[arch-commits] Commit in pgbouncer/repos (16 files)
Jan de Groot
jgc at archlinux.org
Thu Mar 16 13:03:06 UTC 2017
Date: Thursday, March 16, 2017 @ 13:03:06
Author: jgc
Revision: 290932
archrelease: copy trunk to staging-i686, staging-x86_64
Added:
pgbouncer/repos/staging-i686/
pgbouncer/repos/staging-i686/PKGBUILD
(from rev 290931, pgbouncer/trunk/PKGBUILD)
pgbouncer/repos/staging-i686/pgbouncer.ini
(from rev 290931, pgbouncer/trunk/pgbouncer.ini)
pgbouncer/repos/staging-i686/pgbouncer.install
(from rev 290931, pgbouncer/trunk/pgbouncer.install)
pgbouncer/repos/staging-i686/pgbouncer.logrotate
(from rev 290931, pgbouncer/trunk/pgbouncer.logrotate)
pgbouncer/repos/staging-i686/pgbouncer.service
(from rev 290931, pgbouncer/trunk/pgbouncer.service)
pgbouncer/repos/staging-i686/pgbouncer.tmpfiles.conf
(from rev 290931, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
pgbouncer/repos/staging-i686/usual-openssl.patch
(from rev 290931, pgbouncer/trunk/usual-openssl.patch)
pgbouncer/repos/staging-x86_64/
pgbouncer/repos/staging-x86_64/PKGBUILD
(from rev 290931, pgbouncer/trunk/PKGBUILD)
pgbouncer/repos/staging-x86_64/pgbouncer.ini
(from rev 290931, pgbouncer/trunk/pgbouncer.ini)
pgbouncer/repos/staging-x86_64/pgbouncer.install
(from rev 290931, pgbouncer/trunk/pgbouncer.install)
pgbouncer/repos/staging-x86_64/pgbouncer.logrotate
(from rev 290931, pgbouncer/trunk/pgbouncer.logrotate)
pgbouncer/repos/staging-x86_64/pgbouncer.service
(from rev 290931, pgbouncer/trunk/pgbouncer.service)
pgbouncer/repos/staging-x86_64/pgbouncer.tmpfiles.conf
(from rev 290931, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
pgbouncer/repos/staging-x86_64/usual-openssl.patch
(from rev 290931, pgbouncer/trunk/usual-openssl.patch)
----------------------------------------+
staging-i686/PKGBUILD | 49 ++++++
staging-i686/pgbouncer.ini | 52 ++++++
staging-i686/pgbouncer.install | 26 +++
staging-i686/pgbouncer.logrotate | 8 +
staging-i686/pgbouncer.service | 11 +
staging-i686/pgbouncer.tmpfiles.conf | 1
staging-i686/usual-openssl.patch | 242 +++++++++++++++++++++++++++++++
staging-x86_64/PKGBUILD | 49 ++++++
staging-x86_64/pgbouncer.ini | 52 ++++++
staging-x86_64/pgbouncer.install | 26 +++
staging-x86_64/pgbouncer.logrotate | 8 +
staging-x86_64/pgbouncer.service | 11 +
staging-x86_64/pgbouncer.tmpfiles.conf | 1
staging-x86_64/usual-openssl.patch | 242 +++++++++++++++++++++++++++++++
14 files changed, 778 insertions(+)
Copied: pgbouncer/repos/staging-i686/PKGBUILD (from rev 290931, pgbouncer/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD (rev 0)
+++ staging-i686/PKGBUILD 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,49 @@
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=pgbouncer
+pkgver=1.7.2
+pkgrel=2
+pkgdesc="A lightweight connection pooler for PostgreSQL"
+arch=('i686' 'x86_64')
+url="https://wiki.postgresql.org/wiki/PgBouncer"
+license=('BSD')
+depends=('libevent>=2.0' 'c-ares' 'systemd')
+makedepends=('asciidoc' 'xmlto')
+backup=('etc/pgbouncer/pgbouncer.ini' 'etc/logrotate.d/pgbouncer')
+install=$pkgname.install
+source=("https://pgbouncer.github.io/downloads/files/$pkgver/$pkgname-$pkgver.tar.gz"
+ pgbouncer.ini
+ pgbouncer.logrotate
+ pgbouncer.service
+ pgbouncer.tmpfiles.conf
+ usual-openssl.patch)
+sha256sums=('de36b318fe4a2f20a5f60d1c5ea62c1ca331f6813d2c484866ecb59265a160ba'
+ '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
+ '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
+ '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
+ '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d'
+ '46d2d1c421ccd9893af4f6fde28d796b7910d2385efd3e27cca118d8e484ca7b')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver/lib"
