packages/cloud-init
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!151 update version to 23.2.2

Browse Source 
From: @tong_1001 
Reviewed-by: @gaoruoshu 
Signed-off-by: @gaoruoshu
This commit is contained in:
openeuler-ci-bot 2023-08-03 12:27:12 +00:00 committed by Gitee
commit 4771df9776
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
13 changed files with 123 additions and 913 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch
View File

@ -13,17 +13,18 @@ Reference:https://bugs.almalinux.org/view.php?id=32&nbn=1
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 90a4eb9..443a5da 100644
index 8a60c95..5c81748 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -28,7 +28,7 @@ KNOWN_DISTROS = [
@@ -27,7 +27,7 @@ KNOWN_DISTROS = [
"eurolinux",
"fedora",
"miraclelinux",
- "openEuler",
+ "openeuler",
"OpenCloudOS",
"openmandriva",
"rhel",
"rocky",
"suse",
--
2.33.0
2.27.0

11
add-variable-to-forbid-tmp-dir.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: chengquan <chengquan3@huawei.com>
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/setup.py b/setup.py
index a81c1e9..e4e5fdb 100755
index 55b929a..34fb29b 100644
--- a/setup.py
+++ b/setup.py
@@ -79,6 +79,8 @@ def read_requires():
@@ -90,6 +90,8 @@ def read_requires():
deps = subprocess.check_output(cmd)
return deps.decode("utf-8").splitlines()
@ -23,7 +23,7 @@ index a81c1e9..e4e5fdb 100755
def render_tmpl(template, mode=None):
"""render template into a tmpdir under same dir as setup.py
@@ -100,7 +102,10 @@ def render_tmpl(template, mode=None):
@@ -110,7 +112,10 @@ def render_tmpl(template, mode=None):
return template
topdir = os.path.dirname(sys.argv[0])
@ -35,7 +35,7 @@ index a81c1e9..e4e5fdb 100755
atexit.register(shutil.rmtree, tmpd)
bname = os.path.basename(template).rstrip(tmpl_ext)
fpath = os.path.join(tmpd, bname)
@@ -124,6 +129,9 @@ def render_tmpl(template, mode=None):
@@ -136,6 +141,9 @@ def render_tmpl(template, mode=None):
# return path relative to setup.py
return os.path.join(os.path.basename(tmpd), bname)
@ -45,7 +45,7 @@ index a81c1e9..e4e5fdb 100755
# User can set the variant for template rendering
if "--distro" in sys.argv:
@@ -142,11 +150,11 @@ INITSYS_FILES = {
@@ -153,11 +161,11 @@ INITSYS_FILES = {
"systemd": [
render_tmpl(f)
for f in (
@ -61,3 +61,4 @@ index a81c1e9..e4e5fdb 100755
"systemd.generators": [
--
2.27.0

159
backport-CVE-2022-2084.patch
View File

@ -1,159 +0,0 @@
From 4d467b14363d800b2185b89790d57871f11ea88c Mon Sep 17 00:00:00 2001
From: James Falcon <james.falcon@canonical.com>
Date: Wed, 29 Jun 2022 17:27:44 -0500
Subject: [PATCH] Remove schema errors from log (#1551)
When schema errors are encountered, the section of userdata in question
gets printed to the cloud-init log. As this could contain sensitive
data, so log a generic warning instead and redirect user to run
cloud-init schema --system as root.
LP: #1978422
CVE: 2022-2084
---
cloudinit/cmd/main.py | 4 +++-
cloudinit/config/schema.py | 15 +++++++++---
integration_tests/modules/test_cli.py | 20 +++++++++++-----
tests/unittests/config/test_schema.py | 23 ++++++++++++++++++-
4 files changed, 51 insertions(+), 11 deletions(-)
diff --git a/cloudinit/cmd/main.py b/cloudinit/cmd/main.py
index fcdaf72..bc7149d 100644
--- a/cloudinit/cmd/main.py
+++ b/cloudinit/cmd/main.py
@@ -454,7 +454,9 @@ def main_init(name, args):
# Validate user-data adheres to schema definition
if os.path.exists(init.paths.get_ipath_cur("userdata_raw")):
- validate_cloudconfig_schema(config=init.cfg, strict=False)
+ validate_cloudconfig_schema(
+ config=init.cfg, strict=False, log_details=False
+ )
else:
LOG.debug("Skipping user-data validation. No user-data found.")
diff --git a/cloudinit/config/schema.py b/cloudinit/config/schema.py
index 7a6ecf0..d2861e9 100644
--- a/cloudinit/config/schema.py
+++ b/cloudinit/config/schema.py
@@ -196,6 +196,7 @@ def validate_cloudconfig_schema(
schema: dict = None,
strict: bool = False,
strict_metaschema: bool = False,
+ log_details: bool = True,
):
"""Validate provided config meets the schema definition.
@@ -208,6 +209,9 @@ def validate_cloudconfig_schema(
logging warnings.
@param strict_metaschema: Boolean, when True validates schema using strict
metaschema definition at runtime (currently unused)
+ @param log_details: Boolean, when True logs details of validation errors.
+ If there are concerns about logging sensitive userdata, this should
+ be set to False.
@raises: SchemaValidationError when provided config does not validate
against the provided schema.
@@ -232,12 +236,17 @@ def validate_cloudconfig_schema(
errors += ((path, error.message),)
if errors:
if strict:
+ # This could output/log sensitive data
raise SchemaValidationError(errors)
- else:
+ if log_details:
messages = ["{0}: {1}".format(k, msg) for k, msg in errors]
- LOG.warning(
- "Invalid cloud-config provided:\n%s", "\n".join(messages)
+ details = "\n" + "\n".join(messages)
+ else:
+ details = (
+ "Please run 'sudo cloud-init schema --system' to "
+ "see the schema errors."
)
+ LOG.warning("Invalid cloud-config provided: %s", details)
def annotated_cloudconfig_file(
diff --git a/tests/integration_tests/modules/test_cli.py b/tests/integration_tests/modules/test_cli.py
index e878176..4b8f53a 100644
--- a/tests/integration_tests/modules/test_cli.py
+++ b/tests/integration_tests/modules/test_cli.py
@@ -18,11 +18,18 @@ runcmd:
- echo 'hi' > /var/tmp/test
"""
+# The '-' in 'hashed-password' fails schema validation
INVALID_USER_DATA_SCHEMA = """\
#cloud-config
-updates:
- notnetwork: -1
-apt_pipelining: bogus
+users:
+ - default
+ - name: newsuper
+ gecos: Big Stuff
+ groups: users, admin
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ hashed-password: asdfasdf
+ shell: /bin/bash
+ lock_passwd: true
"""
@@ -69,11 +76,12 @@ def test_invalid_userdata_schema(client: IntegrationInstance):
assert result.ok
log = client.read_from_file("/var/log/cloud-init.log")
warning = (
- "[WARNING]: Invalid cloud-config provided:\napt_pipelining: 'bogus'"
- " is not valid under any of the given schemas\nupdates: Additional"
- " properties are not allowed ('notnetwork' was unexpected)"
+ "[WARNING]: Invalid cloud-config provided: Please run "
+ "'sudo cloud-init schema --system' to see the schema errors."
)
assert warning in log
+ assert "asdfasdf" not in log
+
result = client.execute("cloud-init status --long")
if not result.ok:
raise AssertionError(
diff --git a/tests/unittests/config/test_schema.py b/tests/unittests/config/test_schema.py
index c75b722..1fa91ad 100644
--- a/tests/unittests/config/test_schema.py
+++ b/tests/unittests/config/test_schema.py
@@ -304,10 +304,31 @@ class TestValidateCloudConfigSchema:
assert "cloudinit.config.schema" == module
assert logging.WARNING == log_level
assert (
- "Invalid cloud-config provided:\np1: -1 is not of type 'string'"
+ "Invalid cloud-config provided: \np1: -1 is not of type 'string'"
== log_msg
)
+ @skipUnlessJsonSchema()
+ def test_validateconfig_schema_sensitive(self, caplog):
+ """When log_details=False, ensure details are omitted"""
+ schema = {
+ "properties": {"hashed_password": {"type": "string"}},
+ "additionalProperties": False,
+ }
+ validate_cloudconfig_schema(
+ {"hashed-password": "secret"},
+ schema,
+ strict=False,
+ log_details=False,
+ )
+ [(module, log_level, log_msg)] = caplog.record_tuples
+ assert "cloudinit.config.schema" == module
+ assert logging.WARNING == log_level
+ assert (
+ "Invalid cloud-config provided: Please run 'sudo cloud-init "
+ "schema --system' to see the schema errors." == log_msg
+ )
+
@skipUnlessJsonSchema()
def test_validateconfig_schema_emits_warning_on_missing_jsonschema(
self, caplog
--
2.33.1.windows.1

