diff --git a/Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch b/Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch index 40523d18734fcafb3a4ac03d2d7e345ec157fcbc..3e80f529c1786159df20a34badcdf9fb86349039 100644 --- a/Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch +++ b/Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch @@ -13,17 +13,18 @@ Reference:https://bugs.almalinux.org/view.php?id=32&nbn=1 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 90a4eb9..443a5da 100644 +index 8a60c95..5c81748 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -28,7 +28,7 @@ KNOWN_DISTROS = [ +@@ -27,7 +27,7 @@ KNOWN_DISTROS = [ "eurolinux", "fedora", "miraclelinux", - "openEuler", + "openeuler", + "OpenCloudOS", + "openmandriva", "rhel", - "rocky", - "suse", --- -2.33.0 +-- +2.27.0 + diff --git a/add-variable-to-forbid-tmp-dir.patch b/add-variable-to-forbid-tmp-dir.patch index abe7521ad5af1b69078dff769e608d5211945fe1..14194f39bda629a531c7166a1a6794e55754c643 100644 --- a/add-variable-to-forbid-tmp-dir.patch +++ b/add-variable-to-forbid-tmp-dir.patch @@ -11,21 +11,21 @@ Signed-off-by: chengquan 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py -index a81c1e9..e4e5fdb 100755 +index 55b929a..34fb29b 100644 --- a/setup.py +++ b/setup.py -@@ -79,6 +79,8 @@ def read_requires(): +@@ -90,6 +90,8 @@ def read_requires(): deps = subprocess.check_output(cmd) return deps.decode("utf-8").splitlines() - + +# add variable to forbid tmp dir +num = 0 - + def render_tmpl(template, mode=None): """render template into a tmpdir under same dir as setup.py -@@ -100,7 +102,10 @@ def render_tmpl(template, mode=None): +@@ -110,7 +112,10 @@ def render_tmpl(template, mode=None): return template - + topdir = os.path.dirname(sys.argv[0]) - tmpd = tempfile.mkdtemp(dir=topdir, prefix=RENDERED_TMPD_PREFIX) + global num @@ -35,17 +35,17 @@ index a81c1e9..e4e5fdb 100755 atexit.register(shutil.rmtree, tmpd) bname = os.path.basename(template).rstrip(tmpl_ext) fpath = os.path.join(tmpd, bname) -@@ -124,6 +129,9 @@ def render_tmpl(template, mode=None): +@@ -136,6 +141,9 @@ def render_tmpl(template, mode=None): # return path relative to setup.py return os.path.join(os.path.basename(tmpd), bname) - + +def sort_files(file_list): + file_list.sort() + return file_list - + # User can set the variant for template rendering if "--distro" in sys.argv: -@@ -142,11 +150,11 @@ INITSYS_FILES = { +@@ -153,11 +161,11 @@ INITSYS_FILES = { "systemd": [ render_tmpl(f) for f in ( @@ -59,5 +59,6 @@ index a81c1e9..e4e5fdb 100755 if (is_f(f) and not is_generator(f)) ], "systemd.generators": [ --- -2.27.0 \ No newline at end of file +-- +2.27.0 + diff --git a/backport-CVE-2022-2084.patch b/backport-CVE-2022-2084.patch deleted file mode 100644 index 8e1ed678fd5ab8fa11ca1c8b702215d0c9c90e54..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-2084.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 4d467b14363d800b2185b89790d57871f11ea88c Mon Sep 17 00:00:00 2001 -From: James Falcon -Date: Wed, 29 Jun 2022 17:27:44 -0500 -Subject: [PATCH] Remove schema errors from log (#1551) - -When schema errors are encountered, the section of userdata in question -gets printed to the cloud-init log. As this could contain sensitive -data, so log a generic warning instead and redirect user to run -cloud-init schema --system as root. - -LP: #1978422 -CVE: 2022-2084 ---- - cloudinit/cmd/main.py | 4 +++- - cloudinit/config/schema.py | 15 +++++++++--- - integration_tests/modules/test_cli.py | 20 +++++++++++----- - tests/unittests/config/test_schema.py | 23 ++++++++++++++++++- - 4 files changed, 51 insertions(+), 11 deletions(-) - -diff --git a/cloudinit/cmd/main.py b/cloudinit/cmd/main.py -index fcdaf72..bc7149d 100644 ---- a/cloudinit/cmd/main.py -+++ b/cloudinit/cmd/main.py -@@ -454,7 +454,9 @@ def main_init(name, args): - - # Validate user-data adheres to schema definition - if os.path.exists(init.paths.get_ipath_cur("userdata_raw")): -- validate_cloudconfig_schema(config=init.cfg, strict=False) -+ validate_cloudconfig_schema( -+ config=init.cfg, strict=False, log_details=False -+ ) - else: - LOG.debug("Skipping user-data validation. No user-data found.") - -diff --git a/cloudinit/config/schema.py b/cloudinit/config/schema.py -index 7a6ecf0..d2861e9 100644 ---- a/cloudinit/config/schema.py -+++ b/cloudinit/config/schema.py -@@ -196,6 +196,7 @@ def validate_cloudconfig_schema( - schema: dict = None, - strict: bool = False, - strict_metaschema: bool = False, -+ log_details: bool = True, - ): - """Validate provided config meets the schema definition. - -@@ -208,6 +209,9 @@ def validate_cloudconfig_schema( - logging warnings. - @param strict_metaschema: Boolean, when True validates schema using strict - metaschema definition at runtime (currently unused) -+ @param log_details: Boolean, when True logs details of validation errors. -+ If there are concerns about logging sensitive userdata, this should -+ be set to False. - - @raises: SchemaValidationError when provided config does not validate - against the provided schema. -@@ -232,12 +236,17 @@ def validate_cloudconfig_schema( - errors += ((path, error.message),) - if errors: - if strict: -+ # This could output/log sensitive data - raise SchemaValidationError(errors) -- else: -+ if log_details: - messages = ["{0}: {1}".format(k, msg) for k, msg in errors] -- LOG.warning( -- "Invalid cloud-config provided:\n%s", "\n".join(messages) -+ details = "\n" + "\n".join(messages) -+ else: -+ details = ( -+ "Please run 'sudo cloud-init schema --system' to " -+ "see the schema errors." - ) -+ LOG.warning("Invalid cloud-config provided: %s", details) - - - def annotated_cloudconfig_file( -diff --git a/tests/integration_tests/modules/test_cli.py b/tests/integration_tests/modules/test_cli.py -index e878176..4b8f53a 100644 ---- a/tests/integration_tests/modules/test_cli.py -+++ b/tests/integration_tests/modules/test_cli.py -@@ -18,11 +18,18 @@ runcmd: - - echo 'hi' > /var/tmp/test - """ - -+# The '-' in 'hashed-password' fails schema validation - INVALID_USER_DATA_SCHEMA = """\ - #cloud-config --updates: -- notnetwork: -1 --apt_pipelining: bogus -+users: -+ - default -+ - name: newsuper -+ gecos: Big Stuff -+ groups: users, admin -+ sudo: ALL=(ALL) NOPASSWD:ALL -+ hashed-password: asdfasdf -+ shell: /bin/bash -+ lock_passwd: true - """ - - -@@ -69,11 +76,12 @@ def test_invalid_userdata_schema(client: IntegrationInstance): - assert result.ok - log = client.read_from_file("/var/log/cloud-init.log") - warning = ( -- "[WARNING]: Invalid cloud-config provided:\napt_pipelining: 'bogus'" -- " is not valid under any of the given schemas\nupdates: Additional" -- " properties are not allowed ('notnetwork' was unexpected)" -+ "[WARNING]: Invalid cloud-config provided: Please run " -+ "'sudo cloud-init schema --system' to see the schema errors." - ) - assert warning in log -+ assert "asdfasdf" not in log -+ - result = client.execute("cloud-init status --long") - if not result.ok: - raise AssertionError( -diff --git a/tests/unittests/config/test_schema.py b/tests/unittests/config/test_schema.py -index c75b722..1fa91ad 100644 ---- a/tests/unittests/config/test_schema.py -+++ b/tests/unittests/config/test_schema.py -@@ -304,10 +304,31 @@ class TestValidateCloudConfigSchema: - assert "cloudinit.config.schema" == module - assert logging.WARNING == log_level - assert ( -- "Invalid cloud-config provided:\np1: -1 is not of type 'string'" -+ "Invalid cloud-config provided: \np1: -1 is not of type 'string'" - == log_msg - ) - -+ @skipUnlessJsonSchema() -+ def test_validateconfig_schema_sensitive(self, caplog): -+ """When log_details=False, ensure details are omitted""" -+ schema = { -+ "properties": {"hashed_password": {"type": "string"}}, -+ "additionalProperties": False, -+ } -+ validate_cloudconfig_schema( -+ {"hashed-password": "secret"}, -+ schema, -+ strict=False, -+ log_details=False, -+ ) -+ [(module, log_level, log_msg)] = caplog.record_tuples -+ assert "cloudinit.config.schema" == module -+ assert logging.WARNING == log_level -+ assert ( -+ "Invalid cloud-config provided: Please run 'sudo cloud-init " -+ "schema --system' to see the schema errors." == log_msg -+ ) -+ - @skipUnlessJsonSchema() - def test_validateconfig_schema_emits_warning_on_missing_jsonschema( - self, caplog --- -2.33.1.windows.1 - diff --git a/backport-CVE-2023-1786.patch b/backport-CVE-2023-1786.patch deleted file mode 100644 index f9b1b19bd819286191f1b661042983163003cb6a..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-1786.patch +++ /dev/null @@ -1,295 +0,0 @@ -From a378b7e4f47375458651c0972e7cd813f6fe0a6b Mon Sep 17 00:00:00 2001 -From: James Falcon -Date: Wed, 26 Apr 2023 15:11:55 -0500 -Subject: [PATCH] Make user/vendor data sensitive and remove log permissions - (#2144) - -Because user data and vendor data may contain sensitive information, -this commit ensures that any user data or vendor data written to -instance-data.json gets redacted and is only available to root user. - -Also, modify the permissions of cloud-init.log to be 640, so that -sensitive data leaked to the log isn't world readable. -Additionally, remove the logging of user data and vendor data to -cloud-init.log from the Vultr datasource. - -LP: #2013967 -CVE: CVE-2023-1786 ---- - cloudinit/sources/DataSourceLXD.py | 8 ++++++-- - cloudinit/sources/DataSourceVultr.py | 14 ++++++-------- - cloudinit/sources/__init__.py | 28 +++++++++++++++++++++++++--- - cloudinit/stages.py | 4 +++- - tests/unittests/sources/test_init.py | 27 ++++++++++++++++++++++++++- - tests/unittests/test_stages.py | 18 +++++++++++------- - 6 files changed, 77 insertions(+), 22 deletions(-) - -diff --git a/cloudinit/sources/DataSourceLXD.py b/cloudinit/sources/DataSourceLXD.py -index 640348f..8f21a1b 100644 ---- a/cloudinit/sources/DataSourceLXD.py -+++ b/cloudinit/sources/DataSourceLXD.py -@@ -13,6 +13,7 @@ import os - import socket - import stat - from json.decoder import JSONDecodeError -+from typing import Tuple - - import requests - from requests.adapters import HTTPAdapter -@@ -145,11 +146,14 @@ class DataSourceLXD(sources.DataSource): - _network_config = sources.UNSET - _crawled_metadata = sources.UNSET - -- sensitive_metadata_keys = ( -- "merged_cfg", -+ sensitive_metadata_keys: Tuple[ -+ str, ... -+ ] = sources.DataSource.sensitive_metadata_keys + ( - "user.meta-data", - "user.vendor-data", - "user.user-data", -+ "cloud-init.user-data", -+ "cloud-init.vendor-data", - ) - - def _is_platform_viable(self) -> bool: -diff --git a/cloudinit/sources/DataSourceVultr.py b/cloudinit/sources/DataSourceVultr.py -index 8c2e82c..8e5253f 100644 ---- a/cloudinit/sources/DataSourceVultr.py -+++ b/cloudinit/sources/DataSourceVultr.py -@@ -5,6 +5,8 @@ - # Vultr Metadata API: - # https://www.vultr.com/metadata/ - -+from typing import Tuple -+ - import cloudinit.sources.helpers.vultr as vultr - from cloudinit import log as log - from cloudinit import sources, util, version -@@ -28,6 +30,10 @@ class DataSourceVultr(sources.DataSource): - - dsname = "Vultr" - -+ sensitive_metadata_keys: Tuple[ -+ str, ... -+ ] = sources.DataSource.sensitive_metadata_keys + ("startup-script",) -+ - def __init__(self, sys_cfg, distro, paths): - super(DataSourceVultr, self).