commit e970d11dbf86c5874aeb18f875ab59d9efd9a8d9 Author: yanzh_h Date: Wed Dec 11 21:52:28 2019 +0800 postgresql package init diff --git a/0000-rpm-pgsql.patch b/0000-rpm-pgsql.patch new file mode 100644 index 0000000..aec64ac --- /dev/null +++ b/0000-rpm-pgsql.patch @@ -0,0 +1,72 @@ +For the RPMs, we want the custom installation directories to end in +/pgsql not /postgresql. This is historical but not worth changing. + +Notice that this patch also makes the appending of /pgsql unconditional. +This is to avoid unexpected behavior if the RPM is built in a working +directory whose path happens to include "postgres" or "pgsql" already. +However, datadir and sysconfdir are already set up in the specfile's +configure call, so we do not have to append anything to them. + + +diff -Naur postgresql-9.0.1.orig/src/Makefile.global.in postgresql-9.0.1/src/Makefile.global.in +--- postgresql-9.0.1.orig/src/Makefile.global.in 2010-10-01 10:25:44.000000000 -0400 ++++ postgresql-9.0.1/src/Makefile.global.in 2010-10-11 11:52:05.224975308 -0400 +@@ -55,8 +55,7 @@ + # Installation directories + # + # These are set by the equivalent --xxxdir configure options. We +-# append "postgresql" to some of them, if the string does not already +-# contain "pgsql" or "postgres", in order to avoid directory clutter. ++# append "pgsql" to some of them, in order to avoid directory clutter. + # + # In a PGXS build, we cannot use the values inserted into Makefile.global + # by configure, since the installation tree may have been relocated. +@@ -74,45 +73,23 @@ + bindir := @bindir@ + + datadir := @datadir@ +-ifeq "$(findstring pgsql, $(datadir))" "" +-ifeq "$(findstring postgres, $(datadir))" "" +-override datadir := $(datadir)/postgresql +-endif +-endif + + sysconfdir := @sysconfdir@ +-ifeq "$(findstring pgsql, $(sysconfdir))" "" +-ifeq "$(findstring postgres, $(sysconfdir))" "" +-override sysconfdir := $(sysconfdir)/postgresql +-endif +-endif + + libdir := @libdir@ + + pkglibdir = $(libdir) +-ifeq "$(findstring pgsql, $(pkglibdir))" "" +-ifeq "$(findstring postgres, $(pkglibdir))" "" +-override pkglibdir := $(pkglibdir)/postgresql +-endif +-endif ++override pkglibdir := $(pkglibdir)/pgsql + + includedir := @includedir@ + + pkgincludedir = $(includedir) +-ifeq "$(findstring pgsql, $(pkgincludedir))" "" +-ifeq "$(findstring postgres, $(pkgincludedir))" "" +-override pkgincludedir := $(pkgincludedir)/postgresql +-endif +-endif ++override pkgincludedir := $(pkgincludedir)/pgsql + + mandir := @mandir@ + + docdir := @docdir@ +-ifeq "$(findstring pgsql, $(docdir))" "" +-ifeq "$(findstring postgres, $(docdir))" "" +-override docdir := $(docdir)/postgresql +-endif +-endif ++override docdir := $(docdir)/pgsql + + htmldir := @htmldir@ + diff --git a/0001-postgresql-logging.patch b/0001-postgresql-logging.patch new file mode 100644 index 0000000..76ff7b8 --- /dev/null +++ b/0001-postgresql-logging.patch @@ -0,0 +1,41 @@ +Default to stderr-based logging with a week's worth of daily logfiles. + + +diff -Naur postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample postgresql-9.1rc1/src/backend/utils/misc/postgresql.conf.sample +--- postgresql-9.1rc1.orig/src/backend/utils/misc/postgresql.conf.sample 2011-08-18 17:23:13.000000000 -0400 ++++ postgresql-9.1rc1/src/backend/utils/misc/postgresql.conf.sample 2011-08-18 18:39:39.697526799 -0400 +@@ -279,7 +279,7 @@ + # requires logging_collector to be on. + + # This is used when logging to stderr: +-#logging_collector = off # Enable capturing of stderr and csvlog ++logging_collector = on # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) +@@ -355,11 +355,11 @@ + # These are only used if logging_collector is on: + #log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +-#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, ++log_filename = 'postgresql-%a.log' # log file name pattern, + # can include strftime() escapes + #log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +-#log_truncate_on_rotation = off # If on, an existing log file with the ++log_truncate_on_rotation = on # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on +@@ -367,9 +367,9 @@ + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +-#log_rotation_age = 1d # Automatic rotation of logfiles will ++log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +-#log_rotation_size = 10MB # Automatic rotation of logfiles will ++log_rotation_size = 0 # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + diff --git a/0002-postgresql-var-run-socket.patch b/0002-postgresql-var-run-socket.patch new file mode 100644 index 0000000..8e3b193 --- /dev/null +++ b/0002-postgresql-var-run-socket.patch @@ -0,0 +1,53 @@ +Change the built-in default socket directory to be /var/run/postgresql. +For backwards compatibility with (probably non-libpq-based) clients that +might still expect to find the socket