packages/opengauss-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

转换LFS仓库为普通仓库

Browse Source
This commit is contained in:
Jiayi Yin 2025-05-18 20:34:28 +00:00
commit b745ef5f3d
33 changed files with 28299 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
autostart.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
result=`su - opengauss -c "source ~/.bash_profile; gs_ctl start -D /var/lib/opengauss/data"`
if [ $? -ne 0 ]; then
echo "Start openGauss database failed."
echo $result
else
echo "Start openGauss database success."
fi

23
clonecode.sh Normal file
View File

@ -0,0 +1,23 @@
current_dir=$(pwd)
cd $current_dir
version=6.0.0
server_repo=https://gitee.com/opengauss/openGauss-server.git
plugin_repo=https://gitee.com/opengauss/Plugin.git
git clone $server_repo -b v6.0.0 openGauss-server-$version
git clone $plugin_repo -b v6.0.0 Plugin-$version
cp -rf Plugin-$version/contrib/* openGauss-server-$version/contrib/
rm -rf openGauss-server-$version/contrib/datavec
cd openGauss-server-$version
gitcommit=$(git log 2>/dev/null | grep commit | head -1 | awk '{print $2}' | cut -b 1-8)
echo $gitcommit > ../COMMIT
rm -rf src/test/regress/jar
rm -rf src/test/regress/output
rm -rf src/test/regress/expected
rm -rf src/test/regress/sql
rm -rf src/test/regress/data
rm -rf src/test/regress/jdbc_test
rm -rf src/test/regress/input
rm -rf .git
rm -rf ./docker
cd ..
tar -zcf "openGauss-server-${version}.tar.gz" openGauss-server-$version

8
dmlc-core-port-to-newer-cmake.patch Normal file
View File

@ -0,0 +1,8 @@
--- dmlc-core-0.5/CMakeLists.txt.orig 2025-03-12 09:50:11.043991872 +0800
+++ dmlc-core-0.5/CMakeLists.txt 2025-03-12 09:50:18.250094059 +0800
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.2)
+cmake_minimum_required(VERSION 3.2...${CMAKE_VERSION})
project(dmlc VERSION 0.3 LANGUAGES C CXX)

BIN
dmlc-core-v0.5.tar.gz Normal file
View File

Binary file not shown.

17358
krb-configure Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
krb5-1.18.3-final.tar.gz Normal file
View File

Binary file not shown.

35
krb5-CVE-2023-36054.patch Normal file
View File

@ -0,0 +1,35 @@
diff -Naur a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
--- a/src/lib/kadm5/kadm_rpc_xdr.c 2023-09-01 16:16:12.843658117 +0800
+++ b/src/lib/kadm5/kadm_rpc_xdr.c 2023-09-01 16:12:03.704811364 +0800
@@ -390,6 +390,7 @@
int v)
{
unsigned int n;
+ bool_t r;
if (!xdr_krb5_principal(xdrs, &objp->principal)) {
return (FALSE);
@@ -443,6 +444,9 @@
if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
return (FALSE);
}
+ if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) {
+ return (FALSE);
+ }
if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
return (FALSE);
}
@@ -451,9 +455,10 @@
return FALSE;
}
n = objp->n_key_data;
- if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
- &n, ~0, sizeof(krb5_key_data),
- xdr_krb5_key_data_nocontents)) {
+ r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data,
+ sizeof(krb5_key_data), xdr_krb5_key_data_nocontents);
+ objp->n_key_data = n;
+ if (!r) {
return (FALSE);
}

171
krb5-backport-Add-a-simple-DER-support-header.patch Normal file
View File

@ -0,0 +1,171 @@
From 548da160b52b25a106e9f6077d6a42c2c049586c Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 7 Mar 2023 00:19:33 -0500
Subject: [PATCH] Add a simple DER support header
Reference: https://github.com/krb5/krb5/commit/548da160b52b25a106e9f6077d6a42c2c049586c
Conflict: NA
---
src/include/k5-der.h | 149 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 149 insertions(+)
create mode 100644 src/include/k5-der.h
diff --git a/src/include/k5-der.h b/src/include/k5-der.h
new file mode 100644
index 0000000..b8371d9
--- /dev/null
+++ b/src/include/k5-der.h
@@ -0,0 +1,149 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* include/k5-der.h - Distinguished Encoding Rules (DER) declarations */
+/*
+ * Copyright (C) 2023 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Most ASN.1 encoding and decoding is done using the table-driven framework in
+ * libkrb5. When that is not an option, these helpers can be used to encode
+ * and decode simple types.
+ */
+
+#ifndef K5_DER_H
+#define K5_DER_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include "k5-buf.h"
+#include "k5-input.h"
+
+/* Return the number of bytes needed to encode len as a DER encoding length. */
+static inline size_t
+k5_der_len_len(size_t len)
+{
+ size_t llen;
+
+ if (len < 128)
+ return 1;
+ llen = 1;
+ while (len > 0) {
+ len >>= 8;
+ llen++;
+ }
+ return llen;
+}
+
+/* Return the number of bytes needed to encode a DER value (with identifier
+ * byte and length) for a given contents length. */
+static inline size_t
+k5_der_value_len(size_t contents_len)
+{
+ return 1 + k5_der_len_len(contents_len) + contents_len;
+}
+
+/* Add a DER identifier byte (composed by the caller, including the ASN.1
+ * class, tag, and constructed bit) and length. */
+static inline void
+k5_der_add_taglen(struct k5buf *buf, uint8_t idbyte, size_t len)
+{
+ uint8_t *p;
+ size_t llen = k5_der_len_len(len);
+
+ p = k5_buf_get_space(buf, 1 + llen);
+ if (p == NULL)
+ return;
+ *p++ = idbyte;
+ if (len < 128) {
+ *p = len;
+ } else {
+ *p = 0x80 | (llen - 1);
+ /* Encode the length bytes backwards so the most significant byte is
+ * first. */
+ p += llen;
+ while (len > 0) {
+ *--p = len & 0xFF;
+ len >>= 8;
+ }
+ }
+}
+
+/* Add a DER value (identifier byte, length, and contents). */
+static inline void
+k5_der_add_value(struct k5buf *buf, uint8_t idbyte, const void *contents,
+ size_t len)
+{
+ k5_der_add_taglen(buf, idbyte, len);
+ k5_buf_add_len(buf, contents, len);
+}
+
+/*
+ * If the next byte in in matches idbyte and the subsequent DER length is
+ * valid, advance in past the value, set *contents_out to the value contents,
+ * and return true. Otherwise return false. Only set an error on in if the
+ * next bytes matches idbyte but the ensuing length is invalid. contents_out
+ * may be aliased to in; it will only be written to on successful decoding of a
+ * value.
+ */
+static inline bool
+k5_der_get_value(struct k5input *in, uint8_t idbyte,
+ struct k5input *contents_out)
+{
+ uint8_t lenbyte, i;
+ size_t len;
+ const void *bytes;
+
+ /* Do nothing if in is empty or the next byte doesn't match idbyte. */
+ if (in->status || in->len == 0 || *in->ptr != idbyte)
+ return false;
+
+ /* Advance past the identifier byte and decode the length. */
+ (void)k5_input_get_byte(in);
+ lenbyte = k5_input_get_byte(in);
+ if (lenbyte < 128) {
+ len = lenbyte;
+ } else {
+ len = 0;
+ for (i = 0; i < (lenbyte & 0x7F); i++) {
+ if (len > (SIZE_MAX >> 8)) {
+ k5_input_set_status(in, EOVERFLOW);
+ return false;
+ }
+ len = (len << 8) | k5_input_get_byte(in);
+ }
+ }
+
+ bytes = k5_input_get_bytes(in, len);
+ if (bytes == NULL)
+ return false;
+ k5_input_init(contents_out, bytes, len);
+ return true;
+}
+
+#endif /* K5_DER_H */
--
2.33.0

536
krb5-backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch Normal file
View File

