From 00b9337a8819552160813d5d101c2c2615f73e04 Mon Sep 17 00:00:00 2001 From: Long Li Date: Fri, 22 Nov 2019 14:59:08 +0800 Subject: [PATCH] CentOS 8: Upgrade haproxy to version 1.8.15 (1)Release Version Upgrade (2)Matching code changes with el7 to el8 (3)Delete haproxy-env-var.patch, as el8.src.rpm contains the patch info the new version 1.8.15 contains the functionality provided by the patch (as opposed to el8.src.rpm). Looking at the history, haproxy-1.6 added the ability to use environment variables in the configuration file, which is what was patched back, about patch haproxy-env-var.patch, so delete it. Change-Id: I44f5182f233d3a59f750e90b4af15f49c5da3543 Story: 2006729 Task: 37680 Depends-On: https://review.opendev.org/#/c/696481/ Depends-On: https://review.opendev.org/#/c/696050/ Signed-off-by: Long Li --- base/haproxy/centos/build_srpm.data | 2 +- ...te-package-versioning-for-TIS-format.patch | 15 +- .../spec-include-TiS-changes.patch | 39 ++- .../centos/patches/haproxy-env-var.patch | 245 ------------------ .../centos/patches/haproxy-tpm-support.patch | 123 ++++----- base/haproxy/centos/srpm_path | 2 +- 6 files changed, 85 insertions(+), 341 deletions(-) delete mode 100644 base/haproxy/centos/patches/haproxy-env-var.patch diff --git a/base/haproxy/centos/build_srpm.data b/base/haproxy/centos/build_srpm.data index c686ecdae..2c3b2cb8b 100644 --- a/base/haproxy/centos/build_srpm.data +++ b/base/haproxy/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="files" -TIS_PATCH_VER=8 +TIS_PATCH_VER=1 diff --git a/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 10c010eeb..b30d6359c 100644 --- a/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -1,26 +1,27 @@ From 55d52d8bc9f649b4871336aaffd87fb7d931eac8 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch +Subject: [PATCH] 0001-Update-package-versioning-for-TIS-format.patch Signed-off-by: zhipengl +Signed-off-by: Long Li --- SPECS/haproxy.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index 39c0c86..b0d5862 100644 +index b28896f..a7af312 100644 --- a/SPECS/haproxy.spec +++ b/SPECS/haproxy.spec @@ -8,7 +8,7 @@ Name: haproxy - Version: 1.5.18 --Release: 8%{?dist} -+Release: 8.el7%{?_tis_dist}.%{tis_patch_ver} - Summary: TCP/HTTP proxy and load balancer for high availability environments + Version: 1.8.15 +-Release: 5%{?dist} ++Release: 5.el8%{?_tis_dist}.%{tis_patch_ver} + Summary: HAProxy reverse proxy for high availability environments Group: System Environment/Daemons -- -1.8.3.1 +2.7.4 diff --git a/base/haproxy/centos/meta_patches/spec-include-TiS-changes.patch b/base/haproxy/centos/meta_patches/spec-include-TiS-changes.patch index 53c01538f..97c542a4f 100644 --- a/base/haproxy/centos/meta_patches/spec-include-TiS-changes.patch +++ b/base/haproxy/centos/meta_patches/spec-include-TiS-changes.patch @@ -1,27 +1,27 @@ From 0b326ac9fcee3fbac7e41e3bc269cc7251dcf9dd Mon Sep 17 00:00:00 2001 From: Scott Little Date: Mon, 2 Oct 2017 16:12:36 -0400 -Subject: WRS: spec-include-TiS-changes.patch +Subject: spec-include-TiS-changes.patch Signed-off-by: zhipengl +Signed-off-by: Long Li --- - SPECS/haproxy.spec | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) + SPECS/haproxy.spec | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec -index 30dca25..53def97 100644 +index 490d006..b28896f 100644 --- a/SPECS/haproxy.spec +++ b/SPECS/haproxy.spec -@@ -26,6 +26,8 @@ Patch0: halog-unused-variables.patch - Patch1: iprange-return-type.patch - Patch2: haproxy-tcp-user-timeout.patch - Patch3: haproxy-systemd-wrapper-exit-code.patch -+Patch4: haproxy-env-var.patch -+Patch5: haproxy-tpm-support.patch +@@ -23,6 +23,7 @@ Source4: %{name}.sysconfig + Source5: halog.1 + Patch0: bz1664533-fix-handling-priority-flag-HTTP2-decoder.patch ++Patch1: haproxy-tpm-support.patch + + BuildRequires: lua-devel BuildRequires: pcre-devel - BuildRequires: zlib-devel -@@ -37,6 +39,8 @@ Requires(post): systemd +@@ -36,6 +37,8 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -30,16 +30,15 @@ index 30dca25..53def97 100644 %description HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: -@@ -57,6 +61,8 @@ availability environments. Indeed, it can: - %patch1 -p0 - %patch2 -p1 - %patch3 -p1 -+%patch4 -p1 -+%patch5 -p1 +@@ -53,6 +56,7 @@ availability environments. Indeed, it can: + %prep + %setup -q + %patch0 -p1 ++%patch1 -p1 %build regparm_opts= -@@ -79,7 +85,7 @@ popd +@@ -75,7 +79,7 @@ popd %{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix} %{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service @@ -49,5 +48,5 @@ index 30dca25..53def97 100644 %{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name} %{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1 -- -1.8.3.1 +2.7.4 diff --git a/base/haproxy/centos/patches/haproxy-env-var.patch b/base/haproxy/centos/patches/haproxy-env-var.patch deleted file mode 100644 index ac88480e1..000000000 --- a/base/haproxy/centos/patches/haproxy-env-var.patch +++ /dev/null @@ -1,245 +0,0 @@ -diff --git a/src/cfgparse.c b/src/cfgparse.c -index 39abf6b..6a7f80c 100644 ---- a/src/cfgparse.c -+++ b/src/cfgparse.c -@@ -5821,12 +5821,19 @@ out: - */ - int readcfgfile(const char *file) - { -- char thisline[LINESIZE]; -+ char *thisline; -+ int linesize = LINESIZE; - FILE *f; - int linenum = 0; - int err_code = 0; - struct cfg_section *cs = NULL; - struct cfg_section *ics; -+ int readbytes = 0; -+ -+ if ((thisline = malloc(sizeof(*thisline) * linesize)) == NULL) { -+ Alert("parsing [%s] : out of memory.\n", file); -+ return -1; -+ } - - /* Register internal sections */ - if (!cfg_register_section("listen", cfg_parse_listen) || -@@ -5842,11 +5849,14 @@ int readcfgfile(const char *file) - if ((f=fopen(file,"r")) == NULL) - return -1; - -- while (fgets(thisline, sizeof(thisline), f) != NULL) { -+next_line: -+ while (fgets(thisline + readbytes, linesize - readbytes, f) != NULL) { - int arg, kwm = KWM_STD; - char *end; - char *args[MAX_LINE_ARGS + 1]; - char *line = thisline; -+ int dquote = 0; /* double quote */ -+ int squote = 0; /* simple quote */ - - linenum++; - -@@ -5856,11 +5866,25 @@ int readcfgfile(const char *file) - /* Check if we reached the limit and the last char is not \n. - * Watch out for the last line without the terminating '\n'! - */ -- Alert("parsing [%s:%d]: line too long, limit: %d.\n", -- file, linenum, (int)sizeof(thisline)-1); -- err_code |= ERR_ALERT | ERR_FATAL; -+ char *newline; -+ int newlinesize = linesize * 2; -+ -+ newline = realloc(thisline, sizeof(*thisline) * newlinesize); -+ if (newline == NULL) { -+ Alert("parsing [%s:%d]: line too long, cannot allocate memory.\n", -+ file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ continue; -+ } -+ -+ readbytes = linesize - 1; -+ linesize = newlinesize; -+ thisline = newline; -+ continue; - } - -+ readbytes = 0; -+ - /* skip leading spaces */ - while (isspace((unsigned char)*line)) - line++; -@@ -5869,10 +5893,26 @@ int readcfgfile(const char *file) - args[arg] = line; - - while (*line && arg < MAX_LINE_ARGS) { -- /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their -- * C equivalent value. Other combinations left unchanged (eg: \1). -- */ -- if (*line == '\\') { -+ if (*line == '"' && !squote) { /* double quote outside single quotes */ -+ if (dquote) -+ dquote = 0; -+ else -+ dquote = 1; -+ memmove(line, line + 1, end - line); -+ end--; -+ } -+ else if (*line == '\'' && !dquote) { /* single quote outside double quotes */ -+ if (squote) -+ squote = 0; -+ else -+ squote = 1; -+ memmove(line, line + 1, end - line); -+ end--; -+ } -+ else if (*line == '\\' && !squote) { -+ /* first, we'll replace \\, \, \#, \r, \n, \t, \xXX with their -+ * C equivalent value. Other combinations left unchanged (eg: \1). -+ */ - int skip = 0; - if (line[1] == ' ' || line[1] == '\\' || line[1] == '#') { - *line = line[1]; -@@ -5904,6 +5944,15 @@ int readcfgfile(const char *file) - Alert("parsing [%s:%d] : invalid or incomplete '\\x' sequence in '%s'.