+ patch -Np1 -i ../../usual-openssl.patch
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ ./configure --prefix=/usr --disable-debug
+ make
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir/" install
+ install -D -m644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ install -D -m644 ../pgbouncer.ini "$pkgdir/etc/pgbouncer/pgbouncer.ini"
+ install -D -m644 ../pgbouncer.logrotate "$pkgdir/etc/logrotate.d/pgbouncer"
+ install -D -m644 ../pgbouncer.service "$pkgdir/usr/lib/systemd/system/pgbouncer.service"
+ install -D -m644 ../pgbouncer.tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/pgbouncer.conf"
+ mkdir -p "$pkgdir/var/log/pgbouncer"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: pgbouncer/repos/staging-i686/pgbouncer.ini (from rev 290931, pgbouncer/trunk/pgbouncer.ini)
===================================================================
--- staging-i686/pgbouncer.ini (rev 0)
+++ staging-i686/pgbouncer.ini 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,52 @@
+[pgbouncer]
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /run/pgbouncer/pgbouncer.pid
+
+;; ip address or * which means all ip-s
+;listen_addr = 127.0.0.1
+;listen_port = 6432
+
+unix_socket_dir = /run/postgresql
+unix_socket_mode = 0777
+
+; any, trust, plain, crypt, md5
+auth_type = trust
+auth_file = /etc/pgbouncer/userlist.txt
+
+; comma-separated list of users, who are allowed to change settings
+admin_users = postgres
+
+; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+; total number of clients that can connect
+max_client_conn = 100
+
+; default pool size. 20 is good number when transaction pooling
+; is in use, in session pooling it needs to be the number of
+; max clients you want to handle at any moment
+default_pool_size = 20
+
+
+;; database name = connect string
+;;
+;; connect string params:
+;; dbname= host= port= user= password=
+;; client_encoding= datestyle= timezone=
+;; pool_size= connect_query=
+[databases]
+
+; foodb over unix socket
+;foodb =
+
+; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+; acceess to dest database will go with single user
+;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool=10
+
+; fallback connect string
+;* = host=testserver
Copied: pgbouncer/repos/staging-i686/pgbouncer.install (from rev 290931, pgbouncer/trunk/pgbouncer.install)
===================================================================
--- staging-i686/pgbouncer.install (rev 0)
+++ staging-i686/pgbouncer.install 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,26 @@
+post_install() {
+ if [ ! -d '/var/lib/postgres' ]; then
+ mkdir -p '/var/lib/postgres'
+ fi
+ if ! getent group postgres >/dev/null; then
+ groupadd -g 88 postgres
+ fi
+ if ! getent passwd postgres >/dev/null; then
+ useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+ passwd -l postgres >/dev/null
+ fi
+ if ! getent group pgbouncer >/dev/null; then
+ groupadd -r pgbouncer
+ fi
+ if ! getent passwd pgbouncer >/dev/null; then
+ useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
+ passwd -l pgbouncer >/dev/null
+ fi
+ chown pgbouncer:pgbouncer /var/log/pgbouncer
+ systemd-tmpfiles --create pgbouncer.conf
+ gpasswd -a pgbouncer postgres
+}
+
+post_upgrade() {
+ post_install $1
+}
Copied: pgbouncer/repos/staging-i686/pgbouncer.logrotate (from rev 290931, pgbouncer/trunk/pgbouncer.logrotate)
===================================================================
--- staging-i686/pgbouncer.logrotate (rev 0)
+++ staging-i686/pgbouncer.logrotate 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,8 @@
+/var/log/pgbouncer/pgbouncer.log {