@ -0,0 +1,536 @@
From b0a2f8a5365f2eec3e27d78907de9f9d2c80505a Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 14 Jun 2024 10:56:12 -0400
Subject: [PATCH] Fix vulnerabilities in GSS message token handling
In gss_krb5int_unseal_token_v3() and gss_krb5int_unseal_v3_iov(),
verify the Extra Count field of CFX wrap tokens against the encrypted
header. Reported by Jacob Champion.
In gss_krb5int_unseal_token_v3(), check for a decrypted plaintext
length too short to contain the encrypted header and extra count
bytes. Reported by Jacob Champion.
In kg_unseal_iov_token(), separately track the header IOV length and
complete token length when parsing the token's ASN.1 wrapper. This
fix contains modified versions of functions from k5-der.h and
util_token.c; this duplication will be cleaned up in a future commit.
CVE-2024-37370:
In MIT krb5 release 1.3 and later, an attacker can modify the
plaintext Extra Count field of a confidential GSS krb5 wrap token,
causing the unwrapped token to appear truncated to the application.
CVE-2024-37371:
In MIT krb5 release 1.3 and later, an attacker can cause invalid
memory reads by sending message tokens with invalid length fields.
ticket: 9128 (new)
tags: pullup
target_version: 1.21-next
Reference: https://github.com/krb5/krb5/commit/b0a2f8a5365f2eec3e27d78907de9f9d2c80505a
Conflict: src/tests/gssapi/t_invalid.c
---
src/lib/gssapi/krb5/k5sealv3.c | 5 +
src/lib/gssapi/krb5/k5sealv3iov.c | 3 +-
src/lib/gssapi/krb5/k5unsealiov.c | 80 +++++++++-
src/tests/gssapi/t_invalid.c | 233 +++++++++++++++++++++++++-----
4 files changed, 275 insertions(+), 46 deletions(-)
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index e881eee..d3210c1 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -400,10 +400,15 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
/* Don't use bodysize here! Use the fact that
cipher.ciphertext.length has been adjusted to the
correct length. */
+ if (plain.length < 16 + ec) {
+ free(plain.data);
+ goto defective;
+ }
althdr = (unsigned char *)plain.data + plain.length - 16;
if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
|| althdr[2] != ptr[2]
|| althdr[3] != ptr[3]
+ || load_16_be(althdr+4) != ec
|| memcmp(althdr+8, ptr+8, 8)) {
free(plain.data);
goto defective;
diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c
index 333ee12..f8e90c3 100644
--- a/src/lib/gssapi/krb5/k5sealv3iov.c
+++ b/src/lib/gssapi/krb5/k5sealv3iov.c
@@ -402,9 +402,10 @@ gss_krb5int_unseal_v3_iov(krb5_context context,
if (load_16_be(althdr) != KG2_TOK_WRAP_MSG
|| althdr[2] != ptr[2]
|| althdr[3] != ptr[3]
+ || load_16_be(althdr + 4) != ec
|| memcmp(althdr + 8, ptr + 8, 8) != 0) {
*minor_status = 0;
- return GSS_S_BAD_SIG;
+ return GSS_S_DEFECTIVE_TOKEN;
}
} else {
/* Verify checksum: note EC is checksum size here, not padding */
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
index 3ce2a90..6a6585d 100644
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -25,6 +25,7 @@
*/
#include "k5-int.h"
+#include "k5-der.h"
#include "gssapiP_krb5.h"
static OM_uint32
@@ -247,6 +248,73 @@ cleanup:
return retval;
}
+/* Similar to k5_der_get_value(), but output an unchecked content length
+ * instead of a k5input containing the contents. */
+static inline bool
+get_der_tag(struct k5input *in, uint8_t idbyte, size_t *len_out)
+{
+ uint8_t lenbyte, i;
+ size_t len;
+
+ /* Do nothing if in is empty or the next byte doesn't match idbyte. */
+ if (in->status || in->len == 0 || *in->ptr != idbyte)
+ return false;
+
+ /* Advance past the identifier byte and decode the length. */
+ (void)k5_input_get_byte(in);
+ lenbyte = k5_input_get_byte(in);
+ if (lenbyte < 128) {
+ len = lenbyte;
+ } else {
+ len = 0;
+ for (i = 0; i < (lenbyte & 0x7F); i++) {
+ if (len > (SIZE_MAX >> 8)) {
+ k5_input_set_status(in, EOVERFLOW);
+ return false;
+ }
+ len = (len << 8) | k5_input_get_byte(in);
+ }
+ }
+
+ if (in->status)
+ return false;
+
+ *len_out = len;
+ return true;
+}
+
+/*
+ * Similar to g_verify_token_header() without toktype or flags, but do not read
+ * more than *header_len bytes of ASN.1 wrapper, and on output set *header_len
+ * to the remaining number of header bytes. Verify the outer DER tag's length
+ * against token_len, which may be larger (but not smaller) than *header_len.
+ */
+static gss_int32
+verify_detached_wrapper(const gss_OID_desc *mech, size_t *header_len,
+ uint8_t **header_in, size_t token_len)
+{
+ struct k5input in, mech_der;
+ gss_OID_desc toid;
+ size_t len;
+
+ k5_input_init(&in, *header_in, *header_len);
+
+ if (get_der_tag(&in, 0x60, &len)) {
+ if (len != token_len - (in.ptr - *header_in))
+ return G_BAD_TOK_HEADER;
+ if (!k5_der_get_value(&in, 0x06, &mech_der))
+ return G_BAD_TOK_HEADER;
+ toid.elements = (uint8_t *)mech_der.ptr;
+ toid.length = mech_der.len;
+ if (!g_OID_equal(&toid, mech))
+ return G_WRONG_MECH;
+ }
+
+ *header_in = (uint8_t *)in.ptr;
+ *header_len = in.len;
+ return 0;
+}
+
/*
* Caller must provide TOKEN | DATA | PADDING | TRAILER, except
* for DCE in which case it can just provide TOKEN | DATA (must
@@ -267,8 +335,7 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
gss_iov_buffer_t header;
gss_iov_buffer_t padding;
gss_iov_buffer_t trailer;
- size_t input_length;
- unsigned int bodysize;
+ size_t input_length, hlen;
int toktype2;
header = kg_locate_header_iov(iov, iov_count, toktype);
@@ -298,15 +365,14 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
input_length += trailer->buffer.length;
}
- code = g_verify_token_header(ctx->mech_used,
- &bodysize, &ptr, -1,
- input_length, 0);
+ hlen = header->buffer.length;
+ code = verify_detached_wrapper(ctx->mech_used, &hlen, &ptr, input_length);
if (code != 0) {
*minor_status = code;
return GSS_S_DEFECTIVE_TOKEN;
}
- if (bodysize < 2) {
+ if (hlen < 2) {
*minor_status = (OM_uint32)G_BAD_TOK_HEADER;
return GSS_S_DEFECTIVE_TOKEN;
}
@@ -314,7 +380,7 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
toktype2 = load_16_be(ptr);
ptr += 2;
- bodysize -= 2;
+ hlen -= 2;
switch (toktype2) {
case KG2_TOK_MIC_MSG:
diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c
index fb8fe55..d1f019f 100644
--- a/src/tests/gssapi/t_invalid.c
+++ b/src/tests/gssapi/t_invalid.c
@@ -36,31 +36,41 @@
*
* 1. A pre-CFX wrap or MIC token processed with a CFX-only context causes a
* null pointer dereference. (The token must use SEAL_ALG_NONE or it will
- * be rejected.)
+ * be rejected.) This vulnerability also applies to IOV unwrap.
*
- * 2. A pre-CFX wrap or MIC token with fewer than 24 bytes after the ASN.1
+ * 2. A CFX wrap token with a different value of EC between the plaintext and
+ * encrypted copies will be erroneously accepted, which allows a message
+ * truncation attack. This vulnerability also applies to IOV unwrap.
+ *
+ * 3. A CFX wrap token with a plaintext length fewer than 16 bytes causes an
+ * access before the beginning of the input buffer, possibly leading to a
+ * crash.
+ *
+ * 4. A CFX wrap token with a plaintext EC value greater than the plaintext
+ * length - 16 causes an integer underflow when computing the result length,
+ * likely causing a crash.
+ *
+ * 5. An IOV unwrap operation will overrun the header buffer if an ASN.1
+ * wrapper longer than the header buffer is present.
+ *
+ * 6. A pre-CFX wrap or MIC token with fewer than 24 bytes after the ASN.1
* header causes an input buffer overrun, usually leading to either a segv
* or a GSS_S_DEFECTIVE_TOKEN error due to garbage algorithm, filler, or
- * sequence number values.
+ * sequence number values. This vulnerability also applies to IOV unwrap.
*
- * 3. A pre-CFX wrap token with fewer than 16 + cksumlen bytes after the ASN.1
+ * 7. A pre-CFX wrap token with fewer than 16 + cksumlen bytes after the ASN.1
* header causes an integer underflow when computing the ciphertext length,
* leading to an allocation error on 32-bit platforms or a segv on 64-bit
* platforms. A pre-CFX MIC token of this size causes an input buffer
* overrun when comparing the checksum, perhaps leading to a segv.
*
- * 4. A pre-CFX wrap token with fewer than conflen + padlen bytes in the
+ * 8. A pre-CFX wrap token with fewer than conflen + padlen bytes in the
* ciphertext (where padlen is the last byte of the decrypted ciphertext)
* causes an integer underflow when computing the original message length,
* leading to an allocation error.
*
- * 5. In the mechglue, truncated encapsulation in the initial context token can
+ * 9. In the mechglue, truncated encapsulation in the initial context token can
* cause input buffer overruns in gss_accept_sec_context().
- *
- * Vulnerabilities #1 and #2 also apply to IOV unwrap, although tokens with
- * fewer than 16 bytes after the ASN.1 header will be rejected.
- * Vulnerabilities #2 and #5 can only be robustly detected using a
- * memory-checking environment such as valgrind.
*/
#include "k5-int.h"
@@ -98,16 +108,24 @@ struct test {
};
/* Fake up enough of a CFX GSS context for gss_unwrap, using an AES key. */
+static void *
+ealloc(size_t len)
+{
+ void *ptr = calloc(len, 1);
+
+ if (ptr == NULL)
+ abort();
+ return ptr;
+}
+
+/* Fake up enough of a CFX GSS context for gss_unwrap, using an AES key.
+ * The context takes ownership of subkey. */
static gss_ctx_id_t
-make_fake_cfx_context()
+make_fake_cfx_context(krb5_key subkey)
{
gss_union_ctx_id_t uctx;
krb5_gss_ctx_id_t kgctx;
- krb5_keyblock kb;
-
- kgctx = calloc(1, sizeof(*kgctx));
- if (kgctx == NULL)
- abort();
+ kgctx = ealloc(sizeof(*kgctx));
kgctx->established = 1;
kgctx->proto = 1;
if (g_seqstate_init(&kgctx->seqstate, 0, 0, 0, 0) != 0)
@@ -116,15 +134,10 @@ make_fake_cfx_context()
kgctx->sealalg = -1;
kgctx->signalg = -1;
- kb.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
- kb.length = 16;
- kb.contents = (unsigned char *)"1234567887654321";
- if (krb5_k_create_key(NULL, &kb, &kgctx->subkey) != 0)
- abort();
+ kgctx->subkey = subkey;
+ kgctx->cksumtype = CKSUMTYPE_HMAC_SHA1_96_AES128;
- uctx = calloc(1, sizeof(*uctx));
- if (uctx == NULL)
- abort();
+ uctx = ealloc(sizeof(*uctx));
uctx->mech_type = &mech_krb5;
uctx->internal_ctx_id = (gss_ctx_id_t)kgctx;
return (gss_ctx_id_t)uctx;
@@ -138,9 +151,7 @@ make_fake_context(const struct test *test)
krb5_gss_ctx_id_t kgctx;
krb5_keyblock kb;
- kgctx = calloc(1, sizeof(*kgctx));
- if (kgctx == NULL)
- abort();
+ kgctx = ealloc(sizeof(*kgctx));
kgctx->established = 1;
if (g_seqstate_init(&kgctx->seqstate, 0, 0, 0, 0) != 0)
abort();
@@ -162,9 +173,7 @@ make_fake_context(const struct test *test)
if (krb5_k_create_key(NULL, &kb, &kgctx->enc) != 0)
abort();
- uctx = calloc(1, sizeof(*uctx));
- if (uctx == NULL)
- abort();
+ uctx = ealloc(sizeof(*uctx));
uctx->mech_type = &mech_krb5;
uctx->internal_ctx_id = (gss_ctx_id_t)kgctx;
return (gss_ctx_id_t)uctx;
@@ -194,9 +203,7 @@ make_token(unsigned char *token, size_t len, gss_buffer_t out)
assert(mech_krb5.length == 9);
assert(len + 11 < 128);
- wrapped = malloc(len + 13);
- if (wrapped == NULL)
- abort();
+ wrapped = ealloc(len + 13);
wrapped[0] = 0x60;
wrapped[1] = len + 11;
wrapped[2] = 0x06;
@@ -207,6 +214,18 @@ make_token(unsigned char *token, size_t len, gss_buffer_t out)
out->value = wrapped;
}
+/* Create a 16-byte header for a CFX confidential wrap token to be processed by
+ * the fake CFX context. */
+static void
+write_cfx_header(uint16_t ec, uint8_t *out)
+{
+ memset(out, 0, 16);
+ store_16_be(KG2_TOK_WRAP_MSG, out);
+ out[2] = FLAG_WRAP_CONFIDENTIAL;
+ out[3] = 0xFF;
+ store_16_be(ec, out + 4);
+}
+
/* Unwrap a superficially valid RFC 1964 token with a CFX-only context, with
* regular and IOV unwrap. */
static void
@@ -238,6 +257,134 @@ test_bogus_1964_token(gss_ctx_id_t ctx)
free(in.value);
}
+static void
+test_cfx_altered_ec(gss_ctx_id_t ctx, krb5_key subkey)
+{
+ OM_uint32 major, minor;
+ uint8_t tokbuf[128], plainbuf[24];
+ krb5_data plain;
+ krb5_enc_data cipher;
+ gss_buffer_desc in, out;
+ gss_iov_buffer_desc iov[2];
+
+ /* Construct a header with a plaintext EC value of 3. */
+ write_cfx_header(3, tokbuf);
+
+ /* Encrypt a plaintext and a copy of the header with the EC value 0. */
+ memcpy(plainbuf, "truncate", 8);
+ memcpy(plainbuf + 8, tokbuf, 16);
+ store_16_be(0, plainbuf + 12);
+ plain = make_data(plainbuf, 24);
+ cipher.ciphertext.data = (char *)tokbuf + 16;
+ cipher.ciphertext.length = sizeof(tokbuf) - 16;
+ cipher.enctype = subkey->keyblock.enctype;
+ if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+ &plain, &cipher) != 0)
+ abort();
+
+ /* Verify that the token is rejected by gss_unwrap(). */
+ in.value = tokbuf;
+ in.length = 16 + cipher.ciphertext.length;
+ major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+ if (major != GSS_S_DEFECTIVE_TOKEN)
+ abort();
+ (void)gss_release_buffer(&minor, &out);
+
+ /* Verify that the token is rejected by gss_unwrap_iov(). */
+ iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
+ iov[0].buffer = in;
+ iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+ major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2);
+ if (major != GSS_S_DEFECTIVE_TOKEN)
+ abort();
+}
+
+static void
+test_cfx_short_plaintext(gss_ctx_id_t ctx, krb5_key subkey)
+{
+ OM_uint32 major, minor;
+ uint8_t tokbuf[128], zerobyte = 0;
+ krb5_data plain;
+ krb5_enc_data cipher;
+ gss_buffer_desc in, out;
+
+ write_cfx_header(0, tokbuf);
+
+ /* Encrypt a single byte, with no copy of the header. */
+ plain = make_data(&zerobyte, 1);
+ cipher.ciphertext.data = (char *)tokbuf + 16;
+ cipher.ciphertext.length = sizeof(tokbuf) - 16;
+ cipher.enctype = subkey->keyblock.enctype;
+ if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+ &plain, &cipher) != 0)
+ abort();
+
+ /* Verify that the token is rejected by gss_unwrap(). */
+ in.value = tokbuf;
+ in.length = 16 + cipher.ciphertext.length;
+ major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+ if (major != GSS_S_DEFECTIVE_TOKEN)
+ abort();
+ (void)gss_release_buffer(&minor, &out);
+}
+
+static void
+test_cfx_large_ec(gss_ctx_id_t ctx, krb5_key subkey)
+{
+ OM_uint32 major, minor;
+ uint8_t tokbuf[128] = { 0 }, plainbuf[20];
+ krb5_data plain;
+ krb5_enc_data cipher;
+ gss_buffer_desc in, out;
+
+ /* Construct a header with an EC value of 5. */
+ write_cfx_header(5, tokbuf);
+
+ /* Encrypt a 4-byte plaintext plus the header. */
+ memcpy(plainbuf, "abcd", 4);
+ memcpy(plainbuf + 4, tokbuf, 16);
+ plain = make_data(plainbuf, 20);
+ cipher.ciphertext.data = (char *)tokbuf + 16;
+ cipher.ciphertext.length = sizeof(tokbuf) - 16;
+ cipher.enctype = subkey->keyblock.enctype;
+ if (krb5_k_encrypt(NULL, subkey, KG_USAGE_INITIATOR_SEAL, NULL,
+ &plain, &cipher) != 0)
+ abort();
+
+ /* Verify that the token is rejected by gss_unwrap(). */
+ in.value = tokbuf;
+ in.length = 16 + cipher.ciphertext.length;
+ major = gss_unwrap(&minor, ctx, &in, &out, NULL, NULL);
+ if (major != GSS_S_DEFECTIVE_TOKEN)
+ abort();
+ (void)gss_release_buffer(&minor, &out);
+}
+
+static void
+test_iov_large_asn1_wrapper(gss_ctx_id_t ctx)
+{
+ OM_uint32 minor, major;
+ uint8_t databuf[10] = { 0 };
+ gss_iov_buffer_desc iov[2];
+
+ /*
+ * In this IOV array, the header contains a DER tag with a dangling eight
+ * bytes of length field. The data IOV indicates a total token length
+ * sufficient to contain the length bytes.
+ */
+ iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+ iov[0].buffer.value = ealloc(2);
+ iov[0].buffer.length = 2;
+ memcpy(iov[0].buffer.value, "\x60\x88", 2);
+ iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+ iov[1].buffer.value = databuf;
+ iov[1].buffer.length = 10;
+ major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2);
+ if (major != GSS_S_DEFECTIVE_TOKEN)
+ abort();
+ free(iov[0].buffer.value);
+}
+
/* Process wrap and MIC tokens with incomplete headers. */
static void
test_short_header(gss_ctx_id_t ctx)
@@ -387,9 +534,7 @@ try_accept(void *value, size_t len)
gss_ctx_id_t ctx = GSS_C_NO_CONTEXT;
/* Copy the provided value to make input overruns more obvious. */
- in.value = malloc(len);
- if (in.value == NULL)
- abort();
+ in.value = ealloc(len);
memcpy(in.value, value, len);
in.length = len;
(void)gss_accept_sec_context(&minor, &ctx, GSS_C_NO_CREDENTIAL, &in,
@@ -424,11 +569,23 @@ test_short_encapsulation()
int
main(int argc, char **argv)
{
+ krb5_keyblock kb;
+ krb5_key cfx_subkey;
gss_ctx_id_t ctx;
size_t i;
- ctx = make_fake_cfx_context();
+ kb.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
+ kb.length = 16;
+ kb.contents = (unsigned char *)"1234567887654321";
+ if (krb5_k_create_key(NULL, &kb, &cfx_subkey) != 0)
+ abort();
+
+ ctx = make_fake_cfx_context(cfx_subkey);
test_bogus_1964_token(ctx);
+ test_cfx_altered_ec(ctx, cfx_subkey);
+ test_cfx_short_plaintext(ctx, cfx_subkey);
+ test_cfx_large_ec(ctx, cfx_subkey);
+ test_iov_large_asn1_wrapper(ctx);
free_fake_context(ctx);
for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) {
--
2.33.0

84
krb5-cve-2022-42898.patch Normal file
View File

@ -0,0 +1,84 @@
From ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 17 Oct 2022 20:25:11 -0400
Subject: [PATCH] Fix integer overflows in PAC parsing
In krb5_parse_pac(), check for buffer counts large enough to threaten
integer overflow in the header length and memory length calculations.
Avoid potential integer overflows when checking the length of each
buffer. Credit to OSS-Fuzz for discovering one of the issues.
CVE-2022-42898:
In MIT krb5 releases 1.8 and later, an authenticated attacker may be
able to cause a KDC or kadmind process to crash by reading beyond the
bounds of allocated memory, creating a denial of service. A
privileged attacker may similarly be able to cause a Kerberos or GSS
application service to crash. On 32-bit platforms, an attacker can
also cause insufficient memory to be allocated for the result,
potentially leading to remote code execution in a KDC, kadmind, or GSS
or Kerberos application server process. An attacker with the
privileges of a cross-realm KDC may be able to extract secrets from a
KDC process's memory by having them copied into the PAC of a new
ticket.
ticket: 9074 (new)
tags: pullup
target_version: 1.20-next
target_version: 1.19-next
---
src/lib/krb5/krb/pac.c | 9 +++++++--
src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 2f1df8d42..f6c4373de 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
*** 26,31 ****
--- 26,32 ----
#include "k5-int.h"
#include "authdata.h"
+ #define MAX_BUFFERS 4096
/* draft-brezak-win2k-krb-authz-00 */
diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
index 0b1b1f056..173bde7ba 100644
--- a/src/lib/krb5/krb/t_pac.c
+++ b/src/lib/krb5/krb/t_pac.c
@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = {
0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00
};
+static const unsigned char fuzz1[] = {
+ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
+ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5
+};
+
+static const unsigned char fuzz2[] = {
+ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
+ 0x20, 0x20
+};
+
static const char *s4u_principal = "w2k8u@ACME.COM";
static const char *s4u_enterprise = "w2k8u@abc@ACME.COM";
@@ -828,6 +838,14 @@ main(int argc, char **argv)
krb5_free_principal(context, sep);
}
+ /* Check problematic PACs found by fuzzing. */
+ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac);
+ if (!ret)
+ err(context, ret, "krb5_pac_parse should have failed");
+ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac);
+ if (!ret)
+ err(context, ret, "krb5_pac_parse should have failed");
+
/*
* Test empty free
*/
--
2.32.0.windows.1