in /tmp, also create a socket in +/tmp. This is to resolve communication problems with clients operating +under systemd's PrivateTmp environment, which won't be using the same +global /tmp directory as the server; see bug #825448. + +Note that we apply the socket directory change at the level of the +hard-wired defaults in the C code, not by just twiddling the setting in +postgresql.conf.sample; this is so that the change will take effect on +server package update, without requiring any existing postgresql.conf +to be updated. (Of course, a user who dislikes this behavior can still +override it via postgresql.conf.) + +diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c +index 9481f2d..75532c7 100644 +--- a/src/backend/utils/misc/guc.c ++++ b/src/backend/utils/misc/guc.c +@@ -3196,7 +3196,7 @@ static struct config_string ConfigureNamesString[] = + }, + &Unix_socket_directories, + #ifdef HAVE_UNIX_SOCKETS +- DEFAULT_PGSOCKET_DIR, ++ DEFAULT_PGSOCKET_DIR ", /tmp", + #else + "", + #endif +diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c +index feeff9e..3e3d784 100644 +--- a/src/bin/initdb/initdb.c ++++ b/src/bin/initdb/initdb.c +@@ -1234,7 +1234,7 @@ setup_config(void) + + #ifdef HAVE_UNIX_SOCKETS + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = '%s'", +- DEFAULT_PGSOCKET_DIR); ++ DEFAULT_PGSOCKET_DIR ", /tmp"); + #else + snprintf(repltok, sizeof(repltok), "#unix_socket_directories = ''"); + #endif +diff --git a/src/include/pg_config_manual.h b/src/include/pg_config_manual.h +index e278fa0..9ee15d4 100644 +--- a/src/include/pg_config_manual.h ++++ b/src/include/pg_config_manual.h +@@ -169,7 +169,7 @@ + * here's where to twiddle it. You can also override this at runtime + * with the postmaster's -k switch. + */ +-#define DEFAULT_PGSOCKET_DIR "/tmp" ++#define DEFAULT_PGSOCKET_DIR "/var/run/postgresql" + + /* + * This is the default event source for Windows event log. diff --git a/0003-postgresql-man.patch b/0003-postgresql-man.patch new file mode 100644 index 0000000..8d3afe3 --- /dev/null +++ b/0003-postgresql-man.patch @@ -0,0 +1,49 @@ +PostgreSQL ecpg/initdb manual page fixes + +This was generated based on automatic Red Hat manual page scan (private +RHBZ#948933). + +diff -up ./doc/src/sgml/man1/ecpg.1.man948933 ./doc/src/sgml/man1/ecpg.1 +--- ./doc/src/sgml/man1/ecpg.1.man948933 2014-12-16 02:13:15.000000000 +0100 ++++ ./doc/src/sgml/man1/ecpg.1 2014-12-23 11:26:37.883644047 +0100 +@@ -80,6 +80,11 @@ INFORMIX_SE\&. + Define a C preprocessor symbol\&. + .RE + .PP ++\fB\-h \fR ++.RS 4 ++Parse a header file, this option includes option \fB\-c\fR\&. ++.RE ++.PP + \fB\-i\fR + .RS 4 + Parse system include files as well\&. +@@ -128,6 +133,11 @@ Allow question mark as placeholder for c + .RE + .RE + .PP ++\fB\-\-regression\fR ++.RS 4 ++Run in regression testing mode\&. ++.RE ++.PP + \fB\-t\fR + .RS 4 + Turn on autocommit of transactions\&. In this mode, each SQL command is automatically committed unless it is inside an explicit transaction block\&. In the default mode, commands are committed only when +diff -up ./doc/src/sgml/man1/initdb.1.man948933 ./doc/src/sgml/man1/initdb.1 +--- ./doc/src/sgml/man1/initdb.1.man948933 2014-12-16 02:13:21.000000000 +0100 ++++ ./doc/src/sgml/man1/initdb.1 2014-12-23 11:26:37.883644047 +0100 +@@ -281,6 +281,13 @@ determines that an error prevented it fr + .PP + Other options: + .PP ++\fB\-s\fR ++.br ++\fB\-\-show\fR ++.RS 4 ++Print the internal settings, then exit\&. ++.RE ++.PP + \fB\-V\fR + .br + \fB\-\-version\fR diff --git a/6000-CVE-2019-10164-1.patch b/6000-CVE-2019-10164-1.patch new file mode 100644 index 0000000..45a21d1 --- /dev/null +++ b/6000-CVE-2019-10164-1.patch @@ -0,0 +1,108 @@ +From 90adc16ea13750a6b6f704c6cf65dc0f1bdb845c Mon Sep 17 00:00:00 2001 +From: Michael Paquier +Date: Mon, 17 Jun 2019 21:48:34 +0900 +Subject: [PATCH] Fix buffer overflow when parsing SCRAM verifiers in backend + +Any authenticated user can overflow a stack-based buffer by changing the +user's own password to a purpose-crafted value. This often suffices to +execute arbitrary code as the PostgreSQL operating system account. + +This fix is contributed by multiple folks, based on an initial analysis +from Tom Lane. This issue has been introduced by 68e61ee, so it was +possible to make use of it at authentication time. It became more +easily to trigger after ccae190 which has made the SCRAM parsing more +strict when changing a password, in the case where the client passes +down a verifier already hashed using SCRAM. Back-patch to v10 where +SCRAM has been introduced. + +Reported-by: Alexander Lakhin +Author: Jonathan Katz, Heikki Linnakangas, Michael Paquier +Security: CVE-2019-10164 +Backpatch-through: 10 +--- + src/backend/libpq/auth-scram.c | 35 ++++++++++++++++++++++++++-------- + src/test/regress/expected/password.out | 23 ++++++++++++++++++++++ + src/test/regress/sql/password.sql | 18 +++++++++++++++++ + 3 files changed, 68 insertions(+), 8 deletions(-) + +diff -Nurp postgresql-10.5/src/backend/libpq/auth-scram.c postgresql-10.5-bak/src/backend/libpq/auth-scram.c +--- postgresql-10.5/src/backend/libpq/auth-scram.c 2018-08-06 16:05:31.000000000 -0400 ++++ postgresql-10.5-bak/src/backend/libpq/auth-scram.c 2019-08-01 10:03:08.505000000 -0400 +@@ -474,6 +474,12 @@ scram_verify_plain_password(const char * + /* + * Parse and validate format of given SCRAM verifier. + * ++ * On success, the iteration count, salt, stored key, and server key are ++ * extracted from the verifier, and returned to the caller. For 'stored_key' ++ * and 'server_key', the caller must pass pre-allocated buffers of size ++ * SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated ++ * string. The buffer for the salt is palloc'd by this function. ++ * + * Returns true if the SCRAM verifier has been parsed, and false otherwise. + */ + static bool +@@ -489,6 +495,8 @@ parse_scram_verifier(const char *verifie + char *serverkey_str; + int decoded_len; + char *decoded_salt_buf; ++ char *decoded_stored_buf; ++ char *decoded_server_buf; + + /* + * The verifier is of form: +@@ -521,7 +529,8 @@ parse_scram_verifier(const char *verifie + * although we return the encoded version to the caller. + */ + decoded_salt_buf = palloc(pg_b64_dec_len(strlen(salt_str))); +- decoded_len = pg_b64_decode(salt_str, strlen(salt_str), decoded_salt_buf); ++ decoded_len = pg_b64_decode(salt_str, strlen(salt_str), ++ decoded_salt_buf); + if (decoded_len < 0) + goto invalid_verifier; + *salt = pstrdup(salt_str); +@@ -529,28 +538,38 @@ parse_scram_verifier(const char *verifie + /* + * Decode StoredKey and ServerKey. + */ +- if (pg_b64_dec_len(strlen(storedkey_str) != SCRAM_KEY_LEN)) +- goto invalid_verifier; ++ decoded_stored_buf = palloc(pg_b64_dec_len(strlen(storedkey_str))); + decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str), +- (char *) stored_key); ++ decoded_stored_buf); + if (decoded_len != SCRAM_KEY_LEN) + goto invalid_verifier; ++ memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN); + +- if (pg_b64_dec_len(strlen(serverkey_str) != SCRAM_KEY_LEN)) +- goto invalid_verifier; ++ decoded_server_buf = palloc(pg_b64_dec_len(strlen(serverkey_str))); + decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str), +- (char *) server_key); ++ decoded_server_buf); + if (decoded_len != SCRAM_KEY_LEN) + goto invalid_verifier; ++ memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN); + + return true; + + invalid_verifier: +- pfree(v); + *salt = NULL; + return false; + } + ++/* ++ * Generate plausible SCRAM verifier parameters for mock authentication. ++ * ++ * In a normal authentication, these are extracted from the verifier ++ * stored in the server. This function generates values that look ++ * realistic, for when there is no stored verifier. ++ * ++ * Like in parse_scram_verifier(), for 'stored_key' and 'server_key', the ++ * caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and ++ * the buffer for the salt is palloc'd by this function. ++ */ + static void + mock_scram_verifier(const char *username, int *iterations, char **salt, + uint8 *stored_key, uint8 *server_key) diff --git a/6001-CVE-2019-10164-2.patch b/6001-CVE-2019-10164-2.patch new file mode 100644 index 0000000..edb4d26 --- /dev/null +++ b/6001-CVE-2019-10164-2.patch @@ -0,0 +1,77 @@ +From d72a7e4da1001b29a661a4b1a52cb5c4d708bab0 Mon Sep 17 00:00:00 2001 +From: Michael Paquier +Date: Mon, 17 Jun 2019 22:14:09 +0900 +Subject: [PATCH] Fix buffer overflow when processing SCRAM final message in + libpq + +When a client connects to a rogue server sending specifically-crafted +messages, this can suffice to execute arbitrary code as the operating +system account used by the client. + +While on it, fix one error handling when decoding an incorrect salt +included in the first message received from server. + +Author: Michael Paquier +Reviewed-by: Jonathan Katz, Heikki Linnakangas +Security: CVE-2019-10164 +Backpatch-through: 10 +--- + src/interfaces/libpq/fe-auth-scram.