From 855f751b95cfed394c23d40845d8cb1173508512 Mon Sep 17 00:00:00 2001 From: shixuantong Date: Mon, 3 Jun 2024 17:11:52 +0800 Subject: [PATCH] backport upstream bugfix patches (cherry picked from commit 22d75f2a56c57d5cd2bb46355ef6e25a07393bb0) --- backport-ec2-Do-not-enable-dhcp6-on-EC2.patch | 117 ++++++++++++++++++ backport-fix-growpart-race-4618.patch | 99 +++++++++++++++ ...le-error-when-log-file-is-empty-4859.patch | 67 ++++++++++ cloud-init.spec | 13 +- 4 files changed, 295 insertions(+), 1 deletion(-) create mode 100644 backport-ec2-Do-not-enable-dhcp6-on-EC2.patch create mode 100644 backport-fix-growpart-race-4618.patch create mode 100644 backport-handle-error-when-log-file-is-empty-4859.patch diff --git a/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch new file mode 100644 index 0000000..02ecf8b --- /dev/null +++ b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch @@ -0,0 +1,117 @@ +From f0fb841883b80c71618582e43e1b3cd87a0dcb58 Mon Sep 17 00:00:00 2001 +From: Major Hayden +Date: Mon, 1 Apr 2024 18:28:12 +0000 +Subject: [PATCH] ec2: Do not enable dhcp6 on EC2 (#5104) + +When cloud-init finds any ipv6 information in the instance metadata, it +automatically enables dhcp6 for the network interface. However, this +brings up the instance with a broken IPv6 configuration because SLAAC +should be used for almost all situations on EC2. + +Red Hat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459 +Fedora Pagure: https://pagure.io/cloud-sig/issue/382 +Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526 + +Fixes GH-3980 + +Signed-off-by: Major Hayden +--- + cloudinit/sources/DataSourceEc2.py | 5 ----- + tests/unittests/sources/test_ec2.py | 15 +++++++-------- + 2 files changed, 7 insertions(+), 13 deletions(-) + +diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py +index 9e6bfbd..fbc7761 100644 +--- a/cloudinit/sources/DataSourceEc2.py ++++ b/cloudinit/sources/DataSourceEc2.py +@@ -921,8 +921,6 @@ def convert_ec2_metadata_network_config( + "set-name": nic_name, + } + nic_metadata = macs_metadata.get(mac) +- if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured +- dev_config["dhcp6"] = True + netcfg["ethernets"][nic_name] = dev_config + return netcfg + # Apply network config for all nics and any secondary IPv4/v6 addresses +@@ -942,9 +940,6 @@ def convert_ec2_metadata_network_config( + "match": {"macaddress": mac.lower()}, + "set-name": nic_name, + } +- if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured +- dev_config["dhcp6"] = True +- dev_config["dhcp6-overrides"] = dhcp_override + dev_config["addresses"] = get_secondary_addresses(nic_metadata, mac) + if not dev_config["addresses"]: + dev_config.pop("addresses") # Since we found none configured +diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py +index ea8621a..a6801fa 100644 +--- a/tests/unittests/sources/test_ec2.py ++++ b/tests/unittests/sources/test_ec2.py +@@ -432,7 +432,7 @@ class TestEc2(test_helpers.ResponsesTestCase): + "match": {"macaddress": "06:17:04:d7:26:09"}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -513,7 +513,7 @@ class TestEc2(test_helpers.ResponsesTestCase): + "2600:1f16:292:100:f153:12a3:c37c:11f9/128", + ], + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -593,7 +593,7 @@ class TestEc2(test_helpers.ResponsesTestCase): + "match": {"macaddress": mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1001,7 +1001,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1078,7 +1078,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1108,8 +1108,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase): + "set-name": "eth9", + "dhcp4": True, + "dhcp4-overrides": {"route-metric": 100}, +- "dhcp6": True, +- "dhcp6-overrides": {"route-metric": 100}, ++ "dhcp6": False, + }, + "eth10": { + "match": {"macaddress": mac2}, +@@ -1140,7 +1139,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +-- +2.33.0 + + diff --git a/backport-fix-growpart-race-4618.patch b/backport-fix-growpart-race-4618.patch new file mode 100644 index 0000000..ce87a06 --- /dev/null +++ b/backport-fix-growpart-race-4618.patch @@ -0,0 +1,99 @@ +From 598e0560d64f949369962ebbce2c53207763f5d2 Mon Sep 17 00:00:00 2001 +From: Brett Holman +Date: Fri, 5 Jan 2024 13:10:01 -0700 +Subject: [PATCH] fix: fix growpart race (#4618) + +Fixes GH-4613 +--- + cloudinit/config/cc_growpart.py | 23 +++++++++++++++++----- + tests/unittests/config/test_cc_growpart.py | 16 +++++++++++++++ + 2 files changed, 34 insertions(+), 5 deletions(-) + +diff --git a/cloudinit/config/cc_growpart.py b/cloudinit/config/cc_growpart.py +index f2e847e..f00e2e9 100644 +--- a/cloudinit/config/cc_growpart.py ++++ b/cloudinit/config/cc_growpart.py +@@ -19,7 +19,7 @@ from abc import ABC, abstractmethod + from contextlib import suppress + from pathlib import Path + from textwrap import dedent +-from typing import Tuple ++from typing import Optional, Tuple + + from cloudinit import subp, temp_utils, util + from cloudinit.cloud import Cloud +@@ -283,12 +283,16 @@ class ResizeGpart(Resizer): + return (before, get_size(partdev)) + + +-def get_size(filename): +- fd = os.open(filename, os.O_RDONLY) ++def get_size(filename) -> Optional[int]: ++ fd = None + try: ++ fd = os.open(filename, os.O_RDONLY) + return os.lseek(fd, 0, os.SEEK_END) ++ except FileNotFoundError: ++ return None + finally: +- os.close(fd) ++ if fd: ++ os.close(fd) + + + def device_part_info(devpath): +@@ -571,7 +575,7 @@ def resize_devices(resizer, devices): + continue + + try: +- (old, new) = resizer.resize(disk, ptnum, blockdev) ++ old, new = resizer.resize(disk, ptnum, blockdev) + if old == new: + info.append( + ( +@@ -580,6 +584,15 @@ def resize_devices(resizer, devices): + "no change necessary (%s, %s)" % (disk, ptnum), + ) + ) ++ elif new is None or old is None: ++ info.append( ++ ( ++ devent, ++ RESIZE.CHANGED, ++ "changed (%s, %s) size, new size is unknown" ++ % (disk, ptnum), ++ ) ++ ) + else: + info.append( + ( +diff --git a/tests/unittests/config/test_cc_growpart.py b/tests/unittests/config/test_cc_growpart.py +index 5b97f7b..85a4759 100644 +--- a/tests/unittests/config/test_cc_growpart.py ++++ b/tests/unittests/config/test_cc_growpart.py +@@ -389,6 +389,22 @@ class TestResize(unittest.TestCase): + os.stat = real_stat + + ++class TestGetSize: ++ @pytest.mark.parametrize( ++ "file_exists, expected", ++ ( ++ (False, None), ++ (True, 1), ++ ), ++ ) ++ def test_get_size_behaves(self, file_exists, expected, tmp_path): ++ """Ensure that get_size() doesn't raise exception""" ++ tmp_file = tmp_path / "tmp.txt" ++ if file_exists: ++ tmp_file.write_bytes(b"0") ++ assert expected == cc_growpart.get_size(tmp_file) ++ ++ + class TestEncrypted: + """Attempt end-to-end scenarios using encrypted devices. + +-- +2.27.0 + diff --git a/backport-handle-error-when-log-file-is-empty-4859.patch b/backport-handle-error-when-log-file-is-empty-4859.patch new file mode 100644 index 0000000..153f8ba --- /dev/null +++ b/backport-handle-error-when-log-file-is-empty-4859.patch @@ -0,0 +1,67 @@ +From ee79940717e354d26954fc4401dc5b0c38980509 Mon Sep 17 00:00:00 2001 +From: Hasan +Date: Tue, 13 Feb 2024 19:34:11 +0400 +Subject: [PATCH] feat: handle error when log file is empty (#4859) + +Fixes GH-4686 +--- + cloudinit/analyze/show.py | 4 ++++ + tests/unittests/analyze/test_show.py | 24 ++++++++++++++++++++++++ + 2 files changed, 28 insertions(+) + create mode 100644 tests/unittests/analyze/test_show.py + +diff --git a/cloudinit/analyze/show.py b/cloudinit/analyze/show.py +index 8d5866e..7938252 100644 +--- a/cloudinit/analyze/show.py ++++ b/cloudinit/analyze/show.py +@@ -7,6 +7,7 @@ + import datetime + import json + import os ++import sys + import time + + from cloudinit import subp, util +@@ -370,6 +371,9 @@ def load_events_infile(infile): + :return: json version of logfile, raw file + """ + data = infile.read() ++ if not data.strip(): ++ sys.stderr.write("Empty file %s\n" % infile.name) ++ sys.exit(1) + try: + return json.loads(data), data + except ValueError: +diff --git a/tests/unittests/analyze/test_show.py b/tests/unittests/analyze/test_show.py +new file mode 100644 +index 0000000..0984e90 +--- /dev/null ++++ b/tests/unittests/analyze/test_show.py +@@ -0,0 +1,24 @@ ++from collections import namedtuple ++ ++import pytest ++ ++from cloudinit.analyze import analyze_show ++ ++ ++@pytest.fixture ++def mock_io(tmp_path): ++ """Mock args for configure_io function""" ++ infile = tmp_path / "infile" ++ outfile = tmp_path / "outfile" ++ return namedtuple("MockIO", ["infile", "outfile"])(infile, outfile) ++ ++ ++class TestAnalyzeShow: ++ """Test analyze_show (and/or helpers) in cloudinit/analyze/__init__.py""" ++ ++ def test_empty_logfile(self, mock_io, capsys): ++ """Test analyze_show with an empty logfile""" ++ mock_io.infile.write_text("") ++ with pytest.raises(SystemExit): ++ analyze_show("dontcare", mock_io) ++ assert capsys.readouterr().err == f"Empty file {mock_io.infile}\n" +-- +2.27.0 + diff --git a/cloud-init.spec b/cloud-init.spec index 97b9866..df541a6 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 23.4.1 -Release: 3 +Release: 4 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance. License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -20,6 +20,9 @@ Patch6002: backport-bug-tests-mock-reads-of-host-s-sys-class-net-via-get.patch Patch6003: backport-tests-drop-CiTestCase-and-convert-to-pytest.patch Patch6004: backport-test-fix-disable_sysfs_net-mock.patch Patch6005: backport-fix-Logging-sensitive-data.patch +Patch6006: backport-fix-growpart-race-4618.patch +Patch6007: backport-handle-error-when-log-file-is-empty-4859.patch +Patch6008: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd BuildRequires: iproute python3-configobj python3-responses @@ -150,6 +153,14 @@ fi %exclude /usr/share/doc/* %changelog +* Mon Jun 03 2024 shixuantong - 23.4.1-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix growpart race + handle error when log file is empty + ec2: Do not enable dhcp6 on EC2 + * Fri Apr 12 2024 shixuantong - 23.4.1-3 - Type:bugfix - CVE:NA -- Gitee