4011
krb5.patch Normal file
View File

File diff suppressed because it is too large Load Diff

293
og-cmake.patch Normal file
View File

@ -0,0 +1,293 @@
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/cmake/src/set_thirdparty_path.cmake opengauss_server_600_edit/cmake/src/set_thirdparty_path.cmake
*** opengauss_server_600/cmake/src/set_thirdparty_path.cmake 2024-11-19 20:01:27.693621300 +0800
--- opengauss_server_600_edit/cmake/src/set_thirdparty_path.cmake 2024-11-21 20:14:05.645621300 +0800
***************
*** 36,105 ****
set(LIB_UNIFIED_SUPPORT comm)
set(MEMCHECK_BUILD_TYPE debug)
set(DEPENDENCY_PATH ${3RD_PATH}/kernel/dependency)
! set(PLATFORM_PATH ${3RD_PATH}/kernel/platform)
! set(BUILDTOOLS_PATH ${3RD_PATH}/buildtools)
! set(COMPONENT_PATH ${3RD_PATH}/kernel/component)
!
! set(CJSON_HOME ${DEPENDENCY_PATH}/cjson/${SUPPORT_LLT})
! set(ETCD_HOME ${DEPENDENCY_PATH}/etcd/${LIB_UNIFIED_SUPPORT})
! set(EVENT_HOME ${DEPENDENCY_PATH}/event/${LIB_UNIFIED_SUPPORT})
! set(FIO_HOME ${DEPENDENCY_PATH}/fio/${SUPPORT_LLT})
! set(IPERF_HOME ${DEPENDENCY_PATH}/iperf/${LIB_UNIFIED_SUPPORT})
if("${VERSION_TYPE}" STREQUAL "debug" OR "${VERSION_TYPE}" STREQUAL "memcheck")
set(JEMALLOC_HOME ${DEPENDENCY_PATH}/jemalloc/debug${JEMALLOC_SUPPORT_LLT})
else()
set(JEMALLOC_HOME ${DEPENDENCY_PATH}/jemalloc/${VERSION_TYPE}${JEMALLOC_SUPPORT_LLT})
endif()
set(KERBEROS_HOME ${DEPENDENCY_PATH}/kerberos/${SUPPORT_LLT})
- set(KMC_HOME ${PLATFORM_PATH}/kmc/${LIB_UNIFIED_SUPPORT})
- set(CGROUP_HOME ${DEPENDENCY_PATH}/libcgroup/${SUPPORT_LLT})
- set(CURL_HOME ${DEPENDENCY_PATH}/libcurl/${SUPPORT_LLT})
- set(EDIT_HOME ${DEPENDENCY_PATH}/libedit/${SUPPORT_LLT})
- set(OBS_HOME ${DEPENDENCY_PATH}/libobs/${LIB_UNIFIED_SUPPORT})
- set(XML2_HOME ${DEPENDENCY_PATH}/libxml2/${SUPPORT_LLT})
- set(LLVM_HOME ${DEPENDENCY_PATH}/llvm/${LIB_UNIFIED_SUPPORT})
- set(LZ4_HOME ${DEPENDENCY_PATH}/lz4/${SUPPORT_LLT})
- set(NANOMSG_HOME ${DEPENDENCY_PATH}/nng/${LIB_UNIFIED_SUPPORT})
- set(NCURSES_HOME ${DEPENDENCY_PATH}/ncurses/${SUPPORT_LLT})
- set(AWSSDK_HOME ${DEPENDENCY_PATH}/aws-sdk-cpp/${SUPPORT_LLT})
if(($ENV{WITH_TASSL}) STREQUAL "YES")
set(OPENSSL_HOME ${DEPENDENCY_PATH}/tassl/${LIB_UNIFIED_SUPPORT})
else()
set(OPENSSL_HOME ${DEPENDENCY_PATH}/openssl/${LIB_UNIFIED_SUPPORT})
endif()
! set(PLJAVA_HOME ${DEPENDENCY_PATH}/pljava/${LIB_UNIFIED_SUPPORT})
! if (EXISTS "${PLATFORM_PATH}/openjdk8/${BUILD_TUPLE}/jdk")
! set(JAVA_HOME ${PLATFORM_PATH}/openjdk8/${BUILD_TUPLE}/jdk)
else()
! set(JAVA_HOME ${PLATFORM_PATH}/huaweijdk8/${BUILD_TUPLE}/jdk)
endif()
set(ZLIB_HOME ${DEPENDENCY_PATH}/zlib1.2.11/${SUPPORT_LLT})
set(XGBOOST_HOME ${DEPENDENCY_PATH}/xgboost/${SUPPORT_LLT})
- set(ZSTD_HOME ${DEPENDENCY_PATH}/zstd)
- set(LICENSE_HOME ${PLATFORM_PATH}/AdaptiveLM_C_V100R005C01SPC002/${SUPPORT_LLT})
- set(HOTPATCH_HOME ${PLATFORM_PATH}/hotpatch)
- set(SECURE_HOME ${PLATFORM_PATH}/Huawei_Secure_C/${LIB_UNIFIED_SUPPORT})
- set(SECUREDYNAMICLIB_HOME ${PLATFORM_PATH}/Huawei_Secure_C/Dynamic_Lib)
- set(DCF_HOME ${COMPONENT_PATH}/dcf)
- set(DMS_HOME ${COMPONENT_PATH}/dms)
- set(DSS_HOME ${COMPONENT_PATH}/dss)
-
- set(MOCKCPP_HOME ${BUILDTOOLS_PATH}/mockcpp/${LIB_UNIFIED_SUPPORT})
- set(GTEST_HOME ${BUILDTOOLS_PATH}/gtest/${LIB_UNIFIED_SUPPORT})
- set(MASSTREE_HOME ${BUILDTOOLS_PATH}/masstree/${LIB_UNIFIED_SUPPORT})
- set(NUMA_HOME ${DEPENDENCY_PATH}/numactl/${SUPPORT_LLT})
- set(BOOST_HOME ${DEPENDENCY_PATH}/boost/${SUPPORT_LLT})
- set(ODBC_HOME ${DEPENDENCY_PATH}/unixodbc)
- set(MASSTREE_HOME ${DEPENDENCY_PATH}/masstree/${LIB_UNIFIED_SUPPORT})
- set(LCOV_HOME ${BUILDTOOLS_PATH}/gcc${GCC_VERSION_LIT}/gcc/lib/gcc/${HOST_TUPLE})
- set(GCC_LIB_PATH $ENV{GCC_INSTALL_HOME})
- set(MEMCHECK_LIB_PATH $ENV{GCC_INSTALL_HOME}/lib64/)
- if("${GCC_LIB_PATH}" STREQUAL "")
- set(GCC_LIB_PATH ${BUILDTOOLS_PATH}/gcc${GCC_VERSION_LIT}/gcc)
- set(MEMCHECK_HOME ${DEPENDENCY_PATH}/memcheck/${MEMCHECK_BUILD_TYPE})
- set(MEMCHECK_LIB_PATH ${MEMCHECK_HOME}/gcc${GCC_VERSION}/lib/)
- endif()
#############################################################################
# lcov
--- 36,67 ----
set(LIB_UNIFIED_SUPPORT comm)
set(MEMCHECK_BUILD_TYPE debug)
set(DEPENDENCY_PATH ${3RD_PATH}/kernel/dependency)
!
if("${VERSION_TYPE}" STREQUAL "debug" OR "${VERSION_TYPE}" STREQUAL "memcheck")
set(JEMALLOC_HOME ${DEPENDENCY_PATH}/jemalloc/debug${JEMALLOC_SUPPORT_LLT})
else()
set(JEMALLOC_HOME ${DEPENDENCY_PATH}/jemalloc/${VERSION_TYPE}${JEMALLOC_SUPPORT_LLT})
endif()
set(KERBEROS_HOME ${DEPENDENCY_PATH}/kerberos/${SUPPORT_LLT})
if(($ENV{WITH_TASSL}) STREQUAL "YES")
set(OPENSSL_HOME ${DEPENDENCY_PATH}/tassl/${LIB_UNIFIED_SUPPORT})
else()
set(OPENSSL_HOME ${DEPENDENCY_PATH}/openssl/${LIB_UNIFIED_SUPPORT})
endif()
! execute_process(
! COMMAND bash -c "readlink -f $(which java) | sed 's:/jre/bin/java::'"
! OUTPUT_VARIABLE JAVA_HOME_PATH
! OUTPUT_STRIP_TRAILING_WHITESPACE
! )
! if(JAVA_HOME_PATH)
! message(STATUS "Detected JAVA_HOME: ${JAVA_HOME_PATH}")
! set(JAVA_HOME ${JAVA_HOME_PATH})
else()
! message(FATAL_ERROR "Unable to detect JAVA_HOME")
endif()
set(ZLIB_HOME ${DEPENDENCY_PATH}/zlib1.2.11/${SUPPORT_LLT})
set(XGBOOST_HOME ${DEPENDENCY_PATH}/xgboost/${SUPPORT_LLT})
#############################################################################
# lcov
***************
*** 209,230 ****
#############################################################################
# obs component
#############################################################################
- set(LIBOBS_INCLUDE_PATH ${OBS_HOME}/include)
- set(LIBOBS_LIB_PATH ${OBS_HOME}/lib)
#############################################################################
# xml2 component
#############################################################################
! set(LIBXML_INCLUDE_PATH ${XML2_HOME}/include)
! set(LIBXML_LIB_PATH ${XML2_HOME}/lib)
#############################################################################
# llvm component
#############################################################################
! set(LIBLLVM_BIN_PATH ${LLVM_HOME}/bin)
! set(LIBLLVM_INCLUDE_PATH ${LLVM_HOME}/include)
! set(LIBLLVM_LIB_PATH ${LLVM_HOME}/lib)
! set(LLVM_CONFIG ${LIBLLVM_BIN_PATH}/llvm-config)
#############################################################################
# lz4 component
--- 171,187 ----
#############################################################################
# obs component
#############################################################################
#############################################################################
# xml2 component
#############################################################################
! set(LIBXML_INCLUDE_PATH /usr/include)
! set(LIBXML_LIB_PATH /usr/lib64)
#############################################################################
# llvm component
#############################################################################
!
#############################################################################
# lz4 component
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/CMakeLists.txt opengauss_server_600_edit/src/CMakeLists.txt
*** opengauss_server_600/src/CMakeLists.txt 2024-11-19 20:01:27.693621300 +0800
--- opengauss_server_600_edit/src/CMakeLists.txt 2024-11-21 20:14:05.841621300 +0800
***************
*** 176,297 ****
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/common/config/cm_config.h DESTINATION include)
# special
- install(CODE "execute_process(
- COMMAND rm ${prefix_home}/include/pg_config_os.h
- COMMAND rm ${prefix_home}/include/postgresql/server/pg_config_os.h)"
- )
- install(CODE "execute_process(
- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/include/port/linux.h ${prefix_home}/include/pg_config_os.h
- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/include/port/linux.h ${prefix_home}/include/postgresql/server/pg_config_os.h
- COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/include/cm/libpq-fe.h ${prefix_home}/include/cm-libpq-fe.h)"
- )
-
# open source install part
if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
- install(DIRECTORY ${JAVA_HOME}/jre/ DESTINATION jre FILE_PERMISSIONS OWNER_EXECUTE GROUP_EXECUTE OWNER_READ GROUP_READ)
- endif()
-
- if("${ENABLE_MULTIPLE_NODES}" STREQUAL "OFF")
- install(DIRECTORY ${DCF_LIB_PATH} DESTINATION .)
- endif()
- if(${ENABLE_MULTIPLE_NODES}_${ENABLE_PRIVATEGAUSS} STREQUAL OFF_OFF AND NOT ${ENABLE_LITE_MODE} STREQUAL ON)
- if(EXISTS ${DMS_LIB_PATH})
- install(DIRECTORY ${DMS_LIB_PATH} DESTINATION .)
- endif()
- if(EXISTS ${DSS_LIB_PATH})
- install(DIRECTORY ${DSS_LIB_PATH} DESTINATION .)
- endif()
- if(EXISTS ${DSS_BIN_PATH})
- install(DIRECTORY ${DSS_BIN_PATH} DESTINATION . FILE_PERMISSIONS OWNER_EXECUTE GROUP_EXECUTE WORLD_EXECUTE OWNER_READ GROUP_READ WORLD_READ OWNER_WRITE)
- endif()
- endif()
-
- install(DIRECTORY ${ZSTD_LIB_PATH} DESTINATION . PATTERN "*.a" EXCLUDE)
- if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
- install(DIRECTORY ${LIBOBS_LIB_PATH} DESTINATION .)
- install(DIRECTORY ${LIBOBS_INCLUDE_PATH} DESTINATION include/postgresql/server/access/obs)
- endif()
- install(DIRECTORY ${CJSON_LIB_PATH} DESTINATION .)
- install(DIRECTORY ${CJSON_INCLUDE_PATH}/cjson DESTINATION include/postgresql/server)
- if(NOT ${ENABLE_LITE_MODE} STREQUAL ON)
- install(DIRECTORY ${ETCD_BIN_PATH} DESTINATION .)
- install(DIRECTORY ${IPERF_LIB_PATH} DESTINATION .)
- endif()
- if(NOT ${ENABLE_LITE_MODE} STREQUAL ON)
- if(NOT ${ENABLE_MULTIPLE_NODES}_${ENABLE_PRIVATEGAUSS} STREQUAL OFF_OFF)
- install(DIRECTORY ${KMC_LIB_PATH} DESTINATION .)
- endif()
- endif()
- install(DIRECTORY ${LIBCURL_LIB_PATH} DESTINATION .)
- install(DIRECTORY ${AWSSDK_LIB_PATH} DESTINATION .)
- if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
install(DIRECTORY ${KERBEROS_SBIN_PATH}/ DESTINATION bin)
install(DIRECTORY ${KERBEROS_BIN_PATH} DESTINATION .)
install(DIRECTORY ${KERBEROS_LIB_PATH} DESTINATION .)
endif()
- install(DIRECTORY ${LZ4_LIB_PATH} DESTINATION .)
- install(DIRECTORY ${LZ4_BIN_PATH} DESTINATION .)
- install(DIRECTORY ${LIBOPENSSL_BIN_PATH} DESTINATION .)
- install(DIRECTORY ${LIBOPENSSL_LIB_PATH} DESTINATION . PATTERN "*.a" EXCLUDE )
install(DIRECTORY ${ZLIB_LIB_PATH} DESTINATION . FILES_MATCHING PATTERN "libz.*")
-
- list(FIND MACRO_OPTIONS "-D__USE_NUMA" RET_NUMA)
- if(NOT ${RET_NUMA} EQUAL -1)
- install(DIRECTORY ${NUMA_LIB_PATH} DESTINATION .)
- endif()
-
- if("${ENABLE_MOT}" STREQUAL "ON")
- install(DIRECTORY ${MASSTREE_LIB_PATH} DESTINATION .)
- install(CODE "execute_process(
- COMMAND cp ${GCC_LIB_PATH}/lib64/libatomic.so.1.2.0 ${prefix_home}/lib/libatomic.so.1.2.0
- COMMAND ln -fs libatomic.so.1.2.0 libatomic.so
- COMMAND ln -fs libatomic.so.1.2.0 libatomic.so.1
- WORKING_DIRECTORY ${prefix_home}/lib)"
- )
- install(CODE "message(\"-- Created symlink: libatomic.so -> libatomic.so.1.2.0\")")
- install(CODE "message(\"-- Created symlink: libatomic.so.1 -> libatomic.so.1.2.0\")")
- endif()
-
- install(FILES ${SECUREDYNAMICLIB_HOME}/libsecurec.so DESTINATION lib)
- install(FILES ${GCC_LIB_PATH}/lib64/libgcc_s.so.1 DESTINATION lib)
- install(FILES ${GCC_LIB_PATH}/lib64/libgomp.so DESTINATION lib)
- install(FILES ${GCC_LIB_PATH}/lib64/libgomp.so.1 DESTINATION lib)
- install(FILES ${GCC_LIB_PATH}/lib64/libgomp.so.1.0.0 DESTINATION lib)
- install(FILES ${XGBOOST_LIB_PATH}/libxgboost.so DESTINATION lib)
- if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
- install(FILES ${PLJAVA_HOME}/lib/libpljava.so DESTINATION lib)
- install(FILES ${PLJAVA_HOME}/java/pljava.jar DESTINATION lib/postgresql/java)
- install(FILES ${PLJAVA_HOME}/udstools.py DESTINATION share/postgresql/tmp)
- endif()
- if(NOT ${ENABLE_MULTIPLE_NODES}_${ENABLE_PRIVATEGAUSS} STREQUAL OFF_OFF)
- if("${SUPPORT_HOTPATCH}" STREQUAL "yes")
- install(FILES ${LIBHOTPATCH_LIB_PATH}/libdoprapatch.a DESTINATION lib)
- endif()
- endif()
-
- if("${ENABLE_MOT}" STREQUAL "ON")
- install(DIRECTORY ${MASSTREE_LIB_PATH} DESTINATION .)
- install(DIRECTORY ${GCC_LIB_PATH}/lib64/ DESTINATION lib
- FILES_MATCHING PATTERN "libatomic.so*")
- endif()
-
- install(FILES ${GCC_LIB_PATH}/lib64/libgcc_s.so.1 DESTINATION lib)
- install(DIRECTORY ${GCC_LIB_PATH}/lib64/ DESTINATION lib
- FILES_MATCHING PATTERN "libgomp.so*")
-
- install(CODE "execute_process(
- COMMAND cp ${GCC_LIB_PATH}/lib64/libstdc++.so.6.0.${LIBSTD_SUB_VERSION} ${prefix_home}/lib/libstdc++.so.6
- WORKING_DIRECTORY ${prefix_home}/lib)"
- )
-
- # install(DIRECTORY ${LIBCGROUP_LIB_PATH} DESTINATION . FILES_MATCHING PATTERN "libcgroup.so*")
- install(CODE "execute_process(
- COMMAND cp ${LIBCGROUP_LIB_PATH}/libcgroup.so.1.0.42 ${prefix_home}/lib/libcgroup.so
- COMMAND ln -fs libcgroup.so libcgroup.so.1
- WORKING_DIRECTORY ${prefix_home}/lib)"
- )
- install(CODE "message(\"-- Created symlink: libcgroup.so.1 -> libcgroup.so\")")
# fastcheck part
install(FILES ${PROJECT_SRC_DIR}/test/regress/stub/roach_api_stub/roach_api_stub.control
DESTINATION share/postgresql/extension/
--- 176,190 ----
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/common/config/cm_config.h DESTINATION include)
# special
# open source install part
if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
install(DIRECTORY ${KERBEROS_SBIN_PATH}/ DESTINATION bin)
install(DIRECTORY ${KERBEROS_BIN_PATH} DESTINATION .)
install(DIRECTORY ${KERBEROS_LIB_PATH} DESTINATION .)
endif()
install(DIRECTORY ${ZLIB_LIB_PATH} DESTINATION . FILES_MATCHING PATTERN "libz.*")
+ install(FILES ${XGBOOST_LIB_PATH}/libxgboost.so DESTINATION lib)
# fastcheck part
install(FILES ${PROJECT_SRC_DIR}/test/regress/stub/roach_api_stub/roach_api_stub.control
DESTINATION share/postgresql/extension/