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c +index 7fa7f34c80..4cdf9ba93b 100644 +--- a/src/interfaces/libpq/fe-auth-scram.c ++++ b/src/interfaces/libpq/fe-auth-scram.c +@@ -462,6 +462,12 @@ read_server_first_message(fe_scram_state *state, char *input, + state->saltlen = pg_b64_decode(encoded_salt, + strlen(encoded_salt), + state->salt); ++ if (state->saltlen < 0) ++ { ++ printfPQExpBuffer(errormessage, ++ libpq_gettext("malformed SCRAM message (invalid salt)\n")); ++ return false; ++ } + + iterations_str = read_attr_value(&input, 'i', errormessage); + if (iterations_str == NULL) +@@ -492,6 +498,7 @@ read_server_final_message(fe_scram_state *state, char *input, + PQExpBuffer errormessage) + { + char *encoded_server_signature; ++ char *decoded_server_signature; + int server_signature_len; + + state->server_final_message = strdup(input); +@@ -525,15 +532,27 @@ read_server_final_message(fe_scram_state *state, char *input, + printfPQExpBuffer(errormessage, + libpq_gettext("malformed SCRAM message (garbage at end of server-final-message)\n")); + ++ server_signature_len = pg_b64_dec_len(strlen(encoded_server_signature)); ++ decoded_server_signature = malloc(server_signature_len); ++ if (!decoded_server_signature) ++ { ++ printfPQExpBuffer(errormessage, ++ libpq_gettext("out of memory\n")); ++ return false; ++ } ++ + server_signature_len = pg_b64_decode(encoded_server_signature, + strlen(encoded_server_signature), +- state->ServerSignature); ++ decoded_server_signature); + if (server_signature_len != SCRAM_KEY_LEN) + { ++ free(decoded_server_signature); + printfPQExpBuffer(errormessage, + libpq_gettext("malformed SCRAM message (invalid server signature)\n")); + return false; + } ++ memcpy(state->ServerSignature, decoded_server_signature, SCRAM_KEY_LEN); ++ free(decoded_server_signature); + + return true; + } +-- +2.11.0 diff --git a/Makefile.regress b/Makefile.regress new file mode 100644 index 0000000..925877c --- /dev/null +++ b/Makefile.regress @@ -0,0 +1,67 @@ +# +# Simplified makefile for running the PostgreSQL regression tests +# in an RPM installation +# + +# maximum simultaneous connections for parallel tests +MAXCONNOPT = +ifdef MAX_CONNECTIONS +MAXCONNOPT += --max-connections=$(MAX_CONNECTIONS) +endif + +# locale +NOLOCALE = +ifdef NO_LOCALE +NOLOCALE += --no-locale +endif + +srcdir := . + +REGRESS_OPTS += --dlpath=. + +pg_regress_locale_flags = $(if $(ENCODING),--encoding=$(ENCODING)) $(NOLOCALE) + +pg_regress_installcheck = ./pg_regress --inputdir=$(srcdir) --bindir=@bindir@ $(pg_regress_locale_flags) + +# Test input and expected files. These are created by pg_regress itself, so we +# don't have a rule to create them. We do need rules to clean them however. +ifile_list := $(subst .source,, $(notdir $(wildcard $(srcdir)/input/*.source))) +input_files := $(foreach file, $(ifile_list), sql/$(file).sql) +ofile_list := $(subst .source,, $(notdir $(wildcard $(srcdir)/output/*.source))) +output_files := $(foreach file, $(ofile_list), expected/$(file).out) + +abs_srcdir := $(shell pwd) +abs_builddir := $(shell pwd) + +check: installcheck-parallel + +installcheck: cleandirs + $(pg_regress_installcheck) $(REGRESS_OPTS) --schedule=$(srcdir)/serial_schedule $(EXTRA_TESTS) + +installcheck-parallel: cleandirs + $(pg_regress_installcheck) $(REGRESS_OPTS) --schedule=$(srcdir)/parallel_schedule $(MAXCONNOPT) $(EXTRA_TESTS) + +# The tests command the server to write into testtablespace and results. +# On a SELinux-enabled system this will fail unless we mark those directories +# as writable by the server. +cleandirs: + -rm -rf testtablespace results + mkdir testtablespace results + [ -x /usr/bin/chcon ] && /usr/bin/chcon -u system_u -r object_r -t postgresql_db_t testtablespace results + +# old interfaces follow... + +runcheck: check +runtest: installcheck +runtest-parallel: installcheck-parallel + + +## +## Clean up +## + +clean distclean maintainer-clean: + rm -f $(output_files) $(input_files) + rm -rf testtablespace + rm -rf results tmp_check log + rm -f regression.diffs regression.out regress.out run_check.out diff --git a/generate-pdf.sh b/generate-pdf.sh new file mode 100755 index 0000000..e0ed008 --- /dev/null +++ b/generate-pdf.sh @@ -0,0 +1,58 @@ +#! /bin/sh + +# This script builds the PDF version of the PostgreSQL documentation. +# +# In principle we could do this as part of the RPM build, but there are +# good reasons not to: +# 1. The build would take longer and have a larger BuildRequires footprint. +# 2. The generated PDF has timestamps in it, which would inevitably result +# in multilib conflicts due to slightly different timestamps. +# So instead, we run this manually when rebasing to a new upstream release, +# and treat the resulting PDF as a separate Source file. +# +# You will need to have the docbook packages installed to run this. +# Expect it to take about 20 minutes and use about 160MB of disk. + +set -e + +# Pass package version (e.g., 9.1.2) as argument +VERSION=$1 + +test -z "$VERSION" && VERSION=`awk '/^Version:/ { print $2; }' postgresql.spec` + +TARGETFILE=postgresql-$VERSION-US.pdf +test -f "$TARGETFILE" && echo "$TARGETFILE exists" && exit 1 + +echo Building $TARGETFILE ... + +# Unpack postgresql + +rm -rf postgresql-$VERSION + +tar xfj postgresql-$VERSION.tar.bz2 + +cd postgresql-$VERSION + +# Apply any patches that affect the PDF documentation + +# patch -p1 < ../xxx.patch + +# Configure ... + +./configure >/dev/null + +# Build the PDF docs + +cd doc/src/sgml + +make postgres-US.pdf >make.log + +mv -f postgres-US.pdf ../../../../$TARGETFILE + +# Clean up + +cd ../../../.. + +rm -rf postgresql-$VERSION + +exit 0 diff --git a/postgresql-10.5-US.pdf b/postgresql-10.5-US.pdf new file mode 100644 index 0000000..21f0ea2 Binary files /dev/null and b/postgresql-10.5-US.pdf differ diff --git a/postgresql-10.5.tar.bz2 b/postgresql-10.5.tar.bz2 new file mode 100644 index 0000000..813010f Binary files /dev/null and b/postgresql-10.5.tar.bz2 differ diff --git a/postgresql-10.5.tar.bz2.sha256 b/postgresql-10.5.tar.bz2.sha256 new file mode 100644 index 0000000..62d14ed --- /dev/null +++ b/postgresql-10.5.tar.bz2.sha256 @@ -0,0 +1 @@ +6c8e616c91a45142b85c0aeb1f29ebba4a361309e86469e0fb4617b6a73c4011 postgresql-10.5.tar.bz2 diff --git a/postgresql-9.6.10.tar.bz2 b/postgresql-9.6.10.tar.bz2 new file mode 100644 index 0000000..77f059f Binary files /dev/null and b/postgresql-9.6.10.tar.bz2 differ diff --git a/postgresql-9.6.10.tar.bz2.sha256 b/postgresql-9.6.10.tar.bz2.sha256 new file mode 100644 index 0000000..1d5f96b --- /dev/null +++ b/postgresql-9.6.10.tar.bz2.sha256 @@ -0,0 +1 @@ +8615acc56646401f0ede97a767dfd27ce07a8ae9c952afdb57163b7234fe8426 postgresql-9.6.10.tar.bz2 diff --git a/postgresql-bashprofile b/postgresql-bashprofile new file mode 100644 index 0000000..1cd70d3 --- /dev/null +++ b/postgresql-bashprofile @@ -0,0 +1,4 @@ +[ -f /etc/profile ] && source /etc/profile + +PGDATA=/var/lib/pgsql/data +export PGDATA diff --git a/postgresql-setup-8.2.tar.gz b/postgresql-setup-8.2.tar.gz new file mode 100644 index 0000000..7ff1ece Binary files /dev/null and b/postgresql-setup-8.2.tar.gz differ diff --git a/postgresql.pam b/postgresql.pam new file mode 100644 index 0000000..1d78594 --- /dev/null +++ b/postgresql.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/postgresql.spec b/postgresql.spec new file mode 100644 index 0000000..76d52a2 --- /dev/null +++ b/postgresql.spec @@ -0,0 +1,569 @@ +%global _default_patch_flags --no-backup-if-mismatch +%global __provides_exclude_from %{_libdir}/pgsql +%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) + +Name: postgresql +Version: 10.5 +Release: 6 +Summary: PostgreSQL client programs +License: PostgreSQL +Url: http://www.postgresql.org/ +Source0: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2 +Source1: postgresql-%{version}-US.pdf +Source2: generate-pdf.sh +Source3: https://ftp.postgresql.org/pub/source/v9.6.10/postgresql-9.6.10.tar.bz2 +Source4: Makefile.regress +Source5: postgresql.tmpfiles.d +Source6: postgresql.pam +Source7: postgresql-bashprofile +Source8: https://github.com/devexp-db/postgresql-setup/releases/download/v8.2/postgresql-setup-8.2.tar.gz +Source9: https://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2.sha256 +Source10: https://ftp.postgresql.org/pub/source/v9.6.10/postgresql-9.6.10.tar.bz2.sha256 + +Patch0000: 0000-rpm-pgsql.patch +Patch0001: 0001-postgresql-logging.patch +Patch0002: 0002-postgresql-var-run-socket.patch +Patch0003: 0003-postgresql-man.patch + +Patch6000: 6000-CVE-2019-10164-1.patch +Patch6001: 6001-CVE-2019-10164-2.patch + +BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk perl(ExtUtils::Embed) +BuildRequires: perl-devel perl-generators readline-devel zlib-devel systemd systemd-devel +BuildRequires: util-linux multilib-rpm-config m4 elinks docbook-utils help2man python2-devel +BuildRequires: python3-devel tcl-devel openssl-devel krb5-devel openldap-devel gettext >= 0.10.35 +BuildRequires: uuid-devel libxml2-devel libxslt-devel pam-devel systemtap-sdt-devel libselinux-devel +Requires: %{name}-libs = %{version}-%{release} + +%package libs +Summary: The shared libraries required for any PostgreSQL clients +Requires(post): glibc +Requires(postun): glibc + +%description libs +The postgresql-libs package provides the essential shared libraries for any +PostgreSQL client program or interface. You will need to install this package +to use any other PostgreSQL package or any clients that need to connect to a +PostgreSQL server. + +%description +PostgreSQL is an advanced Object-Relational database management system (DBMS) +that supports almost all SQL constructs (including transactions, subselects +and user-defined types and functions). The postgresql package includes the client +programs and libraries that you'll need to access a PostgreSQL DBMS server. + +%package server +Summary: A package helps to create and run a PostgreSQL server +Requires: %{name} = %{version}-%{release} %{name}-libs = %{version}-%{release} systemd +Requires(pre): shadow +%{?systemd_requires} +Provides: %{name}-server(:MODULE_COMPAT_10) +Provides: bundled(postgresql-setup) = 8.2 + +%description server +The postgresql-server package includes the programs needed to create and run +a PostgreSQL server, which will in turn allow you to create and maintain +PostgreSQL databases. + +%package help +Summary: Help documentation for PostgreSQL +Requires: %{name} = %{version}-%{release} +Provides: %{name}-doc = %{version}-%{release} %{name}-docs = %{version}-%{release} +Obsoletes: %{name}-docs < %{version}-%{release} + +%description help +Man pages and other related help documents for PostgreSQL. + +%package contrib +Summary: Include the contrib tree distributed with PostgreSQL tarball +Requires: %{name} = %{version}-%{release} %{name}-libs = %{version}-%{release} + +%description contrib +The postgresql-contrib package includes the contrib tree distributed +with the PostgreSQL tarball. Selected contrib modules are prebuilt. + +%package devel +Summary: Development files for postgresql +Requires: %{name}-libs = %{version}-%{release} %{name}-server = %{version}-%{release} +Provides: libpq-devel = %{version}-%{release} libecpg-devel = %{version}-%{release} +Provides: postgresql-server-devel = %{version}-%{release} + +%package test-rpm-macros +Summary: Convenience RPM macros for build-time testing against PostgreSQL server +Requires: %{name}-server = %{version}-%{release} + +%description test-rpm-macros +This package is meant to be added as BuildRequires: dependency of other packages +that want to run build-time testsuite against running PostgreSQL server. + + +%package static +Summary: Statically linked PostgreSQL libraries +Requires: %{name}-devel = %{version}-%{release} + +%description static +Statically linked PostgreSQL libraries that do not have dynamically linked +counterparts. + +%description devel +This package provides Libraries and header files for postgresql. + +%package upgrade +Summary: Support needed for upgrading a PostgreSQL database +Requires: %{name}-server = %{version}-%{release} %{name}-libs = %{version}-%{release} +Provides: bundled(postgresql-libs) = 9.6.10 + +%description upgrade +This package provides the pg_upgrade utility and supporting files needed +for upgrading a PostgreSQL database from the previous major version of +PostgreSQL. + +%package upgrade-devel +Summary: Support for build of extensions required for upgrade process +Requires: %{name}-upgrade = %{version}-%{release} + +%description upgrade-devel +This package provides the development files needed to compile C or C++ +applications which are necessary in upgrade process. + +%package plperl +Summary: The Perl procedural language for PostgreSQL +Requires: %{name}-server = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +BuildRequires: perl(Data::Dumper) + +%description plperl +This package contains the PL/Perl procedural language, which is an extension +to the PostgreSQL database server.Install this if you want to write database +functions in Perl. + +%package plpython +Summary: The Python2 procedural language for PostgreSQL +Requires: %{name}-server = %{version}-%{release} +Provides: %{name}-plpython2 = %{version}-%{release} + +%description plpython +This package contains the PL/Python procedural language, which is an extension +to the PostgreSQL database server.It is used when you want to write database +functions in Python2. + + +%package plpython3 +Summary: The Python3 procedural language for PostgreSQL +Requires: %{name}-server = %{version}-%{release} + +%description plpython3 +This package contains the PL/Python procedural language, which is an extension +to the PostgreSQL database server.It is used when you want to write database +functions in Python3. + + +%package pltcl +Summary: The Tcl procedural language for PostgreSQL +Requires: %{name}-server = %{version}-%{release} + +%description pltcl +This package provides the PL/Tcl procedural language, which is an extension +to the PostgreSQL database server. + +%package test +Summary: The test suite distributed with PostgreSQL +Requires: %{name}-server = %{version}-%{release} %{name}-devel = %{version}-%{release} + +%description test +The postgresql-test package contains files needed for various tests for the +PostgreSQL database management system, including regression tests and benchmarks. + +%prep +( + cd "$(dirname "%{SOURCE0}")" + sha256sum -c %{SOURCE9} + sha256sum -c %{SOURCE10} +) +%setup -q -a 8 +%patch0000 -p1 +%patch0001 -p1 +%patch0002 -p1 +%patch0003 -p1 + +%patch6000 -p1 +%patch6001 -p1 + +cp -p %{SOURCE1} . +tar xfj %{SOURCE3} +find . -type f -name .gitignore | xargs rm + +%build +if [ x"`id -u`" = x0 ]; then + echo "postgresql's regression tests fail if run as root." + echo "If you really need to build the RPM as root, use" + echo "--define='runselftest 0' to skip the regression tests." + exit 1 +fi + +pushd postgresql-setup-8.2 + +%configure pgdocdir=%{_pkgdocdir} PGVERSION=%{version} pgsetup_cv_os_family=redhat \ + PGMAJORVERSION=10 NAME_DEFAULT_PREV_SERVICE=postgresql + +%make_build +popd + +CFLAGS="${CFLAGS:-%optflags}" +CFLAGS=`echo $CFLAGS|xargs -n 1|grep -v ffast-math|xargs -n 100` +export CFLAGS + +common_configure_options=' + --disable-rpath --with-perl --with-tcl --with-tclconfig=%_libdir + --with-ldap --with-openssl --with-pam --with-gssapi --with-ossp-uuid + --with-libxml --with-libxslt --enable-nls --enable-dtrace + --with-selinux --with-system-tzdata=%_datadir/zoneinfo + --datadir=%_datadir/pgsql --with-systemd +' + +export PYTHON=/usr/bin/python3 + +%configure $common_configure_options --with-python + +%make_build -C src/pl/plpython all +cp -a src/pl/plpython src/pl/plpython3 + +cp src/Makefile.global src/Makefile.global.python3 + +make distclean + +PYTHON=/usr/bin/python2 + +%configure $common_configure_options --with-python + +unset PYTHON + +%make_build world + +sed "s|C=\`pwd\`;|C=%{_libdir}/pgsql/tutorial;|" < src/tutorial/Makefile > src/tutorial/GNUmakefile +%make_build -C src/tutorial NO_PGXS=1 all + +rm -f src/tutorial/GNUmakefile src/tutorial/*.o + +run_testsuite() +{ + make -k -C "$1" MAX_CONNECTIONS=5 check && return 0 || test_failure=1 + ( + set +x + echo "=== trying to find all regression.diffs files in build directory ===" + find "$1" -name 'regression.diffs' | \ + while read line; do + echo "=== make failure: $line ===" + cat "$line" + done + ) +} + +test_failure=0 + +run_testsuite "src/test/regress" +make clean -C "src/test/regress" +run_testsuite "src/pl" +mv src/Makefile.global src/Makefile.global.save +cp src/Makefile.global.python3 src/Makefile.global +touch -r src/Makefile.global.save src/Makefile.global +mv src/pl/plpython src/pl/plpython2 +mv src/pl/plpython3 src/pl/plpython + +run_testsuite "src/pl/plpython" + +mv src/pl/plpython src/pl/plpython3 +mv src/pl/plpython2 src/pl/plpython +mv -f src/Makefile.global.save src/Makefile.global +run_testsuite "contrib" + +test "$test_failure" -eq 0 +make all -C src/test/regress + +pushd postgresql-9.6.10 + +upgrade_configure () +{ + PYTHON="${PYTHON-/usr/bin/python2}" \ + CFLAGS="$CFLAGS -fno-aggressive-loop-optimizations" ./configure \ + --build=%{_build} --host=%{_host} --prefix=%{_libdir}/pgsql/postgresql-9.6 \ + --disable-rpath --with-perl --with-tcl --with-tclconfig=%_libdir \ + --with-system-tzdata=/usr/share/zoneinfo "$@" +} + +export PYTHON=/usr/bin/python3 +upgrade_configure --with-python +%make_build -C src/pl/plpython all +cp src/pl/plpython/plpython3.so ./ +unset PYTHON +make distclean + +upgrade_configure --with-python +%make_build all +%make_build -C contrib all +popd + + +%install +pushd postgresql-setup-8.2 +%make_install +popd + +mv $RPM_BUILD_ROOT/%{_pkgdocdir}/README.rpm-dist ./ + +cat > $RPM_BUILD_ROOT%{_sysconfdir}/postgresql-setup/upgrade/postgresql.conf < $RPM_BUILD_ROOT%macrosdir/macros.%name-upgrade +%%postgresql_upgrade_prefix %{_libdir}/pgsql/postgresql-9.6 +EOF + + +install -d $RPM_BUILD_ROOT%{_libdir}/pgsql/test +cp -a src/test/regress $RPM_BUILD_ROOT%{_libdir}/pgsql/test +ln -sf ../../pgxs/src/test/regress/pg_regress $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/pg_regress +pushd $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress +rm -f GNUmakefile Makefile *.o +chmod 0755 pg_regress regress.so +popd +sed 's|@bindir@|%{_bindir}|g' \ + < %{SOURCE4} \ + > $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile +chmod 0644 $RPM_BUILD_ROOT%{_libdir}/pgsql/test/regress/Makefile + +rm -rf doc/html +mv $RPM_BUILD_ROOT%{_docdir}/pgsql/html doc + +find_lang_bins () +{ + lstfile=$1 ; shift + cp /dev/null "$lstfile" + for binary; do + %find_lang "$binary"-10 + cat "$binary"-10.lang >>"$lstfile" + done +} + +find_lang_bins devel.lst ecpg pg_config +find_lang_bins libs.lst ecpglib6 libpq5 +find_lang_bins server.lst initdb pg_basebackup pg_controldata pg_ctl pg_resetwal pg_rewind plpgsql postgres +find_lang_bins contrib.lst pg_archivecleanup pg_test_fsync pg_test_timing pg_waldump +find_lang_bins main.lst pg_dump pg_upgrade pgscripts psql +find_lang_bins plperl.lst plperl +find_lang_bins plpython.lst plpython +find_lang_bins plpython3.lst plpython +find_lang_bins pltcl.lst pltcl + + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + + +%pre server +/usr/sbin/groupadd -g 26 -o -r postgres >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g postgres -o -r -d /var/lib/pgsql -s /bin/bash \ + -c "PostgreSQL Server" -u 26 postgres >/dev/null 2>&1 || : + +%post server +%systemd_post postgresql.service + + +%preun server +%systemd_preun postgresql.service + + +%postun server +%systemd_postun_with_restart postgresql.service + + +%check +make -C postgresql-setup-8.2 check + + +%clean + + +%files -f main.lst +%doc COPYRIGHT README +%{_bindir}/{clusterdb,createdb,createuser,dropdb,dropuser,pg_dump,pg_dumpall} +%{_bindir}/{pg_isready,pg_restore,pg_upgrade,psql,reindexdb,vacuumdb} +%exclude %{_docdir}/pgsql +%exclude %{_libdir}/pgsql/test/regress/pg_regress +%exclude %{_libdir}/lib{ecpg,pq,ecpg_compat,pgfeutils,pgtypes}.a + +%files libs -f libs.lst +%doc COPYRIGHT +%dir %{_libdir}/pgsql +%{_libdir}/libecpg.so.