295
backport-CVE-2023-1786.patch
View File

@ -1,295 +0,0 @@
From a378b7e4f47375458651c0972e7cd813f6fe0a6b Mon Sep 17 00:00:00 2001
From: James Falcon <james.falcon@canonical.com>
Date: Wed, 26 Apr 2023 15:11:55 -0500
Subject: [PATCH] Make user/vendor data sensitive and remove log permissions
(#2144)
Because user data and vendor data may contain sensitive information,
this commit ensures that any user data or vendor data written to
instance-data.json gets redacted and is only available to root user.
Also, modify the permissions of cloud-init.log to be 640, so that
sensitive data leaked to the log isn't world readable.
Additionally, remove the logging of user data and vendor data to
cloud-init.log from the Vultr datasource.
LP: #2013967
CVE: CVE-2023-1786
---
cloudinit/sources/DataSourceLXD.py | 8 ++++++--
cloudinit/sources/DataSourceVultr.py | 14 ++++++--------
cloudinit/sources/__init__.py | 28 +++++++++++++++++++++++++---
cloudinit/stages.py | 4 +++-
tests/unittests/sources/test_init.py | 27 ++++++++++++++++++++++++++-
tests/unittests/test_stages.py | 18 +++++++++++-------
6 files changed, 77 insertions(+), 22 deletions(-)
diff --git a/cloudinit/sources/DataSourceLXD.py b/cloudinit/sources/DataSourceLXD.py
index 640348f..8f21a1b 100644
--- a/cloudinit/sources/DataSourceLXD.py
+++ b/cloudinit/sources/DataSourceLXD.py
@@ -13,6 +13,7 @@ import os
import socket
import stat
from json.decoder import JSONDecodeError
+from typing import Tuple
import requests
from requests.adapters import HTTPAdapter
@@ -145,11 +146,14 @@ class DataSourceLXD(sources.DataSource):
_network_config = sources.UNSET
_crawled_metadata = sources.UNSET
- sensitive_metadata_keys = (
- "merged_cfg",
+ sensitive_metadata_keys: Tuple[
+ str, ...
+ ] = sources.DataSource.sensitive_metadata_keys + (
"user.meta-data",
"user.vendor-data",
"user.user-data",
+ "cloud-init.user-data",
+ "cloud-init.vendor-data",
)
def _is_platform_viable(self) -> bool:
diff --git a/cloudinit/sources/DataSourceVultr.py b/cloudinit/sources/DataSourceVultr.py
index 8c2e82c..8e5253f 100644
--- a/cloudinit/sources/DataSourceVultr.py
+++ b/cloudinit/sources/DataSourceVultr.py
@@ -5,6 +5,8 @@
# Vultr Metadata API:
# https://www.vultr.com/metadata/
+from typing import Tuple
+
import cloudinit.sources.helpers.vultr as vultr
from cloudinit import log as log
from cloudinit import sources, util, version
@@ -28,6 +30,10 @@ class DataSourceVultr(sources.DataSource):
dsname = "Vultr"
+ sensitive_metadata_keys: Tuple[
+ str, ...
+ ] = sources.DataSource.sensitive_metadata_keys + ("startup-script",)
+
def __init__(self, sys_cfg, distro, paths):
super(DataSourceVultr, self).__init__(sys_cfg, distro, paths)
self.ds_cfg = util.mergemanydict(
@@ -60,13 +66,8 @@ class DataSourceVultr(sources.DataSource):
self.get_datasource_data(self.metadata)
# Dump some data so diagnosing failures is manageable
- LOG.debug("Vultr Vendor Config:")
- LOG.debug(util.json_dumps(self.metadata["vendor-data"]))
LOG.debug("SUBID: %s", self.metadata["instance-id"])
LOG.debug("Hostname: %s", self.metadata["local-hostname"])
- if self.userdata_raw is not None:
- LOG.debug("User-Data:")
- LOG.debug(self.userdata_raw)
return True
@@ -151,7 +152,4 @@ if __name__ == "__main__":
config = md["vendor-data"]
sysinfo = vultr.get_sysinfo()
- print(util.json_dumps(sysinfo))
- print(util.json_dumps(config))
-
# vi: ts=4 expandtab
diff --git a/cloudinit/sources/__init__.py b/cloudinit/sources/__init__.py
index fff760f..b678cc8 100644
--- a/cloudinit/sources/__init__.py
+++ b/cloudinit/sources/__init__.py
@@ -113,7 +113,10 @@ def process_instance_metadata(metadata, key_path="", sensitive_keys=()):
sub_key_path = key_path + "/" + key
else:
sub_key_path = key
- if key in sensitive_keys or sub_key_path in sensitive_keys:
+ if (
+ key.lower() in sensitive_keys
+ or sub_key_path.lower() in sensitive_keys
+ ):
sens_keys.append(sub_key_path)
if isinstance(val, str) and val.startswith("ci-b64:"):
base64_encoded_keys.append(sub_key_path)
@@ -135,6 +138,12 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE):
Replace any keys values listed in 'sensitive_keys' with redact_value.
"""
+ # While 'sensitive_keys' should already sanitized to only include what
+ # is in metadata, it is possible keys will overlap. For example, if
+ # "merged_cfg" and "merged_cfg/ds/userdata" both match, it's possible that
+ # "merged_cfg" will get replaced first, meaning "merged_cfg/ds/userdata"
+ # no longer represents a valid key.
+ # Thus, we still need to do membership checks in this function.
if not metadata.get("sensitive_keys", []):
return metadata
md_copy = copy.deepcopy(metadata)