1362
og-delete-obs.patch Normal file
View File

File diff suppressed because it is too large Load Diff

184
og-dolphin.patch Normal file
View File

@ -0,0 +1,184 @@
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' openGauss-server-600/CMakeLists.txt openGauss-server-600-edit/CMakeLists.txt
*** openGauss-server-600/CMakeLists.txt 2024-12-13 09:59:47.660744190 +0800
--- openGauss-server-600-edit/CMakeLists.txt 2024-12-13 09:55:28.144744190 +0800
***************
*** 37,42 ****
--- 37,49 ----
MESSAGE(FATAL_ERROR " The option ENABLE_PRIVATEGAUSS is not supported thus should be turned off.")
endif()
+ if("${ENABLE_LITE_MODE}" STREQUAL "")
+ set(ENABLE_LITE_MODE "OFF")
+ endif()
+ if("${ENABLE_MOT}" STREQUAL "")
+ set(ENABLE_MOT "OFF")
+ endif()
+
#FIXME: make it an argument
set(openGauss ".")
set(ENV{openGauss} ".")
***************
*** 107,113 ****
install(DIRECTORY ${CMAKE_BINARY_DIR}/libsimsearch DESTINATION lib)
if(EXISTS ${CMAKE_SOURCE_DIR}/contrib/dolphin)
! install(CODE "execute_process(COMMAND bash cmake.sh WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/contrib/dolphin)")
install(FILES ${CMAKE_SOURCE_DIR}/contrib/dolphin/dolphin.control
DESTINATION share/postgresql/extension/
)
--- 114,120 ----
install(DIRECTORY ${CMAKE_BINARY_DIR}/libsimsearch DESTINATION lib)
if(EXISTS ${CMAKE_SOURCE_DIR}/contrib/dolphin)
! install(CODE "execute_process(COMMAND bash cmake.sh ${ENABLE_LITE_MODE} ${ENABLE_MOT} WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/contrib/dolphin)")
install(FILES ${CMAKE_SOURCE_DIR}/contrib/dolphin/dolphin.control
DESTINATION share/postgresql/extension/
)
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' openGauss-server-600/contrib/CMakeLists.txt openGauss-server-600-edit/contrib/CMakeLists.txt
*** openGauss-server-600/contrib/CMakeLists.txt 2024-12-13 09:59:02.268744190 +0800
--- openGauss-server-600-edit/contrib/CMakeLists.txt 2024-12-13 11:26:28.136744190 +0800
***************
*** 30,35 ****
--- 30,42 ----
${CMAKE_CURRENT_SOURCE_DIR}/gms_profiler
)
+ if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
+ INCLUDE_DIRECTORIES(${LIBODBC_INCLUDE_PATH})
+ INCLUDE_DIRECTORIES(${LIBODBC_LIB_PATH})
+ list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/dblink)
+ add_subdirectory(dblink)
+ endif()
+
add_subdirectory(hstore)
add_subdirectory(test_decoding)
add_subdirectory(mppdb_decoding)
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' openGauss-server-600/contrib/dblink/CMakeList.txt openGauss-server-600-edit/contrib/dblink/CMakeList.txt
*** openGauss-server-600/contrib/dblink/CMakeLists.txt 1970-01-01 08:00:00.000000000 +0800
--- openGauss-server-600-edit/contrib/dblink/CMakeLists.txt 2024-12-13 09:55:28.144744190 +0800
***************
*** 0 ****
--- 1,23 ----
+ #This is the main CMAKE for build all gms_stats.
+ # gms_stats
+ AUX_SOURCE_DIRECTORY(${CMAKE_CURRENT_SOURCE_DIR} TGT_dblink_SRC)
+ set(TGT_dblink_INC
+ ${PROJECT_OPENGS_DIR}/contrib/dblink
+ ${PROJECT_OPENGS_DIR}/contrib
+ )
+
+ set(dblink_DEF_OPTIONS ${MACRO_OPTIONS})
+ set(dblink_COMPILE_OPTIONS ${OPTIMIZE_OPTIONS} ${OS_OPTIONS} ${PROTECT_OPTIONS} ${WARNING_OPTIONS} ${LIB_SECURE_OPTIONS} ${CHECK_OPTIONS})
+ set(dblink_LINK_OPTIONS ${LIB_LINK_OPTIONS})
+ add_shared_libtarget(dblink TGT_dblink_SRC TGT_dblink_INC "${dblink_DEF_OPTIONS}" "${dblink_COMPILE_OPTIONS}" "${dblink_LINK_OPTIONS}")
+ target_link_libraries(dblink PUBLIC -lodbc)
+ target_link_directories(dblink PUBLIC ${ODBC_HOME}/lib)
+ set_target_properties(dblink PROPERTIES PREFIX "")
+
+ install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dblink.control
+ DESTINATION share/postgresql/extension/
+ )
+ install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/dblink--1.0.sql
+ DESTINATION share/postgresql/extension/
+ )
+ install(TARGETS dblink DESTINATION lib/postgresql)
\ No newline at end of file
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' plugin_600_2/contrib/dolphin/cmake.sh plugin_600_2_edit/contrib/dolphin/cmake.sh
*** plugin_600_2/contrib/dolphin/cmake.sh 2024-12-13 10:03:21.704744190 +0800
--- plugin_600_2_edit/contrib/dolphin/cmake.sh 2024-12-13 10:03:06.804744190 +0800
***************
*** 1,5 ****
#!/bin/bash
! CMAKE_OPT="-DENABLE_MULTIPLE_NODES=OFF -DENABLE_PRIVATEGAUSS=OFF -DENABLE_THREAD_SAFETY=ON -DENABLE_LITE_MODE=ON"
cpus_num=$(grep -w processor /proc/cpuinfo|wc -l)
rm -f dolphin--4.0.sql
touch dolphin--4.0.sql
--- 1,5 ----
#!/bin/bash
! CMAKE_OPT="-DENABLE_MULTIPLE_NODES=OFF -DENABLE_PRIVATEGAUSS=OFF -DENABLE_THREAD_SAFETY=ON -DENABLE_LITE_MODE=$1 -DENABLE_MOT=$2 -DENABLE_LLVM_COMPILE=OFF -DENABLE_OBS=OFF -DENABLE_OPENSSL3=ON -DWITH_OPENEULER_OS=ON -DENABLE_OPENEULER_MAJOR=ON"
cpus_num=$(grep -w processor /proc/cpuinfo|wc -l)
rm -f dolphin--4.0.sql
touch dolphin--4.0.sql
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' plugin_600_2/contrib/dolphin/plugin_optimizer/commands/copy.cpp plugin_600_2_edit/contrib/dolphin/plugin_optimizer/commands/copy.cpp
*** plugin_600_2/contrib/dolphin/plugin_optimizer/commands/copy.cpp 2024-12-13 16:32:03.204744190 +0800
--- plugin_600_2_edit/contrib/dolphin/plugin_optimizer/commands/copy.cpp 2024-12-13 16:32:17.728744190 +0800
***************
*** 7089,7094 ****
--- 7089,7095 ----
if (cstate->mode == MODE_NORMAL) {
if (cstate->filename && is_obs_protocol(cstate->filename)) {
#ifndef ENABLE_LITE_MODE
+ #ifdef ENABLE_OBS
if (getNextOBS(cstate)) {
cstate->eol_type = EOL_UNKNOWN;
goto retry;
***************
*** 7096,7101 ****
--- 7097,7103 ----
#else
FEATURE_ON_LITE_MODE_NOT_SUPPORTED();
#endif
+ #endif
} else {
if (getNextGDS<true>(cstate)) {
if (cstate->eol_type != EOL_UD)
***************
*** 10060,10065 ****
--- 10062,10068 ----
case MODE_NORMAL: /* for GDS oriented dist import */
if (is_obs_protocol(cstate->filename)) {
#ifndef ENABLE_LITE_MODE
+ #ifdef ENABLE_OBS
/* Attache working house routines for OBS oriented dist import */
func.initBulkLoad = initOBSModeState;
func.endBulkLoad = endOBSModeBulkLoad;
***************
*** 10069,10074 ****
--- 10072,10078 ----
#else
FEATURE_ON_LITE_MODE_NOT_SUPPORTED();
#endif
+ #endif
} else {
/* Attache working house routines for GDS oriented dist import */
func.initBulkLoad = initNormalModeState<true>;
***************
*** 10135,10140 ****
--- 10139,10145 ----
if (is_obs_protocol(filename)) {
#ifndef ENABLE_LITE_MODE
+ #ifdef ENABLE_OBS
/* Fetch OBS write only table related attribtues */
getOBSOptions(&cstate->obs_copy_options, options);
***************
*** 10154,10159 ****
--- 10159,10165 ----
#else
FEATURE_ON_LITE_MODE_NOT_SUPPORTED();
#endif
+ #endif
} else {
initNormalModeState<false>(cstate, filename, tasklist);
}
***************
*** 10317,10322 ****
--- 10323,10329 ----
}
} else if (cstate->copy_dest == COPY_OBS) {
#ifndef ENABLE_LITE_MODE
+ #ifdef ENABLE_OBS
if (IS_PGXC_DATANODE) {
if (cstate->outBuffer->len > 0)
RemoteExportFlushData(cstate);
***************
*** 10327,10332 ****
--- 10334,10340 ----
#else
FEATURE_ON_LITE_MODE_NOT_SUPPORTED();
#endif
+ #endif
} else
exportDeinitOutBuffer(cstate);
MemoryContextDelete(cstate->rowcontext);

111
og-openssl3-adptor.patch Normal file
View File

@ -0,0 +1,111 @@
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/common/interfaces/libpq/fe-secure.cpp opengauss_server_600_edit/src/common/interfaces/libpq/fe-secure.cpp
*** opengauss_server_600/src/common/interfaces/libpq/fe-secure.cpp 2024-11-19 20:01:27.697621300 +0800
--- opengauss_server_600_edit/src/common/interfaces/libpq/fe-secure.cpp 2024-11-19 20:04:07.461621300 +0800
***************
*** 446,451 ****
--- 446,454 ----
libpq_gettext("SSL error: %s, remote datanode %s, error: %s\n"),
errm, conn->remote_nodename, strerror(errno));
SSLerrfree(errm);
+ #ifdef ENABLE_OPENSSL3
+ REMEMBER_EPIPE(spinfo, errno == EPIPE);
+ #endif
/* assume the connection is broken */
result_errno = ECONNRESET;
n = -1;
***************
*** 596,601 ****
--- 599,607 ----
libpq_gettext("SSL error: %s, remote datanode %s, error: %s\n"), errm,
conn->remote_nodename, strerror(errno));
SSLerrfree(errm);
+ #ifdef ENABLE_OPENSSL3
+ REMEMBER_EPIPE(spinfo, errno == EPIPE);
+ #endif
/* assume the connection is broken */
result_errno = ECONNRESET;
n = -1;
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/gausskernel/security/keymgr/encrypt/security_aead_aes_hmac_enc_key.cpp opengauss_server_600_edit/src/gausskernel/security/keymgr/encrypt/security_aead_aes_hmac_enc_key.cpp
*** opengauss_server_600/src/gausskernel/security/keymgr/encrypt/security_aead_aes_hmac_enc_key.cpp 2024-11-19 20:01:27.705621300 +0800
--- opengauss_server_600_edit/src/gausskernel/security/keymgr/encrypt/security_aead_aes_hmac_enc_key.cpp 2024-11-19 20:04:07.773621300 +0800
***************
*** 47,52 ****
--- 47,62 ----
const int RAND_COUNT = 100;
+ #ifdef ENABLE_OPENSSL3
+ void HmacCtxGroup::free_hmac_ctx(HMAC_CTX** ctx_tmp) const
+ {
+ if (*ctx_tmp != NULL) {
+ HMAC_CTX_free(*ctx_tmp);
+ *ctx_tmp = NULL;
+ }
+ }
+ #endif
+
/* Derives all the required keys from the given root key */
AeadAesHamcEncKey::AeadAesHamcEncKey(unsigned char *root_key, size_t root_key_size)
{
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/gausskernel/security/keymgr/encrypt/security_sm2_enc_key.cpp opengauss_server_600_edit/src/gausskernel/security/keymgr/encrypt/security_sm2_enc_key.cpp
*** opengauss_server_600/src/gausskernel/security/keymgr/encrypt/security_sm2_enc_key.cpp 2024-11-19 20:01:27.705621300 +0800
--- opengauss_server_600_edit/src/gausskernel/security/keymgr/encrypt/security_sm2_enc_key.cpp 2024-11-19 20:04:07.773621300 +0800
***************
*** 163,174 ****
--- 163,176 ----
return CMKEM_EVP_ERR;
}
+ #ifndef ENABLE_OPENSSL3
ret = EVP_PKEY_set_alias_type(public_evp_key, EVP_PKEY_SM2);
if (ret != 1) {
cmkem_errmsg("EVP_PKEY_set_alias_type to EVP_PKEY_SM2 failed!");
EVP_PKEY_free(public_evp_key);
return CMKEM_EVP_ERR;
}
+ #endif
/* do cipher. */
ctx = EVP_PKEY_CTX_new(public_evp_key, NULL);
***************
*** 253,264 ****
--- 255,268 ----
return CMKEM_EVP_ERR;
}
+ #ifndef ENABLE_OPENSSL3
ret = EVP_PKEY_set_alias_type(private_evp_key, EVP_PKEY_SM2);
if (ret != 1) {
cmkem_errmsg("EVP_PKEY_set_alias_type to EVP_PKEY_SM2 failed!");
EVP_PKEY_free(private_evp_key);
return CMKEM_EVP_ERR;
}
+ #endif
/* do cipher. */
ctx = EVP_PKEY_CTX_new(private_evp_key, NULL);
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/include/keymgr/encrypt/security_aead_aes_hamc_enc_key.h opengauss_server_600_edit/src/include/keymgr/encrypt/security_aead_aes_hamc_enc_key.h
*** opengauss_server_600/src/include/keymgr/encrypt/security_aead_aes_hamc_enc_key.h 2024-11-19 20:01:27.721621300 +0800
--- opengauss_server_600_edit/src/include/keymgr/encrypt/security_aead_aes_hamc_enc_key.h 2024-11-19 20:04:08.037621300 +0800
***************
*** 49,54 ****
--- 49,57 ----
HMAC_CTX* ctx_worker;
HMAC_CTX* ctx_template;
private:
+ #ifdef ENABLE_OPENSSL3
+ void free_hmac_ctx(HMAC_CTX** ctx_tmp) const;
+ #else
void free_hmac_ctx(HMAC_CTX** ctx_tmp)
{
if (*ctx_tmp != NULL) {
***************
*** 56,61 ****
--- 59,65 ----
*ctx_tmp = NULL;
}
}
+ #endif
};
/*

81
og-riscv64-support.patch Normal file
View File

@ -0,0 +1,81 @@
From bd23d5c22df1b5174c073c933d40c1a17204f2a2 Mon Sep 17 00:00:00 2001
From: huangji <huangji@iscas.ac.cn>
Date: Tue, 5 Nov 2024 09:40:31 +0000
Subject: [PATCH 4/4] add riscv64 support
Signed-off-by: huangji <huangji@iscas.ac.cn>
---
config/config.guess | 3 +++
configure | 2 ++
src/common/port/CMakeLists.txt | 8 ++++++++
src/include/storage/lock/s_lock.h | 2 +-
4 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/config/config.guess b/config/config.guess
index 15f22ac..71c5ca3 100644
--- a/config/config.guess
+++ b/config/config.guess
@@ -963,6 +963,9 @@ EOF
loongarch*:Linux:*:*)
echo "$UNAME_MACHINE"-linux-"$LIBC"
exit ;;
+ riscv32:Linux:*:* | riscv64:Linux:*:*)
+ echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+ exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
diff --git a/configure b/configure
index d4f0bf5..c600ba8 100755
--- a/configure
+++ b/configure
@@ -29069,6 +29069,8 @@ if [ "$PLATFORM_ARCH"X == "aarch64"X ] ; then
else
CFLAGS="-march=armv8-a+crc $CFLAGS"
fi
+elif [ "$PLATFORM_ARCH"X == "riscv64"X ] ; then
+ CFLAGS="-march=rv64g $CFLAGS"
elif [ "$PLATFORM_ARCH"X == "x86_64"X ] ; then
CFLAGS="-mcx16 $CFLAGS_SSE42 $CFLAGS"
else
diff --git a/src/common/port/CMakeLists.txt b/src/common/port/CMakeLists.txt
index b9a6a28..e511eb0 100755
--- a/src/common/port/CMakeLists.txt
+++ b/src/common/port/CMakeLists.txt
@@ -94,6 +94,10 @@ if("${BUILD_TUPLE}" STREQUAL "loongarch64")
list(REMOVE_ITEM TGT_port_SRC ${CMAKE_CURRENT_SOURCE_DIR}/pg_crc32c_choose.cpp ${CMAKE_CURRENT_SOURCE_DIR}/pg_crc32c_sse42.cpp)
endif()
+if("${BUILD_TUPLE}" STREQUAL "riscv64")
+ list(REMOVE_ITEM TGT_port_SRC ${CMAKE_CURRENT_SOURCE_DIR}/pg_crc32c_choose.cpp ${CMAKE_CURRENT_SOURCE_DIR}/pg_crc32c_sse42.cpp)
+endif()
+
SET(TGT_pgport_INC
${PROJECT_SRC_DIR}/common/backend
${PROJECT_SRC_DIR}/common/port
@@ -167,6 +171,10 @@ if("${BUILD_TUPLE}" STREQUAL "loongarch64")
list(REMOVE_ITEM TGT_pgport_srv_SRC ${CMAKE_CURRENT_SOURCE_DIR}/port_srv/pg_crc32c_choose.cpp ${CMAKE_CURRENT_SOURCE_DIR}/port_srv/pg_crc32c_sse42.cpp)
endif()
+if("${BUILD_TUPLE}" STREQUAL "riscv64")
+ list(REMOVE_ITEM TGT_pgport_srv_SRC ${CMAKE_CURRENT_SOURCE_DIR}/port_srv/pg_crc32c_choose.cpp ${CMAKE_CURRENT_SOURCE_DIR}/port_srv/pg_crc32c_sse42.cpp)
+endif()
+
SET(TGT_pgport_srv_INC
${PROJECT_SRC_DIR}/common/backend
${PROJECT_SRC_DIR}/common/port
diff --git a/src/include/storage/lock/s_lock.h b/src/include/storage/lock/s_lock.h
index 715d84a..bf7b041 100644
--- a/src/include/storage/lock/s_lock.h
+++ b/src/include/storage/lock/s_lock.h
@@ -283,7 +283,7 @@ static __inline__ int tas(volatile slock_t* lock)
* the int-width variant of the builtin works on more chips than other widths.
*/
-#if defined(__aarch64__) || defined(__aarch64)
+#if defined(__aarch64__) || defined(__aarch64) || defined(__riscv)
#ifdef ENABLE_THREAD_CHECK
extern "C" {
--
2.33.0