+ copytruncate
+ missingok
+ notifempty
+ postrotate
+ /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
+ endscript
+}
Copied: pgbouncer/repos/staging-i686/pgbouncer.service (from rev 290931, pgbouncer/trunk/pgbouncer.service)
===================================================================
--- staging-i686/pgbouncer.service (rev 0)
+++ staging-i686/pgbouncer.service 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A lightweight connection pooler for PostgreSQL
+After=network.target
+
+[Service]
+User=pgbouncer
+ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
Copied: pgbouncer/repos/staging-i686/pgbouncer.tmpfiles.conf (from rev 290931, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
===================================================================
--- staging-i686/pgbouncer.tmpfiles.conf (rev 0)
+++ staging-i686/pgbouncer.tmpfiles.conf 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1 @@
+d /run/pgbouncer 0755 pgbouncer pgbouncer -
Copied: pgbouncer/repos/staging-i686/usual-openssl.patch (from rev 290931, pgbouncer/trunk/usual-openssl.patch)
===================================================================
--- staging-i686/usual-openssl.patch (rev 0)
+++ staging-i686/usual-openssl.patch 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,242 @@
+From 0e56f729d74e4af6c19fe60f6e2b47f5e717dcac Mon Sep 17 00:00:00 2001
+From: Marko Kreen <markokr at gmail.com>
+Date: Tue, 6 Dec 2016 20:05:17 +0200
+Subject: [PATCH] tls: additional openssl 1.1 compat
+
+Fixes: #15
+---
+ test/connect-tls.c | 2 +-
+ usual/tls/tls.c | 2 ++
+ usual/tls/tls_cert.c | 12 ++++++------
+ usual/tls/tls_compat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ usual/tls/tls_ocsp.c | 28 +++++++++++++++++-----------
+ usual/tls/tls_util.c | 2 +-
+ usual/tls/tls_verify.c | 8 ++++----
+ 7 files changed, 76 insertions(+), 23 deletions(-)
+
+diff --git a/usual/tls/tls.c b/usual/tls/tls.c
+index 3377cb4..1843e44 100644
+--- a/usual/tls/tls.c
++++ b/usual/tls/tls.c
+@@ -67,7 +67,9 @@ tls_deinit(void)
+ CRYPTO_cleanup_all_ex_data();
+ BIO_sock_cleanup();
+ ERR_clear_error();
++#ifdef USE_LIBSSL_INTERNALS
+ ERR_remove_thread_state(NULL);
++#endif
+ ERR_free_strings();
+
+ tls_initialised = 0;
+diff --git a/usual/tls/tls_cert.c b/usual/tls/tls_cert.c
+index ca6668a..9a81e2f 100644
+--- a/usual/tls/tls_cert.c
++++ b/usual/tls/tls_cert.c
+@@ -86,7 +86,7 @@ tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_
+ */
+
+ static int
+-check_invalid_bytes(struct tls *ctx, unsigned char *data, unsigned int len,
++check_invalid_bytes(struct tls *ctx, const unsigned char *data, unsigned int len,
+ int ascii_only, const char *desc)
+ {
+ unsigned int i, c;
+@@ -125,7 +125,7 @@ static int
+ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
+ {
+ int format, len, ret = -1;
+- unsigned char *data;
++ const unsigned char *data;
+ ASN1_STRING *a1utf = NULL;
+ int ascii_only = 0;
+ char *cstr = NULL;
+@@ -134,7 +134,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ *dst_p = NULL;
+
+ format = ASN1_STRING_type(a1str);
+- data = ASN1_STRING_data(a1str);
++ data = ASN1_STRING_get0_data(a1str);
+ len = ASN1_STRING_length(a1str);
+ if (len < minchars) {
+ tls_set_errorx(ctx, "invalid %s: string too short", desc);
+@@ -188,7 +188,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
+ goto failed;
+ }
+- data = ASN1_STRING_data(a1utf);
++ data = ASN1_STRING_get0_data(a1utf);
+ len = ASN1_STRING_length(a1utf);
+ }
+
+@@ -275,12 +275,12 @@ static int
+ tls_load_alt_ipaddr(struct tls *ctx, ASN1_OCTET_STRING *bin, struct tls_cert *cert)
+ {
+ struct tls_cert_general_name *slot;
+- void *data;
