[rsyslog] Rebase to 8.8.0
Tomas Heinrich
theinric at fedoraproject.org
Thu Mar 19 17:57:48 UTC 2015
commit 4c244e0a983fcc7aaf43eff298e85febd8c8be25
Author: Tomas Heinrich <theinric at redhat.com>
Date: Thu Jan 15 21:31:58 2015 +0100
Rebase to 8.8.0
- resolves: rhbz#1069690
- drop patches merged upstream
- version the dependency on liblognorm-devel
- enable mmcount, mmexternal modules,
remove imdiag, omruleset and pmrfc3164sd modules
resolves: rhbz#1156359
- add dos2unix to build requirements
- make the build process more verbose
- in accordance with an upstream change, the rsyslog service is now
restarted automatically upon failure
- adjust the default configuration file for the removal of
/etc/rsyslog.d/listen.conf by the systemd package
resolves: rhbz#1116864
- disable the imklog module by default; kernel messages are read from journald
resolves: rhbz#1083564
- if there is no saved position in the journal, log only messages that are
received after rsyslog is started; this is a safety measure to prevent
excessive resource utilization
- use documentation from the standalone rsyslog-docs project
- move documentation from all subpackages into a single directory
- mark the recover_qi.pl script as documentation
rsyslog-7.2.1-msg_c_nonoverwrite_merge.patch | 44 ----
rsyslog-7.2.2-manpage-dbg-mode.patch | 56 -----
rsyslog-7.4.10-cve-2014-3634.patch | 257 --------------------
rsyslog-7.4.10-json-c-fix.patch | 12 -
rsyslog-7.4.7-atomicops.patch | 53 ----
rsyslog-7.4.7-numeric-uid.patch | 129 ----------
...og-7.4.8-bz1026804-imjournal-message-loss.patch | 267 ---------------------
rsyslog-7.4.8-dont-link-libee.patch | 42 ----
rsyslog-7.4.8-imuxsock-wrn.patch | 39 ---
rsyslog-7.4.8-omjournal-warning.patch | 25 --
rsyslog-8.8.0-immutable-json-props.patch | 32 +++
rsyslog-8.8.0-missing-test-data.patch | 45 ++++
...service.patch => rsyslog-8.8.0-sd-service.patch | 4 +-
rsyslog.conf | 19 +-
rsyslog.spec | 111 ++++++---
15 files changed, 162 insertions(+), 973 deletions(-)
---
diff --git a/rsyslog-8.8.0-immutable-json-props.patch b/rsyslog-8.8.0-immutable-json-props.patch
new file mode 100644
index 0000000..b47ebfe
--- /dev/null
+++ b/rsyslog-8.8.0-immutable-json-props.patch
@@ -0,0 +1,32 @@
+diff -up ./runtime/msg.c.orig ./runtime/msg.c
+--- a/runtime/msg.c 2015-01-15 19:30:02.351699869 +0100
++++ b/runtime/msg.c 2015-01-15 19:35:58.667176642 +0100
+@@ -4267,22 +4267,19 @@ jsonPathFindParent(struct json_object *j
+ RETiRet;
+ }
+
++/* In case of duplicate names, the original value is kept. */
+ static rsRetVal
+ jsonMerge(struct json_object *existing, struct json_object *json)
+ {
+- /* TODO: check & handle duplicate names */
+ DEFiRet;
+ struct json_object_iter it;
+
+- json_object_object_foreachC(json, it) {
+- json_object_object_add(existing, it.key,
+- json_object_get(it.val));
++ json_object_object_foreachC(existing, it) {
++ json_object_object_add(json, it.key, json_object_get(it.val));
+ }
+- /* note: json-c does ref counting. We added all descandants refcounts
+- * in the loop above. So when we now free(_put) the root object, only
+- * root gets freed().
