Remove Alias directive from booth@.service unit

Signed-off-by: Jan Friesse <jfriesse@redhat.com>

.fmf/version

@@ -1 +0,0 @@
-1

0001-Revert-Refactor-main-substitute-is_auth_req-macro.patch

@@ -0,0 +1,30 @@
+From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Mon, 4 Jul 2022 09:39:47 +0200
+Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
+
+This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
+
+authfile != authkey
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ src/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/main.c b/src/main.c
+index b50a883..b4a174f 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (is_auth_req()) {
++	if (booth_conf->authfile[0] != '\0') {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+

0001-config-Add-enable-authfile-option.patch

@@ -0,0 +1,106 @@
+From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 26 Jul 2022 18:39:38 +0200
+Subject: [PATCH] config: Add enable-authfile option
+
+This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+Default is 'no'.
+
+Booth usage of authfile was broken for long time (since commit
+da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
+
+Pcs was adding authfile by default, but it was not used. Once booth bug
+was fixed problem appears because mixed clusters (with fixed version and
+without fixed one) stops working.
+
+This non-upstream option is added and used to allow use of
+authfile without breaking compatibility for clusters
+consisting of mixed versions (usually happens before all nodes are
+updated) of booth (user have to explicitly
+enable usage of authfile).
+
+This patch is transitional and will be removed in future major version of
+distribution.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ docs/boothd.8.txt |  7 +++++++
+ src/config.c      | 17 +++++++++++++++++
+ src/config.h      |  1 +
+ src/main.c        |  2 +-
+ 4 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
+index f58f27e..12f66f9 100644
+--- a/docs/boothd.8.txt
++++ b/docs/boothd.8.txt
+@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
+ 	parameter to a higher value. The time skew test is performed
+ 	only in concert with authentication.
+ 
++*'enable-authfile'*::
++	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
++	Default is 'no'.
++	This is non-upstream option used to allow use of authfile without
++	breaking compatibility for clusters consisting of mixed
++	versions of booth.
++
+ *'site'*::
+ 	Defines a site Raft member with the given IP. Sites can
+ 	acquire tickets. The sites' IP should be managed by the cluster.
+diff --git a/src/config.c b/src/config.c
+index 8e41553..b9df3e3 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -729,6 +729,23 @@ no_value:
+ 			booth_conf->maxtimeskew = atoi(val);
+ 			continue;
+ 		}
++
++		if (strcmp(key, "enable-authfile") == 0) {
++			if (strcasecmp(val, "yes") == 0 ||
++			    strcasecmp(val, "on") == 0 ||
++			    strcasecmp(val, "1") == 0) {
++				booth_conf->enable_authfile = 1;
++			} else if (strcasecmp(val, "no") == 0 ||
++			    strcasecmp(val, "off") == 0 ||
++			    strcasecmp(val, "0") == 0) {
++				booth_conf->enable_authfile = 0;
++			} else {
++				error = "Expected yes/no value for enable-authfile";
++				goto err;
++			}
++
++			continue;
++		}
+ #endif
+ 
+ 		if (strcmp(key, "site") == 0) {
+diff --git a/src/config.h b/src/config.h
+index bca73bc..da1e917 100644
+--- a/src/config.h
++++ b/src/config.h
+@@ -297,6 +297,7 @@ struct booth_config {
+ 	struct stat authstat;
+ 	char authkey[BOOTH_MAX_KEY_LEN];
+ 	int authkey_len;
++	int enable_authfile;
+     /** Maximum time skew between peers allowed */
+ 	int maxtimeskew;
+ 
+diff --git a/src/main.c b/src/main.c
+index b4a174f..0fdb295 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -364,7 +364,7 @@ static int setup_config(int type)
+ 	if (rv < 0)
+ 		goto out;
+ 
+-	if (booth_conf->authfile[0] != '\0') {
++	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
+ 		rv = read_authkey();
+ 		if (rv < 0)
+ 			goto out;
+-- 
+2.37.1
+

0001-unit-file-Remove-Alias-directive.patch

@@ -0,0 +1,30 @@
+From dd090510d7fba88c41adc1b70804c1c79b036736 Mon Sep 17 00:00:00 2001
+From: Jan Friesse <jfriesse@redhat.com>
+Date: Tue, 27 Sep 2022 18:50:31 +0200
+Subject: [PATCH] unit file: Remove Alias directive
+
+Recent change in systemd made imposible to enable booth@.service any
+longer - more details in BZ
+https://bugzilla.redhat.com/show_bug.cgi?id=2128998. Solution is to
+delete Alias directive.
+
+Signed-off-by: Jan Friesse <jfriesse@redhat.com>
+---
+ conf/booth@.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/conf/booth@.service.in b/conf/booth@.service.in
+index e516194..e4b8fbc 100644
+--- a/conf/booth@.service.in
++++ b/conf/booth@.service.in
+@@ -8,7 +8,6 @@ ConditionFileNotEmpty=/etc/booth/%i.conf
+ Conflicts=pacemaker.service
+ 
+ [Install]
+-Alias=boothd
+ WantedBy=multi-user.target
+ 
+ [Service]
+-- 
+2.27.0
+