++ const void *data;
+ int len;
+
+ slot = &cert->subject_alt_names[cert->subject_alt_name_count];
+ len = ASN1_STRING_length(bin);
+- data = ASN1_STRING_data(bin);
++ data = ASN1_STRING_get0_data(bin);
+ if (len < 0) {
+ tls_set_errorx(ctx, "negative length for ipaddress");
+ return -1;
+diff --git a/usual/tls/tls_compat.h b/usual/tls/tls_compat.h
+index 40ca5cf..8305958 100644
+--- a/usual/tls/tls_compat.h
++++ b/usual/tls/tls_compat.h
+@@ -12,6 +12,7 @@
+ #include <usual/time.h>
+
+ #include <openssl/ssl.h>
++#include <openssl/err.h>
+
+ /* OpenSSL 1.1+ has hidden struct fields */
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -21,6 +22,50 @@
+ #define X509_get_key_usage(x509) ((x509)->ex_kusage)
+ #define X509_get_extended_key_usage(x509) ((x509)->ex_xkusage)
+ #define SSL_CTX_get0_param(ssl_ctx) ((ssl_ctx)->param)
++#define ASN1_STRING_get0_data(x) ((const unsigned char*)ASN1_STRING_data(x))
++#define X509_OBJECT_get0_X509(x) ((x)->data.x509)
++
++#ifndef OPENSSL_VERSION
++#define OPENSSL_VERSION SSLEAY_VERSION
++#define OpenSSL_version(x) SSLeay_version(x)
++#endif
++
++static inline X509_OBJECT *X509_OBJECT_new(void)
++{
++ X509_OBJECT *obj = OPENSSL_malloc(sizeof(*obj));
++ if (obj) {
++ memset(obj, 0, sizeof(*obj));
++ } else {
++ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
++ }
++ return obj;
++}
++
++static inline void X509_OBJECT_free(X509_OBJECT *obj)
++{
++ if (obj) {
++ if (obj->type == X509_LU_X509) {
++ X509_free(obj->data.x509);
++ } else if (obj->type == X509_LU_CRL) {
++ X509_CRL_free(obj->data.crl);
++ }
++ OPENSSL_free(obj);
++ }
++}
++
++static inline X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx, int lookup, X509_NAME *name)
++{
++ X509_OBJECT *obj = X509_OBJECT_new();
++ if (obj) {
++ if (X509_STORE_get_by_subject(ctx, lookup, name, obj)) {
++ return obj;
++ }
++ X509_OBJECT_free(obj);
++ }
++ return NULL;
++}
++
++
+ #endif
+
+ /* ecdh_auto is broken - ignores main EC key */
+diff --git a/usual/tls/tls_ocsp.c b/usual/tls/tls_ocsp.c
+index 1e41d48..0b21e32 100644
+--- a/usual/tls/tls_ocsp.c
++++ b/usual/tls/tls_ocsp.c
+@@ -164,8 +164,8 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ {
+ X509_NAME *issuer_name;
+ X509 *issuer;
+- X509_STORE_CTX storectx;
+- X509_OBJECT tmpobj;
++ X509_STORE_CTX *storectx = NULL;
++ X509_OBJECT *tmpobj;
+ OCSP_CERTID *cid = NULL;
+ X509_STORE *store;
+ int ok;
+@@ -182,17 +182,23 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+
+ store = SSL_CTX_get_cert_store(ssl_ctx);
+ if (!store)
+- return NULL;
+- ok = X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs);
++ goto error;
++ ok = X509_STORE_CTX_init(storectx, store, main_cert, extra_certs);
+ if (ok != 1)
+- return NULL;
+- ok = X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, &tmpobj);
+- if (ok == 1) {
+- cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+- X509_free(tmpobj.data.x509);
+- }
+- X509_STORE_CTX_cleanup(&storectx);
++ goto error;
++
++ tmpobj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, issuer_name);
++ if (!tmpobj)
++ goto error;
++ cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
++ X509_OBJECT_free(tmpobj);
++ X509_STORE_CTX_free(storectx);
+ return cid;
++error:
++ if (storectx) {
++ X509_STORE_CTX_free(storectx);
++ }
++ return NULL;
+ }
+
+ static int
+diff --git a/usual/tls/tls_util.c b/usual/tls/tls_util.c
+index 2b91c64..823ccd1 100644
+--- a/usual/tls/tls_util.c
++++ b/usual/tls/tls_util.c
+@@ -30,7 +30,7 @@
+ const char *
+ tls_backend_version(void)
+ {
+- return SSLeay_version(SSLEAY_VERSION);
++ return OpenSSL_version(OPENSSL_VERSION);
+ }
+
+ /*
+diff --git a/usual/tls/tls_verify.c b/usual/tls/tls_verify.c
