Accepting request 809080 from home:mcepl:branches:systemsmanagement

- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
  (bsc#1164140)
- Add metadata information to this file to mark which SUSE
  bugzilla have been already fixed.

  - bsc#1164140 CVE-2020-1733 - insecure temporary directory when
    running become_user from become directive
  - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
    lookup plugin subprocess
  - bsc#1164137 CVE-2020-1735 - path injection on dest parameter
    in fetch module
  - bsc#1164134 CVE-2020-1736 atomic_move primitive sets
    permissive permissions
  - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
    module does not check extracted path
  - bsc#1164136 CVE-2020-1738 module package can be selected by
    the ansible facts
  - bsc#1164133 CVE-2020-1739  - svn module leaks password when
    specified as a parameter
  - bsc#1164135 CVE-2020-1740 - secrets readable after
    ansible-vault edit
  - bsc#1165393 CVE-2020-1746 - information disclosure issue in
    ldap_attr and ldap_entry modules
  - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
    sensitive information
  - CVE-2020-10684 - code injection when using ansible_facts as a subkey
  - bsc#1167440 CVE-2020-10685 - modules which use files
    encrypted with vault are not properly cleaned up
  - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
- update to version 2.9.6 (maintenance release) including

OBS-URL: https://build.opensuse.org/request/show/809080
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
This commit is contained in:
Lars Vogdt 2020-05-26 21:14:44 +00:00 committed by Git OBS Bridge
parent 591334f240
commit 256ccae9cf
4 changed files with 231 additions and 152 deletions

View File

@ -0,0 +1,54 @@
From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001
From: Brian Coca <bcoca@users.noreply.github.com>
Date: Mon, 13 Apr 2020 17:16:29 -0400
Subject: [PATCH 1/4] avoid mkdir -p (#68921)
* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion
CVE-2020-1733
fixes #67791
(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
---
changelogs/fragments/remote_mkdir_fix.yml | 2 ++
lib/ansible/plugins/action/__init__.py | 11 ++++++++---
lib/ansible/plugins/shell/__init__.py | 14 ++++++++++----
lib/ansible/plugins/shell/powershell.py | 2 ++
4 files changed, 22 insertions(+), 7 deletions(-)
create mode 100644 changelogs/fragments/remote_mkdir_fix.yml
--- /dev/null
+++ b/changelogs/fragments/remote_mkdir_fix.yml
@@ -0,0 +1,2 @@
+bugfixes:
+ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733
--- a/lib/ansible/plugins/action/__init__.py
+++ b/lib/ansible/plugins/action/__init__.py
@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta,
else:
# NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which
# we need for 'non posix' systems like cloud-init and solaris
- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False)
+ try:
+ tmpdir = self._connection._shell.get_option('remote_tmp')
+ except AnsibleError:
+ tmpdir = '~/.ansible/tmp'
+ tmpdir = self._remote_expand_user(tmpdir, sudoable=False)
become_unprivileged = self._is_become_unprivileged()
basefile = self._connection._shell._generate_temp_dir_name()
--- a/lib/ansible/plugins/shell/__init__.py
+++ b/lib/ansible/plugins/shell/__init__.py
@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin):
def _generate_temp_dir_name():
return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
+ @staticmethod
+ def _generate_temp_dir_name():
+ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
+
def env_prefix(self, **kwargs):
return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])

View File

@ -4,7 +4,7 @@ addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/module
addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py"); addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py");
# no really a lib - ignore rpmlint for this package explicitely # no really a lib - ignore rpmlint for this package explicitely
addFilter("explicit-lib-dependency python3-passlib"); addFilter("explicit-lib-dependency python3-passlib");
# standard files, needed for python # # standard files, needed for python
addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*"); # addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*");
# same for the ansible-test sub-package # # same for the ansible-test sub-package
addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*"); # addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*");