\n", file, linenum, args[0]); - err_code |= ERR_ALERT | ERR_FATAL; - } -+ } else if (line[1] == '"') { -+ *line = '"'; -+ skip = 1; -+ } else if (line[1] == '\'') { -+ *line = '\''; -+ skip = 1; -+ } else if (line[1] == '$' && dquote) { /* escaping of $ only inside double quotes */ -+ *line = '$'; -+ skip = 1; - } - if (skip) { - memmove(line + 1, line + 1 + skip, end - (line + skip)); -@@ -5911,23 +5960,117 @@ int readcfgfile(const char *file) - } - line++; - } -- else if (*line == '#' || *line == '\n' || *line == '\r') { -+ else if ((!squote && !dquote && *line == '#') || *line == '\n' || *line == '\r') { - /* end of string, end of loop */ - *line = 0; - break; - } -- else if (isspace((unsigned char)*line)) { -+ else if (!squote && !dquote && isspace((unsigned char)*line)) { - /* a non-escaped space is an argument separator */ - *line++ = '\0'; - while (isspace((unsigned char)*line)) - line++; - args[++arg] = line; - } -+ else if (dquote && *line == '$') { -+ /* environment variables are evaluated inside double quotes */ -+ char *var_beg; -+ char *var_end; -+ char save_char; -+ char *value; -+ int val_len; -+ int newlinesize; -+ int braces = 0; -+ -+ var_beg = line + 1; -+ var_end = var_beg; -+ -+ if (*var_beg == '{') { -+ var_beg++; -+ var_end++; -+ braces = 1; -+ } -+ -+ if (!isalpha((int)(unsigned char)*var_beg) && *var_beg != '_') { -+ Alert("parsing [%s:%d] : Variable expansion: Unrecognized character '%c' in variable name.\n", file, linenum, *var_beg); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* skip current line */ -+ } -+ -+ while (isalnum((int)(unsigned char)*var_end) || *var_end == '_') -+ var_end++; -+ -+ save_char = *var_end; -+ *var_end = '\0'; -+ value = getenv(var_beg); -+ *var_end = save_char; -+ val_len = value ? strlen(value) : 0; -+ -+ if (braces) { -+ if (*var_end == '}') { -+ var_end++; -+ braces = 0; -+ } else { -+ Alert("parsing [%s:%d] : Variable expansion: Mismatched braces.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* skip current line */ -+ } -+ } -+ -+ newlinesize = (end - thisline) - (var_end - line) + val_len + 1; -+ -+ /* if not enough space in thisline */ -+ if (newlinesize > linesize) { -+ char *newline; -+ -+ newline = realloc(thisline, newlinesize * sizeof(*thisline)); -+ if (newline == NULL) { -+ Alert("parsing [%s:%d] : Variable expansion: Not enough memory.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ goto next_line; /* slip current line */ -+ } -+ /* recompute pointers if realloc returns a new pointer */ -+ if (newline != thisline) { -+ int i; -+ int diff; -+ -+ for (i = 0; i <= arg; i++) { -+ diff = args[i] - thisline; -+ args[i] = newline + diff; -+ } -+ -+ diff = var_end - thisline; -+ var_end = newline + diff; -+ diff = end - thisline; -+ end = newline + diff; -+ diff = line - thisline; -+ line = newline + diff; -+ thisline = newline; -+ } -+ linesize = newlinesize; -+ } -+ -+ /* insert value inside the line */ -+ memmove(line + val_len, var_end, end - var_end + 1); -+ memcpy(line, value, val_len); -+ end += val_len - (var_end - line); -+ line += val_len; -+ } - else { - line++; - } - } - -+ if (dquote) { -+ Alert("parsing [%s:%d] : Mismatched double quotes.