@@ -142,9 +151,14 @@ def redact_sensitive_keys(metadata, redact_value=REDACT_SENSITIVE_VALUE):
path_parts = key_path.split("/")
obj = md_copy
for path in path_parts:
- if isinstance(obj[path], dict) and path != path_parts[-1]:
+ if (
+ path in obj
+ and isinstance(obj[path], dict)
+ and path != path_parts[-1]
+ ):
obj = obj[path]
- obj[path] = redact_value
+ if path in obj:
+ obj[path] = redact_value
return md_copy
@@ -247,6 +261,14 @@ class DataSource(CloudInitPickleMixin, metaclass=abc.ABCMeta):
sensitive_metadata_keys = (
"merged_cfg",
"security-credentials",
+ "userdata",
+ "user-data",
+ "user_data",
+ "vendordata",
+ "vendor-data",
+ # Provide ds/vendor_data to avoid redacting top-level
+ # "vendor_data": {enabled: True}
+ "ds/vendor_data",
)
_ci_pkl_version = 1
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index 27af605..88c8e68 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -204,7 +204,9 @@ class Init(object):
util.ensure_dirs(self._initial_subdirs())
log_file = util.get_cfg_option_str(self.cfg, "def_log_file")
if log_file:
- util.ensure_file(log_file, mode=0o640, preserve_mode=True)
+ # At this point the log file should have already been created
+ # in the setupLogging function of log.py
+ util.ensure_file(log_file, mode=0o640, preserve_mode=False)
perms = self.cfg.get("syslog_fix_perms")
if not perms:
perms = {}
diff --git a/tests/unittests/sources/test_init.py b/tests/unittests/sources/test_init.py
index ce8fc97..e21c9d6 100644
--- a/tests/unittests/sources/test_init.py
+++ b/tests/unittests/sources/test_init.py
@@ -447,12 +447,24 @@ class TestDataSource(CiTestCase):
"cred2": "othersekret",
}
},
+ "someother": {
+ "nested": {
+ "userData": "HIDE ME",
+ }
+ },
+ "VENDOR-DAta": "HIDE ME TOO",
},
)
self.assertCountEqual(
(
"merged_cfg",
"security-credentials",
+ "userdata",
+ "user-data",
+ "user_data",
+ "vendordata",
+ "vendor-data",
+ "ds/vendor_data",
),
datasource.sensitive_metadata_keys,
)
@@ -479,7 +491,9 @@ class TestDataSource(CiTestCase):
"base64_encoded_keys": [],
"merged_cfg": REDACT_SENSITIVE_VALUE,
"sensitive_keys": [
+ "ds/meta_data/VENDOR-DAta",
"ds/meta_data/some/security-credentials",
+ "ds/meta_data/someother/nested/userData",
"merged_cfg",
],
"sys_info": sys_info,
@@ -489,6 +503,7 @@ class TestDataSource(CiTestCase):
"availability_zone": "myaz",
"cloud-name": "subclasscloudname",
"cloud_name": "subclasscloudname",
+ "cloud_id": "subclasscloudname",
"distro": "ubuntu",
"distro_release": "focal",
"distro_version": "20.04",
@@ -511,14 +526,18 @@ class TestDataSource(CiTestCase):
"ds": {
"_doc": EXPERIMENTAL_TEXT,
"meta_data": {
+ "VENDOR-DAta": REDACT_SENSITIVE_VALUE,
"availability_zone": "myaz",
"local-hostname": "test-subclass-hostname",
"region": "myregion",
"some": {"security-credentials": REDACT_SENSITIVE_VALUE},
+ "someother": {
+ "nested": {"userData": REDACT_SENSITIVE_VALUE}
+ },
},
},
}
- self.assertCountEqual(expected, redacted)
+ self.assertEqual(expected, redacted)
file_stat = os.stat(json_file)
self.assertEqual(0o644, stat.S_IMODE(file_stat.st_mode))
@@ -563,6 +582,12 @@ class TestDataSource(CiTestCase):
(
"merged_cfg",
"security-credentials",
+ "userdata",
+ "user-data",
+ "user_data",
+ "vendordata",
+ "vendor-data",
+ "ds/vendor_data",
),
datasource.sensitive_metadata_keys,
)
diff --git a/tests/unittests/test_stages.py b/tests/unittests/test_stages.py
index 9fa2e62..138d79b 100644
--- a/tests/unittests/test_stages.py
+++ b/tests/unittests/test_stages.py
@@ -606,19 +606,23 @@ class TestInit_InitializeFilesystem:
# Assert we create it 0o640 by default if it doesn't already exist
assert 0o640 == stat.S_IMODE(log_file.stat().mode)
- def test_existing_file_permissions_are_not_modified(self, init, tmpdir):
- """If the log file already exists, we should not modify its permissions
+ def test_existing_file_permissions(self, init, tmpdir):
+ """Test file permissions are set as expected.
+
+ CIS Hardening requires 640 permissions. These permissions are
+ currently hardcoded on every boot, but if there's ever a reason
+ to change this, we need to then ensure that they
+ are *not* set every boot.
See https://bugs.launchpad.net/cloud-init/+bug/1900837.
"""
- # Use a mode that will never be made the default so this test will
- # always be valid
- mode = 0o606
log_file = tmpdir.join("cloud-init.log")
log_file.ensure()
- log_file.chmod(mode)
+ # Use a mode that will never be made the default so this test will
+ # always be valid
+ log_file.chmod(0o606)
init._cfg = {"def_log_file": str(log_file)}
init._initialize_filesystem()
- assert mode == stat.S_IMODE(log_file.stat().mode)
+ assert 0o640 == stat.S_IMODE(log_file.stat().mode)
--
2.33.0