64
og-security.patch Normal file
View File

@ -0,0 +1,64 @@
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/bin/gs_persist/CMakeLists.txt opengauss_server_600_edit/src/bin/gs_persist/CMakeLists.txt
*** opengauss_server_600/src/bin/gs_persist/CMakeLists.txt 2024-11-19 20:01:27.693621300 +0800
--- opengauss_server_600_edit/src/bin/gs_persist/CMakeLists.txt 2024-11-19 20:04:07.089621300 +0800
***************
*** 13,19 ****
set(gssgpersist_DEF_OPTIONS ${MACRO_OPTIONS})
set(gssgpersist_COMPILE_OPTIONS ${OPTIMIZE_OPTIONS} ${OS_OPTIONS} ${PROTECT_OPTIONS} ${WARNING_OPTIONS} ${BIN_SECURE_OPTIONS} ${CHECK_OPTIONS})
set(gssgpersist_LINK_OPTIONS ${BIN_LINK_OPTIONS})
! set(gssgpersist_LINK_LIBS -lsecurec -ldl -lrt)
if("${ENABLE_UT}" STREQUAL "ON")
add_shared_libtarget(ut_gs_persist_lib tgt_gssgpersist_SRC tgt_gssgpersist_INC "${gssgpersist_DEF_OPTIONS}" "${gssgpersist_COMPILE_OPTIONS}" "${gssgpersist_LINK_OPTIONS}")
--- 13,19 ----
set(gssgpersist_DEF_OPTIONS ${MACRO_OPTIONS})
set(gssgpersist_COMPILE_OPTIONS ${OPTIMIZE_OPTIONS} ${OS_OPTIONS} ${PROTECT_OPTIONS} ${WARNING_OPTIONS} ${BIN_SECURE_OPTIONS} ${CHECK_OPTIONS})
set(gssgpersist_LINK_OPTIONS ${BIN_LINK_OPTIONS})
! set(gssgpersist_LINK_LIBS -l${SECURE_C_CHECK} -ldl -lrt)
if("${ENABLE_UT}" STREQUAL "ON")
add_shared_libtarget(ut_gs_persist_lib tgt_gssgpersist_SRC tgt_gssgpersist_INC "${gssgpersist_DEF_OPTIONS}" "${gssgpersist_COMPILE_OPTIONS}" "${gssgpersist_LINK_OPTIONS}")
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/common/interfaces/libpq/CMakeLists.txt opengauss_server_600_edit/src/common/interfaces/libpq/CMakeLists.txt
*** opengauss_server_600/src/common/interfaces/libpq/CMakeLists.txt 2024-11-19 20:01:27.697621300 +0800
--- opengauss_server_600_edit/src/common/interfaces/libpq/CMakeLists.txt 2024-11-19 20:04:07.441621300 +0800
***************
*** 118,126 ****
set(pq_LINK_OPTIONS ${LIB_LINK_OPTIONS})
add_shared_libtarget(pq TGT_pq_SRC TGT_pq_INC "${pq_DEF_OPTIONS}" "${pq_COMPILE_OPTIONS}" "${pq_LINK_OPTIONS}")
if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
! target_link_libraries(pq PRIVATE com_err_gauss crypto gssapi_krb5_gauss gssrpc_gauss k5crypto_gauss krb5_gauss krb5support_gauss securec ssl)
else()
! target_link_libraries(pq PRIVATE crypto securec ssl)
endif()
target_link_directories(pq PUBLIC
${LIBOPENSSL_LIB_PATH} ${KERBEROS_LIB_PATH} ${SECURE_LIB_PATH}
--- 118,126 ----
set(pq_LINK_OPTIONS ${LIB_LINK_OPTIONS})
add_shared_libtarget(pq TGT_pq_SRC TGT_pq_INC "${pq_DEF_OPTIONS}" "${pq_COMPILE_OPTIONS}" "${pq_LINK_OPTIONS}")
if(NOT "${ENABLE_LITE_MODE}" STREQUAL "ON")
! target_link_libraries(pq PRIVATE com_err_gauss crypto gssapi_krb5_gauss gssrpc_gauss k5crypto_gauss krb5_gauss krb5support_gauss ${SECURE_C_CHECK} ssl)
else()
! target_link_libraries(pq PRIVATE crypto ${SECURE_C_CHECK} ssl)
endif()
target_link_directories(pq PUBLIC
${LIBOPENSSL_LIB_PATH} ${KERBEROS_LIB_PATH} ${SECURE_LIB_PATH}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/gausskernel/security/keymgr/CMakeLists.txt opengauss_server_600_edit/src/gausskernel/security/keymgr/CMakeLists.txt
*** opengauss_server_600/src/gausskernel/security/keymgr/CMakeLists.txt 2024-11-19 20:01:27.705621300 +0800
--- opengauss_server_600_edit/src/gausskernel/security/keymgr/CMakeLists.txt 2024-11-19 20:04:07.773621300 +0800
***************
*** 64,70 ****
if("${ENABLE_KT}" STREQUAL "ON")
add_dependencies(keymgr gs_ktool)
endif()
! set(libkey_LINKS -lcjson -lcurl -lsecurec -lssl -lcrypto -ldl -lrt)
if("${ENABLE_KT}" STREQUAL "ON")
list(APPEND libkey_LINKS -lgs_ktool -lkmc)
endif()
--- 64,70 ----
if("${ENABLE_KT}" STREQUAL "ON")
add_dependencies(keymgr gs_ktool)
endif()
! set(libkey_LINKS -lcjson -lcurl -l${SECURE_C_CHECK} -lssl -lcrypto -ldl -lrt)
if("${ENABLE_KT}" STREQUAL "ON")
list(APPEND libkey_LINKS -lgs_ktool -lkmc)
endif()

93
og-syntax.patch Normal file
View File

@ -0,0 +1,93 @@
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/bin/pg_basebackup/pg_basebackup.cpp opengauss_server_600_edit/src/bin/pg_basebackup/pg_basebackup.cpp
*** opengauss_server_600/src/bin/pg_basebackup/pg_basebackup.cpp 2024-11-19 20:01:27.697621300 +0800
--- opengauss_server_600_edit/src/bin/pg_basebackup/pg_basebackup.cpp 2024-11-19 20:04:07.105621300 +0800
***************
*** 1689,1695 ****
struct dirent* ent;
while (1) {
ent = readdir(dir);
! if (ent <= 0) {
break;
}
if ((strcmp(".", ent->d_name) == 0) || (strcmp("..", ent->d_name) == 0)) {
--- 1689,1695 ----
struct dirent* ent;
while (1) {
ent = readdir(dir);
! if (ent == NULL) {
break;
}
if ((strcmp(".", ent->d_name) == 0) || (strcmp("..", ent->d_name) == 0)) {
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/bin/pg_ctl/backup.cpp opengauss_server_600_edit/src/bin/pg_ctl/backup.cpp
*** opengauss_server_600/src/bin/pg_ctl/backup.cpp 2024-11-19 20:01:27.697621300 +0800
--- opengauss_server_600_edit/src/bin/pg_ctl/backup.cpp 2024-11-19 20:04:07.109621300 +0800
***************
*** 1985,1991 ****
}
while (1) {
de = readdir(dir);
! if (de <= 0) {
break;
}
if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0) {
--- 1985,1991 ----
}
while (1) {
de = readdir(dir);
! if (de == NULL) {
break;
}
if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0) {
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/gausskernel/runtime/opfusion/opfusion_util.cpp opengauss_server_600_edit/src/gausskernel/runtime/opfusion/opfusion_util.cpp
*** opengauss_server_600/src/gausskernel/runtime/opfusion/opfusion_util.cpp 2024-11-19 20:01:27.705621300 +0800
--- opengauss_server_600_edit/src/gausskernel/runtime/opfusion/opfusion_util.cpp 2024-11-19 20:04:07.757621300 +0800
***************
*** 446,452 ****
/* check whether to have order by */
if (node->aggstrategy != AGG_PLAIN ||
! node->groupingSets > 0) {
return NOBYPASS_NOT_PLAIN_AGG;
}
--- 446,452 ----
/* check whether to have order by */
if (node->aggstrategy != AGG_PLAIN ||
! node->groupingSets != NULL) {
return NOBYPASS_NOT_PLAIN_AGG;
}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' opengauss_server_600/src/include/gs_policy/policy_common.h opengauss_server_600_edit/src/include/gs_policy/policy_common.h
*** opengauss_server_600/src/include/gs_policy/policy_common.h 2024-11-19 20:01:27.721621300 +0800
--- opengauss_server_600_edit/src/include/gs_policy/policy_common.h 2024-11-19 20:04:08.029621300 +0800
***************
*** 30,35 ****
--- 30,37 ----
#include "gs_map.h"
#include "gs_vector.h"
#include "pgaudit.h"
+ #include <vector>
+ #include <string>
struct GsPolicyFQDN {
GsPolicyFQDN():m_value_schema(0), m_value_object(0), is_function(false){}
diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' openGauss-server-600/src/gausskernel/storage/access/nbtree/nbtree.cpp openGauss-server-600-edit/src/gausskernel/storage/access/nbtree/nbtree.cpp
*** openGauss-server-600/src/gausskernel/storage/access/nbtree/nbtree.cpp 2024-12-12 11:20:52.332744190 +0800
--- openGauss-server-600-edit/src/gausskernel/storage/access/nbtree/nbtree.cpp 2024-12-12 11:20:18.144744190 +0800
***************
*** 1108,1114 ****
* that.
*/
Assert(num_dead_heap_tids >= Max(num_deletable, 1));
! Assert(num_deletable > 0 || updatable > 0);
_bt_delitems_vacuum(rel, buf, deletable, num_deletable, updatable, num_updatable,
vstate->lastBlockVacuumed);
--- 1108,1114 ----
* that.
*/
Assert(num_dead_heap_tids >= Max(num_deletable, 1));
! Assert(num_deletable != NULL || updatable != NULL);
_bt_delitems_vacuum(rel, buf, deletable, num_deletable, updatable, num_updatable,
vstate->lastBlockVacuumed);

BIN
openGauss-server-6.0.0.tar.gz Normal file
View File

Binary file not shown.

6
opengauss-bashprofile Normal file
View File

@ -0,0 +1,6 @@
export GAUSSHOME=/usr/local/opengauss
export LD_LIBRARY_PATH=${GAUSSHOME}/lib:$LD_LIBRARY_PATH
export PATH=${GAUSSHOME}/bin:$PATH
export PGDATA=/var/lib/opengauss/data
export PGPORT=7654
export PGDATABASE=postgres