__init__(sys_cfg, distro, paths) - self.ds_cfg = util.mergemanydict( -@@ -60,13 +66,8 @@ class DataSourceVultr(sources.DataSource): - self.get_datasource_data(self.metadata) - - # Dump some data so diagnosing failures is manageable -- LOG.debug("Vultr Vendor Config:") -- LOG.debug(util.json_dumps(self.metadata["vendor-data"])) - LOG.debug("SUBID: %s", self.metadata["instance-id"]) - LOG.debug("Hostname: %s", self.metadata["local-hostname"]) -- if self.userdata_raw is not None: -- LOG.debug("User-Data:") -- LOG.debug(self.userdata_raw) - - return True - -@@ -151,7 +152,4 @@ if __name__ == "__main__": - config = md["vendor-data"] - sysinfo = vultr.get_sysinfo() - -- print(util.json_dumps(sysinfo)) -- print(util.json_dumps(config)) -- - # vi: ts=4 expandtab -diff --git a/cloudinit/sources/__init__.py b/cloudinit/sources/__init__.py -index fff760f..b678cc8 100644 ---- a/cloudinit/sources/__init__.py -+++ b/cloudinit/sources/__init__.py -@@ -113,7 +113,10 @@ def process_instance_metadata(metadata, key_path="", sensitive_keys=()): - sub_key_path = key_path + "/" + key - else: - sub_key_path = key -- if key in sensitive_keys or sub_key_path in sensitive_keys: -+ if ( -+ key.lower() in sensitive_keys -+ or sub_key_path.lower() in sensitive_keys -+ ): - sens_keys.append(sub_key_path) - if isinstance(val, str) and val.startswith("ci-b64:"): - base64_encoded_keys.append(sub_key_path) -@@ -135,6 +138,12 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE): - - Replace any keys values listed in 'sensitive_keys' with redact_value. - """ -+ # While 'sensitive_keys' should already sanitized to only include what -+ # is in metadata, it is possible keys will overlap. For example, if -+ # "merged_cfg" and "merged_cfg/ds/userdata" both match, it's possible that -+ # "merged_cfg" will get replaced first, meaning "merged_cfg/ds/userdata" -+ # no longer represents a valid key. -+ # Thus, we still need to do membership checks in this function. - if not metadata.get("sensitive_keys", []): - return metadata - md_copy = copy.deepcopy(metadata) -@@ -142,9 +151,14 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE): - path_parts = key_path.split("/") - obj = md_copy - for path in path_parts: -- if isinstance(obj[path], dict) and path != path_parts[-1]: -+ if ( -+ path in obj -+ and isinstance(obj[path], dict) -+ and path != path_parts[-1] -+ ): - obj = obj[path] -- obj[path] = redact_value -+ if path in obj: -+ obj[path] = redact_value - return md_copy - - -@@ -247,6 +261,14 @@ class DataSource(CloudInitPickleMixin, metaclass=abc.ABCMeta): - sensitive_metadata_keys = ( - "merged_cfg", - "security-credentials", -+ "userdata", -+ "user-data", -+ "user_data", -+ "vendordata", -+ "vendor-data", -+ # Provide ds/vendor_data to avoid redacting top-level -+ # "vendor_data": {enabled: True} -+ "ds/vendor_data", - ) - - _ci_pkl_version = 1 -diff --git a/cloudinit/stages.py b/cloudinit/stages.py -index 27af605..88c8e68 100644 ---- a/cloudinit/stages.py -+++ b/cloudinit/stages.py -@@ -204,7 +204,9 @@ class Init(object): - util.ensure_dirs(self._initial_subdirs()) - log_file = util.get_cfg_option_str(self.cfg, "def_log_file") - if log_file: -- util.ensure_file(log_file, mode=0o640, preserve_mode=True) -+ # At this point the log file should have already been created -+ # in the setupLogging function of log.py -+ util.ensure_file(log_file, mode=0o640, preserve_mode=False) - perms = self.cfg.get("syslog_fix_perms") - if not perms: - perms = {} -diff --git a/tests/unittests/sources/test_init.py b/tests/unittests/sources/test_init.py -index ce8fc97..e21c9d6 100644 ---- a/tests/unittests/sources/test_init.py -+++ b/tests/unittests/sources/test_init.py -@@ -447,12 +447,24 @@ class TestDataSource(CiTestCase): - "cred2": "othersekret", - } - }, -+ "someother": { -+ "nested": { -+ "userData": "HIDE ME", -+ } -+ }, -+ "VENDOR-DAta": "HIDE ME TOO", - }, - ) - self.assertCountEqual( - ( - "merged_cfg", - "security-credentials", -+ "userdata", -+ "user-data", -+ "user_data", -+ "vendordata", -+ "vendor-data", -+ "ds/vendor_data", - ), - datasource.sensitive_metadata_keys, - ) -@@ -479,7 +491,9 @@ class TestDataSource(CiTestCase): - "base64_encoded_keys": [], - "merged_cfg": REDACT_SENSITIVE_VALUE, - "sensitive_keys": [ -+ "ds/meta_data/VENDOR-DAta", - "ds/meta_data/some/security-credentials", -+ "ds/meta_data/someother/nested/userData", - "merged_cfg", - ], - "sys_info": sys_info, -@@ -489,6 +503,7 @@ class TestDataSource(CiTestCase): - "availability_zone": "myaz", - "cloud-name": "subclasscloudname", - "cloud_name": "subclasscloudname", -+ "cloud_id": "subclasscloudname", - "distro": "ubuntu", - "distro_release": "focal", - "distro_version": "20.04", -@@ -511,14 +526,18 @@ class TestDataSource(CiTestCase): - "ds": { - "_doc": EXPERIMENTAL_TEXT, - "meta_data": { -+ "VENDOR-DAta": REDACT_SENSITIVE_VALUE, - "availability_zone": "myaz", - "local-hostname": "test-subclass-hostname", - "region": "myregion", - "some": {"security-credentials": REDACT_SENSITIVE_VALUE}, -+ "someother": { -+ "nested": {"userData": REDACT_SENSITIVE_VALUE} -+ }, - }, - }, - } -- self.assertCountEqual(expected, redacted) -+ self.assertEqual(expected, redacted) - file_stat = os.stat(json_file) - self.assertEqual(0o644, stat.S_IMODE(file_stat.st_mode)) - -@@ -563,6 +582,12 @@ class TestDataSource(CiTestCase): - ( - "merged_cfg", - "security-credentials", -+ "userdata", -+ "user-data", -+ "user_data", -+ "vendordata", -+ "vendor-data", -+ "ds/vendor_data", - ), - datasource.sensitive_metadata_keys, - ) -diff --git a/tests/unittests/test_stages.py b/tests/unittests/test_stages.py -index 9fa2e62..138d79b 100644 ---- a/tests/unittests/test_stages.py -+++ b/tests/unittests/test_stages.py -@@ -606,19 +606,23 @@ class TestInit_InitializeFilesystem: - # Assert we create it 0o640 by default if it doesn't already exist - assert 0o640 == stat.S_IMODE(log_file.stat().mode) - -- def test_existing_file_permissions_are_not_modified(self, init, tmpdir): -- """If the log file already exists, we should not modify its permissions -+ def test_existing_file_permissions(self, init, tmpdir): -+ """Test file permissions are set as expected. -+ -+ CIS Hardening requires 640 permissions. These permissions are -+ currently hardcoded on every boot, but if there's ever a reason -+ to change this, we need to then ensure that they -+ are *not* set every boot. - - See https://bugs.launchpad.net/cloud-init/+bug/1900837. - """ -- # Use a mode that will never be made the default so this test will -- # always be valid -- mode = 0o606 - log_file = tmpdir.join("cloud-init.log") - log_file.ensure() -- log_file.chmod(mode) -+ # Use a mode that will never be made the default so this test will -+ # always be valid -+ log_file.chmod(0o606) - init._cfg = {"def_log_file": str(log_file)} - - init._initialize_filesystem() - -- assert mode == stat.S_IMODE(log_file.stat().mode) -+ assert 0o640 == stat.S_IMODE(log_file.stat().mode) --- -2.33.0 - diff --git a/backport-Cleanup-ephemeral-IP-routes-on-exception.patch b/backport-Cleanup-ephemeral-IP-routes-on-exception.patch deleted file mode 100644 index 909976265797f1d026d226ec355e4a791b1a5a33..0000000000000000000000000000000000000000 --- a/backport-Cleanup-ephemeral-IP-routes-on-exception.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 0273712c90d6facfc0fbf8d6def352f9810902a3 Mon Sep 17 00:00:00 2001 -From: sxt1001 -Date: Mon, 3 Apr 2023 23:52:15 +0800 -Subject: [PATCH] Cleanup ephemeral IP routes on exception (#2100) - -If an exception occurs during EphemeralIPv4Network setup, any routes -that were setup need to be torn down. This wasn't happening, and this -commit adds the teardown. ---- - cloudinit/net/__init__.py | 43 +++++++++++-------- - tests/unittests/net/test_init.py | 73 ++++++++++++++++++++++++++++++++ - 2 files changed, 99 insertions(+), 17 deletions(-) - -diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py -index 3297a31..fc9668e 100644 ---- a/cloudinit/net/__init__.py -+++ b/cloudinit/net/__init__.py -@@ -1370,23 +1370,32 @@ class EphemeralIPv4Network(object): - ) - return - -- self._bringup_device() -- -- # rfc3442 requires us to ignore the router config *if* classless static -- # routes are provided. -- # -- # https://tools.ietf.org/html/rfc3442 -- # -- # If the DHCP server returns both a Classless Static Routes option and -- # a Router option, the DHCP client MUST ignore the Router option. -- # -- # Similarly, if the DHCP server returns both a Classless Static Routes -- # option and a Static Routes option, the DHCP client MUST ignore the -- # Static Routes option. -- if self.static_routes: -- self._bringup_static_routes() -- elif self.router: -- self._bringup_router() -+ try: -+ self._bringup_device() -+ -+ # rfc3442 requires us to ignore the router config *if* -+ # classless static routes are provided. -+ # -+ # https://tools.ietf.org/html/rfc3442 -+ # -+ # If the DHCP server returns both a Classless Static Routes -+ # option and a Router option, the DHCP client MUST ignore -+ # the Router option. -+ # -+ # Similarly, if the DHCP server returns both a Classless -+ # Static Routes option and a Static Routes option, the DHCP -+ # client MUST ignore the Static Routes option. -+ if self.static_routes: -+ self._bringup_static_routes() -+ elif self.router: -+ self._bringup_router() -+ except subp.ProcessExecutionError: -+ LOG.error( -+ "Error bringing up EphemeralIPv4Network. " -+ "Datasource setup cannot continue" -+ ) -+ self.__exit__(None, None, None) -+ raise - - def __exit__(self, excp_type, excp_value, excp_traceback): - """Teardown anything we set up.""" -diff --git a/tests/unittests/net/test_init.py b/tests/unittests/net/test_init.py -index 768cc11..5da1232 100644 ---- a/tests/unittests/net/test_init.py -+++ b/tests/unittests/net/test_init.py -@@ -13,6 +13,7 @@ import pytest - import requests - - import cloudinit.net as net -+from cloudinit import subp - from cloudinit.subp import ProcessExecutionError - from cloudinit.util import ensure_file, write_file - from tests.unittests.helpers import CiTestCase, HttprettyTestCase -@@ -853,6 +854,78 @@ class TestEphemeralIPV4Network(CiTestCase): - self.assertEqual(expected_setup_calls, m_subp.call_args_list) - m_subp.assert_has_calls(expected_teardown_calls) - -+ def test_teardown_on_enter_exception(self, m_subp): -+ """Ensure ephemeral teardown happens. -+ -+ Even though we're using a context manager, we need to handle any -+ exceptions raised in __enter__ manually and do the appropriate -+ teardown. -+ """ -+ -+ def side_effect(args, **kwargs): -+ if args[3] == "append" and args[4] == "3.3.3.3/32": -+ raise subp.ProcessExecutionError("oh no!") -+ -+ m_subp.side_effect = side_effect -+ -+ with pytest.raises(subp.ProcessExecutionError): -+ with net.EphemeralIPv4Network( -+ interface="eth0", -+ ip="1.1.1.1", -+ prefix_or_mask="255.255.255.0", -+ broadcast="1.1.1.255", -+ static_routes=[ -+ ("2.2.2.2/32", "9.9.9.9"), -+ ("3.3.3.3/32", "8.8.8.8"), -+ ], -+ ): -+ pass -+ -+ expected_teardown_calls = [ -+ mock.call( -+ [ -+ "ip", -+ "-4", -+ "route", -+ "del", -+ "2.2.2.2/32", -+ "via", -+ "9.9.9.9", -+ "dev", -+ "eth0", -+ ], -+ capture=True, -+ ), -+ mock.call( -+ [ -+ "ip", -+ "-family", -+ "inet", -+ "link", -+ "set", -+ "dev", -+ "eth0", -+ "down", -+ ], -+ capture=True, -+ ), -+ mock.call( -+ [ -+ "ip", -+ "-family", -+ "inet", -+ "addr", -+ "del", -+ "1.1.1.1/24", -+ "dev", -+ "eth0", -+ ], -+ capture=True, -+ ), -+ ] -+ for teardown in expected_teardown_calls: -+ assert teardown in m_subp.call_args_list -+ - @mock.patch("cloudinit.net.readurl") - def test_ephemeral_ipv4_no_network_if_url_connectivity( - self, m_readurl, m_subp --- -2.33.0 - diff --git a/backport-Do-not-change-permissions-of-netrules-target.patch b/backport-Do-not-change-permissions-of-netrules-target.patch deleted file mode 100644 index 6763d514e65629621773ff95826f4c32d868bab6..0000000000000000000000000000000000000000 --- a/backport-Do-not-change-permissions-of-netrules-target.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 56c88cafd1b3606e814069a79f4ec265fc427c87 Mon Sep 17 00:00:00 2001 -From: James Falcon -Date: Thu, 23 Mar 2023 10:21:56 -0500 -Subject: [PATCH] Don't change permissions of netrules target (#2076) - -Set permissions if file doesn't exist. Leave them if it does. - -LP: #2011783 - -Co-authored-by: Chad Smith ---- - cloudinit/net/eni.py | 4 +++- - cloudinit/net/sysconfig.py | 7 ++++++- - tests/unittests/distros/test_netconfig.py | 20 ++++++++++++++++++-- - 3 files changed, 27 insertions(+), 4 deletions(-) - -diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py -index b0ec67b..f6398e3 100644 ---- a/cloudinit/net/eni.py -+++ b/cloudinit/net/eni.py -@@ -571,7 +571,9 @@ class Renderer(renderer.Renderer): - netrules = subp.target_path(target, self.netrules_path) - util.ensure_dir(os.path.dirname(netrules)) - util.write_file( -- netrules, self._render_persistent_net(network_state) -+ netrules, -+ content=self._render_persistent_net(network_state), -+ preserve_mode=True, - ) - - -diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index 07f474d..d22354c 100644 ---- a/cloudinit/net/sysconfig.py -+++ b/cloudinit/net/sysconfig.py -@@ -1008,7 +1008,12 @@ class Renderer(renderer.Renderer): - if self.netrules_path: - netrules_content = self._render_persistent_net(network_state) - netrules_path = subp.target_path(target, self.netrules_path) -- util.write_file(netrules_path, netrules_content, file_mode) -+ util.write_file( -+ netrules_path, -+ content=netrules_content, -+ mode=file_mode, -+ preserve_mode=True, -+ ) - - sysconfig_path = subp.target_path(target, templates.get("control")) - # Distros configuring /etc/sysconfig/network as a file e.g. Centos -diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py -index a25be48..8760975 100644 ---- a/tests/unittests/distros/test_netconfig.py -+++ b/tests/unittests/distros/test_netconfig.py -@@ -376,8 +376,16 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): - def eni_path(self): - return "/etc/network/interfaces.d/50-cloud-init.cfg" - -+ def rules_path(self): -+ return "/etc/udev/rules.d/70-persistent-net.rules" -+ - def _apply_and_verify_eni( -- self, apply_fn, config, expected_cfgs=None, bringup=False -+ self, -+ apply_fn, -+ config, -+ expected_cfgs=None, -+ bringup=False, -+ previous_files=(), - ): - if not expected_cfgs: - raise ValueError("expected_cfg must not be None") -@@ -385,7 +393,11 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): - tmpd = None - with mock.patch("cloudinit.net.eni.available") as m_avail: - m_avail.return_value = True -+ path_modes = {} - with self.reRooted(tmpd) as tmpd: -+ for previous_path, content, mode in previous_files: -+ util.write_file(previous_path, content, mode=mode) -+ path_modes[previous_path] = mode - apply_fn(config, bringup) - - results = dir2dict(tmpd) -@@ -396,17 +408,21 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase): - print(results[cfgpath]) - print("----------") - self.assertEqual(expected, results[cfgpath]) -- self.assertEqual(0o644, get_mode(cfgpath, tmpd)) -+ self.assertEqual( -+ path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd) -+ ) - - def test_apply_network_config_eni_ub(self): - expected_cfgs = { - self.eni_path(): V1_NET_CFG_OUTPUT, -+ self.rules_path(): "", - } - # ub_distro.apply_network_config(V1_NET_CFG, False) - self._apply_and_verify_eni( - self.distro.apply_network_config, - V1_NET_CFG, - expected_cfgs=expected_cfgs.copy(), -+ previous_files=((self.rules_path(), "something", 0o660),), - ) - - def test_apply_network_config_ipv6_ub(self): --- -2.39.1 - diff --git a/backport-Fix-permission-of-SSH-host-keys-1971.patch b/backport-Fix-permission-of-SSH-host-keys-1971.patch deleted file mode 100644 index 2f08364078cfdfe04cf44dce63da1a885543c279..0000000000000000000000000000000000000000 --- a/backport-Fix-permission-of-SSH-host-keys-1971.