161
backport-Cleanup-ephemeral-IP-routes-on-exception.patch
View File

@ -1,161 +0,0 @@
From 0273712c90d6facfc0fbf8d6def352f9810902a3 Mon Sep 17 00:00:00 2001
From: sxt1001 <shixuantong1@huawei.com>
Date: Mon, 3 Apr 2023 23:52:15 +0800
Subject: [PATCH] Cleanup ephemeral IP routes on exception (#2100)
If an exception occurs during EphemeralIPv4Network setup, any routes
that were setup need to be torn down. This wasn't happening, and this
commit adds the teardown.
---
cloudinit/net/__init__.py | 43 +++++++++++--------
tests/unittests/net/test_init.py | 73 ++++++++++++++++++++++++++++++++
2 files changed, 99 insertions(+), 17 deletions(-)
diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py
index 3297a31..fc9668e 100644
--- a/cloudinit/net/__init__.py
+++ b/cloudinit/net/__init__.py
@@ -1370,23 +1370,32 @@ class EphemeralIPv4Network(object):
)
return
- self._bringup_device()
-
- # rfc3442 requires us to ignore the router config *if* classless static
- # routes are provided.
- #
- # https://tools.ietf.org/html/rfc3442
- #
- # If the DHCP server returns both a Classless Static Routes option and
- # a Router option, the DHCP client MUST ignore the Router option.
- #
- # Similarly, if the DHCP server returns both a Classless Static Routes
- # option and a Static Routes option, the DHCP client MUST ignore the
- # Static Routes option.
- if self.static_routes:
- self._bringup_static_routes()
- elif self.router:
- self._bringup_router()
+ try:
+ self._bringup_device()
+
+ # rfc3442 requires us to ignore the router config *if*
+ # classless static routes are provided.
+ #
+ # https://tools.ietf.org/html/rfc3442
+ #
+ # If the DHCP server returns both a Classless Static Routes
+ # option and a Router option, the DHCP client MUST ignore
+ # the Router option.
+ #
+ # Similarly, if the DHCP server returns both a Classless
+ # Static Routes option and a Static Routes option, the DHCP
+ # client MUST ignore the Static Routes option.
+ if self.static_routes:
+ self._bringup_static_routes()
+ elif self.router:
+ self._bringup_router()
+ except subp.ProcessExecutionError:
+ LOG.error(
+ "Error bringing up EphemeralIPv4Network. "
+ "Datasource setup cannot continue"
+ )
+ self.__exit__(None, None, None)
+ raise
def __exit__(self, excp_type, excp_value, excp_traceback):
"""Teardown anything we set up."""
diff --git a/tests/unittests/net/test_init.py b/tests/unittests/net/test_init.py
index 768cc11..5da1232 100644
--- a/tests/unittests/net/test_init.py
+++ b/tests/unittests/net/test_init.py
@@ -13,6 +13,7 @@ import pytest
import requests
import cloudinit.net as net
+from cloudinit import subp
from cloudinit.subp import ProcessExecutionError
from cloudinit.util import ensure_file, write_file
from tests.unittests.helpers import CiTestCase, HttprettyTestCase
@@ -853,6 +854,78 @@ class TestEphemeralIPV4Network(CiTestCase):
self.assertEqual(expected_setup_calls, m_subp.call_args_list)
m_subp.assert_has_calls(expected_teardown_calls)
+ def test_teardown_on_enter_exception(self, m_subp):
+ """Ensure ephemeral teardown happens.
+
+ Even though we're using a context manager, we need to handle any
+ exceptions raised in __enter__ manually and do the appropriate
+ teardown.
+ """
+
+ def side_effect(args, **kwargs):
+ if args[3] == "append" and args[4] == "3.3.3.3/32":
+ raise subp.ProcessExecutionError("oh no!")
+
+ m_subp.side_effect = side_effect
+
+ with pytest.raises(subp.ProcessExecutionError):
+ with net.EphemeralIPv4Network(
+ interface="eth0",
+ ip="1.1.1.1",
+ prefix_or_mask="255.255.255.0",
+ broadcast="1.1.1.255",
+ static_routes=[
+ ("2.2.2.2/32", "9.9.9.9"),
+ ("3.3.3.3/32", "8.8.8.8"),
+ ],
+ ):
+ pass
+
+ expected_teardown_calls = [
+ mock.call(
+ [
+ "ip",
+ "-4",
+ "route",
+ "del",
+ "2.2.2.2/32",
+ "via",
+ "9.9.9.9",
+ "dev",
+ "eth0",
+ ],
+ capture=True,
+ ),
+ mock.call(
+ [
+ "ip",
+ "-family",
+ "inet",
+ "link",
+ "set",
+ "dev",
+ "eth0",
+ "down",
+ ],
+ capture=True,
+ ),
+ mock.call(
+ [
+ "ip",
+ "-family",
+ "inet",
+ "addr",
+ "del",
+ "1.1.1.1/24",
+ "dev",
+ "eth0",
+ ],
+ capture=True,
+ ),
+ ]
+ for teardown in expected_teardown_calls:
+ assert teardown in m_subp.call_args_list
+
@mock.patch("cloudinit.net.readurl")
def test_ephemeral_ipv4_no_network_if_url_connectivity(
self, m_readurl, m_subp
--
2.33.0