+- */
+- json_object_put(json);
++
++ iRet = jsonMerge(existing, json);
++
+ RETiRet;
+ }
+
diff --git a/rsyslog-8.8.0-missing-test-data.patch b/rsyslog-8.8.0-missing-test-data.patch
new file mode 100644
index 0000000..8042de5
--- /dev/null
+++ b/rsyslog-8.8.0-missing-test-data.patch
@@ -0,0 +1,45 @@
+From e07210a7eb47df978b958d1489b91084732fdd47 Mon Sep 17 00:00:00 2001
+From: Tomas Heinrich <theinric at redhat.com>
+Date: Sun, 15 Mar 2015 16:25:33 +0100
+Subject: [PATCH] Add missing test data
+
+---
+ tests/testsuites/mmnormalize_regex.rulebase | 1 +
+ tests/testsuites/mmnormalize_tokenized.rulebase | 5 +++++
+ tests/testsuites/mmnormalize_variable.rulebase | 1 +
+ 3 files changed, 7 insertions(+)
+ create mode 100644 tests/testsuites/mmnormalize_regex.rulebase
+ create mode 100644 tests/testsuites/mmnormalize_tokenized.rulebase
+ create mode 100644 tests/testsuites/mmnormalize_variable.rulebase
+
+diff --git a/tests/testsuites/mmnormalize_regex.rulebase b/tests/testsuites/mmnormalize_regex.rulebase
+new file mode 100644
+index 0000000..f58e8f2
+--- /dev/null
++++ b/tests/testsuites/mmnormalize_regex.rulebase
+@@ -0,0 +1 @@
++rule=:http host ports are %hps:regex:([0-9.\x3a]+(, )?)+% etc
+\ No newline at end of file
+diff --git a/tests/testsuites/mmnormalize_tokenized.rulebase b/tests/testsuites/mmnormalize_tokenized.rulebase
+new file mode 100644
+index 0000000..da5242d
+--- /dev/null
++++ b/tests/testsuites/mmnormalize_tokenized.rulebase
+@@ -0,0 +1,5 @@
++rule=only_ips:%only_ips:tokenized:, :ipv4%
++rule=local_ips:local ips are %local_ips:tokenized:, :ipv4%
++rule=external_ips:%external_ips:tokenized:, :ipv4% are external ips
++rule=paths:for %user:char-to:@%@localhost path was %fragments:tokenized:\x3a:char-sep:\x3a%
++rule=recur_comma_colon_nos:comma separated list of colon separated numbers: %some_nos:tokenized:, :tokenized: \x3a :tokenized:#:number%
+\ No newline at end of file
+diff --git a/tests/testsuites/mmnormalize_variable.rulebase b/tests/testsuites/mmnormalize_variable.rulebase
+new file mode 100644
+index 0000000..4d40d4c
+--- /dev/null
++++ b/tests/testsuites/mmnormalize_variable.rulebase
+@@ -0,0 +1 @@
++rule=hms:%hr:number%:%min:number%:%sec:number% %zone:word%
+\ No newline at end of file
+--
+1.9.3
+
diff --git a/rsyslog-7.4.1-sd-service.patch b/rsyslog-8.8.0-sd-service.patch
similarity index 87%
rename from rsyslog-7.4.1-sd-service.patch
rename to rsyslog-8.8.0-sd-service.patch
index 69114ed..d1de179 100644
--- a/rsyslog-7.4.1-sd-service.patch
+++ b/rsyslog-8.8.0-sd-service.patch
@@ -1,7 +1,7 @@
diff -up rsyslog-7.4.1/rsyslog.service.in.orig rsyslog-7.4.1/rsyslog.service.in
--- rsyslog-7.4.1/rsyslog.service.in.orig 2013-06-17 15:28:54.430023493 +0200
+++ rsyslog-7.4.1/rsyslog.service.in 2013-06-17 15:30:05.874378084 +0200
-@@ -4,7 +4,8 @@ Requires=syslog.socket
+@@ -6,7 +6,8 @@ Requires=syslog.socket
[Service]
Type=notify
@@ -9,5 +9,5 @@ diff -up rsyslog-7.4.1/rsyslog.service.in.orig rsyslog-7.4.1/rsyslog.service.in
+EnvironmentFile=-/etc/sysconfig/rsyslog
+ExecStart=@sbindir@/rsyslogd -n $SYSLOGD_OPTIONS
StandardOutput=null
+ Restart=on-failure
- [Install]
diff --git a/rsyslog.conf b/rsyslog.conf
index 669b9f8..f44dd62 100644
--- a/rsyslog.conf
+++ b/rsyslog.conf
@@ -6,9 +6,8 @@
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
-$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
-$ModLoad imklog # provides kernel logging support (previously done by rklogd)
+#$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
@@ -19,6 +18,13 @@ $ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad imtcp
#$InputTCPServerRun 514
+# By default, all system logs are read from journald through the
+# imjournal module. To read messages from the syslog socket, the
+# imuxsock module has to be loaded and a path to the socket specified.