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 94a00492b11995dd9278605eb29ee4b096ce3a90 Mon Sep 17 00:00:00 2001 -From: Ron Gebauer -Date: Wed, 25 Jan 2023 22:40:32 +0100 -Subject: [PATCH] Fix permission of SSH host keys (#1971) - -If the host-keys are provided the private key permissions have 0600 -which is indeed correct. But the public key has 0600 which should -instead be 0644. - -With this change the public key is always 0644 and the private key -is 0600 if provided or 640 if generated (to match sshd-keygen -functionality). ---- - cloudinit/config/cc_ssh.py | 4 ++-- - tests/unittests/config/test_cc_ssh.py | 6 +++--- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py -index 33c1fd0..6210627 100644 ---- a/cloudinit/config/cc_ssh.py -+++ b/cloudinit/config/cc_ssh.py -@@ -185,8 +185,8 @@ for k in GENERATE_KEY_NAMES: - CONFIG_KEY_TO_FILE.update( - { - f"{k}_private": (KEY_FILE_TPL % k, 0o600), -- f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o600), -- f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o600), -+ f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o644), -+ f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o644), - } - ) - PRIV_TO_PUB[f"{k}_private"] = f"{k}_public" -diff --git a/tests/unittests/config/test_cc_ssh.py b/tests/unittests/config/test_cc_ssh.py -index 47c0c77..c41a50b 100644 ---- a/tests/unittests/config/test_cc_ssh.py -+++ b/tests/unittests/config/test_cc_ssh.py -@@ -311,17 +311,17 @@ class TestHandleSsh: - mock.call( - "/etc/ssh/ssh_host_{}_key".format(key_type), - private_value, -- 384, -+ 0o600, - ), - mock.call( - "/etc/ssh/ssh_host_{}_key.pub".format(key_type), - public_value, -- 384, -+ 0o644, - ), - mock.call( - "/etc/ssh/ssh_host_{}_key-cert.pub".format(key_type), - cert_value, -- 384, -+ 0o644, - ), - mock.call( - "/etc/ssh/sshd_config", --- -2.39.1 - diff --git a/bugfix-cloud-init-add-os-support.patch b/bugfix-cloud-init-add-os-support.patch index 93af0145aeb8e198065c0e8244a814d9ad8a1213..b9c7e2103b3f88fe45a1e45f37a05580a0d9653a 100644 --- a/bugfix-cloud-init-add-os-support.patch +++ b/bugfix-cloud-init-add-os-support.patch @@ -8,7 +8,7 @@ reason: add oe into distros Signed-off-by: chengquan --- cloudinit/config/cc_ntp.py | 2 +- - cloudinit/config/cc_resolv_conf.py | 2 +- + cloudinit/config/cc_resolv_conf.py | 1 + cloudinit/config/cc_rh_subscription.py | 2 +- cloudinit/config/cc_spacewalk.py | 2 +- cloudinit/config/cc_yum_add_repo.py | 2 +- @@ -19,40 +19,39 @@ Signed-off-by: chengquan systemd/cloud-init.service.tmpl | 2 +- tests/unittests/test_cli.py | 2 +- tools/render-cloudcfg | 2 +- - 12 files changed, 26 insertions(+), 14 deletions(-) + 12 files changed, 26 insertions(+), 13 deletions(-) create mode 100644 cloudinit/distros/openeuler.py diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py -index 3bc1d30..6b0f302 100644 +index 8d83433..508f1ed 100644 --- a/cloudinit/config/cc_ntp.py +++ b/cloudinit/config/cc_ntp.py -@@ -29,7 +29,7 @@ distros = [ - "eurolinux", - "fedora", +@@ -35,7 +35,7 @@ distros = [ + "mariner", "miraclelinux", + "openbsd", - "openEuler", + "openeuler", + "OpenCloudOS", + "openmandriva", "opensuse", - "photon", - "rhel", diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py -index bbf6807..845e793 100644 +index d8a7bfa..b642640 100644 --- a/cloudinit/config/cc_resolv_conf.py +++ b/cloudinit/config/cc_resolv_conf.py -@@ -52,7 +52,7 @@ meta: MetaSchema = { - "name": "Resolv Conf", - "title": "Configure resolv.conf", - "description": MODULE_DESCRIPTION, -- "distros": ["alpine", "fedora", "opensuse", "photon", "rhel", "sles"], -+ "distros": ["alpine", "fedora", "opensuse", "photon", "rhel", "sles", "openeuler"], +@@ -69,6 +69,7 @@ meta: MetaSchema = { + "sle_hpc", + "sle-micro", + "sles", ++ "openeuler", + ], "frequency": PER_INSTANCE, "examples": [ - dedent( diff --git a/cloudinit/config/cc_rh_subscription.py b/cloudinit/config/cc_rh_subscription.py -index b742cb9..4d8244f 100644 +index 533862a..d92f760 100644 --- a/cloudinit/config/cc_rh_subscription.py +++ b/cloudinit/config/cc_rh_subscription.py -@@ -30,7 +30,7 @@ meta: MetaSchema = { +@@ -32,7 +32,7 @@ meta: MetaSchema = { "name": "Red Hat Subscription", "title": "Register Red Hat Enterprise Linux based system", "description": MODULE_DESCRIPTION, @@ -62,10 +61,10 @@ index b742cb9..4d8244f 100644 "examples": [ dedent( diff --git a/cloudinit/config/cc_spacewalk.py b/cloudinit/config/cc_spacewalk.py -index 6820a81..d97da92 100644 +index c8249e6..bd7a972 100644 --- a/cloudinit/config/cc_spacewalk.py +++ b/cloudinit/config/cc_spacewalk.py -@@ -22,7 +22,7 @@ meta: MetaSchema = { +@@ -25,7 +25,7 @@ meta: MetaSchema = { "name": "Spacewalk", "title": "Install and configure spacewalk", "description": MODULE_DESCRIPTION, @@ -75,31 +74,31 @@ index 6820a81..d97da92 100644 "examples": [ dedent( diff --git a/cloudinit/config/cc_yum_add_repo.py b/cloudinit/config/cc_yum_add_repo.py -index f735719..cc787a3 100644 +index 097493b..e565a1d 100644 --- a/cloudinit/config/cc_yum_add_repo.py +++ b/cloudinit/config/cc_yum_add_repo.py -@@ -28,7 +28,7 @@ distros = [ - "cloudlinux", +@@ -32,7 +32,7 @@ distros = [ "eurolinux", "fedora", + "mariner", - "openEuler", + "openeuler", + "OpenCloudOS", + "openmandriva", "photon", - "rhel", - "rocky", diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py -index b034e2c..be063c2 100644 +index ec14893..59bafe0 100644 --- a/cloudinit/distros/__init__.py +++ b/cloudinit/distros/__init__.py -@@ -46,7 +46,7 @@ OSFAMILIES = { - "eurolinux", - "fedora", - "miraclelinux", -- "openEuler", -+ "openeuler", - "photon", - "rhel", - "rocky", +@@ -72,7 +72,7 @@ OSFAMILIES = { + "sle-micro", + "sles", + ], +- "openEuler": ["openEuler"], ++ "openeuler": ["openeuler"], + "OpenCloudOS": ["OpenCloudOS", "TencentOS"], + } + diff --git a/cloudinit/distros/openeuler.py b/cloudinit/distros/openeuler.py new file mode 100644 index 0000000..7505ca4 @@ -119,97 +118,97 @@ index 0000000..7505ca4 + +# vi: ts=4 expandtab diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl -index 6951a0e..8740752 100644 +index 4c05f63..e686770 100644 --- a/config/cloud.cfg.tmpl +++ b/config/cloud.cfg.tmpl -@@ -33,7 +33,7 @@ disable_root: true +@@ -35,7 +35,7 @@ disable_root: false + disable_root: true {% endif %} - {% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux", -- "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} -+ "fedora", "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %} - {% if variant == "rhel" %} +-{% if variant in ["alpine", "amazon", "fedora", "openEuler", "OpenCloudOS", "openmandriva", "photon", "TencentOS"] or is_rhel %} ++{% if variant in ["alpine", "amazon", "fedora", "openeuler", "OpenCloudOS", "openmandriva", "photon", "TencentOS"] or is_rhel %} + {% if is_rhel %} mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2'] {% else %} -@@ -125,7 +125,7 @@ cloud_config_modules: - {% if variant in ["rhel"] %} +@@ -135,7 +135,7 @@ cloud_config_modules: + {% if is_rhel %} - rh_subscription {% endif %} --{% if variant in ["rhel", "fedora", "photon"] %} -+{% if variant in ["rhel", "fedora", "photon", "openeuler"] %} - {% if variant not in ["photon"] %} +-{% if variant in ["fedora", "mariner", "openmandriva", "photon"] or is_rhel %} ++{% if variant in ["fedora", "mariner", "openmandriva", "photon", "openeuler"] or is_rhel %} + {% if variant not in ["mariner", "photon"] %} - spacewalk {% endif %} -@@ -191,7 +191,7 @@ cloud_final_modules: +@@ -199,7 +199,7 @@ cloud_final_modules: system_info: # This will affect which distro class gets used - {% if variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "debian", -- "eurolinux", "fedora", "freebsd", "gentoo", "netbsd", "miraclelinux", "openbsd", "openEuler", -+ "eurolinux", "fedora", "freebsd", "gentoo", "netbsd", "miraclelinux", "openbsd", "openeuler", - "photon", "rhel", "rocky", "suse", "ubuntu", "virtuozzo"] %} + {% if variant in ["alpine", "amazon", "arch", "debian", "fedora", "freebsd", +- "gentoo", "netbsd", "mariner", "openbsd", "openEuler", "OpenCloudOS", ++ "gentoo", "netbsd", "mariner", "openbsd", "openeuler", "OpenCloudOS", + "openmandriva", "photon", "suse", "TencentOS", "ubuntu"] or is_rhel %} distro: {{ variant }} {% elif variant in ["dragonfly"] %} -@@ -245,7 +245,7 @@ system_info: +@@ -254,7 +254,7 @@ system_info: security: http://ports.ubuntu.com/ubuntu-ports ssh_svcname: ssh - {% elif variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "eurolinux", -- "fedora", "gentoo", "miraclelinux", "openEuler", "rhel", "rocky", "suse", "virtuozzo"] %} -+ "fedora", "gentoo", "miraclelinux", "openeuler", "rhel", "rocky", "suse", "virtuozzo"] %} + {% elif variant in ["alpine", "amazon", "arch", "fedora", +- "gentoo", "openEuler", "OpenCloudOS", "openmandriva", "suse", "TencentOS"] or is_rhel %} ++ "gentoo", "openeuler", "OpenCloudOS", "openmandriva", "suse", "TencentOS"] or is_rhel %} # Default user name + that default users groups (if added/used) default_user: {% if variant == "amazon" %} diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl -index 6689309..12aa52f 100644 +index d71e3b8..783ae76 100644 --- a/systemd/cloud-init-generator.tmpl +++ b/systemd/cloud-init-generator.tmpl @@ -21,7 +21,7 @@ CLOUD_SYSTEM_TARGET="/usr/lib/systemd/system/cloud-init.target" CLOUD_SYSTEM_TARGET="/lib/systemd/system/cloud-init.target" {% endif %} {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", -- "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} -+ "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %} +- "miraclelinux", "openEuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %} ++ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %} dsidentify="/usr/libexec/cloud-init/ds-identify" {% else %} dsidentify="/usr/lib/cloud-init/ds-identify" diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl -index c170aef..0ec2636 100644 +index 1b1f9a8..c7a7c64 100644 --- a/systemd/cloud-init.service.tmpl +++ b/systemd/cloud-init.service.tmpl @@ -13,7 +13,7 @@ After=systemd-networkd-wait-online.service After=networking.service {% endif %} {% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora", -- "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %} -+ "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %} +- "miraclelinux", "openEuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", ++ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", + "suse", "TencentOS", "virtuozzo"] %} + After=network.service - After=NetworkManager.service - {% endif %} diff --git a/tests/unittests/test_cli.py b/tests/unittests/test_cli.py -index 7846d0d..0c525dd 100644 +index e3fed41..2f031ee 100644 --- a/tests/unittests/test_cli.py +++ b/tests/unittests/test_cli.py -@@ -260,7 +260,7 @@ class TestCLI(test_helpers.FilesystemMockingTestCase): - "**Supported distros:** all", - "**Supported distros:** almalinux, alpine, centos, " - "cloudlinux, debian, eurolinux, fedora, miraclelinux, " -- "openEuler, opensuse, photon, rhel, rocky, sles, ubuntu, " -+ "openeuler, opensuse, photon, rhel, rocky, sles, ubuntu, " - "virtuozzo", - "**Config schema**:\n **resize_rootfs:** " - "(``true``/``false``/``noblock``)", +@@ -246,7 +246,7 @@ class TestCLI: + "**Supported distros:** almalinux, alpine, centos, " + "cloudlinux, cos, debian, eurolinux, fedora, freebsd, " + "mariner, miraclelinux, " +- "openbsd, openEuler, OpenCloudOS, openmandriva, " ++ "openbsd, openeuler, OpenCloudOS, openmandriva, " + "opensuse, opensuse-microos, opensuse-tumbleweed, " + "opensuse-leap, photon, rhel, rocky, sle_hpc, " + "sle-micro, sles, TencentOS, ubuntu, virtuozzo", diff --git a/tools/render-cloudcfg b/tools/render-cloudcfg -index afe999e..cc9f054 100755 +index 6551875..b21fdee 100755 --- a/tools/render-cloudcfg +++ b/tools/render-cloudcfg -@@ -24,7 +24,7 @@ def main(): +@@ -25,7 +25,7 @@ def main(): "miraclelinux", "netbsd", "openbsd", - "openEuler", + "openeuler", + "OpenCloudOS", + "openmandriva", "photon", - "rhel", - "suse", -- 2.27.0 diff --git a/bugfix-sort-requirements.patch b/bugfix-sort-requirements.patch