109
backport-Do-not-change-permissions-of-netrules-target.patch
View File

@ -1,109 +0,0 @@
From 56c88cafd1b3606e814069a79f4ec265fc427c87 Mon Sep 17 00:00:00 2001
From: James Falcon <james.falcon@canonical.com>
Date: Thu, 23 Mar 2023 10:21:56 -0500
Subject: [PATCH] Don't change permissions of netrules target (#2076)
Set permissions if file doesn't exist. Leave them if it does.
LP: #2011783
Co-authored-by: Chad Smith <chad.smith@canonical.com>
---
cloudinit/net/eni.py | 4 +++-
cloudinit/net/sysconfig.py | 7 ++++++-
tests/unittests/distros/test_netconfig.py | 20 ++++++++++++++++++--
3 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py
index b0ec67b..f6398e3 100644
--- a/cloudinit/net/eni.py
+++ b/cloudinit/net/eni.py
@@ -571,7 +571,9 @@ class Renderer(renderer.Renderer):
netrules = subp.target_path(target, self.netrules_path)
util.ensure_dir(os.path.dirname(netrules))
util.write_file(
- netrules, self._render_persistent_net(network_state)
+ netrules,
+ content=self._render_persistent_net(network_state),
+ preserve_mode=True,
)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index 07f474d..d22354c 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -1008,7 +1008,12 @@ class Renderer(renderer.Renderer):
if self.netrules_path:
netrules_content = self._render_persistent_net(network_state)
netrules_path = subp.target_path(target, self.netrules_path)
- util.write_file(netrules_path, netrules_content, file_mode)
+ util.write_file(
+ netrules_path,
+ content=netrules_content,
+ mode=file_mode,
+ preserve_mode=True,
+ )
sysconfig_path = subp.target_path(target, templates.get("control"))
# Distros configuring /etc/sysconfig/network as a file e.g. Centos
diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py
index a25be48..8760975 100644
--- a/tests/unittests/distros/test_netconfig.py
+++ b/tests/unittests/distros/test_netconfig.py
@@ -376,8 +376,16 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
def eni_path(self):
return "/etc/network/interfaces.d/50-cloud-init.cfg"
+ def rules_path(self):
+ return "/etc/udev/rules.d/70-persistent-net.rules"
+
def _apply_and_verify_eni(
- self, apply_fn, config, expected_cfgs=None, bringup=False
+ self,
+ apply_fn,
+ config,
+ expected_cfgs=None,
+ bringup=False,
+ previous_files=(),
):
if not expected_cfgs:
raise ValueError("expected_cfg must not be None")
@@ -385,7 +393,11 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
tmpd = None
with mock.patch("cloudinit.net.eni.available") as m_avail:
m_avail.return_value = True
+ path_modes = {}
with self.reRooted(tmpd) as tmpd:
+ for previous_path, content, mode in previous_files:
+ util.write_file(previous_path, content, mode=mode)
+ path_modes[previous_path] = mode
apply_fn(config, bringup)
results = dir2dict(tmpd)
@@ -396,17 +408,21 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
print(results[cfgpath])
print("----------")
self.assertEqual(expected, results[cfgpath])
- self.assertEqual(0o644, get_mode(cfgpath, tmpd))
+ self.assertEqual(
+ path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd)
+ )
def test_apply_network_config_eni_ub(self):
expected_cfgs = {
self.eni_path(): V1_NET_CFG_OUTPUT,
+ self.rules_path(): "",
}
# ub_distro.apply_network_config(V1_NET_CFG, False)
self._apply_and_verify_eni(
self.distro.apply_network_config,
V1_NET_CFG,
expected_cfgs=expected_cfgs.copy(),
+ previous_files=((self.rules_path(), "something", 0o660),),
)
def test_apply_network_config_ipv6_ub(self):
--
2.39.1

60
backport-Fix-permission-of-SSH-host-keys-1971.patch
View File

@ -1,60 +0,0 @@
From 94a00492b11995dd9278605eb29ee4b096ce3a90 Mon Sep 17 00:00:00 2001
From: Ron Gebauer <Mazorius@users.noreply.github.com>
Date: Wed, 25 Jan 2023 22:40:32 +0100
Subject: [PATCH] Fix permission of SSH host keys (#1971)
If the host-keys are provided the private key permissions have 0600
which is indeed correct. But the public key has 0600 which should
instead be 0644.
With this change the public key is always 0644 and the private key
is 0600 if provided or 640 if generated (to match sshd-keygen
functionality).
---
cloudinit/config/cc_ssh.py | 4 ++--
tests/unittests/config/test_cc_ssh.py | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/cloudinit/config/cc_ssh.py b/cloudinit/config/cc_ssh.py
index 33c1fd0..6210627 100644
--- a/cloudinit/config/cc_ssh.py
+++ b/cloudinit/config/cc_ssh.py
@@ -185,8 +185,8 @@ for k in GENERATE_KEY_NAMES:
CONFIG_KEY_TO_FILE.update(
{
f"{k}_private": (KEY_FILE_TPL % k, 0o600),
- f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o600),
- f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o600),
+ f"{k}_public": (f"{KEY_FILE_TPL % k}.pub", 0o644),
+ f"{k}_certificate": (f"{KEY_FILE_TPL % k}-cert.pub", 0o644),
}
)
PRIV_TO_PUB[f"{k}_private"] = f"{k}_public"
diff --git a/tests/unittests/config/test_cc_ssh.py b/tests/unittests/config/test_cc_ssh.py
index 47c0c77..c41a50b 100644
--- a/tests/unittests/config/test_cc_ssh.py
+++ b/tests/unittests/config/test_cc_ssh.py
@@ -311,17 +311,17 @@ class TestHandleSsh:
mock.call(
"/etc/ssh/ssh_host_{}_key".format(key_type),
private_value,
- 384,
+ 0o600,
),
mock.call(
"/etc/ssh/ssh_host_{}_key.pub".format(key_type),
public_value,
- 384,
+ 0o644,
),
mock.call(
"/etc/ssh/ssh_host_{}_key-cert.pub".format(key_type),
cert_value,
- 384,
+ 0o644,
),
mock.call(
"/etc/ssh/sshd_config",
--
2.39.1