+index 1c94b7c..9e5cce6 100644
+--- a/usual/tls/tls_verify.c
++++ b/usual/tls/tls_verify.c
+@@ -116,12 +116,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ continue;
+
+ if (type == GEN_DNS) {
+- void *data;
++ const void *data;
+ int format, len;
+
+ format = ASN1_STRING_type(altname->d.dNSName);
+ if (format == V_ASN1_IA5STRING) {
+- data = ASN1_STRING_data(altname->d.dNSName);
++ data = ASN1_STRING_get0_data(altname->d.dNSName);
+ len = ASN1_STRING_length(altname->d.dNSName);
+
+ if (len < 0 || len != (int)strlen(data)) {
+@@ -161,11 +161,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ }
+
+ } else if (type == GEN_IPADD) {
+- unsigned char *data;
++ const unsigned char *data;
+ int datalen;
+
+ datalen = ASN1_STRING_length(altname->d.iPAddress);
+- data = ASN1_STRING_data(altname->d.iPAddress);
++ data = ASN1_STRING_get0_data(altname->d.iPAddress);
+
+ if (datalen < 0) {
+ tls_set_errorx(ctx,
Copied: pgbouncer/repos/staging-x86_64/PKGBUILD (from rev 290931, pgbouncer/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD (rev 0)
+++ staging-x86_64/PKGBUILD 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,49 @@
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=pgbouncer
+pkgver=1.7.2
+pkgrel=2
+pkgdesc="A lightweight connection pooler for PostgreSQL"
+arch=('i686' 'x86_64')
+url="https://wiki.postgresql.org/wiki/PgBouncer"
+license=('BSD')
+depends=('libevent>=2.0' 'c-ares' 'systemd')
+makedepends=('asciidoc' 'xmlto')
+backup=('etc/pgbouncer/pgbouncer.ini' 'etc/logrotate.d/pgbouncer')
+install=$pkgname.install
+source=("https://pgbouncer.github.io/downloads/files/$pkgver/$pkgname-$pkgver.tar.gz"
+ pgbouncer.ini
+ pgbouncer.logrotate
+ pgbouncer.service
+ pgbouncer.tmpfiles.conf
+ usual-openssl.patch)
+sha256sums=('de36b318fe4a2f20a5f60d1c5ea62c1ca331f6813d2c484866ecb59265a160ba'
+ '4f30e4a3eb76acdd233ebc7dd099dff6976299ba958e40a8429b74112e804b05'
+ '8da38746d9c9dfc2433a8cfe22fdaf517e14492672d09e3c48cd4745fc03e9bd'
+ '274a3d447c151323f2d297aae881ec69be1477f16e30b0bba469afe68c2d122a'
+ '476ea0400ba063e932a58f1f49ae401d65b22add521894872c09ec6985e0960d'
+ '46d2d1c421ccd9893af4f6fde28d796b7910d2385efd3e27cca118d8e484ca7b')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver/lib"
+ patch -Np1 -i ../../usual-openssl.patch
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver"
+ ./configure --prefix=/usr --disable-debug
+ make
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver"
+ make DESTDIR="$pkgdir/" install
+ install -D -m644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ install -D -m644 ../pgbouncer.ini "$pkgdir/etc/pgbouncer/pgbouncer.ini"
+ install -D -m644 ../pgbouncer.logrotate "$pkgdir/etc/logrotate.d/pgbouncer"
+ install -D -m644 ../pgbouncer.service "$pkgdir/usr/lib/systemd/system/pgbouncer.service"
+ install -D -m644 ../pgbouncer.tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/pgbouncer.conf"
+ mkdir -p "$pkgdir/var/log/pgbouncer"
+}
+
+# vim:set ts=2 sw=2 et:
Copied: pgbouncer/repos/staging-x86_64/pgbouncer.ini (from rev 290931, pgbouncer/trunk/pgbouncer.ini)
===================================================================
--- staging-x86_64/pgbouncer.ini (rev 0)
+++ staging-x86_64/pgbouncer.ini 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,52 @@
+[pgbouncer]
+logfile = /var/log/pgbouncer/pgbouncer.log
+pidfile = /run/pgbouncer/pgbouncer.pid
+
+;; ip address or * which means all ip-s
+;listen_addr = 127.0.0.1
+;listen_port = 6432
+
+unix_socket_dir = /run/postgresql
+unix_socket_mode = 0777
+
+; any, trust, plain, crypt, md5
+auth_type = trust
+auth_file = /etc/pgbouncer/userlist.txt
+