booth.rpmlintrc

@@ -1,7 +1,6 @@
-# no-documentation is fine for booth-arbitrator and booth (virtual package) and debug packages
+# no-documentation is fine for booth-arbitrator and booth (virtual package)
 addFilter(r'booth-arbitrator\.[^:]+: W: no-documentation')
 addFilter(r'booth\.[^:]+: W: no-documentation')
-addFilter(r'booth-debugsource\.[^:]+: W: no-documentation')
 
 # permissions for chroot
 addFilter(r'booth-core\.[^:]+: (E|W): non-standard-dir-perm /var/lib/booth 750')
@@ -20,8 +19,5 @@ addFilter(r'booth-(site|test)\.[^:]+: (W|E): only-non-binary-in-usr-lib')
 addFilter(r'booth-site\.[^:]+: (W|E): dangling-symlink /usr/sbin/geostore /usr/sbin/boothd')
 addFilter(r'booth-test\.[^:]+: (W|E): dangling-symlink /usr/share/booth/tests/src/boothd /usr/sbin/boothd')
 
-# Ignore all errors in debuginfo packages
-addFilter(r'booth-core-debuginfo\.[^:]+: (W|E):')
-
-# booth-arbitrator contains just unit files
-addFilter(r'booth-arbitrator\.[^:]+: (W|E): only-non-binary-in-usr-lib')
+# booth unit test is distributed non-executable by upstream
+addFilter(r'booth-test\.[^:]+: (W|E): non-executable-script /usr/share/booth/tests/unit-test.py')

booth.spec

@@ -22,6 +22,23 @@
 %bcond_with html_man
 %bcond_with glue
 %bcond_with run_build_tests
+%bcond_with include_unit_test
+
+# set following to the result of  `git describe --abbrev=128 $commit`
+# This will be used to fill booth_ver, booth_numcomm and booth_sha1.
+# It is important to keep abbrev to get full length sha1! When updating source use
+# `spectool -g booth.spec` to download source.
+%global git_describe_str v1.0-262-gd0ac26cc0c2fb4069c2d095cc0bbe3f94f02c05e
+
+# Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
+%global release 3
+
+# Run shell script to parse git_describe str into version, numcomm and sha1 hash
+%global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
+%global booth_numcomm %(s=%{git_describe_str}; t=${s#*-}; echo ${t%%%%-*})
+%global booth_sha1 %(s=%{git_describe_str}; t=${s##*-}; echo ${t:1})
+%global booth_short_sha1 %(s=%{booth_sha1}; echo ${s:0:7})
+%global booth_archive_name %{name}-%{booth_ver}-%{booth_numcomm}-%{booth_short_sha1}
 
 ## User and group to use for nonprivileged services (should be in sync with pacemaker)
 %global uname hacluster
@@ -39,12 +56,15 @@
 %global test_path   %{_datadir}/booth/tests
 
 Name:           booth
-Version:        1.2
-Release:        6%{?dist}
+Version:        %{booth_ver}
+Release:        %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}
 Summary:        Ticket Manager for Multi-site Clusters
-License:        GPL-2.0-or-later
+License:        GPLv2+
 Url:            https://github.com/%{github_owner}/%{name}
-Source0:        https://github.com/%{github_owner}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.gz
+Source0:        https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
+Patch0:         0001-Revert-Refactor-main-substitute-is_auth_req-macro.patch
+Patch1:         0001-config-Add-enable-authfile-option.patch
+Patch2:         0001-unit-file-Remove-Alias-directive.patch
 
 # direct build process dependencies
 BuildRequires:  autoconf
@@ -58,7 +78,7 @@ BuildRequires:  asciidoctor
 BuildRequires:  gcc
 BuildRequires:  pkgconfig
 # linking dependencies
-BuildRequires:  gnutls-devel
+BuildRequires:  libgcrypt-devel
 BuildRequires:  libxml2-devel
 ## just for <pacemaker/crm/services.h> include
 BuildRequires:  pacemaker-libs-devel
@@ -127,13 +147,13 @@ Support for running Booth, ticket manager for multi-site clusters,
 as an arbitrator.
 