151
bugfix-cloud-init-add-os-support.patch
View File

@ -8,7 +8,7 @@ reason: add oe into distros
Signed-off-by: chengquan <chengquan3@huawei.com>
---
cloudinit/config/cc_ntp.py | 2 +-
cloudinit/config/cc_resolv_conf.py | 2 +-
cloudinit/config/cc_resolv_conf.py | 1 +
cloudinit/config/cc_rh_subscription.py | 2 +-
cloudinit/config/cc_spacewalk.py | 2 +-
cloudinit/config/cc_yum_add_repo.py | 2 +-
@ -19,40 +19,39 @@ Signed-off-by: chengquan <chengquan3@huawei.com>
systemd/cloud-init.service.tmpl | 2 +-
tests/unittests/test_cli.py | 2 +-
tools/render-cloudcfg | 2 +-
12 files changed, 26 insertions(+), 14 deletions(-)
12 files changed, 26 insertions(+), 13 deletions(-)
create mode 100644 cloudinit/distros/openeuler.py
diff --git a/cloudinit/config/cc_ntp.py b/cloudinit/config/cc_ntp.py
index 3bc1d30..6b0f302 100644
index 8d83433..508f1ed 100644
--- a/cloudinit/config/cc_ntp.py
+++ b/cloudinit/config/cc_ntp.py
@@ -29,7 +29,7 @@ distros = [
"eurolinux",
"fedora",
@@ -35,7 +35,7 @@ distros = [
"mariner",
"miraclelinux",
"openbsd",
- "openEuler",
+ "openeuler",
"OpenCloudOS",
"openmandriva",
"opensuse",
"photon",
"rhel",
diff --git a/cloudinit/config/cc_resolv_conf.py b/cloudinit/config/cc_resolv_conf.py
index bbf6807..845e793 100644
index d8a7bfa..b642640 100644
--- a/cloudinit/config/cc_resolv_conf.py
+++ b/cloudinit/config/cc_resolv_conf.py
@@ -52,7 +52,7 @@ meta: MetaSchema = {
"name": "Resolv Conf",
"title": "Configure resolv.conf",
"description": MODULE_DESCRIPTION,
- "distros": ["alpine", "fedora", "opensuse", "photon", "rhel", "sles"],
+ "distros": ["alpine", "fedora", "opensuse", "photon", "rhel", "sles", "openeuler"],
@@ -69,6 +69,7 @@ meta: MetaSchema = {
"sle_hpc",
"sle-micro",
"sles",
+ "openeuler",
],
"frequency": PER_INSTANCE,
"examples": [
dedent(
diff --git a/cloudinit/config/cc_rh_subscription.py b/cloudinit/config/cc_rh_subscription.py
index b742cb9..4d8244f 100644
index 533862a..d92f760 100644
--- a/cloudinit/config/cc_rh_subscription.py
+++ b/cloudinit/config/cc_rh_subscription.py
@@ -30,7 +30,7 @@ meta: MetaSchema = {
@@ -32,7 +32,7 @@ meta: MetaSchema = {
"name": "Red Hat Subscription",
"title": "Register Red Hat Enterprise Linux based system",
"description": MODULE_DESCRIPTION,
@ -62,10 +61,10 @@ index b742cb9..4d8244f 100644
"examples": [
dedent(
diff --git a/cloudinit/config/cc_spacewalk.py b/cloudinit/config/cc_spacewalk.py
index 6820a81..d97da92 100644
index c8249e6..bd7a972 100644
--- a/cloudinit/config/cc_spacewalk.py
+++ b/cloudinit/config/cc_spacewalk.py
@@ -22,7 +22,7 @@ meta: MetaSchema = {
@@ -25,7 +25,7 @@ meta: MetaSchema = {
"name": "Spacewalk",
"title": "Install and configure spacewalk",
"description": MODULE_DESCRIPTION,
@ -75,31 +74,31 @@ index 6820a81..d97da92 100644
"examples": [
dedent(
diff --git a/cloudinit/config/cc_yum_add_repo.py b/cloudinit/config/cc_yum_add_repo.py
index f735719..cc787a3 100644
index 097493b..e565a1d 100644
--- a/cloudinit/config/cc_yum_add_repo.py
+++ b/cloudinit/config/cc_yum_add_repo.py
@@ -28,7 +28,7 @@ distros = [
"cloudlinux",
@@ -32,7 +32,7 @@ distros = [
"eurolinux",
"fedora",
"mariner",
- "openEuler",
+ "openeuler",
"OpenCloudOS",
"openmandriva",
"photon",
"rhel",
"rocky",
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index b034e2c..be063c2 100644
index ec14893..59bafe0 100644
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -46,7 +46,7 @@ OSFAMILIES = {
"eurolinux",
"fedora",
"miraclelinux",
- "openEuler",
+ "openeuler",
"photon",
"rhel",
"rocky",
@@ -72,7 +72,7 @@ OSFAMILIES = {
"sle-micro",
"sles",
],
- "openEuler": ["openEuler"],
+ "openeuler": ["openeuler"],
"OpenCloudOS": ["OpenCloudOS", "TencentOS"],
}
diff --git a/cloudinit/distros/openeuler.py b/cloudinit/distros/openeuler.py
new file mode 100644
index 0000000..7505ca4
@ -119,97 +118,97 @@ index 0000000..7505ca4
+
+# vi: ts=4 expandtab
diff --git a/config/cloud.cfg.tmpl b/config/cloud.cfg.tmpl
index 6951a0e..8740752 100644
index 4c05f63..e686770 100644
--- a/config/cloud.cfg.tmpl
+++ b/config/cloud.cfg.tmpl
@@ -33,7 +33,7 @@ disable_root: true
@@ -35,7 +35,7 @@ disable_root: false
disable_root: true
{% endif %}
{% if variant in ["almalinux", "alpine", "amazon", "centos", "cloudlinux", "eurolinux",
- "fedora", "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %}
+ "fedora", "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %}
{% if variant == "rhel" %}
-{% if variant in ["alpine", "amazon", "fedora", "openEuler", "OpenCloudOS", "openmandriva", "photon", "TencentOS"] or is_rhel %}
+{% if variant in ["alpine", "amazon", "fedora", "openeuler", "OpenCloudOS", "openmandriva", "photon", "TencentOS"] or is_rhel %}
{% if is_rhel %}
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service,_netdev', '0', '2']
{% else %}
@@ -125,7 +125,7 @@ cloud_config_modules:
{% if variant in ["rhel"] %}
@@ -135,7 +135,7 @@ cloud_config_modules:
{% if is_rhel %}
- rh_subscription
{% endif %}