+#$ModLoad imuxsock
+# The default path to the syslog socket provided by journald:
+#$SystemLogSocketName /run/systemd/journal/syslog
+
#### GLOBAL DIRECTIVES ####
@@ -35,13 +41,12 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
-# Turn off message reception via local log socket;
-# local messages are retrieved through imjournal now.
-$OmitLocalLogging on
-
# File to store the position in the journal
$IMJournalStateFile imjournal.state
-
+# If there is no saved state yet, don't read in the whole bulk of messages.
+# This means some of the older messages won't be collected by rsyslog,
+# but it also prevents a potential huge spike in resource utilization.
+$IMJournalIgnorePreviousMessages on
#### RULES ####
diff --git a/rsyslog.spec b/rsyslog.spec
index 4b85eca..341f027 100644
--- a/rsyslog.spec
+++ b/rsyslog.spec
@@ -1,5 +1,6 @@
%define rsyslog_statedir %{_sharedstatedir}/rsyslog
%define rsyslog_pkidir %{_sysconfdir}/pki/rsyslog
+%define rsyslog_docdir %{_docdir}/rsyslog
%if 0%{?rhel} >= 7
%global want_hiredis 0
%global want_mongodb 0
@@ -10,32 +11,24 @@
Summary: Enhanced system logging and kernel message trapping daemon
Name: rsyslog
-Version: 7.4.10
-Release: 5%{?dist}
+Version: 8.8.0
+Release: 1%{?dist}
License: (GPLv3+ and ASL 2.0)
Group: System Environment/Daemons
URL: http://www.rsyslog.com/
Source0: http://www.rsyslog.com/files/download/rsyslog/%{name}-%{version}.tar.gz
+Source1: http://www.rsyslog.com/files/download/rsyslog/%{name}-doc-%{version}.tar.gz
Source2: rsyslog.conf
Source3: rsyslog.sysconfig
Source4: rsyslog.log
# tweak the upstream service file to honour configuration from /etc/sysconfig/rsyslog
-Patch0: rsyslog-7.4.1-sd-service.patch
-Patch1: rsyslog-7.2.2-manpage-dbg-mode.patch
+Patch0: rsyslog-8.8.0-sd-service.patch
# prevent modification of trusted properties (proposed upstream)
-Patch2: rsyslog-7.2.1-msg_c_nonoverwrite_merge.patch
-# merged upstream
-Patch3: rsyslog-7.4.8-imuxsock-wrn.patch
-# merged upstream
-Patch5: rsyslog-7.4.7-numeric-uid.patch
-Patch6: rsyslog-7.4.7-atomicops.patch
-# merged upstream
-Patch8: rsyslog-7.4.8-bz1026804-imjournal-message-loss.patch
-# json_tokener_errors is gone in current json-c
-Patch9: rsyslog-7.4.10-json-c-fix.patch
-Patch10: rsyslog-7.4.10-cve-2014-3634.patch
+Patch1: rsyslog-8.8.0-immutable-json-props.patch
+Patch2: rsyslog-8.8.0-missing-test-data.patch
BuildRequires: bison
+BuildRequires: dos2unix
BuildRequires: flex
BuildRequires: json-c-devel
BuildRequires: libestr-devel >= 0.1.9
@@ -63,7 +56,7 @@ Requires: %name = %version-%release
BuildRequires: libgcrypt-devel
%package doc
-Summary: Documentation for rsyslog
+Summary: HTML documentation for rsyslog
Group: Documentation
%package elasticsearch
@@ -89,7 +82,7 @@ Requires: %name = %version-%release
Summary: Log normalization support for rsyslog
Group: System Environment/Daemons
Requires: %name = %version-%release
-BuildRequires: libestr-devel libee-devel liblognorm-devel
+BuildRequires: libestr-devel libee-devel liblognorm-devel >= 1.0.2
%package mmaudit
Summary: Message modification module supporting Linux audit format
@@ -249,16 +242,15 @@ spoof the sender address. Also, it enables to circle through a number
of source ports.
