tojeline pushed to pcs (f22). "Fixed errors when connecting to pcsd"

Mon Jun 8 12:11:21 UTC 2015

From 67f537442a140b47b8375e55916ba4f9deceb85d Mon Sep 17 00:00:00 2001
From: Tomas Jelinek <tojeline at redhat.com>
Date: Mon, 8 Jun 2015 13:29:25 +0200
Subject: Fixed errors when connecting to pcsd

diff --git a/binding.patch b/binding.patch
new file mode 100644
index 0000000..a75f1f8
--- /dev/null
+++ b/binding.patch
@@ -0,0 +1,53 @@
+From fde93f74f2b7b251e9d21da1875926ad305f51f7 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline at redhat.com>
+Date: Mon, 8 Jun 2015 11:27:15 +0200
+Subject: [PATCH 1/2] fix binding to localhost only
+
+---
+ pcsd/pcsd.conf |  1 +
+ pcsd/pcsd.rb   | 20 +++++++++++---------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/pcsd/pcsd.conf b/pcsd/pcsd.conf
+index 69c4022..f596d59 100644
+--- a/pcsd/pcsd.conf
++++ b/pcsd/pcsd.conf
+@@ -1,3 +1,4 @@
+ # pcsd configuration file
+ # Set PCSD_DEBUG to true for advanced pcsd debugging information
+ PCSD_DEBUG=false
++RACK_ENV=production
+diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
+index 238dc50..8974b65 100644
+--- a/pcsd/pcsd.rb
++++ b/pcsd/pcsd.rb
+@@ -37,15 +37,17 @@ use Rack::Session::Cookie,
+ 
+ #use Rack::SSL
+ 
+-Dir["wizards/*.rb"].each {|file| also_reload file}
+-also_reload 'resource.rb'
+-also_reload 'remote.rb'
+-also_reload 'fenceagent.rb'
+-also_reload 'cluster.rb'
+-also_reload 'config.rb'
+-also_reload 'pcs.rb'
+-also_reload 'auth.rb'
+-also_reload 'wizard.rb'
++if development?
++  Dir["wizards/*.rb"].each {|file| also_reload file}
++  also_reload 'resource.rb'
++  also_reload 'remote.rb'
++  also_reload 'fenceagent.rb'
++  also_reload 'cluster.rb'
++  also_reload 'config.rb'
++  also_reload 'pcs.rb'
++  also_reload 'auth.rb'
++  also_reload 'wizard.rb'
++end
+ 
+ before do
+   $session = session
+-- 
+1.9.1
+
diff --git a/pcs.spec b/pcs.spec
index 8491a00..7ca13f1 100644
--- a/pcs.spec
+++ b/pcs.spec
@@ -1,6 +1,6 @@
 Name: pcs		
 Version: 0.9.139
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 URL: http://github.com/feist/pcs
 Group: System Environment/Base
@@ -10,9 +10,11 @@ BuildRequires: rubygem-eventmachine rubygem-rack-test rubygem-multi_json rubygem
 # for post, preun and postun macros
 BuildRequires: systemd
 Summary: Pacemaker Configuration System	
-Source0: http://people.redhat.com/cfeist/pcs/pcs-withgems-%{version}.tar.gz
+Source0: https://tojeline.fedorapeople.org/pkgs/pcs/pcs-withgems-%{version}.tar.gz
 Patch0: fedfix.patch
 Patch1: secure-cookie.patch
+Patch2: binding.patch
+Patch3: ssl-python.patch
 Requires: pacemaker ruby python
 Requires: python-clufter
 Requires: rubygem-sinatra rubygem-highline rubygem-rack rubygem-rack-protection rubygem-tilt
@@ -25,8 +27,10 @@ easily view, modify and created pacemaker based clusters.
 %prep
 %setup -q
 
-%patch0 -p1 -b .fedfix
-%patch1 -p1 -b .fedfix
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 cd pcsd ; bundle install --local ; cd ..
 
 %build
@@ -57,7 +61,7 @@ chmod 755 $RPM_BUILD_ROOT/%{python_sitelib}/pcs/pcs.py
 /usr/sbin/pcs
 /usr/lib/pcsd/*
 /usr/lib/pcsd/.bundle/config
-/usr/lib/pcsd/.gitignore
+%exclude /usr/lib/pcsd/.gitignore
 /usr/lib/systemd/system/pcsd.service
 /var/lib/pcsd
 /etc/pam.d/pcsd
@@ -70,6 +74,11 @@ chmod 755 $RPM_BUILD_ROOT/%{python_sitelib}/pcs/pcs.py
 %doc COPYING README
 
 %changelog
+* Mon Jun 08 2015 Tomas Jelinek <tojeline at redhat.com> - 0.9.139-5
+- Fixed pcsd bound to localhost only
+- Fixed SSL errors when connecting to pcsd (rhbz#1207223)
+- Fixed Source and Files in spec file (rhbz#1221609)
+
 * Fri May 22 2015 Tomas Jelinek <tojeline at redhat.com> - 0.9.139-4
 - Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
 
diff --git a/ssl-python.patch b/ssl-python.patch
new file mode 100644
index 0000000..66a47f3
--- /dev/null
+++ b/ssl-python.patch
@@ -0,0 +1,47 @@
+From 3e30725e1ab6cbcd3bdbbcb3a8422322151bdee1 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline at redhat.com>
+Date: Tue, 26 May 2015 14:59:22 +0200
+Subject: [PATCH 2/2] revert certificate verification changes in python
+
+---
+ pcs/utils.py | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/pcs/utils.py b/pcs/utils.py
+index 653d31e..db4548c 100644
+--- a/pcs/utils.py
++++ b/pcs/utils.py
+@@ -2,6 +2,8 @@ import os, subprocess
+ import sys
+ import pcs
+ import xml.dom.minidom
++import ssl
++import inspect
+ import urllib,urllib2
+ from xml.dom.minidom import parseString,parse
+ import xml.etree.ElementTree as ET
+@@ -310,7 +312,20 @@ def removeLocalNode(node, node_to_remove, pacemaker_remove=False):
+ # 3 = Auth Error
+ def sendHTTPRequest(host, request, data = None, printResult = True, printSuccess = True):
+     url = 'https://' + host + ':2224/' + request
+-    opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
++    # enable self-signed certificates
++    # https://www.python.org/dev/peps/pep-0476/
++    # http://bugs.python.org/issue21308
++    if (
++        hasattr(ssl, "_create_unverified_context")
++        and
++        "context" in inspect.getargspec(urllib2.HTTPSHandler.__init__).args
++    ):
++        opener = urllib2.build_opener(
++            urllib2.HTTPSHandler(context=ssl._create_unverified_context()),
++            urllib2.HTTPCookieProcessor()
++        )
++    else:
++        opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
+     tokens = readTokens()
+     if "--debug" in pcs_options:
+         print "Sending HTTP Request to: " + url
+-- 
+1.9.1
+
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/pcs.git/commit/?h=f22&id=67f537442a140b47b8375e55916ba4f9deceb85d