-{% if variant in ["rhel", "fedora", "photon"] %}
+{% if variant in ["rhel", "fedora", "photon", "openeuler"] %}
{% if variant not in ["photon"] %}
-{% if variant in ["fedora", "mariner", "openmandriva", "photon"] or is_rhel %}
+{% if variant in ["fedora", "mariner", "openmandriva", "photon", "openeuler"] or is_rhel %}
{% if variant not in ["mariner", "photon"] %}
- spacewalk
{% endif %}
@@ -191,7 +191,7 @@ cloud_final_modules:
@@ -199,7 +199,7 @@ cloud_final_modules:
system_info:
# This will affect which distro class gets used
{% if variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "debian",
- "eurolinux", "fedora", "freebsd", "gentoo", "netbsd", "miraclelinux", "openbsd", "openEuler",
+ "eurolinux", "fedora", "freebsd", "gentoo", "netbsd", "miraclelinux", "openbsd", "openeuler",
"photon", "rhel", "rocky", "suse", "ubuntu", "virtuozzo"] %}
{% if variant in ["alpine", "amazon", "arch", "debian", "fedora", "freebsd",
- "gentoo", "netbsd", "mariner", "openbsd", "openEuler", "OpenCloudOS",
+ "gentoo", "netbsd", "mariner", "openbsd", "openeuler", "OpenCloudOS",
"openmandriva", "photon", "suse", "TencentOS", "ubuntu"] or is_rhel %}
distro: {{ variant }}
{% elif variant in ["dragonfly"] %}
@@ -245,7 +245,7 @@ system_info:
@@ -254,7 +254,7 @@ system_info:
security: http://ports.ubuntu.com/ubuntu-ports
ssh_svcname: ssh
{% elif variant in ["almalinux", "alpine", "amazon", "arch", "centos", "cloudlinux", "eurolinux",
- "fedora", "gentoo", "miraclelinux", "openEuler", "rhel", "rocky", "suse", "virtuozzo"] %}
+ "fedora", "gentoo", "miraclelinux", "openeuler", "rhel", "rocky", "suse", "virtuozzo"] %}
{% elif variant in ["alpine", "amazon", "arch", "fedora",
- "gentoo", "openEuler", "OpenCloudOS", "openmandriva", "suse", "TencentOS"] or is_rhel %}
+ "gentoo", "openeuler", "OpenCloudOS", "openmandriva", "suse", "TencentOS"] or is_rhel %}
# Default user name + that default users groups (if added/used)
default_user:
{% if variant == "amazon" %}
diff --git a/systemd/cloud-init-generator.tmpl b/systemd/cloud-init-generator.tmpl
index 6689309..12aa52f 100644
index d71e3b8..783ae76 100644
--- a/systemd/cloud-init-generator.tmpl
+++ b/systemd/cloud-init-generator.tmpl
@@ -21,7 +21,7 @@ CLOUD_SYSTEM_TARGET="/usr/lib/systemd/system/cloud-init.target"
CLOUD_SYSTEM_TARGET="/lib/systemd/system/cloud-init.target"
{% endif %}
{% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora",
- "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %}
+ "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %}
- "miraclelinux", "openEuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %}
+ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky", "TencentOS", "virtuozzo"] %}
dsidentify="/usr/libexec/cloud-init/ds-identify"
{% else %}
dsidentify="/usr/lib/cloud-init/ds-identify"
diff --git a/systemd/cloud-init.service.tmpl b/systemd/cloud-init.service.tmpl
index c170aef..0ec2636 100644
index 1b1f9a8..c7a7c64 100644
--- a/systemd/cloud-init.service.tmpl
+++ b/systemd/cloud-init.service.tmpl
@@ -13,7 +13,7 @@ After=systemd-networkd-wait-online.service
After=networking.service
{% endif %}
{% if variant in ["almalinux", "centos", "cloudlinux", "eurolinux", "fedora",
- "miraclelinux", "openEuler", "rhel", "rocky", "virtuozzo"] %}
+ "miraclelinux", "openeuler", "rhel", "rocky", "virtuozzo"] %}
- "miraclelinux", "openEuler", "OpenCloudOS", "openmandriva", "rhel", "rocky",
+ "miraclelinux", "openeuler", "OpenCloudOS", "openmandriva", "rhel", "rocky",
"suse", "TencentOS", "virtuozzo"] %}
After=network.service
After=NetworkManager.service
{% endif %}
diff --git a/tests/unittests/test_cli.py b/tests/unittests/test_cli.py
index 7846d0d..0c525dd 100644
index e3fed41..2f031ee 100644
--- a/tests/unittests/test_cli.py
+++ b/tests/unittests/test_cli.py
@@ -260,7 +260,7 @@ class TestCLI(test_helpers.FilesystemMockingTestCase):
"**Supported distros:** all",
@@ -246,7 +246,7 @@ class TestCLI:
"**Supported distros:** almalinux, alpine, centos, "
"cloudlinux, debian, eurolinux, fedora, miraclelinux, "
- "openEuler, opensuse, photon, rhel, rocky, sles, ubuntu, "
+ "openeuler, opensuse, photon, rhel, rocky, sles, ubuntu, "
"virtuozzo",
"**Config schema**:\n **resize_rootfs:** "
"(``true``/``false``/``noblock``)",
"cloudlinux, cos, debian, eurolinux, fedora, freebsd, "
"mariner, miraclelinux, "
- "openbsd, openEuler, OpenCloudOS, openmandriva, "
+ "openbsd, openeuler, OpenCloudOS, openmandriva, "
"opensuse, opensuse-microos, opensuse-tumbleweed, "
"opensuse-leap, photon, rhel, rocky, sle_hpc, "
"sle-micro, sles, TencentOS, ubuntu, virtuozzo",
diff --git a/tools/render-cloudcfg b/tools/render-cloudcfg
index afe999e..cc9f054 100755
index 6551875..b21fdee 100755
--- a/tools/render-cloudcfg
+++ b/tools/render-cloudcfg
@@ -24,7 +24,7 @@ def main():
@@ -25,7 +25,7 @@ def main():
"miraclelinux",
"netbsd",
"openbsd",
- "openEuler",
+ "openeuler",
"OpenCloudOS",
"openmandriva",
"photon",
"rhel",
"suse",
--
2.27.0