549
opengauss-server.spec Normal file
View File

@ -0,0 +1,549 @@
%define zlib_name zlib
%define zlib_version 1.2.12
%define krb5_name krb5
%define krb5_version 1.18.3-final
%define xgboost_name xgboost
%define xgboost_version 1.4.1
%define dmlc_name dmlc-core
%define dmlc_version 0.5
%define port 7654
%define datapath /var/lib/opengauss
%define apppath %{_prefix}/local/opengauss
%define tmppath /var/lib/opengauss/pkg_6.0.0
Name: opengauss
Version: 6.0.0
Release: 24
Summary: openGauss is an open source relational database management system
License: MulanPSL-2.0 and MIT and BSD and zlib and TCL and Apache-2.0 and BSL-1.0
URL: https://gitee.com/opengauss/openGauss-server
Source0: openGauss-server-%{version}.tar.gz
Source1: %{zlib_name}-%{zlib_version}.tar.gz
Source2: %{krb5_name}-%{krb5_version}.tar.gz
Source3: %{dmlc_name}-v%{dmlc_version}.tar.gz
Source4: %{xgboost_name}-v%{xgboost_version}.tar.gz
Source20: opengauss-bashprofile
Source21: opengauss.service
Source22: autostart.sh
Source23: version.cfg
Source24: opengauss_upgrade_start.sh
Source25: opengauss_upgrade_common.sh
Source26: opengauss_upgrade_config.sh
Source27: opengauss_upgrade_errorcode.sh
Source28: upgrade.sh
Source29: krb-configure
Patch0: og-cmake.patch
Patch1: og-delete-obs.patch
Patch2: og-openssl3-adptor.patch
Patch3: og-security.patch
Patch4: og-syntax.patch
Patch5: og-riscv64-support.patch
Patch6: og-dolphin.patch
Patch11: zlib.patch
Patch12: zlib-CVE-2022-37434.patch
Patch21: krb5-backport-Add-a-simple-DER-support-header.patch
Patch22: krb5-backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch23: krb5-cve-2022-42898.patch
Patch24: krb5-CVE-2023-36054.patch
Patch25: krb5.patch
Patch26: xgboost-cmake-3.13.patch
Patch27: dmlc-core-port-to-newer-cmake.patch
BuildRequires: cmake gcc gcc-c++ openssl-devel python tar
BuildRequires: lz4-devel zstd-devel boost-devel cjson-devel
BuildRequires: libcgroup-devel libcurl-devel unixODBC-devel jemalloc-devel
BuildRequires: java-1.8.0-openjdk-devel libedit-devel libaio-devel
BuildRequires: bison flex, DCF >= 6
BuildRequires: numactl-devel libxml2-devel xerces-c-devel pkgconfig(aws-cpp-sdk-core)
BuildRequires: libatomic autoconf
%global _privatelibs lib(krb5_gauss|ecpg|z|pg|pq)\\.so*
%global __provides_exclude %{_privatelibs}
%global __requires_exclude %{_privatelibs}
Requires: lz4-devel zstd-devel boost-devel cjson-devel tar
Requires: libcgroup-devel libcurl-devel unixODBC-devel jemalloc-devel
Requires: java-1.8.0-openjdk-devel libedit-devel libaio-devel
Requires: DCF >= 6, lsof
Requires: numactl-devel libxml2-devel xerces-c-devel pkgconfig(aws-cpp-sdk-core)
%description
openGauss kernel : openGauss is an open source relational database management system.
%global debug_package %{nil}
%prep
%setup -q -c -n %{name}-%{version}
%setup -q -D -T -a 1
%setup -q -D -T -a 2
%setup -q -D -T -a 3
%setup -q -D -T -a 4
pushd openGauss-server-%{version}
%patch -P0 -p1
%patch -P1 -p1
%patch -P2 -p1
%patch -P3 -p1
%patch -P4 -p1
%patch -P5 -p1
%patch -P6 -p1
popd
pushd %{zlib_name}-%{zlib_version}
%patch -P11 -p1
%patch -P12 -p1
popd
pushd %{krb5_name}-%{krb5_name}-%{krb5_version}
%patch -P21 -p1
%patch -P22 -p1
%patch -P23 -p1
%patch -P24 -p1
%patch -P25 -p1
popd
pushd %{xgboost_name}-%{xgboost_version}
%patch -P26 -p1
popd
pushd %{dmlc_name}-%{dmlc_version}
%patch -P27 -p1
popd
%build
build_target=$(pwd)/binarylibs/kernel/dependency
########### build krb5 ###########
pushd %{krb5_name}-%{krb5_name}-%{krb5_version}
krb5_dir=${build_target}/kerberos/comm
cd src
rm -rf configure; cp %{SOURCE29} ./configure
autoheader; chmod +x configure; sed -i 's/lcom_err/lcom_err_gauss/g' configure
./configure --prefix=${krb5_dir} LDFLAGS='-Wl,-z,relro,-z,now' CFLAGS='-fstack-protector-strong -fPIC' --disable-rpath --disable-pkinit --with-system-verto=no
make -s %{?_smp_mflags}
make install -s %{?_smp_mflags}
rm -rf ${krb5_dir}/lib/pkgconfig
rm -rf ${krb5_dir}/share
rm -rf ${krb5_dir}/var
popd
########### build zlib ###########
pushd %{zlib_name}-%{zlib_version}
zlib_dir=${build_target}/zlib1.2.11/comm
CONFIGURE_EXTRA_FLAG="--64"
%ifarch aarch64
CONFIGURE_EXTRA_FLAG=""
%endif
%ifarch sw_64
CONFIGURE_EXTRA_FLAG=""
%endif
%ifarch riscv64
CONFIGURE_EXTRA_FLAG=""
%endif
./configure ${CONFIGURE_EXTRA_FLAG} --prefix=${zlib_dir}
sed -i '21a CFLAGS += -fPIC' Makefile
MAKE_EXTRA_FLAG="-m64"
%ifarch aarch64
MAKE_EXTRA_FLAG=""
%endif
%ifarch sw_64
MAKE_EXTRA_FLAG=""
%endif
%ifarch riscv64
MAKE_EXTRA_FLAG=""
%endif
make CFLAGS="-fPIE -fPIC" SFLAGS="-O2 -fPIC -fstack-protector-strong -Wl,-z,noexecstack -Wl,-z,relro,-z,now ${MAKE_EXTRA_FLAG} -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN" %{?_smp_mflags}
make install
cd contrib/minizip/
make CFLAGS="-O3 -fPIC -I../.." -f Makefile %{?_smp_mflags}
mv libminiz.a libminiunz.a
cp ioapi.h ${zlib_dir}/include/
cp unzip.h ${zlib_dir}/include/
cp libminiunz.a ${zlib_dir}/lib/
chmod 644 ${zlib_dir}/include/ioapi.h ${zlib_dir}/include/unzip.h ${zlib_dir}/lib/libminiunz.a
cp -r ${zlib_dir} ${build_target}/zlib1.2.11/llt
popd
########### build xgboost ###########
pushd %{xgboost_name}-%{xgboost_version}
xgboost_dir=${build_target}/xgboost/comm
sed -i '9a set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-z,now -fPIE -fPIC -fstack-protector-strong")' ./CMakeLists.txt
sed -i '10a set (CMAKE_CPP_FLAGS "${CMAKE_CPP_FLAGS} -Wl,-z,now -fPIE -fPIC -fstack-protector-strong")' ./CMakeLists.txt
sed -i '11a set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fPIE -fPIC -fstack-protector-strong")' ./CMakeLists.txt
rm -rf dmlc-core
cp -r ../dmlc-core-%{dmlc_version}/ ./dmlc-core
rm -rf build_install
mkdir build_install && cd build_install
cmake .. -DCMAKE_INSTALL_PREFIX=${xgboost_dir}
make %{?_smp_mflags}
make install
cp -r ${xgboost_dir} ${build_target}/xgboost/llt
popd
########### build opengauss ###########
%ifarch riscv64
CMAKE_EXTRA_FLAG="-DENABLE_BBOX=OFF"
rm -rf openGauss-server-%{version}/contrib/dolphin
%endif
pushd openGauss-server-%{version}
opengauss_source_dir=$(pwd)
export BUILD_TUPLE=$(uname -m)
export DEBUG_TYPE=release
export THIRD_BIN_PATH=${build_target}/../../../binarylibs
export LD_LIBRARY_PATH=$THIRD_BIN_PATH/kernel/dependency/zlib1.2.11/comm/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=$THIRD_BIN_PATH/kernel/dependency/kerberos/comm/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=$THIRD_BIN_PATH/kernel/dependency/xgboost/comm/lib:$LD_LIBRARY_PATH
export PREFIX_HOME=${opengauss_source_dir}/mppdb_temp_install
mkdir -p tmp_build
cd tmp_build
cmake .. -DENABLE_MULTIPLE_NODES=OFF -DENABLE_THREAD_SAFETY=ON -DWITH_OPENEULER_OS=ON -DENABLE_OPENEULER_MAJOR=ON \
-DENABLE_LLVM_COMPILE=OFF -DENABLE_OBS=OFF -DENABLE_OPENSSL3=ON ${CMAKE_EXTRA_FLAG}
make %{?_smp_mflags}
make install
# clean build root
rm -rf %{buildroot}/*
mkdir -p %{buildroot}/var/lib/opengauss/data
mkdir -p %{buildroot}%{apppath}/script
mkdir -p %{buildroot}%{tmppath}/script
# separate_debug_symbol.sh dir
cd ${opengauss_source_dir}/build/script
chmod +x ./separate_debug_information.sh
sed -i '/"$BIN_DIR\/gaussdb\.map"/d' ./separate_debug_information.sh
./separate_debug_information.sh
rm -rf ${opengauss_source_dir}/mppdb_temp_install/packages
rm -rf ${opengauss_source_dir}/mppdb_temp_install/symbols
# package
os_name=$(cat /etc/os-release | grep -w NAME | awk -F '"' '{print $2}')
if [[ -f "/etc/openEuler-release" ]]; then
os_name="openEuler"
elif [[ -f "/etc/euleros-release" ]]; then
os_name="EulerOS"
elif [[ -f "/etc/centos-release" ]]; then
os_name="CentOS"
elif [[ -f "/etc/FusionOS-release" ]]; then
os_name="FusionOS"
elif [[ -f "/etc/kylin-release" ]]; then
os_name="Kylin"
elif [[ -f "/etc/asianux-release" ]]; then
os_name="Asianux"
elif [[ -f "/etc/CSIOS-release" ]]; then
os_name="CSIOS"
else
os_name=$(lsb_release -d | awk -F ' ' '{print $2}'| tr A-Z a-z | sed 's/.*/\L&/; s/[a-z]*/\u&/g')
fi
os_version=$(cat /etc/os-release | grep -w VERSION_ID | awk -F '"' '{print $2}')
platform_arch=$(uname -m)
kernel_package_name=openGauss-Server-%{version}-${os_name}-${os_version}-${platform_arch}
cd ${opengauss_source_dir}/mppdb_temp_install
tar -zcf ${kernel_package_name}.tar.bz2 *
sha256sum ${kernel_package_name}.tar.bz2 | awk '{print $1}' > ${kernel_package_name}.sha256
# copy binarylibs packages to %{tmppath}
cp -r ${opengauss_source_dir}/mppdb_temp_install/* %{buildroot}%{tmppath}
# make package upgrade sql
cd ${opengauss_source_dir}/tmp_build
cp -r ${opengauss_source_dir}/src/include/catalog/upgrade_sql ./upgrade_sql
tar -zcf upgrade_sql.tar.gz ./upgrade_sql
rm -rf ./upgrade_sql > /dev/null 2>&1
sha256sum upgrade_sql.tar.gz | awk '{print $1}' > upgrade_sql.sha256
if [ $? -ne 0 ]; then
echo "Generate upgrade_sql.sha256 failed."
exit 1
fi
cp -r upgrade_sql.tar.gz %{buildroot}%{tmppath}
cp -r upgrade_sql.sha256 %{buildroot}%{tmppath}
# opengauss datanode dir.
install -d -m 700 $RPM_BUILD_ROOT%{?_localstatedir}/lib/opengauss/data
# opengauss .bash_profile
install -m 644 %{SOURCE20} $RPM_BUILD_ROOT%{?_localstatedir}/lib/opengauss/.bash_profile
# auto start files
install -m 644 %{SOURCE21} %{buildroot}%{tmppath}/script/opengauss.service
install -m 644 %{SOURCE22} %{buildroot}%{tmppath}/script/autostart.sh
# upgrade script
install -m 644 %{SOURCE23} %{buildroot}%{tmppath}/version.cfg
install -m 644 %{SOURCE24} %{buildroot}%{tmppath}/opengauss_upgrade_start.sh
install -m 644 %{SOURCE25} %{buildroot}%{tmppath}/opengauss_upgrade_common.sh
install -m 644 %{SOURCE26} %{buildroot}%{tmppath}/opengauss_upgrade_config.sh
install -m 644 %{SOURCE27} %{buildroot}%{tmppath}/opengauss_upgrade_errorcode.sh
install -m 644 %{SOURCE28} %{buildroot}%{tmppath}/upgrade.sh
popd
%pre
# add opengauss user
/usr/sbin/groupadd -r opengauss >/dev/null 2>&1 || :
/usr/sbin/useradd -M -N -g opengauss -r -d %{datapath} -s /bin/bash -c "openGauss Server" opengauss >/dev/null 2>&1 || :
# for install step
# 1:install 2:upgrade
if [ $1 -eq 1 ]; then
echo "Preparing for install"
portinfo=$(lsof -i:%{port})
if [ "${portinfo}" != "" ]; then
echo "Error: The port[%{port}] is occupied. Please use command 'lsof -i:%{port} to check it.'"
fi
if [ -d /var/lib/opengauss/data ]; then
if [ "`ls -A /var/lib/opengauss/data`" != "" ]; then
echo "Datanode dir(/var/lib/opengauss/data) is not empty."
echo "Please delete dir and reinstall opengauss."
exit 1
fi
process_id=$(ps -ef | grep /var/lib/opengauss/data | grep -v grep | awk '{print $2}')
if [ "$process_id" != "" ]; then
echo "A process of opengauss already exists. Use command (ps -ef | grep /var/lib/opengauss/data) to confirm."
echo "Please kill the process and reinstall opengauss."
exit 1
fi
fi
elif [ $1 -eq 2 ]; then
echo "Preparing for upgrade"
old_version=$(rpm -qi opengauss | grep -i version | awk -F':' '{print $2}' | sed 's/^[ \t]*//;s/[ \t]*$//')
if [ "$(printf '%s\n' "%{version}" "$old_version" | sort -V | head -n1)" == "%{version}" ]; then
echo "Error: New version (%{version}) must be greater than the old version ($old_version)."
exit 1
fi
if [[ "${old_version}" == "2.1.0" && %{version} == "6.0.0" ]]; then
echo "The opengauss do not support upgrade from 2.1.0 to 6.0.0."
exit 1
fi
fi
%post
start_opengauss(){
result=$(su - opengauss -c "source ~/.bash_profile; gs_initdb -D /var/lib/opengauss/data -U opengauss --nodename=single_node")
if [ $? -ne 0 ]; then
echo "Init openGauss database failed."
exit $result
else
echo "Init openGauss database success."
fi
}
add_service(){
cp %{apppath}/script/opengauss.service /usr/lib/systemd/system/
systemctl daemon-reload
}
remove_service(){
service_name=/usr/lib/systemd/system/opengauss.service
if [ -f $service_name ]; then
systemctl disable opengauss.service
rm $service_name
fi
}
create_dir() {
if [ -d /usr/local/opengauss ]; then
rm -rf /usr/local/opengauss
fi
mkdir -p /usr/local/opengauss
cp -r /var/lib/opengauss/pkg_%{version}/* /usr/local/opengauss
chmod -R 755 /usr/local/opengauss
chown -R opengauss:opengauss /usr/local/opengauss
}
upgrade_create_dir() {
rm -rf /var/lib/opengauss/opengauss_upgrade/pkg_%{version}
rm -rf /var/lib/opengauss/opengauss_upgrade/bak
rm -rf /var/lib/opengauss/opengauss_upgrade/tmp
mkdir -p /var/lib/opengauss/opengauss_upgrade/pkg_%{version}
mkdir -p /var/lib/opengauss/opengauss_upgrade/bak
mkdir -p /var/lib/opengauss/opengauss_upgrade/tmp
chown -R opengauss:opengauss /var/lib/opengauss
}
# for install step
# 1:install 2:upgrade
if [ $1 -eq 1 ]; then
echo "install" > /var/lib/opengauss/recode_install_flag
create_dir
start_opengauss
add_service
elif [ $1 -eq 2 ]; then
echo "upgrade" > /var/lib/opengauss/recode_install_flag
echo "start upgrade..."
upgrade_create_dir
cmd="source ~/.bash_profile; cd /var/lib/opengauss/pkg_%{version}; sh upgrade.sh"
result=$(su - opengauss -c "$cmd")
if [ $? -ne 0 ]; then
echo "Upgrade failed."
echo "$result, Please cat the log information: cat /var/lib/opengauss/opengauss_upgrade/opengauss_upgrade.log"
echo "failed" > /var/lib/opengauss/upgrade_result
exit 1
else
echo "Upgrade success."
echo "success" > /var/lib/opengauss/upgrade_result
fi
remove_service
add_service
fi
%preun
remove_service(){
service_name=/usr/lib/systemd/system/opengauss.service
if [ -f $service_name ]; then
systemctl disable opengauss.service
rm $service_name
fi
}
# 0: uninstall 1:upgrade
if [ $1 -eq 0 ]; then
echo "remove opengauss service"
remove_service
fi
%postun
clear_database(){
pid=$(ps -ef | grep /var/lib/opengauss/data | grep -v grep | awk '{print $2}')
if [ "$pid" != "" ]; then
kill -9 $pid
fi
if [ -d /usr/local/opengauss ]; then
rm -rf /usr/local/opengauss
fi
if [ -d /usr/local/opengauss_%{version} ]; then
rm -rf /usr/local/opengauss_%{version}
fi
if [ -f /var/lib/opengauss/recode_install_flag ]; then
rm -rf /var/lib/opengauss/recode_install_flag
fi
if [ -f /var/lib/opengauss/upgrade_result ]; then
rm -rf /var/lib/opengauss/upgrade_result
fi
if [ -d /var/lib/opengauss/pkg_%{version} ]; then
rm -rf /var/lib/opengauss/pkg_%{version}
fi
if [ -d /var/lib/opengauss/opengauss_upgrade ]; then
rm -rf /var/lib/opengauss/opengauss_upgrade
fi
}
# 0: uninstall
if [ $1 -eq 0 ]; then
echo "clean database"
clear_database
fi
%posttrans
flag=$(cat /var/lib/opengauss/recode_install_flag)
if [ $flag = "install" ]; then
echo "opengauss install successfully!"
echo "Please run: systemctl start opengauss.service"
else
echo "upgrade posttrans"
if [ -d "/usr/local/opengauss" ] && [ "$(ls -A /usr/local/opengauss)" ]; then
rm -rf /usr/local/opengauss
fi
mkdir -p /usr/local/opengauss
upgrade_file=/var/lib/opengauss/upgrade_result
if [[ -f ${upgrade_file} && $(cat $upgrade_file) = "success" ]]; then
echo "opengauss upgrade successfully"
cp -rf /var/lib/opengauss/opengauss_upgrade/pkg_%{version}/* /usr/local/opengauss
else
echo "opengauss upgrade failed, rollback in progress"
cp -rf /var/lib/opengauss/opengauss_upgrade/bak/* /usr/local/opengauss
fi
chown -R opengauss:opengauss /usr/local/opengauss
chmod -R 755 /usr/local/opengauss
chmod -R 700 /var/lib/opengauss/data
systemctl restart opengauss.service
fi
%files
%doc
%defattr (755,opengauss,opengauss)
%{apppath}
%defattr (700,opengauss,opengauss)
%{?_localstatedir}/lib/opengauss
%changelog
* Wed Mar 12 2025 Funda Wang <fundawang@yeah.net> - 6.0.0-24
- fix build with cmake 4.0
* Sat Dec 28 2024 liuheng <liuheng76@huawei.com> - 6.0.0-23
- Fix bugs: upgrade failed
* Sat Dec 14 2024 liuheng <liuheng76@huawei.com> - 6.0.0-22
- Fix bugs: when upgrading, the new version cannot be lower than the old version
* Sat Dec 14 2024 liuheng <liuheng76@huawei.com> - 6.0.0-21
- Fix different versions of autoconf and resolve exceptions
* Fri Dec 13 2024 liuheng <liuheng76@huawei.com> - 6.0.0-20
- Fix bugs: #IBB3VO
* Tue Dec 10 2024 liuheng <liuheng76@huawei.com> - 6.0.0-19
- Fix bugs: #IBAAVY
* Thu Dec 5 2024 xiaofan <xiaofan@iscas.ac.cn> - 6.0.0-18
- Support riscv64
* Mon Dec 2 2024 liuheng <liuheng76@huawei.com> - 6.0.0-17
- Adaptation upgrade
* Thu Nov 14 2024 liuheng <liuheng76@huawei.com> - 6.0.0-16
- Update version to 6.0.0
* Thu Jun 20 2024 liuheng <liuheng76@huawei.com> - 5.0.1-15
- Fix bugs: Initialize Remove Password
* Wed Jun 12 2024 liuheng <liuheng76@huawei.com> - 5.0.1-14
- Fix bugs: #IA4KLQ #IA4PTU
* Fri May 24 2024 zhangzhihui <zhangzhihui42@huawei.com> - 5.0.1-13
- upgrade function
* Mon May 6 2024 liuheng <liuheng76@huawei.com> - 5.0.1-12
- Update version to 5.0.1
* Fri Aug 18 2023 panchenbo <panchenbo@kylinsec.com.cn> - 2.1.0-11
- add sw_64 support
* Tue Jun 6 2023 dillon chen<dillon.chen@gmail.com> - 2.1.0-8
- Fix bugs: #I677QX add lsof
* Mon Apr 10 2023 panchenbo <panchenbo@kylinsec.com.cn> - 2.1.0-7
- add /etc/kylinsec-release support for KylinSec
* Wed Mar 30 2022 ouyangminxiang <ouyangminxiang@kylinsec.com.cn> - 2.1.0-6
- add kylinsec platform
* Sat Mar 12 2022 zhangxubo <zhangxubo1@huawei.com> - 2.1.0-5
- Fix bugs: #I4VDYQ #I4V624 #I4UOUU #I4TCDB #I4TCB8
* Thu Jan 27 2022 zhangxubo <zhangxubo1@huawei.com> - 2.1.0-4
- Fix bugs: #I4SDWX
* Sat Jan 22 2022 zhangxubo <zhangxubo1@huawei.com> - 2.1.0-3
- Fix bugs: #I4RVNX
* Mon Dec 13 2021 zhangxubo <zhangxubo1@huawei.com> - 2.1.0-2
- Fix bugs: Mask dependencies acquired during installation
* Wed Dec 1 2021 zhangxubo <zhangxubo1@huawei.com> - 2.1.0-1
- Package init