index dcbb03aa682b7c08c25c920e7cc882f34a43d23a..95c21399da96d11519108f92f0199a1f2872b240 100644 --- a/bugfix-sort-requirements.patch +++ b/bugfix-sort-requirements.patch @@ -11,16 +11,17 @@ Signed-off-by: chengquan 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py -index a9132d2..a81c1e9 100755 +index d0b1c99..55b929a 100644 --- a/setup.py +++ b/setup.py -@@ -324,6 +324,7 @@ cmdclass = { +@@ -331,6 +331,7 @@ cmdclass = { } - + requirements = read_requires() +requirements.sort() - + setuptools.setup( name="cloud-init", --- -2.27.0 \ No newline at end of file +-- +2.27.0 + diff --git a/cloud-init-22.1-no-override-default-network.patch b/cloud-init-22.1-no-override-default-network.patch index f869ca06581208acb38026e42ad884006bc0b827..ed102815b6406f555c07992d8a73b312d2bf2fd1 100644 --- a/cloud-init-22.1-no-override-default-network.patch +++ b/cloud-init-22.1-no-override-default-network.patch @@ -9,10 +9,10 @@ Signed-off-by: Eduardo Otubo 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py -index ba85c4f..90a4eb9 100644 +index d934f66..8a60c95 100644 --- a/cloudinit/net/sysconfig.py +++ b/cloudinit/net/sysconfig.py -@@ -1039,7 +1039,17 @@ class Renderer(renderer.Renderer): +@@ -1025,7 +1025,17 @@ class Renderer(renderer.Renderer): # Distros configuring /etc/sysconfig/network as a file e.g. Centos if sysconfig_path.endswith("network"): util.ensure_dir(os.path.dirname(sysconfig_path)) @@ -31,5 +31,6 @@ index ba85c4f..90a4eb9 100644 if network_state.use_ipv6: netcfg.append("NETWORKING_IPV6=yes") netcfg.append("IPV6_AUTOCONF=no") --- -2.27.0 \ No newline at end of file +-- +2.27.0 + diff --git a/cloud-init-22.2.tar.gz b/cloud-init-22.2.tar.gz deleted file mode 100644 index 9a512e142e02da95148cd04ca60bde488092e431..0000000000000000000000000000000000000000 Binary files a/cloud-init-22.2.tar.gz and /dev/null differ diff --git a/cloud-init-23.2.2.tar.gz b/cloud-init-23.2.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1702d4e688bdb2b52c62c4d0ead3c576d7026688 Binary files /dev/null and b/cloud-init-23.2.2.tar.gz differ diff --git a/cloud-init.spec b/cloud-init.spec index baa2959316b0645362e71d29ae72fc113f145593..6fe2d154f5ed58000ad6919227b067ef4283a7d8 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init -Version: 22.2 -Release: 10 +Version: 23.2.2 +Release: 1 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance. License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -13,20 +13,13 @@ Patch1: bugfix-cloud-init-add-os-support.patch Patch2: bugfix-sort-requirements.patch Patch3: add-variable-to-forbid-tmp-dir.patch Patch4: Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch -Patch5: backport-Fix-permission-of-SSH-host-keys-1971.patch -Patch6: backport-Do-not-change-permissions-of-netrules-target.patch -Patch7: backport-CVE-2022-2084.patch -Patch8: backport-Cleanup-ephemeral-IP-routes-on-exception.patch -Patch9: backport-CVE-2023-1786.patch - -Patch9000: fix-permission-of-the-private-key.patch BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd -BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2 +BuildRequires: iproute python3-configobj python3-responses BuildRequires: python3-jinja2 python3-jsonpatch python3-jsonschema BuildRequires: python3-mock python3-oauthlib python3-prettytable -BuildRequires: python3-pyserial python3-PyYAML python3-requests python3-six -BuildRequires: python3-unittest2 dnf %{_vendor}-release python3-pytest passwd python3-netifaces +BuildRequires: python3-pyserial python3-PyYAML python3-requests +BuildRequires: dnf %{_vendor}-release python3-pytest passwd python3-netifaces BuildRequires: python3-pytest-mock Requires: e2fsprogs iproute python3-libselinux net-tools python3-policycoreutils @@ -62,13 +55,6 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/%{name}.conf install -D -m 0644 tools/21-cloudinit.conf %{buildroot}/%{_sysconfdir}/rsyslog.d/21-cloudinit.conf %check -rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_handler/test_handler_ntp.py -rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_datasource/test_opennebula.py - -# nothing provides python3-responses -rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_url_helper.py -rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/sources/test_ec2.py - python3 -m pytest tests/unittests/ %pre @@ -103,11 +89,10 @@ fi %dir %{_sysconfdir}/cloud/cloud.cfg.d %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/*.cfg %doc %{_sysconfdir}/cloud/cloud.cfg.d/README +%doc %{_sysconfdir}/cloud/clean.d/README %dir %{_sysconfdir}/rsyslog.d %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf -%{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager -%{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient -/lib/udev/rules.d/66-azure-ephemeral.rules +%{_udevrulesdir}/66-azure-ephemeral.rules %{_unitdir}/cloud-config.service %{_unitdir}/cloud-final.service %{_unitdir}/cloud-init.service @@ -116,8 +101,8 @@ fi %{_unitdir}/cloud-init.target /usr/lib/systemd/system-generators/cloud-init-generator %{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf -/usr/lib/systemd/system/cloud-init-hotplugd.service -/usr/lib/systemd/system/cloud-init-hotplugd.socket +%{_unitdir}/cloud-init-hotplugd.service +%{_unitdir}/cloud-init-hotplugd.socket %{_tmpfilesdir}/%{name}.conf %{_libexecdir}/%{name} %{_bindir}/cloud-init* @@ -134,6 +119,12 @@ fi %exclude /usr/share/doc/* %changelog +* Thu Aug 03 2023 shixuantong - 23.2.2-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:upgrade version to 23.2.2 + * Wed May 24 2023 shixuantong - 22.2-10 - Type:CVE - ID:CVE-2023-1786