%prep
-%setup -q
+# set up rsyslog-doc sources
+%setup -q -a 1 -T -c
+rm -r LICENSE README.md build.sh source build/objects.inv
+mv build doc
+# set up rsyslog sources
+%setup -q -D
%patch0 -p1
%patch1 -p1
%patch2 -p1
-%patch3 -p1
-%patch5 -p1
-%patch6 -p1
-%patch8 -p1
-%patch9 -p1 -b .jsonfix
-%patch10 -p1
%build
%ifarch sparc64
@@ -278,7 +270,6 @@ export HIREDIS_LIBS="-L%{_libdir} -lhiredis"
%configure \
--prefix=/usr \
--disable-static \
- --disable-testbench \
--enable-elasticsearch \
--enable-gnutls \
--enable-gssapi-krb5 \
@@ -291,6 +282,7 @@ export HIREDIS_LIBS="-L%{_libdir} -lhiredis"
--enable-mail \
--enable-mmanon \
--enable-mmaudit \
+ --enable-mmcount \
--enable-mmjsonparse \
--enable-mmnormalize \
--enable-mmsnmptrapd \
@@ -315,31 +307,45 @@ export HIREDIS_LIBS="-L%{_libdir} -lhiredis"
--enable-pmsnare \
--enable-relp \
--enable-snmp \
+ --enable-testbench \
--enable-unlimited-select \
--enable-usertools \
-make
+make V=1
+
+# small portion of the test suite seems to be consistently failing (this is more severe on arm*)
+# there are also some random failures (~1 test out of the whole batch) on i686 and x86_64
+# thus the test suite is disabled for now until these issues are sorted out
+%check
+%if 0
+make V=1 check
+%endif
%install
-make DESTDIR=%{buildroot} install
+make V=1 DESTDIR=%{buildroot} install
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
install -d -m 755 %{buildroot}%{_sysconfdir}/rsyslog.d
install -d -m 700 %{buildroot}%{rsyslog_statedir}
install -d -m 700 %{buildroot}%{rsyslog_pkidir}
+install -d -m 755 %{buildroot}%{rsyslog_docdir}/html
install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/rsyslog.conf
install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/rsyslog
install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/syslog
-
-# get rid of *.la
+install -p -m 644 plugins/ommysql/createDB.sql %{buildroot}%{rsyslog_docdir}/mysql-createDB.sql
+install -p -m 644 plugins/ompgsql/createDB.sql %{buildroot}%{rsyslog_docdir}/pgsql-createDB.sql
+dos2unix tools/recover_qi.pl
+install -p -m 644 tools/recover_qi.pl %{buildroot}%{rsyslog_docdir}/recover_qi.pl
+# extract documentation
+cp -r doc/* %{buildroot}%{rsyslog_docdir}/html
+# get rid of libtool libraries
rm -f %{buildroot}%{_libdir}/rsyslog/*.la
# get rid of socket activation by default
sed -i '/^Alias/s/^/;/;/^Requires=syslog.socket/s/^/;/' %{buildroot}%{_unitdir}/rsyslog.service
-
-# convert line endings from "\r\n" to "\n"
-cat tools/recover_qi.pl | tr -d '\r' > %{buildroot}%{_bindir}/rsyslog-recover-qi.pl
+# imdiag is only used for testing
+rm -f %{buildroot}%{_libdir}/rsyslog/imdiag.so
%post
for n in /var/log/{messages,secure,maillog,spooler}
@@ -359,13 +365,15 @@ done
%defattr(-,root,root,-)
%{!?_licensedir:%global license %%doc}
%license COPYING*
-%doc AUTHORS NEWS README ChangeLog
+%doc AUTHORS ChangeLog README.md
+%exclude %{rsyslog_docdir}/html
+%exclude %{rsyslog_docdir}/mysql-createDB.sql