+; comma-separated list of users, who are allowed to change settings
+admin_users = postgres
+
+; comma-separated list of users who are just allowed to use SHOW command
+stats_users = stats, postgres
+
+; total number of clients that can connect
+max_client_conn = 100
+
+; default pool size. 20 is good number when transaction pooling
+; is in use, in session pooling it needs to be the number of
+; max clients you want to handle at any moment
+default_pool_size = 20
+
+
+;; database name = connect string
+;;
+;; connect string params:
+;; dbname= host= port= user= password=
+;; client_encoding= datestyle= timezone=
+;; pool_size= connect_query=
+[databases]
+
+; foodb over unix socket
+;foodb =
+
+; redirect bardb to bazdb on localhost
+;bardb = host=localhost dbname=bazdb
+
+; acceess to dest database will go with single user
+;forcedb = host=127.0.0.1 port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1'
+
+; use custom pool sizes
+;nondefaultdb = pool_size=50 reserve_pool=10
+
+; fallback connect string
+;* = host=testserver
Copied: pgbouncer/repos/staging-x86_64/pgbouncer.install (from rev 290931, pgbouncer/trunk/pgbouncer.install)
===================================================================
--- staging-x86_64/pgbouncer.install (rev 0)
+++ staging-x86_64/pgbouncer.install 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,26 @@
+post_install() {
+ if [ ! -d '/var/lib/postgres' ]; then
+ mkdir -p '/var/lib/postgres'
+ fi
+ if ! getent group postgres >/dev/null; then
+ groupadd -g 88 postgres
+ fi
+ if ! getent passwd postgres >/dev/null; then
+ useradd -c 'PostgreSQL user' -u 88 -g postgres -d '/var/lib/postgres' -s /bin/bash postgres
+ passwd -l postgres >/dev/null
+ fi
+ if ! getent group pgbouncer >/dev/null; then
+ groupadd -r pgbouncer
+ fi
+ if ! getent passwd pgbouncer >/dev/null; then
+ useradd -c 'PGBouncer user' -r -g pgbouncer -d '/etc/pgbouncer' -s /bin/bash pgbouncer
+ passwd -l pgbouncer >/dev/null
+ fi
+ chown pgbouncer:pgbouncer /var/log/pgbouncer
+ systemd-tmpfiles --create pgbouncer.conf
+ gpasswd -a pgbouncer postgres
+}
+
+post_upgrade() {
+ post_install $1
+}
Copied: pgbouncer/repos/staging-x86_64/pgbouncer.logrotate (from rev 290931, pgbouncer/trunk/pgbouncer.logrotate)
===================================================================
--- staging-x86_64/pgbouncer.logrotate (rev 0)
+++ staging-x86_64/pgbouncer.logrotate 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,8 @@
+/var/log/pgbouncer/pgbouncer.log {
+ copytruncate
+ missingok
+ notifempty
+ postrotate
+ /bin/kill -HUP $(cat /run/pgbouncer/pgbouncer.pid 2>/dev/null) 2> /dev/null || true
+ endscript
+}
Copied: pgbouncer/repos/staging-x86_64/pgbouncer.service (from rev 290931, pgbouncer/trunk/pgbouncer.service)
===================================================================
--- staging-x86_64/pgbouncer.service (rev 0)
+++ staging-x86_64/pgbouncer.service 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,11 @@
+[Unit]
+Description=A lightweight connection pooler for PostgreSQL
+After=network.target
+
+[Service]
+User=pgbouncer
+ExecStart=/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
Copied: pgbouncer/repos/staging-x86_64/pgbouncer.tmpfiles.conf (from rev 290931, pgbouncer/trunk/pgbouncer.tmpfiles.conf)
===================================================================
--- staging-x86_64/pgbouncer.tmpfiles.conf (rev 0)
+++ staging-x86_64/pgbouncer.tmpfiles.conf 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1 @@
+d /run/pgbouncer 0755 pgbouncer pgbouncer -
Copied: pgbouncer/repos/staging-x86_64/usual-openssl.patch (from rev 290931, pgbouncer/trunk/usual-openssl.patch)