5
bugfix-sort-requirements.patch
View File

@ -11,10 +11,10 @@ Signed-off-by: chengquan <chengquan3@huawei.com>
1 file changed, 1 insertion(+)
diff --git a/setup.py b/setup.py
index a9132d2..a81c1e9 100755
index d0b1c99..55b929a 100644
--- a/setup.py
+++ b/setup.py
@@ -324,6 +324,7 @@ cmdclass = {
@@ -331,6 +331,7 @@ cmdclass = {
}
requirements = read_requires()
@ -24,3 +24,4 @@ index a9132d2..a81c1e9 100755
name="cloud-init",
--
2.27.0

5
cloud-init-22.1-no-override-default-network.patch
View File

@ -9,10 +9,10 @@ Signed-off-by: Eduardo Otubo <otubo@redhat.com>
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
index ba85c4f..90a4eb9 100644
index d934f66..8a60c95 100644
--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
@@ -1039,7 +1039,17 @@ class Renderer(renderer.Renderer):
@@ -1025,7 +1025,17 @@ class Renderer(renderer.Renderer):
# Distros configuring /etc/sysconfig/network as a file e.g. Centos
if sysconfig_path.endswith("network"):
util.ensure_dir(os.path.dirname(sysconfig_path))
@ -33,3 +33,4 @@ index ba85c4f..90a4eb9 100644
netcfg.append("IPV6_AUTOCONF=no")
--
2.27.0

BIN
cloud-init-22.2.tar.gz
View File

Binary file not shown.

BIN
cloud-init-23.2.2.tar.gz Normal file
View File

Binary file not shown.

39
cloud-init.spec
View File

@ -1,6 +1,6 @@
Name: cloud-init
Version: 22.2
Release: 10
Version: 23.2.2
Release: 1
Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
License: ASL 2.0 or GPLv3
URL: http://launchpad.net/cloud-init
@ -13,20 +13,13 @@ Patch1: bugfix-cloud-init-add-os-support.patch
Patch2: bugfix-sort-requirements.patch
Patch3: add-variable-to-forbid-tmp-dir.patch
Patch4: Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch
Patch5: backport-Fix-permission-of-SSH-host-keys-1971.patch
Patch6: backport-Do-not-change-permissions-of-netrules-target.patch
Patch7: backport-CVE-2022-2084.patch
Patch8: backport-Cleanup-ephemeral-IP-routes-on-exception.patch
Patch9: backport-CVE-2023-1786.patch
Patch9000: fix-permission-of-the-private-key.patch
BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd
BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2
BuildRequires: iproute python3-configobj python3-responses
BuildRequires: python3-jinja2 python3-jsonpatch python3-jsonschema
BuildRequires: python3-mock python3-oauthlib python3-prettytable
BuildRequires: python3-pyserial python3-PyYAML python3-requests python3-six
BuildRequires: python3-unittest2 dnf %{_vendor}-release python3-pytest passwd python3-netifaces
BuildRequires: python3-pyserial python3-PyYAML python3-requests
BuildRequires: dnf %{_vendor}-release python3-pytest passwd python3-netifaces
BuildRequires: python3-pytest-mock
Requires: e2fsprogs iproute python3-libselinux net-tools python3-policycoreutils
@ -62,13 +55,6 @@ install -D -m 0644 %{SOURCE1} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
install -D -m 0644 tools/21-cloudinit.conf %{buildroot}/%{_sysconfdir}/rsyslog.d/21-cloudinit.conf
%check
rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_handler/test_handler_ntp.py
rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_datasource/test_opennebula.py
# nothing provides python3-responses
rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/test_url_helper.py
rm -f $RPM_BUILD_DIR/%{name}-%{version}/tests/unittests/sources/test_ec2.py
python3 -m pytest tests/unittests/
%pre
@ -103,11 +89,10 @@ fi
%dir %{_sysconfdir}/cloud/cloud.cfg.d
%config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/*.cfg
%doc %{_sysconfdir}/cloud/cloud.cfg.d/README
%doc %{_sysconfdir}/cloud/clean.d/README
%dir %{_sysconfdir}/rsyslog.d
%config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf
%{_sysconfdir}/NetworkManager/dispatcher.d/hook-network-manager
%{_sysconfdir}/dhcp/dhclient-exit-hooks.d/hook-dhclient
/lib/udev/rules.d/66-azure-ephemeral.rules
%{_udevrulesdir}/66-azure-ephemeral.rules
%{_unitdir}/cloud-config.service
%{_unitdir}/cloud-final.service
%{_unitdir}/cloud-init.service
@ -116,8 +101,8 @@ fi
%{_unitdir}/cloud-init.target
/usr/lib/systemd/system-generators/cloud-init-generator
%{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
/usr/lib/systemd/system/cloud-init-hotplugd.service
/usr/lib/systemd/system/cloud-init-hotplugd.socket
%{_unitdir}/cloud-init-hotplugd.service
%{_unitdir}/cloud-init-hotplugd.socket
%{_tmpfilesdir}/%{name}.conf
%{_libexecdir}/%{name}
%{_bindir}/cloud-init*
@ -134,6 +119,12 @@ fi
%exclude /usr/share/doc/*
%changelog
* Thu Aug 03 2023 shixuantong <shixuantong1@huawei.com> - 23.2.2-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:upgrade version to 23.2.2
* Wed May 24 2023 shixuantong <shixuantong1@huawei.com> - 22.2-10
- Type:CVE
- ID:CVE-2023-1786