+%exclude %{rsyslog_docdir}/pgsql-createDB.sql
%dir %{_libdir}/rsyslog
%dir %{_sysconfdir}/rsyslog.d
%dir %{rsyslog_statedir}
%dir %{rsyslog_pkidir}
%{_sbindir}/rsyslogd
-%attr(755,root,root) %{_bindir}/rsyslog-recover-qi.pl
%{_mandir}/man5/rsyslog.conf.5.gz
%{_mandir}/man8/rsyslogd.8.gz
%{_unitdir}/rsyslog.service
@@ -373,7 +381,6 @@ done
%config(noreplace) %{_sysconfdir}/sysconfig/rsyslog
%config(noreplace) %{_sysconfdir}/logrotate.d/syslog
# plugins
-%{_libdir}/rsyslog/imdiag.so
%{_libdir}/rsyslog/imfile.so
%{_libdir}/rsyslog/imjournal.so
%{_libdir}/rsyslog/imklog.so
@@ -392,17 +399,17 @@ done
%{_libdir}/rsyslog/lmtcpsrv.so
%{_libdir}/rsyslog/lmzlibw.so
%{_libdir}/rsyslog/mmanon.so
+%{_libdir}/rsyslog/mmcount.so
+%{_libdir}/rsyslog/mmexternal.so
%{_libdir}/rsyslog/omjournal.so
%{_libdir}/rsyslog/ommail.so
%{_libdir}/rsyslog/omprog.so
-%{_libdir}/rsyslog/omruleset.so
%{_libdir}/rsyslog/omstdout.so
%{_libdir}/rsyslog/omtesting.so
%{_libdir}/rsyslog/omuxsock.so
%{_libdir}/rsyslog/pmaixforwardedfrom.so
%{_libdir}/rsyslog/pmcisconames.so
%{_libdir}/rsyslog/pmlastmsg.so
-%{_libdir}/rsyslog/pmrfc3164sd.so
%{_libdir}/rsyslog/pmsnare.so
%files crypto
@@ -413,7 +420,7 @@ done
%files doc
%defattr(-,root,root)
-%doc doc/*html
+%doc %{rsyslog_docdir}/html
%files elasticsearch
%defattr(-,root,root)
@@ -447,7 +454,7 @@ done
%files mysql
%defattr(-,root,root)
-%doc plugins/ommysql/createDB.sql
+%doc %{rsyslog_docdir}/mysql-createDB.sql
%{_libdir}/rsyslog/ommysql.so
%if %{want_mongodb}
@@ -459,7 +466,7 @@ done
%files pgsql
%defattr(-,root,root)
-%doc plugins/ompgsql/createDB.sql
+%doc %{rsyslog_docdir}/pgsql-createDB.sql
%{_libdir}/rsyslog/ompgsql.so
%files rabbitmq
@@ -490,6 +497,30 @@ done
%{_libdir}/rsyslog/omudpspoof.so
%changelog
+* Thu Mar 19 2015 Tomas Heinrich <theinric at redhat.com> 8.8.0-1
+- rebase to 8.8.0
+ resolves: rhbz#1069690
+ - drop patches merged upstream
+ - version the dependency on liblognorm-devel
+ - enable mmcount, mmexternal modules,
+ remove imdiag, omruleset and pmrfc3164sd modules
+ resolves: rhbz#1156359
+- add dos2unix to build requirements
+- make the build process more verbose
+- in accordance with an upstream change, the rsyslog service is now
+ restarted automatically upon failure
+- adjust the default configuration file for the removal of
+ /etc/rsyslog.d/listen.conf by the systemd package
+ resolves: rhbz#1116864
+- disable the imklog module by default; kernel messages are read from journald
+ resolves: rhbz#1083564
+- if there is no saved position in the journal, log only messages that are
+ received after rsyslog is started; this is a safety measure to prevent
+ excessive resource utilization
+- use documentation from the standalone rsyslog-docs project
+- move documentation from all subpackages into a single directory
+- mark the recover_qi.pl script as documentation
+
* Tue Oct 07 2014 Tomas Heinrich <theinric at redhat.com> 7.4.10-5
- fix CVE-2014-3634
More information about the scm-commits
mailing list