16
opengauss.service Executable file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Start openGauss server
After=local-fs.target
[Service]
Type=forking
User=opengauss
WorkingDirectory=/var/lib/opengauss
ExecStart=/bin/bash -c 'source ~/.bash_profile; gs_ctl start -D /var/lib/opengauss/data'
ExecStop=/bin/bash -c 'source ~/.bash_profile; gs_ctl stop -D /var/lib/opengauss/data'
ExecReload=/bin/bash -c 'source ~/.bash_profile; gs_ctl reload -D /var/lib/opengauss/data'
Delegate=yes
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

1238
opengauss_upgrade_common.sh Normal file
View File

File diff suppressed because it is too large Load Diff

31
opengauss_upgrade_config.sh Normal file
View File

@ -0,0 +1,31 @@
#!/bin/bash
# Copyright (c) Huawei Technologies Co., Ltd. 2010-2022. All rights reserved.
# date: 2021-12-22
# version: 1.0
# 数据库监听端口
GAUSS_LISTEN_PORT="7654"
# 数据库管理员用户名
GAUSS_ADMIN_USER="opengauss"
#数据库升级回退日志路径
GAUSS_LOG_PATH="/var/lib/opengauss/opengauss_upgrade"
#数据库升级根位置
GAUSS_UPGRADE_BASE_PATH="/var/lib/opengauss/opengauss_upgrade/pkg_6.0.0"
#数据库SQL包位置
GAUSS_SQL_TAR_PATH="/var/lib/opengauss/opengauss_upgrade/pkg_6.0.0"
#数据库低版本备份位置
GAUSS_BACKUP_BASE_PATH="/var/lib/opengauss/opengauss_upgrade/bak"
#数据库临时目录
GAUSS_TMP_PATH="/var/lib/opengauss/opengauss_upgrade/tmp"
#是否使用存在的bin解压包
GAUSS_UPGRADE_BIN_PATH=""
#需要同步的cluster config 列表
GAUSS_UPGRADE_SYNC_CONFIG_LIST=""

18
opengauss_upgrade_errorcode.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# Copyright (c) Huawei Technologies Co., Ltd. 2010-2022. All rights reserved.
# date: 2021-12-22
# version: 1.0
err_upgrade_pre=201
err_upgrade_bin=202
err_upgrade_post=203
err_rollback_pre=204
err_rollback_bin=205
err_rollback_post=206
err_check_init=207
err_parameter=208
err_upgrade_commit=209
err_version_same=210
err_no_need_commit=211
err_inner_sys=212
err_dn_role_null=213

56
opengauss_upgrade_start.sh Normal file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# Copyright (c) Huawei Technologies Co., Ltd. 2010-2022. All rights reserved.
# date: 2021-12-22
# version: 1.0
CURRENT_DIR=$(
cd $(dirname $0)
pwd
)
source ${CURRENT_DIR}/opengauss_upgrade_config.sh
source ${CURRENT_DIR}/opengauss_upgrade_common.sh
function main() {
check_and_init
parse_cmd_line $@
case "${action}" in
upgrade_pre)
upgrade_pre
exit 0
;;
upgrade_bin)
upgrade_bin
exit 0
;;
upgrade_post)
upgrade_post
exit 0
;;
rollback_pre)
rollback_pre
exit 0
;;
rollback_bin)
rollback_bin
exit 0
;;
rollback_post)
rollback_post
exit 0
;;
upgrade_commit)
upgrade_commit
exit 0
;;
switch_over)
switch_over
exit 0
;;
*)
log "please input right parameter, the following command may help you"
log "sh upgrade_GAUSSV5.sh --help or sh upgrade_GAUSSV5.sh -h"
die "Must input parameter -t action" ${err_parameter}
;;
esac
}
main $@