===================================================================
--- staging-x86_64/usual-openssl.patch (rev 0)
+++ staging-x86_64/usual-openssl.patch 2017-03-16 13:03:06 UTC (rev 290932)
@@ -0,0 +1,242 @@
+From 0e56f729d74e4af6c19fe60f6e2b47f5e717dcac Mon Sep 17 00:00:00 2001
+From: Marko Kreen <markokr at gmail.com>
+Date: Tue, 6 Dec 2016 20:05:17 +0200
+Subject: [PATCH] tls: additional openssl 1.1 compat
+
+Fixes: #15
+---
+ test/connect-tls.c | 2 +-
+ usual/tls/tls.c | 2 ++
+ usual/tls/tls_cert.c | 12 ++++++------
+ usual/tls/tls_compat.h | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ usual/tls/tls_ocsp.c | 28 +++++++++++++++++-----------
+ usual/tls/tls_util.c | 2 +-
+ usual/tls/tls_verify.c | 8 ++++----
+ 7 files changed, 76 insertions(+), 23 deletions(-)
+
+diff --git a/usual/tls/tls.c b/usual/tls/tls.c
+index 3377cb4..1843e44 100644
+--- a/usual/tls/tls.c
++++ b/usual/tls/tls.c
+@@ -67,7 +67,9 @@ tls_deinit(void)
+ CRYPTO_cleanup_all_ex_data();
+ BIO_sock_cleanup();
+ ERR_clear_error();
++#ifdef USE_LIBSSL_INTERNALS
+ ERR_remove_thread_state(NULL);
++#endif
+ ERR_free_strings();
+
+ tls_initialised = 0;
+diff --git a/usual/tls/tls_cert.c b/usual/tls/tls_cert.c
+index ca6668a..9a81e2f 100644
+--- a/usual/tls/tls_cert.c
++++ b/usual/tls/tls_cert.c
+@@ -86,7 +86,7 @@ tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_
+ */
+
+ static int
+-check_invalid_bytes(struct tls *ctx, unsigned char *data, unsigned int len,
++check_invalid_bytes(struct tls *ctx, const unsigned char *data, unsigned int len,
+ int ascii_only, const char *desc)
+ {
+ unsigned int i, c;
+@@ -125,7 +125,7 @@ static int
+ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
+ {
+ int format, len, ret = -1;
+- unsigned char *data;
++ const unsigned char *data;
+ ASN1_STRING *a1utf = NULL;
+ int ascii_only = 0;
+ char *cstr = NULL;
+@@ -134,7 +134,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ *dst_p = NULL;
+
+ format = ASN1_STRING_type(a1str);
+- data = ASN1_STRING_data(a1str);
++ data = ASN1_STRING_get0_data(a1str);
+ len = ASN1_STRING_length(a1str);
+ if (len < minchars) {
+ tls_set_errorx(ctx, "invalid %s: string too short", desc);
+@@ -188,7 +188,7 @@ tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, in
+ tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
+ goto failed;
+ }
+- data = ASN1_STRING_data(a1utf);
++ data = ASN1_STRING_get0_data(a1utf);
+ len = ASN1_STRING_length(a1utf);
+ }
+
+@@ -275,12 +275,12 @@ static int
+ tls_load_alt_ipaddr(struct tls *ctx, ASN1_OCTET_STRING *bin, struct tls_cert *cert)
+ {
+ struct tls_cert_general_name *slot;
+- void *data;
++ const void *data;
+ int len;
+
+ slot = &cert->subject_alt_names[cert->subject_alt_name_count];
+ len = ASN1_STRING_length(bin);
+- data = ASN1_STRING_data(bin);
++ data = ASN1_STRING_get0_data(bin);
+ if (len < 0) {
+ tls_set_errorx(ctx, "negative length for ipaddress");
+ return -1;
+diff --git a/usual/tls/tls_compat.h b/usual/tls/tls_compat.h
+index 40ca5cf..8305958 100644
+--- a/usual/tls/tls_compat.h
++++ b/usual/tls/tls_compat.h
+@@ -12,6 +12,7 @@
+ #include <usual/time.h>
+
+ #include <openssl/ssl.h>
++#include <openssl/err.h>
+
+ /* OpenSSL 1.1+ has hidden struct fields */
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -21,6 +22,50 @@
+ #define X509_get_key_usage(x509) ((x509)->ex_kusage)
+ #define X509_get_extended_key_usage(x509) ((x509)->ex_xkusage)
+ #define SSL_CTX_get0_param(ssl_ctx) ((ssl_ctx)->param)
++#define ASN1_STRING_get0_data(x) ((const unsigned char*)ASN1_STRING_data(x))
++#define X509_OBJECT_get0_X509(x) ((x)->data.x509)
++
++#ifndef OPENSSL_VERSION
++#define OPENSSL_VERSION SSLEAY_VERSION