* +%{_libdir}/libecpg_compat.so.* +%{_libdir}/libpgtypes.so.* +%{_libdir}/libpq.so.* + + +%files help +%doc *-US.pdf doc/html doc/KNOWN_BUGS doc/MISSING_FEATURES doc/TODO +%doc HISTORY doc/bug.template README.rpm-dist +%{_libdir}/pgsql/tutorial/ +%{_mandir}/man1/* +%{_mandir}/man3/* +%{_mandir}/man7/* + + +%files contrib -f contrib.lst +%doc contrib/spi/*.example +%{_bindir}/{oid2name,pg_archivecleanup,pg_standby,pg_test_fsync,pg_test_timing,pg_waldump,pgbench,vacuumlo} +%{_datadir}/pgsql/extension/{adminpack*,amcheck*,autoinc*,bloom*,btree_gin*,btree_gist*,chkpass*} +%{_datadir}/pgsql/extension/{citext*,cube*,dblink*,dict_int*,dict_xsyn*,earthdistance*,file_fdw*,fuzzystrmatch*} +%{_datadir}/pgsql/extension/{hstore*,insert_username*,intagg*,intarray*,isn*,lo*,ltree*,moddatetime*} +%{_datadir}/pgsql/extension/{pageinspect*,pg_buffercache*,pg_freespacemap*,pg_prewarm*,pg_stat_statements*} +%{_datadir}/pgsql/extension/{pg_trgm*,pg_visibility*,pgcrypto*,pgrowlocks*,pgstattuple*,postgres_fdw*} +%{_datadir}/pgsql/extension/{refint*,seg*,tablefunc*,tcn*,timetravel*,tsm_system_rows*,tsm_system_time*} +%{_datadir}/pgsql/extension/{unaccent*,sslinfo*,uuid-ossp*,xml2*} +%{_datadir}/pgsql/contrib/sepgsql.sql +%{_libdir}/pgsql/{_int,adminpack,amcheck,auth_delay,auto_explain,autoinc,bloom,btree_gin,btree_gist}.so +%{_libdir}/pgsql/{chkpass,citext,cube,dblink,dict_int,dict_xsyn,earthdistance,file_fdw,fuzzystrmatch}.so +%{_libdir}/pgsql/{hstore,hstore_plperl,hstore_plpython2,insert_username,isn,lo,ltree,ltree_plpython2}.so +%{_libdir}/pgsql/{moddatetime,pageinspect,passwordcheck,pg_buffercache,pg_freespacemap,pg_stat_statements}.so +%{_libdir}/pgsql/{pg_trgm,pg_visibility,pgcrypto,pgrowlocks,pgstattuple,postgres_fdw,refint}.so +%{_libdir}/pgsql/{seg,tablefunc,tcn,test_decoding,timetravel,tsm_system_rows,tsm_system_time,unaccent}.so +%{_libdir}/pgsql/{sepgsql,sslinfo,uuid-ossp,pgxml}.so + + +%files server -f server.lst +%{_bindir}/{initdb,pg_basebackup,pg_controldata,pg_ctl,pg_receivewal,pg_recvlogical} +%{_bindir}/{pg_resetwal,pg_rewind,postgres,postgresql-setup,postmaster} +%{_datadir}/pgsql/{conversion_create.sql,*.sample,extension/plpgsql*,information_schema.sql} +%{_datadir}/pgsql/postgres.{bki,description,shdescription} +%{_datadir}/pgsql/{snowball_create.sql,sql_features.txt,system_views.sql,timezonesets/,tsearch_data/} +%{_datadir}/postgresql-setup/library.sh +%{_libdir}/pgsql/{*_and_*,dict_snowball,euc2004_sjis2004,libpqwalreceiver,pg_prewarm,pgoutput,plpgsql}.so +%{_libexecdir}/initscripts/legacy-actions/postgresql/* +%{_libexecdir}/postgresql-check-db-dir +%{_sbindir}/postgresql-new-systemd-unit +%{_tmpfilesdir}/postgresql.conf +%{_unitdir}/*postgresql*.service +%dir %{_datadir}/pgsql/{extension,contrib} +%dir %{_datadir}/postgresql-setup +%dir %{_libexecdir}/initscripts/legacy-actions/postgresql +%dir %{_sysconfdir}/postgresql-setup/upgrade +%attr(644,postgres,postgres) %config(noreplace) %{?_localstatedir}/lib/pgsql/.bash_profile +%attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql +%attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql/backups +%attr(700,postgres,postgres) %dir %{?_localstatedir}/lib/pgsql/data +%attr(755,postgres,postgres) %dir %{?_localstatedir}/run/postgresql +%config(noreplace) /etc/pam.d/postgresql +%config %{_sysconfdir}/postgresql-setup/upgrade/*.conf + + +%files devel -f devel.lst +%{_includedir}/* +%{_bindir}/{ecpg,pg_config} +%{_libdir}/{pgsql/pgxs/,pkgconfig/*.pc} +%{_libdir}/{libecpg,libecpg_compat,libpgtypes,libpq}.so +%{macrosdir}/macros.%name + +%files static +%{_libdir}/libpgcommon.a +%{_libdir}/libpgport.a + +%files test-rpm-macros +%{_datadir}/postgresql-setup/postgresql_pkg_tests.sh +%{macrosdir}/macros.%name-test + + +%files upgrade +%{_libdir}/pgsql/postgresql-9.6/{bin,lib,share} +%exclude %{_libdir}/pgsql/postgresql-9.6/bin/pg_config +%exclude %{_libdir}/pgsql/postgresql-9.6/lib/{pgxs,pkgconfig} + + +%files upgrade-devel +%{_libdir}/pgsql/postgresql-9.6/{include,bin/pg_config} +%{_libdir}/pgsql/postgresql-9.6/lib/{pkgconfig,pgxs} +%{macrosdir}/macros.%name-upgrade + + +%files plperl -f plperl.lst +%{_datadir}/pgsql/extension/plperl* +%{_libdir}/pgsql/plperl.so + + +%files pltcl -f pltcl.lst +%{_datadir}/pgsql/extension/pltcl* +%{_libdir}/pgsql/pltcl.so + + +%files plpython -f plpython.lst +%{_datadir}/pgsql/extension/{plpython2*,plpythonu*} +%{_libdir}/pgsql/plpython2.so + + +%files plpython3 -f plpython3.lst +%{_datadir}/pgsql/extension/plpython3* +%{_libdir}/pgsql/plpython3.so + +%files test +%attr(-,postgres,postgres) %{_libdir}/pgsql/test + +%changelog +* Fri Nov 15 2019 yanzhihua - 10.5-6 +- Package init diff --git a/postgresql.tmpfiles.d b/postgresql.tmpfiles.d new file mode 100644 index 0000000..d8d960d --- /dev/null +++ b/postgresql.tmpfiles.d @@ -0,0 +1 @@ +d /var/run/postgresql 0755 postgres postgres -