651
upgrade.sh Normal file
View File

@ -0,0 +1,651 @@
#/bin/bash
err_upgrade_pre=201
err_upgrade_bin=202
err_upgrade_post=203
err_rollback_pre=204
err_rollback_bin=205
err_rollback_post=206
err_check_init=207
err_parameter=208
err_upgrade_commit=209
err_version_same=210
err_no_need_commit=211
err_inner_sys=212
err_dn_role_null=213
version=6.0.0
GAUSS_BASE_PATH="/usr/local/opengauss"
GAUSS_UPGRADE_BASE_PATH="/var/lib/opengauss/opengauss_upgrade/pkg_${version}"
GAUSS_BACKUP_BASE_PATH="/var/lib/opengauss/opengauss_upgrade/bak"
GAUSS_TMP_PATH="/var/lib/opengauss/opengauss_upgrade/tmp"
GAUSS_LOG_FILE="/var/lib/opengauss/opengauss_upgrade/opengauss_upgrade.log"
new_opengauss_dir=/var/lib/opengauss/pkg_${version}
GAUSS_LISTEN_PORT=7654
function create_dir() {
rm -rf ${GAUSS_BACKUP_BASE_PATH}
rm -rf ${GAUSS_TMP_PATH}
rm -rf ${GAUSS_UPGRADE_BASE_PATH}
mkdir -p ${GAUSS_UPGRADE_BASE_PATH}
mkdir -p ${GAUSS_BACKUP_BASE_PATH}
mkdir -p ${GAUSS_TMP_PATH}
# touch ${GAUSS_LOG_FILE}
}
# create_dir
function cp_new_all_pkg_to_tmp_dir() {
cp -rf ${new_opengauss_dir}/* ${GAUSS_UPGRADE_BASE_PATH}
}
function debug() {
local current_time=$(date +"%Y-%m-%d %H:%M:%S")
echo "[$current_time]" "$1" >>"${GAUSS_LOG_FILE}"
}
function log() {
local current_time=$(date +"%Y-%m-%d %H:%M:%S")
echo "[$current_time]" "$1" >>"${GAUSS_LOG_FILE}"
echo "$1"
}
function die() {
local current_time=$(date +"%Y-%m-%d %H:%M:%S")
if [[ -f "${GAUSS_LOG_FILE}" ]]; then
echo "[$current_time]" "$1" >>"${GAUSS_LOG_FILE}"
fi
echo -e "\033[31mError: $1\033[0m"
exit $2
}
function check_config_path() {
local temp_value="$1"
if [[ "$temp_value" == *[\(\)\{\}\[\]\<\>\"\'\`\\\ \*\!\|\;\&\$\~\?]* ]]; then
die "$temp_value may contain illegal characters" ${err_check_init}
fi
if echo "$temp_value" | grep -Eq "^/{1,}$"; then
die "path cannot be / " ${err_check_init}
fi
}
function check_env() {
if [[ "$GAUSSHOME" == "" ]]; then
die "GAUSSHOME cannot be null!" ${err_check_init}
fi
if [[ "$GAUSSDATA" == "" ]] && [[ "$PGDATA" == "" ]]; then
die "GAUSSDATA or PGDATA cannot be all null!" ${err_check_init}
fi
if [[ "$PGDATA" == "" ]]; then
PGDATA=${GAUSSDATA}
fi
if [[ "$GAUSSDATA" == "" ]]; then
GAUSSDATA=${PGDATA}
fi
check_config_path "$GAUSSHOME"
check_config_path "$GAUSSDATA"
check_config_path "$PGDATA"
# ensure GAUSSDATA not contain GAUSSHOME
if echo "$GAUSSDATA" | grep -wq "^$GAUSSHOME"; then
die "GAUSSDATA cannot be in GAUSSHOME!" ${err_check_init}
fi
log "Current env value: GAUSSHOME is $GAUSSHOME, PGDATA is $PGDATA."
}
function check_upgrade_config() {
local tempfile="$GAUSS_TMP_PATH"/".temp_check_guc_value"
# guc output from opengauss or gauss is diff
if gs_guc check -D ${PGDATA} -c "$1" >"$tempfile" 2>&1; then
tempvalue=$(cat "$tempfile" | tail -2 | head -1 | sed 's/\[[^][]*\]//g' | sed 's/[[:space:]]//g' | awk -F= '{print $2}')
if ! rm -f ${tempfile}; then
log "rm -f $tempfile failed"
return 1
fi
if [[ "$tempvalue" == "$2" ]]; then
debug "guc check $1=$2 successfully"
return 0
elif [[ "$1" == "sync_config_strategy" && "$tempvalue" == "NULL" ]]; then
debug "guc check $1=$2 successfully"
return 0
else
return 1
fi
else
if ! rm -f ${tempfile}; then
log "rm -f $tempfile failed"
return 1
fi
return 1
fi
}
function reload_upgrade_config() {
if check_upgrade_config "$1" "$2"; then
return 0
fi
# only primary need to reload upgrade_mode, standby wait sync from primary
query_dn_role
if [[ X"$dn_role" == X"standby" || X"$dn_role" == X"cascade_standby" ]]; then
return 0
fi
# ensure value of sync_config_strategy is all_node or default
if ! check_upgrade_config "sync_config_strategy" "all_node"; then
return 1
fi
local current_time=$(date +"%Y-%m-%d %H:%M:%S")
echo -n \[${current_time}\] " " >>"${GAUSS_LOG_FILE}"
for i in $(seq 1 3); do
if gs_guc reload -D ${PGDATA} -c "$1=$2" >>"${GAUSS_LOG_FILE}" 2>&1; then
return 0
fi
sleep 2
done
return 1
}
function check_version() {
version=$(gaussdb -V)
if [[ $version =~ "V500R002C00" || $version =~ "2.1.0" ]]; then
echo "2.1.0" >${GAUSSHOME}/version.cfg
echo "92.421" >>${GAUSSHOME}/version.cfg
echo "1f6832d" >>${GAUSSHOME}/version.cfg
old_version=1f6832d
old_cfg=$(sed -n 2p "$GAUSSHOME/version.cfg" | sed 's/\.//g')
else
if [[ ! -f "${GAUSSHOME}/version.cfg" ]]; then
die "Cannot find current version.cfg!" ${err_upgrade_pre}
else
old_version=$(sed -n 3p "$GAUSSHOME"/version.cfg)
old_cfg=$(sed -n 2p "$GAUSSHOME/version.cfg" | sed 's/\.//g')
fi
fi
if [[ -f "$GAUSS_UPGRADE_BASE_PATH"/version.cfg ]]; then
new_version_cfg_path="${GAUSS_UPGRADE_BASE_PATH}/version.cfg"
else
die "Cannot find new version.cfg!" ${err_upgrade_pre}
fi
new_version=$(sed -n 3p "$new_version_cfg_path")
new_cfg=$(sed -n 2p "$new_version_cfg_path" | sed 's/\.//g')
if [[ X"$old_version" == X || X"$old_cfg" == X || X"$new_version" == X || X"$new_cfg" == X ]]; then
die "Maybe version.cfg is not normal" ${err_upgrade_pre}
fi
if ! echo "$old_cfg" | grep -Ewq "[0-9]{3,6}"; then
die "Maybe version.cfg is not normal" ${err_upgrade_pre}
fi
if ! echo "$new_cfg" | grep -Ewq "[0-9]{3,6}"; then
die "Maybe version.cfg is not normal" ${err_upgrade_pre}
fi
if [[ "$old_version" == "$new_version" ]]; then
die "New version is same as old, the commitId is $old_version!" ${err_version_same}
fi
if [[ ${new_cfg} -lt ${old_cfg} ]]; then
die "Current version is newer!" ${err_upgrade_pre}
fi
log "Old version commitId is $old_version, version info is $old_cfg"
log "New version commitId is $new_version, version info is $new_cfg"
}
function check_disk() {
avail_disk=$(df -BM "$GAUSS_UPGRADE_BASE_PATH" | tail -n 1 | awk '{print $4}')
avail_disk=${avail_disk:0:-1}
if [[ X"$min_disk" == "X" ]]; then
min_disk=2048
fi
if [[ ${avail_disk} -lt ${min_disk} ]]; then
die "avail disk must be >= ${min_disk}MB, check with cmd: df -BM $GAUSS_UPGRADE_BASE_PATH!" ${err_check_init}
fi
log "Check available disk space successfully."
}
function start_dbnode() {
start_cmd="gs_ctl start -D ${PGDATA} "
log "start gaussdb by cmd: $start_cmd"
${start_cmd} >>"${GAUSS_LOG_FILE}" 2>&1
if [ $? -ne 0 ]; then
die "failed to $start_cmd"
fi
}
function rollback_post() {
if ! check_db_process; then
die "Gaussdb is not running" ${err_rollback_post}
fi
if ! reload_upgrade_config upgrade_mode 2; then
die "set upgrade_mode to 2 failed" ${err_upgrade_post}
fi
if exec_sql "$GAUSS_UPGRADE_BASE_PATH"/temp_sql/temp_rollback-post_maindb.sql maindb && exec_sql "$GAUSS_UPGRADE_BASE_PATH"/temp_sql/temp_rollback-post_otherdb.sql otherdb; then
debug "rollback post sql successfully"
else
die "rollback post sql failed" ${err_rollback_post}
fi
}
function prepare_sql() {
#$1: upgrade,upgrade-post,rollback,rollback-post
#$2: maindb,otherdb
temp_old=${old_cfg}
temp_new=${new_cfg}
local action="$1"
local dbname="$2"
local tempfile="$GAUSS_TMP_PATH"/temp_sql/"temp_"${action}_${dbname}.sql
temp_file_num=0
if echo "START TRANSACTION;set IsInplaceUpgrade = on;" >"$tempfile" && chmod 600 "$tempfile"; then
debug "Begin to generate $tempfile"
else
die "Write $tempfile failed" ${err_upgrade_pre}
fi
if ! echo "SET search_path = 'pg_catalog';SET local client_min_messages = NOTICE;SET local log_min_messages = NOTICE;" >>"$tempfile"; then
die "Write $tempfile failed" ${err_upgrade_pre}
fi
if ! echo "SET statement_timeout = 3600000;" >>"$tempfile"; then
die "Write $tempfile failed" ${err_upgrade_pre}
fi
if [[ "$action" == "upgrade" || "$action" == "upgrade-post" ]]; then
while [[ ${temp_old} -lt ${temp_new} ]]; do
((temp_old = $temp_old + 1))
local upgrade_sql_file="upgrade_sql/upgrade_catalog_${dbname}/${action}_catalog_${dbname}_${temp_old:0:2}_${temp_old:2}.sql"
if [[ -f "$upgrade_sql_file" ]]; then
if ! cat "$upgrade_sql_file" >>"$tempfile"; then
die "Write $tempfile failed" ${err_upgrade_pre}
fi
debug "$upgrade_sql_file >> $tempfile"
((temp_file_num = temp_file_num + 1))
fi
done
fi
if [[ "$1" == "rollback" || "$1" == "rollback-post" ]]; then
while [[ ${temp_new} -gt ${temp_old} ]]; do
local upgrade_sql_file="upgrade_sql/rollback_catalog_${dbname}/${action}_catalog_${dbname}_${temp_new:0:2}_${temp_new:2}.sql"
if [[ -f "$upgrade_sql_file" ]]; then
if ! cat "$upgrade_sql_file" >>"$tempfile"; then
die "Write $tempfile failed" ${err_upgrade_pre}
fi
debug "$upgrade_sql_file >>$tempfile"
((temp_file_num = temp_file_num + 1))
fi
((temp_new = $temp_new - 1))
done
fi
if ! echo "COMMIT;" >>"$tempfile"; then
die "Write $tempfile failed" ${err_upgrade_pre}
fi
#file not meet requirements
if [[ ${temp_file_num} -eq 0 ]]; then
debug "No sql file for ${action} ${dbname}!"
rm -f "$tempfile"
else
debug "get ${temp_file_num} files for ${action} ${dbname}!"
fi
}
function prepare_sql_all() {
local dir_temp_sql="$GAUSS_TMP_PATH"/temp_sql
local sql_tar_file="$GAUSS_UPGRADE_BASE_PATH"/upgrade_sql.tar.gz
local sql_tar_sha="$GAUSS_UPGRADE_BASE_PATH"/upgrade_sql.sha256
if [[ ! -f "${sql_tar_file}" ]] || [[ ! -f "${sql_tar_sha}" ]]; then
die "${sql_tar_file} or ${sql_tar_sha} not exit!" ${err_upgrade_pre}
else
local sha_expect=$(cat ${sql_tar_sha})
local sha_current=$(sha256sum ${sql_tar_file} | awk '{print $1}')
if [[ "$sha_expect" != "$sha_current" ]]; then
die "The sha256 value of $sql_tar_file does not match $sql_tar_sha!" ${err_upgrade_pre}
fi
if [[ -d "$dir_temp_sql" ]]; then
rm -rf "$dir_temp_sql"
fi
if mkdir -p -m 700 "$dir_temp_sql" && tar -zxf "$sql_tar_file" -C "$dir_temp_sql"; then
log "decompress upgrade_sql.tar.gz successfully."
else
die "decompress upgrade_sql.tar.gz failed" ${err_upgrade_pre}
fi
fi
#total 8
cd "$dir_temp_sql"
for action in upgrade upgrade-post rollback rollback-post; do
for db_base in maindb otherdb; do
prepare_sql ${action} ${db_base}
done
done
}
function pre_exec_sql() {
if exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade_maindb.sql maindb && exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade_otherdb.sql otherdb; then
debug "exec pre sql successfully"
return 0
else
log "exec pre sql failed"
return 1
fi
}
function post_exec_sql() {
if exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade-post_maindb.sql maindb && exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade-post_otherdb.sql otherdb; then
debug "upgrade post sql successfully"
else
die "upgrade post sql failed" ${err_upgrade_post}
fi
}
function stop_dbnode() {
if ! check_db_process; then
return 0
fi
gs_ctl stop -D ${PGDATA} >>"${GAUSS_LOG_FILE}" 2>&1
}
function check_db_process() {
legal_path=$(echo "$GAUSSHOME/bin/gaussdb" | sed 's#//*#/#g')
ps wwx | grep "${legal_path}" | grep -v grep >/dev/null
}
function query_dn_role() {
gs_ctl query -D ${PGDATA} >"${GAUSS_TMP_PATH}/temp_dn_role"
dn_role_temp=$(grep local_role "${GAUSS_TMP_PATH}/temp_dn_role" | head -1 | awk '{print $3}')
# rm -f "${GAUSS_TMP_PATH}/temp_dn_role"
if [[ "$dn_role_temp" = "Normal" ]]; then
dn_role_temp="normal"
elif [[ "$dn_role_temp" = "Primary" ]]; then
dn_role_temp="primary"
elif [[ "$dn_role_temp" = "Standby" ]]; then
dn_role_temp="standby"
elif [[ "$dn_role_temp" = "Cascade" ]]; then
dn_role_temp="cascade_standby"
else
dn_role_temp=""
fi
dn_role="$dn_role_temp"
if [[ "$dn_role" != "$dn_role_temp" ]]; then
die "dn_role maybe not right" ${err_dn_role_null}
fi
}
function rollback_bin() {
export GAUSSHOME=${GAUSS_BASE_PATH}
export LD_LIBRARY_PATH=${GAUSSHOME}/lib:$LD_LIBRARY_PATH
export PATH=${GAUSSHOME}/bin:$PATH
start_dbnode
if ! reload_upgrade_config upgrade_mode 0; then
die "set upgrade_mode to 0 failed" ${err_upgrade_post}
fi
}
function rollback_pre_sql() {
if exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_rollback_maindb.sql maindb && exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_rollback_otherdb.sql otherdb; then
debug "rollback pre sql successfully"
else
die "rollback pre sql failed" ${err_rollback_pre}
fi
}
function rollback_post() {
if ! reload_upgrade_config upgrade_mode 2; then
die "set upgrade_mode to 2 failed" ${err_upgrade_post}
fi
if exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_rollback-post_maindb.sql maindb && exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_rollback-post_otherdb.sql otherdb; then
debug "rollback post sql successfully"
else
die "rollback post sql failed" ${err_rollback_post}
fi
}
function set_upgrade_config() {
if check_upgrade_config "$1" "$2"; then
return 0
fi
local current_time=$(date +"%Y-%m-%d %H:%M:%S")
echo -n \[${current_time}\] " " >>"${GAUSS_LOG_FILE}"
for i in $(seq 1 3); do
if gs_guc set -D ${PGDATA} -c "$1=$2" >>"${GAUSS_LOG_FILE}" 2>&1; then
debug "guc set $1=$2 successfully"
return 0
fi
sleep 2
done
return 1
}
function set_upgrade_mode() {
if ! set_upgrade_config upgrade_mode 2; then
die "set upgrade_mode to 2 failed" ${err_rollback_bin}
fi
}
function check_upgrade_mode_by_sql() {
# check upgrade_mode = 2 by sql
check_upgrade_mode_result="$GAUSS_TMP_PATH"/".temp_upgrade_mode"
if echo "" >${check_upgrade_mode_result} && chmod 600 ${check_upgrade_mode_result}; then
debug "Begin to generate check_upgrade_mode_result."
else
log "generate $check_upgrade_mode_result failed."
return 1
fi
gsql -p ${GAUSS_LISTEN_PORT} -d postgres --pipeline -X -t -A \
-c "show upgrade_mode;" >${check_upgrade_mode_result} 2>&1 &
sleep 0.1
for i in $(seq 1 60); do
check_mode_sql=$(cat ${check_upgrade_mode_result})
if [[ "$check_mode_sql" == "2" ]]; then
rm -f ${check_upgrade_mode_result}
return 0
elif [[ "$check_mode_sql" == "0" ]]; then
rm -f ${check_upgrade_mode_result}
gsql -p ${GAUSS_LISTEN_PORT} -d postgres --pipeline -X -t -A \
-c "show upgrade_mode;" >${check_upgrade_mode_result} 2>&1 &
elif [[ "$check_mode_sql" == "" ]]; then
debug "Wait for check_upgrade_mode_result..."
else
log "$(cat ${check_upgrade_mode_result})"
return 1
fi
sleep 0.5
done
if [[ -f "${check_upgrade_mode_result}" ]]; then
debug "check_upgrade_mode_result is $(cat ${check_upgrade_mode_result})"
rm -f ${check_upgrade_mode_result}
else
debug "get upgrade_mode by gsql failed"
fi
return 1
}
function exec_sql() {
#$1: sqlfilename
#$2: maindb,otherdb
query_dn_role
if [[ X"$dn_role" == X"standby" || X"$dn_role" == X"cascade_standby" ]]; then
return 0
fi
if [[ ! -f "$1" ]]; then
return 0
fi
if ! check_upgrade_mode_by_sql; then
return 1
fi
temp_result="$GAUSS_TMP_PATH"/"temp_sql_temp_result_$(date +%Y%m%d_%H%M%S)"
if echo "" >"$temp_result" && chmod 600 "$temp_result"; then
debug "begin exec sql ,file name is $1"
else
log "Generate $temp_result failed."
fi
sqlbegin="gsql -p $GAUSS_LISTEN_PORT -X -t -A "
if [[ "$2" == "maindb" ]]; then
if ${sqlbegin} -d postgres --echo-queries --set ON_ERROR_STOP=on -f $1 >>"$temp_result" 2>&1; then
debug "Exec $1 on database: postgres successfully"
else
log "Exec sql on postgres failed."
debug "$(cat ${temp_result})"
rm -f ${temp_result}
return 1
fi
else
if databases=$(${sqlbegin} -d postgres -c "SELECT datname FROM pg_catalog.pg_database where datname != 'postgres';"); then
temp_num=$(echo ${databases} | awk '{print NF}')
debug "Num of other databases: $temp_num"
else
log "Exec sql to get databases failed."
return 1
fi
for database in ${databases}; do
debug "Begin exec $1 on database: $database "
${sqlbegin} -d ${database} --echo-queries --set ON_ERROR_STOP=on -f $1 >>"$temp_result" 2>&1
done
fi
if grep -wE "ERROR:|FATAL:|could not connect to server" ${temp_result}; then
log "Exec sql failed."
debug "$(cat ${temp_result})"
rm -f ${temp_result}
return 1
else
debug "Exec all sql successfully."
rm -f ${temp_result}
return 0
fi
}
function guc_delete() {
if [[ ! -f "$GAUSS_TMP_PATH"/temp_sql/upgrade_sql/set_guc/delete_guc ]]; then
log "No need to delete guc"
fi
for para in $(cat "$GAUSS_TMP_PATH"/temp_sql/upgrade_sql/set_guc/delete_guc); do
if echo ${para} | grep -w datanode >/dev/null; then
para=$(echo ${para} | awk '{print $1}')
if sed -i "/^${para}[ =]/d" ${PGDATA}/postgresql.conf; then
debug "$para was deleted successfully."
else
die "$para was deleted failed" ${err_upgrade_bin}
fi
fi
done
log "Delete guc successfully"
}
function delete_tmp_files() {
rm -rf "$GAUSS_TMP_PATH"
rm -rf ${GAUSS_LOG_FILE}
}
function add_pg_proc_index() {
version=$(gaussdb -V)
if [[ ! $version =~ "V500R002C00" && ! $version =~ "2.1.0" ]]; then
return 0
fi
add_index_cmd="start transaction; set isinplaceupgrade=on;
ALTER INDEX pg_proc_proname_args_nsp_index unusable;
SET LOCAL inplace_upgrade_next_system_object_oids = IUO_CATALOG, false, true, 0, 0, 0, 9666;
CREATE INDEX pg_catalog.pg_proc_proname_all_args_nsp_index on pg_catalog.pg_proc USING BTREE(proname name_ops, pronamespace oid_ops, propackageid oid_ops);
SET LOCAL inplace_upgrade_next_system_object_oids = IUO_CATALOG, false, true, 0, 0, 0, 0;
commit;"
sqlbegin="gsql -p $GAUSS_LISTEN_PORT -X -t -A "
result=$(${sqlbegin} -d postgres -c "${add_index_cmd}")
if [ $? -ne 0 ]; then
log "Exec sql to get databases failed."
return 1
fi
}
function upgrade_pre() {
# 1.检查环境变量,版本,磁盘
check_env
check_version
check_disk
# 2.准备sql
prepare_sql_all
# 3.设置升级模式
if ! reload_upgrade_config upgrade_mode 2; then
die "set upgrade_mode to 0 failed" ${err_upgrade_pre}
fi
# 4.添加pg_proc_index
add_pg_proc_index
# 5.执行pre sql
pre_exec_sql
if [ $? -ne 0 ]; then
rollback_pre_sql
exit 1
fi
}
function remove_path() {
local remove_dir="$1"
export PATH=$(echo $PATH | tr ':' '\n' | grep -v "^${remove_dir}$" | tr '\n' ':' | sed 's/:$//')
}
function remove_lib() {
local remove_dir="$1"
export LD_LIBRARY_PATH=$(echo $LD_LIBRARY_PATH | tr ':' '\n' | grep -v "^${remove_dir}$" | tr '\n' ':' | sed 's/:$//')
}
function upgrade_bin() {
# 1.停止旧库
if ! stop_dbnode; then
die "Stop gaussdb failed" ${err_upgrade_bin}
fi
# 2.删除guc
guc_delete
# 3.启动新库
remove_path ${GAUSS_BASE_PATH}/bin
remove_lib ${GAUSS_BASE_PATH}/lib
export GAUSSHOME=${GAUSS_UPGRADE_BASE_PATH}
export LD_LIBRARY_PATH=${GAUSSHOME}/lib:$LD_LIBRARY_PATH
export PATH=${GAUSSHOME}/bin:$PATH
start_dbnode
}
function upgrade_post() {
# 1.执行升级sql升级元数据
if ! check_db_process; then
die "Guassdb is not running" ${err_upgrade_post}
fi
if exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade-post_maindb.sql maindb && exec_sql "$GAUSS_TMP_PATH"/temp_sql/temp_upgrade-post_otherdb.sql otherdb; then
debug "upgrade post sql successfully"
else
log "upgrade post sql failed"
rollback_post
exit 1
fi
}
function upgrade_commit() {
# 1.设置升级模式为0
if ! reload_upgrade_config upgrade_mode 0; then
die "set upgrade_mode to 0 failed" ${err_upgrade_commit}
fi
# 2.删除临时文件
# delete_tmp_files
}
function cp_bak() {
cp -rf ${GAUSS_BASE_PATH}/* ${GAUSS_BACKUP_BASE_PATH}
# rm -rf ${GAUSS_BASE_PATH}/*
}
function cp_new() {
cp -rf ${GAUSS_UPGRADE_BASE_PATH}/* ${GAUSS_BASE_PATH}
}
function main() {
cp_bak
cp_new_all_pkg_to_tmp_dir
upgrade_pre
upgrade_bin
upgrade_post
upgrade_commit
stop_dbnode
# cp_new
# remove_path ${GAUSS_UPGRADE_BASE_PATH}/bin
# remove_lib ${GAUSS_UPGRADE_BASE_PATH}/lib
# source /var/lib/opengauss/.bash_profile
# which gs_ctl
# start_dbnode
return 0
}
main

4
version.cfg Normal file
View File

@ -0,0 +1,4 @@
openGauss-Server-6.0.0
92.954
798b1578
release

8
xgboost-cmake-3.13.patch Normal file
View File

@ -0,0 +1,8 @@
--- xgboost-1.4.1/rabit/CMakeLists.txt.orig 2025-03-12 09:39:22.266791744 +0800
+++ xgboost-1.4.1/rabit/CMakeLists.txt 2025-03-12 09:39:47.096143841 +0800
@@ -1,4 +1,4 @@
-cmake_minimum_required(VERSION 3.3)
+cmake_minimum_required(VERSION 3.13)
find_package(Threads REQUIRED)

BIN
xgboost-v1.4.1.tar.gz Normal file
View File

Binary file not shown.

BIN
zlib-1.2.12.tar.gz Normal file
View File

Binary file not shown.

29
zlib-CVE-2022-37434.patch Normal file
View File

@ -0,0 +1,29 @@
From afa90858991e87762da12c5ba8adcf00ee1bd731 Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Sat, 30 Jul 2022 15:51:11 -0700
Subject: [PATCH] [Backport]Fix a bug when getting a gzip header extra field
CVE:CVE-2022-37434
Reference:https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
---
inflate.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/inflate.c b/inflate.c
index ffb1b69..c1a1dcc 100644
--- a/inflate.c
+++ b/inflate.c
@@ -777,8 +777,9 @@ int flush;
if (copy > have) copy = have;
if (copy) {
if (state->head != Z_NULL &&
- state->head->extra != Z_NULL) {
- len = state->head->extra_len - state->length;
+ state->head->extra != Z_NULL &&
+ (len = state->head->extra_len - state->length) <
+ state->head->extra_max) {
zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ?
state->head->extra_max - len : copy);
--
2.1.4

1270
zlib.patch Normal file
View File

File diff suppressed because it is too large Load Diff