 %post arbitrator
-%systemd_post booth-arbitrator.service
+%systemd_post booth@.service booth-arbitrator.service
 
 %preun arbitrator
-%systemd_preun booth-arbitrator.service
+%systemd_preun booth@.service booth-arbitrator.service
 
 %postun arbitrator
-%systemd_postun_with_restart booth-arbitrator.service
+%systemd_postun_with_restart booth@.service booth-arbitrator.service
 
 %package        site
 Summary:        Booth support for running as a full-fledged site
@@ -163,6 +183,9 @@ Requires:       %{name}-arbitrator = %{version}-%{release}
 Requires:       %{name}-site = %{version}-%{release}
 Requires:       gdb
 Requires:       %{__python3}
+%if 0%{?with_include_unit_test}
+Requires:       python3-pexpect
+%endif
 # runtests.py suite (for perl and ss)
 Requires:       perl-interpreter iproute
 
@@ -172,7 +195,7 @@ Automated tests for running Booth, ticket manager for multi-site clusters.
 # BUILD #
 
 %prep
-%autosetup -n %{name}-%{version} -S git_am
+%autosetup -n %{name}-%{booth_sha1} -S git_am
 
 %build
 ./autogen.sh
@@ -204,6 +227,10 @@ mkdir -p %{buildroot}/%{test_path}
 # Copy tests from tarball
 cp -a -t %{buildroot}/%{test_path} \
         -- conf test
+%if 0%{?with_include_unit_test}
+cp -a -t %{buildroot}/%{test_path} \
+        -- unit-tests script/unit-test.py
+%endif
 chmod +x %{buildroot}/%{test_path}/test/booth_path
 chmod +x %{buildroot}/%{test_path}/test/live_test.sh
 mkdir -p %{buildroot}/%{test_path}/src
@@ -286,68 +313,13 @@ VERBOSE=1 make check
 %{_usr}/lib/ocf/resource.d/booth/sharedrsc
 
 %changelog
-* Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 1.2-6
-- Rebuilt for Python 3.14.0rc3 bytecode
-
-* Thu Aug 21 2025 Cristian Le <git@lecris.dev>
-- Convert STI tests to TMT (rhbz#2382867)
-
-* Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 1.2-5
-- Rebuilt for Python 3.14.0rc2 bytecode
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.2-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Fri Jun 07 2024 Jan Friesse <jfriesse@redhat.com> - 1.2-1
-- New upstream release
-
-* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Oct 18 2023 Jan Friesse <jfriesse@redhat.com> - 1.1-1
-- New upstream release
-- Upstream releases should now be released regularly, so convert spec
-  to use them instead of git snapshots
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-283.4.9d4029a.git
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Jun 06 2023 Jan Friesse <jfriesse@redhat.com> - 1.0-283.3.9d4029a.git
-- migrated to SPDX license
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-283.2.9d4029a.git
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Mon Nov 21 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-283.1.9d4029a.git
-- Rebase to newest upstream snapshot
-
-* Fri Sep 30 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-272.1.7acb757.git
-- Rebase to newest upstream snapshot
-
-* Thu Sep 29 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-266.4.f288d59.git
+* Thu Sep 29 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-262.3.d0ac26c.git
 - Remove Alias directive from booth@.service unit file
 
-* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-266.3.f288d59.git
-- Remove template unit from systemd_(post|preun|postun_with_restart) macro
-
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.0-266.2.f288d59.git
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Jul 20 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-266.1.f288d59.git
-- Rebase to newest upstream snapshot
-- This version fixes a critical bug that caused the authfile directive
-  to be ignored. After installing the patched version, nodes may stop
-  communicating. Solution is to either remove authfile from configuration
-  file or update all other nodes.
+* Thu Jul 28 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-262.2.d0ac26c.git
+- Fix authfile directive handling in booth config file
+  (fixes CVE-2022-2553)
+- Add enable-authfile option
 
 * Thu May 19 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-262.1.d0ac26c.git
 - Rebase to newest upstream snapshot

plans.fmf

@@ -1,13 +0,0 @@
-summary: Run all tests
-discover:
-  how: fmf
-prepare:
-  - name: Disable installing everything from srpm
-    how: install
-    exclude: ".*"
-  - name: Install the main test package
-    how: install
-    package:
-      - booth-test
-execute:
-  how: tmt

sources

@@ -1 +1 @@
-SHA512 (booth-1.2.tar.gz) = b63217e561fd5e8ede1ba432ec6b4ef6efb73dc16a501814cf07b82f87a23c3f734ebf09c56a5d521668ee57ed02be48d257aabb1d2e3c4840f1219ef13d3fde
+SHA512 (booth-1.0-262-d0ac26c.tar.gz) = 71f95d33e2c4351651b2e8daab151821eccbfb2f34d5cbb826f999c0c706cdc2c335698e479e63d2d852ed7cd360239b9eeb695533474c91c6681e6b8b5f7dbc

tests/main.fmf

@@ -1,3 +0,0 @@
-/upstream:
-  summary: Run upstream tests
-  test: ./upstream/runtest.sh

tests/tests.yml

@@ -0,0 +1,9 @@
+- hosts: localhost
+  roles:
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - upstream
+    required_packages:
+    - booth-test