++#define OpenSSL_version(x) SSLeay_version(x)
++#endif
++
++static inline X509_OBJECT *X509_OBJECT_new(void)
++{
++ X509_OBJECT *obj = OPENSSL_malloc(sizeof(*obj));
++ if (obj) {
++ memset(obj, 0, sizeof(*obj));
++ } else {
++ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
++ }
++ return obj;
++}
++
++static inline void X509_OBJECT_free(X509_OBJECT *obj)
++{
++ if (obj) {
++ if (obj->type == X509_LU_X509) {
++ X509_free(obj->data.x509);
++ } else if (obj->type == X509_LU_CRL) {
++ X509_CRL_free(obj->data.crl);
++ }
++ OPENSSL_free(obj);
++ }
++}
++
++static inline X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx, int lookup, X509_NAME *name)
++{
++ X509_OBJECT *obj = X509_OBJECT_new();
++ if (obj) {
++ if (X509_STORE_get_by_subject(ctx, lookup, name, obj)) {
++ return obj;
++ }
++ X509_OBJECT_free(obj);
++ }
++ return NULL;
++}
++
++
+ #endif
+
+ /* ecdh_auto is broken - ignores main EC key */
+diff --git a/usual/tls/tls_ocsp.c b/usual/tls/tls_ocsp.c
+index 1e41d48..0b21e32 100644
+--- a/usual/tls/tls_ocsp.c
++++ b/usual/tls/tls_ocsp.c
+@@ -164,8 +164,8 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+ {
+ X509_NAME *issuer_name;
+ X509 *issuer;
+- X509_STORE_CTX storectx;
+- X509_OBJECT tmpobj;
++ X509_STORE_CTX *storectx = NULL;
++ X509_OBJECT *tmpobj;
+ OCSP_CERTID *cid = NULL;
+ X509_STORE *store;
+ int ok;
+@@ -182,17 +182,23 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, SSL_CTX *ssl_c
+
+ store = SSL_CTX_get_cert_store(ssl_ctx);
+ if (!store)
+- return NULL;
+- ok = X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs);
++ goto error;
++ ok = X509_STORE_CTX_init(storectx, store, main_cert, extra_certs);
+ if (ok != 1)
+- return NULL;
+- ok = X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, &tmpobj);
+- if (ok == 1) {
+- cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+- X509_free(tmpobj.data.x509);
+- }
+- X509_STORE_CTX_cleanup(&storectx);
++ goto error;
++
++ tmpobj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509, issuer_name);
++ if (!tmpobj)
++ goto error;
++ cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
++ X509_OBJECT_free(tmpobj);
++ X509_STORE_CTX_free(storectx);
+ return cid;
++error:
++ if (storectx) {
++ X509_STORE_CTX_free(storectx);
++ }
++ return NULL;
+ }
+
+ static int
+diff --git a/usual/tls/tls_util.c b/usual/tls/tls_util.c
+index 2b91c64..823ccd1 100644
+--- a/usual/tls/tls_util.c
++++ b/usual/tls/tls_util.c
+@@ -30,7 +30,7 @@
+ const char *
+ tls_backend_version(void)
+ {
+- return SSLeay_version(SSLEAY_VERSION);
++ return OpenSSL_version(OPENSSL_VERSION);
+ }
+
+ /*
+diff --git a/usual/tls/tls_verify.c b/usual/tls/tls_verify.c
+index 1c94b7c..9e5cce6 100644
+--- a/usual/tls/tls_verify.c
++++ b/usual/tls/tls_verify.c
+@@ -116,12 +116,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ continue;
+
+ if (type == GEN_DNS) {
+- void *data;
++ const void *data;
+ int format, len;
+
+ format = ASN1_STRING_type(altname->d.dNSName);
+ if (format == V_ASN1_IA5STRING) {
+- data = ASN1_STRING_data(altname->d.dNSName);
++ data = ASN1_STRING_get0_data(altname->d.dNSName);
+ len = ASN1_STRING_length(altname->d.dNSName);
+
+ if (len < 0 || len != (int)strlen(data)) {
+@@ -161,11 +161,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name)
+ }
+
+ } else if (type == GEN_IPADD) {
+- unsigned char *data;
++ const unsigned char *data;
+ int datalen;
+
+ datalen = ASN1_STRING_length(altname->d.iPAddress);
+- data = ASN1_STRING_data(altname->d.iPAddress);
++ data = ASN1_STRING_get0_data(altname->d.iPAddress);
+
+ if (datalen < 0) {
+ tls_set_errorx(ctx,
More information about the arch-commits
mailing list