +inherit cmake python3native python3-dir systemd +# Disable python pybind support for ceph temporary, when corss compiling pybind, +# pybind mix cmake and python setup environment, would case a lot of errors. + +SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ + file://0001-ceph-fix-build-errors-for-cross-compile.patch \ + file://0001-fix-host-library-paths-were-used.patch \ + file://ceph.conf \ + file://0001-add-missing-include-for-atomic-bool.patch \ + file://0001-cmake-add-support-for-python3.9.patch \ +" + +SRC_URI[sha1sum] = "9c76b298e1e659b9c5501003ac77fb28aab7823d" +SRC_URI[sha256sum] = "8710f6700de83765138df8eb4fc7a5e7c66104dd838033e0827a1850f250ac85" +SRC_URI[sha384sum] = "2a2f177e5b68f6f5d13b253a8d4daba9e956b4a79a40a4775aee288b60c612fe13b417d6baf77944c32b1181b2136f68" +SRC_URI[sha512sum] = "08266a2e9a7ca5a37e03f340873571fd012c630dd898a87241cd97c29760b2bf41fe64c8883e7b08e0f83c26245072cd26e69ecb1db02378d1ec38335ba1cd0f" + +DEPENDS = "boost bzip2 curl expat gperf-native \ + keyutils libaio libibverbs lz4 \ + nspr nss \ + oath openldap openssl \ + python3 python3-cython-native rabbitmq-c rocksdb snappy udev \ + valgrind xfsprogs zlib \ +" +SYSTEMD_SERVICE_${PN} = " \ + ceph-radosgw@.service \ + ceph-radosgw.target \ + ceph-mon@.service \ + ceph-mon.target \ + ceph-mds@.service \ + ceph-mds.target \ + ceph-osd@.service \ + ceph-osd.target \ + ceph.target \ + ceph-rbd-mirror@.service \ + ceph-rbd-mirror.target \ + ceph-volume@.service \ + ceph-mgr@.service \ + ceph-mgr.target \ + ceph-crash.service \ + rbdmap.service \ + ceph-immutable-object-cache@.service \ + ceph-immutable-object-cache.target \ +" +OECMAKE_GENERATOR = "Unix Makefiles" + +EXTRA_OECMAKE = "-DWITH_MANPAGE=OFF \ + -DWITH_FUSE=OFF \ + -DWITH_SPDK=OFF \ + -DWITH_LEVELDB=OFF \ + -DWITH_LTTNG=OFF \ + -DWITH_BABELTRACE=OFF \ + -DWITH_TESTS=OFF \ + -DWITH_MGR=OFF \ + -DWITH_MGR_DASHBOARD_FRONTEND=OFF \ + -DWITH_SYSTEM_BOOST=ON \ + -DWITH_SYSTEM_ROCKSDB=ON \ + -DWITH_RDMA=OFF \ + -DWITH_RADOSGW_AMQP_ENDPOINT=OFF \ + -DPYTHON_INSTALL_DIR=${PYTHON_SITEPACKAGES_DIR} -DPYTHON_DESIRED=3 \ + -DPython3_EXECUTABLE=${PYTHON} \ + -DWITH_RADOSGW_KAFKA_ENDPOINT=OFF \ + -DWITH_REENTRANT_STRSIGNAL=ON \ +" + +export STAGING_DIR_HOST + +do_configure_prepend () { + echo "set( CMAKE_SYSROOT \"${RECIPE_SYSROOT}\" )" >> ${WORKDIR}/toolchain.cmake + echo "set( CMAKE_DESTDIR \"${D}\" )" >> ${WORKDIR}/toolchain.cmake + echo "set( PYTHON_SITEPACKAGES_DIR \"${PYTHON_SITEPACKAGES_DIR}\" )" >> ${WORKDIR}/toolchain.cmake +} + +do_install_append () { + sed -i -e 's:^#!/usr/bin/python$:&3:' \ + -e 's:${WORKDIR}.*python3:${bindir}/python3:' \ + ${D}${bindir}/ceph ${D}${bindir}/ceph-crash \ + ${D}${bindir}/ceph-volume ${D}${bindir}/ceph-volume-systemd + find ${D} -name SOURCES.txt | xargs sed -i -e 's:${WORKDIR}::' + install -d ${D}${sysconfdir}/ceph + install -m 644 ${WORKDIR}/ceph.conf ${D}${sysconfdir}/ceph/ + install -d ${D}${systemd_unitdir} + mv ${D}${libexecdir}/systemd/system ${D}${systemd_unitdir} + mv ${D}${libexecdir}/ceph/ceph-osd-prestart.sh ${D}${libdir}/ceph + mv ${D}${libexecdir}/ceph/ceph_common.sh ${D}${libdir}/ceph + # WITH_FUSE is set to OFF, remove ceph-fuse related units + rm ${D}${systemd_unitdir}/system/ceph-fuse.target ${D}${systemd_unitdir}/system/ceph-fuse@.service +} + +do_install_append_class-target () { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d /var/lib/ceph/crash/posted 0755 root root - -" > ${D}${sysconfdir}/tmpfiles.d/ceph-placeholder.conf + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/default/volatiles + echo "d root root 0755 /var/lib/ceph/crash/posted none" > ${D}${sysconfdir}/default/volatiles/99_ceph-placeholder + fi +} + +pkg_postinst_${PN}() { + if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ] ; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi +} + +FILES_${PN} += "\ + ${libdir}/rados-classes/*.so.* \ + ${libdir}/ceph/compressor/*.so \ + ${libdir}/rados-classes/*.so \ + ${libdir}/ceph/*.so \ +" + +FILES_${PN} += " \ + /etc/tmpfiles.d/ceph-placeholder.conf \ + /etc/default/volatiles/99_ceph-placeholder \ +" + +FILES_${PN}-python = "\ + ${PYTHON_SITEPACKAGES_DIR}/* \ +" +RDEPENDS_${PN} += "\ + python3-core \ + python3-misc \ + python3-modules \ + python3-prettytable \ + ${PN}-python \ +" +COMPATIBLE_HOST = "(x86_64).*" +PACKAGES += " \ + ${PN}-python \ +" +INSANE_SKIP_${PN}-python += "ldflags" +INSANE_SKIP_${PN} += "dev-so" +CCACHE_DISABLE = "1" + +CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd" diff --git a/recipes-extended/ceph/ceph_15.2.9.bb b/recipes-extended/ceph/ceph_15.2.9.bb deleted file mode 100644 index 0d821f0b..00000000 --- a/recipes-extended/ceph/ceph_15.2.9.bb +++ /dev/null @@ -1,145 +0,0 @@ -SUMMARY = "User space components of the Ceph file system" -LICENSE = "LGPLv2.1 & GPLv2 & Apache-2.0 & MIT" -LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24 \ - file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ - file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \ -" -inherit cmake python3native python3-dir systemd -# Disable python pybind support for ceph temporary, when corss compiling pybind, -# pybind mix cmake and python setup environment, would case a lot of errors. - -SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ - file://0001-ceph-fix-build-errors-for-cross-compile.patch \ - file://0001-fix-host-library-paths-were-used.patch \ - file://ceph.conf \ - file://0001-add-missing-include-for-atomic-bool.patch \ - file://0001-cmake-add-support-for-python3.9.patch \ -" - -SRC_URI[md5sum] = "5a949b91199efe130bfe2e57f200eacd" -SRC_URI[sha256sum] = "ea7fa2be68b3570c5c3aa02774dca27de20b6f20a8498f65e5c4ef375a209ace" -SRC_URI[sha1sum] = "0503649d7c7d9268cb61b03bbe839106988f87d7" -SRC_URI[sha384sum] = "57208c126ea8e640c3979073fd64ce58606f17b4b7ed2e005b0792bdfd51b13391af325658d0f68f961f94175d93e891" -SRC_URI[sha512sum] = "1f55b0a13bf06df782831d0c9d5f8617c22442ab97fb186e6ccb08183e02bf1756caf8633fa6b1cf156c3fb7b1bdff90a60a1249adfad0b9450036e2329bf8ff" - -DEPENDS = "boost bzip2 curl expat gperf-native \ - keyutils libaio libibverbs lz4 \ - nspr nss \ - oath openldap openssl \ - python3 python3-cython-native rabbitmq-c rocksdb snappy udev \ - valgrind xfsprogs zlib \ -" -SYSTEMD_SERVICE_${PN} = " \ - ceph-radosgw@.service \ - ceph-radosgw.target \ - ceph-mon@.service \ - ceph-mon.target \ - ceph-mds@.service \ - ceph-mds.target \ - ceph-osd@.service \ - ceph-osd.target \ - ceph.target \ - ceph-rbd-mirror@.service \ - ceph-rbd-mirror.target \ - ceph-volume@.service \ - ceph-mgr@.service \ - ceph-mgr.target \ - ceph-crash.service \ - rbdmap.service \ - ceph-immutable-object-cache@.service \ - ceph-immutable-object-cache.target \ -" -OECMAKE_GENERATOR = "Unix Makefiles" - -EXTRA_OECMAKE = "-DWITH_MANPAGE=OFF \ - -DWITH_FUSE=OFF \ - -DWITH_SPDK=OFF \ - -DWITH_LEVELDB=OFF \ - -DWITH_LTTNG=OFF \ - -DWITH_BABELTRACE=OFF \ - -DWITH_TESTS=OFF \ - -DWITH_MGR=OFF \ - -DWITH_MGR_DASHBOARD_FRONTEND=OFF \ - -DWITH_SYSTEM_BOOST=ON \ - -DWITH_SYSTEM_ROCKSDB=ON \ - -DWITH_RDMA=OFF \ - -DWITH_RADOSGW_AMQP_ENDPOINT=OFF \ - -DPYTHON_INSTALL_DIR=${PYTHON_SITEPACKAGES_DIR} -DPYTHON_DESIRED=3 \ - -DPython3_EXECUTABLE=${PYTHON} \ - -DWITH_RADOSGW_KAFKA_ENDPOINT=OFF \ - -DWITH_REENTRANT_STRSIGNAL=ON \ -" - -export STAGING_DIR_HOST - -do_configure_prepend () { - echo "set( CMAKE_SYSROOT \"${RECIPE_SYSROOT}\" )" >> ${WORKDIR}/toolchain.cmake - echo "set( CMAKE_DESTDIR \"${D}\" )" >> ${WORKDIR}/toolchain.cmake - echo "set( PYTHON_SITEPACKAGES_DIR \"${PYTHON_SITEPACKAGES_DIR}\" )" >> ${WORKDIR}/toolchain.cmake -} - -do_install_append () { - sed -i -e 's:^#!/usr/bin/python$:&3:' \ - -e 's:${WORKDIR}.*python3:${bindir}/python3:' \ - ${D}${bindir}/ceph ${D}${bindir}/ceph-crash \ - ${D}${bindir}/ceph-volume ${D}${bindir}/ceph-volume-systemd - find ${D} -name SOURCES.txt | xargs sed -i -e 's:${WORKDIR}::' - install -d ${D}${sysconfdir}/ceph - install -m 644 ${WORKDIR}/ceph.conf ${D}${sysconfdir}/ceph/ - install -d ${D}${systemd_unitdir} - mv ${D}${libexecdir}/systemd/system ${D}${systemd_unitdir} - mv ${D}${libexecdir}/ceph/ceph-osd-prestart.sh ${D}${libdir}/ceph - mv ${D}${libexecdir}/ceph/ceph_common.sh ${D}${libdir}/ceph - # WITH_FUSE is set to OFF, remove ceph-fuse related units - rm ${D}${systemd_unitdir}/system/ceph-fuse.target ${D}${systemd_unitdir}/system/ceph-fuse@.service -} - -do_install_append_class-target () { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/tmpfiles.d - echo "d /var/lib/ceph/crash/posted 0755 root root - -" > ${D}${sysconfdir}/tmpfiles.d/ceph-placeholder.conf - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then - install -d ${D}${sysconfdir}/default/volatiles - echo "d root root 0755 /var/lib/ceph/crash/posted none" > ${D}${sysconfdir}/default/volatiles/99_ceph-placeholder - fi -} - -pkg_postinst_${PN}() { - if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ] ; then - ${sysconfdir}/init.d/populate-volatile.sh update - fi -} - -FILES_${PN} += "\ - ${libdir}/rados-classes/*.so.* \ - ${libdir}/ceph/compressor/*.so \ - ${libdir}/rados-classes/*.so \ - ${libdir}/ceph/*.so \ -" - -FILES_${PN} += " \ - /etc/tmpfiles.d/ceph-placeholder.conf \ - /etc/default/volatiles/99_ceph-placeholder \ -" - -FILES_${PN}-python = "\ - ${PYTHON_SITEPACKAGES_DIR}/* \ -" -RDEPENDS_${PN} += "\ - python3-core \ - python3-misc \ - python3-modules \ - python3-prettytable \ - ${PN}-python \ -" -COMPATIBLE_HOST = "(x86_64).*" -PACKAGES += " \ - ${PN}-python \ -" -INSANE_SKIP_${PN}-python += "ldflags" -INSANE_SKIP_${PN} += "dev-so" -CCACHE_DISABLE = "1" - -CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd" -- cgit v1.2.3-54-g00ecf