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ } -+ -+ if (squote) { -+ Alert("parsing [%s:%d] : Mismatched simple quotes.\n", file, linenum); -+ err_code |= ERR_ALERT | ERR_FATAL; -+ } -+ - /* empty line */ - if (!**args) - continue; -@@ -5998,6 +6141,7 @@ int readcfgfile(const char *file) - break; - } - cursection = NULL; -+ free(thisline); - fclose(f); - return err_code; - } diff --git a/base/haproxy/centos/patches/haproxy-tpm-support.patch b/base/haproxy/centos/patches/haproxy-tpm-support.patch index eb4545da7..c63454983 100644 --- a/base/haproxy/centos/patches/haproxy-tpm-support.patch +++ b/base/haproxy/centos/patches/haproxy-tpm-support.patch @@ -1,22 +1,22 @@ -From a2a25214f6f4913b774bdd6c0b80d3ea424d3a1b Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Wed, 22 Mar 2017 12:07:24 -0400 -Subject: [PATCH] haproxy tpm support +From 9ec23c9ac2ba1a0379bf96359e0741c07b4d190e Mon Sep 17 00:00:00 2001 +From: Long Li +Date: Tue, 5 Nov 2019 10:29:32 +0800 +Subject: [PATCH] haproxy-tpm-support --- - include/types/global.h | 13 +++++ + include/types/global.h | 12 ++++ src/cfgparse.c | 28 ++++++++++ - src/haproxy.c | 26 ++++++++- + src/haproxy.c | 24 ++++++++ src/ssl_sock.c | 147 +++++++++++++++++++++++++++++++++++++++++++------ - 4 files changed, 197 insertions(+), 17 deletions(-) + 4 files changed, 194 insertions(+), 17 deletions(-) diff --git a/include/types/global.h b/include/types/global.h -index f1525ae..2e9c077 100644 +index bd7761c..ff750ea 100644 --- a/include/types/global.h +++ b/include/types/global.h -@@ -30,6 +30,10 @@ - #include +@@ -34,6 +34,10 @@ #include + #include +#ifdef USE_OPENSSL +#include @@ -25,11 +25,10 @@ index f1525ae..2e9c077 100644 #ifndef UNIX_MAX_PATH #define UNIX_MAX_PATH 108 #endif -@@ -71,6 +75,14 @@ enum { +@@ -83,6 +87,13 @@ enum { SSL_SERVER_VERIFY_REQUIRED = 1, }; -+// WRS: Define a new TPM configuration structure +struct tpm_conf { + char *tpm_object; + char *tpm_engine; @@ -39,22 +38,22 @@ index f1525ae..2e9c077 100644 + /* FIXME : this will have to be redefined correctly */ struct global { - #ifdef USE_OPENSSL -@@ -87,6 +99,7 @@ struct global { - char *connect_default_ciphers; - int listen_default_ssloptions; - int connect_default_ssloptions; -+ struct tpm_conf tpm; // tpm configuration - #endif + int uid; +@@ -98,6 +109,7 @@ struct global { + int ssl_used_frontend; /* non-zero if SSL is used in a frontend */ + int ssl_used_backend; /* non-zero if SSL is used in a backend */ + int ssl_used_async_engines; /* number of used async engines */ ++ struct tpm_conf tpm; /* tpm configuration*/ unsigned int ssl_server_verify; /* default verify mode on servers side */ struct freq_ctr conn_per_sec; + struct freq_ctr sess_per_sec; diff --git a/src/cfgparse.c b/src/cfgparse.c -index 6a7f80c..3bc6e79 100644 +index 94f2963..198cdbf 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c -@@ -1541,6 +1541,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) - goto out; - #endif +@@ -1865,6 +1865,34 @@ int cfg_parse_global(const char *file, int linenum, char **args, int kwm) + env++; + } } + else if (!strcmp(args[0], "tpm-object")) { + if (global.tpm.tpm_object) { @@ -88,10 +87,10 @@ index 6a7f80c..3bc6e79 100644 struct cfg_kw_list *kwl; int index; diff --git a/src/haproxy.c b/src/haproxy.c -index 862697d..2a1a0dc 100644 +index 8100f27..6983444 100644 --- a/src/haproxy.c +++ b/src/haproxy.c -@@ -959,6 +959,24 @@ static void deinit_stick_rules(struct list *rules) +@@ -1994,6 +1994,24 @@ static void deinit_stick_rules(struct list *rules) } } @@ -115,13 +114,11 @@ index 862697d..2a1a0dc 100644 + void deinit(void) { - struct proxy *p = proxy, *p0; -@@ -1218,7 +1236,13 @@ void deinit(void) - + struct proxy *p = proxies_list, *p0; +@@ -2282,6 +2300,12 @@ void deinit(void) free(uap); } -- -+ + + /* if HAProxy was in TPM mode then deinit + * that configuration as well. + */ @@ -130,20 +127,12 @@ index 862697d..2a1a0dc 100644 + userlist_free(userlist); - protocol_unbind_all(); + cfg_unregister_sections(); diff --git a/src/ssl_sock.c b/src/ssl_sock.c -index ead4c7b..4e16026 100644 +index 24ccc4b..da88025 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c -@@ -50,6 +50,7 @@ - #ifndef OPENSSL_NO_DH - #include - #endif -+#include - - #include - #include -@@ -1115,6 +1116,80 @@ end: +@@ -3322,6 +3322,80 @@ end: return ret; } @@ -221,10 +210,10 @@ index ead4c7b..4e16026 100644 + return 1; +} + - static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err) + static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, + char **sni_filter, int fcount, char **err) { - int ret; -@@ -1127,26 +1202,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf +@@ -3335,26 +3409,54 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf return 1; } @@ -233,7 +222,14 @@ index ead4c7b..4e16026 100644 - err && *err ? *err : "", path); - SSL_CTX_free(ctx); - return 1; -+ /* NOTE (knasim-wrs): US93721: TPM support +- } +- +- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount); +- if (ret <= 0) { +- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", +- err && *err ? *err : "", path); +- if (ret < 0) /* serious error, must do that ourselves */ ++ /* NOTE: TPM support + * This SSL context applies to SSL frontends only. + * If the TPM option is set then the Private key + * is stored in TPM. @@ -247,25 +243,19 @@ index ead4c7b..4e16026 100644 + ret = ssl_sock_load_tpm_key(ctx, err); + if (ret > 0) { + /* tpm configuration failed */ -+ SSL_CTX_free(ctx); -+ return 1; -+ } - } -- -- ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount); -- if (ret <= 0) { -- memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n", -- err && *err ? *err : "", path); -- if (ret < 0) /* serious error, must do that ourselves */ -+ else { /* non TPM mode */ -+ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { -+ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", -+ err && *err ? *err : "", path); SSL_CTX_free(ctx); - return 1; + return 1; + } } ++ else { /* non TPM mode */ ++ if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { ++ memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n", ++ err && *err ? *err : "", path); ++ SSL_CTX_free(ctx); ++ return 1; ++ } ++ } - if (SSL_CTX_check_private_key(ctx) <= 0) { - memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", @@ -295,12 +285,11 @@ index ead4c7b..4e16026 100644 } /* we must not free the SSL_CTX anymore below, since it's already in -@@ -1725,6 +1828,18 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) - cfgerr++; - return cfgerr; - } -+ -+ /* NOTE (knasim-wrs): US93721: TPM support +@@ -4597,6 +4699,17 @@ int ssl_sock_prepare_srv_ctx(struct server *srv) + SSL_CTX_set_mode(ctx, mode); + srv->ssl_ctx.ctx = ctx; + ++ /* NOTE: TPM support + * This SSL context applies to SSL backends only. + * Since Titanium backends don't support SSL, there + * is no need to offload these keys in TPM or reuse the @@ -313,7 +302,7 @@ index ead4c7b..4e16026 100644 + */ if (srv->ssl_ctx.client_crt) { if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) { - Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n", + ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n", -- -1.8.3.1 +2.7.4 diff --git a/base/haproxy/centos/srpm_path b/base/haproxy/centos/srpm_path index 3ff579401..01001cd49 100644 --- a/base/haproxy/centos/srpm_path +++ b/base/haproxy/centos/srpm_path @@ -1 +1 @@ -mirror:Source/haproxy-1.5.18-8.el7.src.rpm +mirror:Source/haproxy-1.8.15-5.el8.src.rpm