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue May 26 13:02:10 UTC 2020 - Matej Cepl <mcepl@suse.com>
- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
(bsc#1164140)
- Add metadata information to this file to mark which SUSE
bugzilla have been already fixed.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 12 23:34:59 UTC 2020 - Michael Ströder <michael@stroeder.com> Tue May 12 23:34:59 UTC 2020 - Michael Ströder <michael@stroeder.com>
@ -15,16 +23,30 @@ Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <michael@stroeder.com>
- update to version 2.9.7 with many bug fixes, - update to version 2.9.7 with many bug fixes,
especially for these security issues: especially for these security issues:
* CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164140 CVE-2020-1733 - insecure temporary directory when
* CVE-2020-1735 - path injection on dest parameter in fetch module running become_user from become directive
* CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
* CVE-2020-1739 - svn module leaks password when specified as a parameter lookup plugin subprocess
* CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1164137 CVE-2020-1735 - path injection on dest parameter
* CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules in fetch module
* CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1] - bsc#1164134 CVE-2020-1736 atomic_move primitive sets
* CVE-2020-10684 - code injection when using ansible_facts as a subkey permissive permissions
* CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
* CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] module does not check extracted path
- bsc#1164136 CVE-2020-1738 module package can be selected by
the ansible facts
- bsc#1164133 CVE-2020-1739 - svn module leaks password when
specified as a parameter
- bsc#1164135 CVE-2020-1740 - secrets readable after
ansible-vault edit
- bsc#1165393 CVE-2020-1746 - information disclosure issue in
ldap_attr and ldap_entry modules
- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
sensitive information
- CVE-2020-10684 - code injection when using ansible_facts as a subkey
- bsc#1167440 CVE-2020-10685 - modules which use files
encrypted with vault are not properly cleaned up
- CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6 Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
@ -36,7 +58,10 @@ Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder <michael@stroeder.com> Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
- update to version 2.9.6 (maintenance release) - update to version 2.9.6 (maintenance release) including
these security issues:
- bsc#1171162 CVE-2020-10729 two random password lookups in
same task return same value
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com> Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com>
@ -47,7 +72,12 @@ Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com>
Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder <michael@stroeder.com> Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder <michael@stroeder.com>
- update to version 2.9.4 (maintenance release) - update to version 2.9.4 (maintenance release)
fix in yum module - fix in yum module
- security fixes:
- bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
module via crafted solaris zone
- bsc#1157969 CVE-2019-14905 malicious code could craft
filename in nxos_file_copy module
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder <michael@stroeder.com> Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder <michael@stroeder.com>
@ -131,6 +161,8 @@ Fri Nov 1 21:11:03 UTC 2019 - Johannes Kastl <kastl@b1-systems.de>
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/ Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
and also available online at and also available online at
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
- Fixed among other this security bug:
- bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de
@ -169,6 +201,8 @@ Wed Aug 7 16:30:47 CEST 2019 - Matej Cepl <mcepl@suse.com>
- Update to version 2.8.3: - Update to version 2.8.3:
Full changelog is packaged, but also at Full changelog is packaged, but also at
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
- (bsc#1137528) CVE-2019-10156: ansible: templating causing an
unexpected key file to be set on remote node
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing - (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
CVE-2019-10206: ansible-playbook -k and ansible cli tools CVE-2019-10206: ansible-playbook -k and ansible cli tools
prompt passwords by expanding them from templates as they could prompt passwords by expanding them from templates as they could
@ -607,6 +641,7 @@ Sun Dec 16 00:20:24 UTC 2018 - Matthias Eliasson <matthias.eliasson@gmail.com>
* dnf module properly load and initialize dnf package manager plugins * dnf module properly load and initialize dnf package manager plugins
* docker_swarm_service: use docker defaults for the user parameter if it is set to null * docker_swarm_service: use docker defaults for the user parameter if it is set to null
Bugfixes: Bugfixes:
* bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)
* ACME modules: improve error messages in some cases (include error returned by server). * ACME modules: improve error messages in some cases (include error returned by server).
* Added unit test for VMware module_utils. * Added unit test for VMware module_utils.
* Also check stdout for interpreter errors for more intelligent messages to user * Also check stdout for interpreter errors for more intelligent messages to user

View File

@ -1,9 +1,7 @@
# #
# spec file for package ansible # spec file for package ansible
# #
# Copyright (c) 2019 SUSE LLC # Copyright (c) 2020 SUSE LLC
# Copyright 2013 by Lars Vogdt
# Copyright 2014 by Boris Manojlovic
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,8 +15,7 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
# Disable shebang munging for specific paths. These files are data files.
# ansible-test munges the shebangs itself.
%global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.* %global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.*
%if 0%{?rhel} || 0%{?fedora} %if 0%{?rhel} || 0%{?fedora}
# RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I # RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I
@ -30,42 +27,18 @@
%define py2_shbang_opts %{nil} %define py2_shbang_opts %{nil}
%define py3_shbang_opts %{nil} %define py3_shbang_opts %{nil}
%endif %endif
# While Windows Powershell meanwhile exists, it is not in Factory/Leap for now. # While Windows Powershell meanwhile exists, it is not in Factory/Leap for now.
# So let's exclude /usr/bin/pwsh from the dependencies # So let's exclude /usr/bin/pwsh from the dependencies
%define __requires_exclude ^%{_bindir}/pwsh$ %define __requires_exclude ^%{_bindir}/pwsh$
# Python 2 or Python 3? # Python 2 or Python 3?
%if 0%{?suse_version} >= 1315 %if 0%{?suse_version} >= 1315
%bcond_without python3 %bcond_without python3
%else %else
%bcond_with python3 %bcond_with python3
%endif %endif
# Disable/Enable tests only on newer distributions, which have the
%if %{with python3}
%define __python python3
%define python python3
%else
%define python python
%endif
# Disable/Enable tests only on newer distributions, which have the
# needed dependencies. # needed dependencies.
%define with_tests 0 %define with_tests 0
Name: ansible
Version: 2.9.9
Release: 0
Summary: SSH-based configuration management, deployment, and task execution system
License: GPL-3.0-or-later
Group: Development/Languages/Python
URL: https://ansible.com/
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
Source99: ansible-rpmlintrc
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildArch: noarch
# #
# Fedora # Fedora
# #
@ -92,6 +65,74 @@ Provides: bundled(python-selectors2) = 1.1.1
Provides: bundled(python-six) = 1.12.0 Provides: bundled(python-six) = 1.12.0
%endif %endif
# #
# RHEL
#
%if 0%{?rhel}
%if 0%{?rhel} >= 8
%global with_python2 0
%global with_python3 1
BuildRequires: %{py3_dist coverage}
BuildRequires: git-core
BuildRequires: python3-PyYAML
BuildRequires: python3-cryptography
BuildRequires: python3-devel
BuildRequires: python3-docutils
BuildRequires: python3-jinja2
BuildRequires: python3-mock
BuildRequires: python3-pytest
BuildRequires: python3-pytest-mock
BuildRequires: python3-pytest-xdist
BuildRequires: python3-requests
BuildRequires: python3-setuptools
BuildRequires: python3-six
BuildRequires: python3-systemd
Requires: python3-PyYAML
Requires: python3-cryptography
Requires: python3-jinja2
Requires: python3-six
Requires: sshpass
%else
%if 0%{?rhel} >= 7
%global with_python2 1
%global with_python3 0
BuildRequires: PyYAML
BuildRequires: git
BuildRequires: pytest
BuildRequires: python-boto3
BuildRequires: python-coverage
BuildRequires: python-jinja2
BuildRequires: python-jmespath
BuildRequires: python-mock
BuildRequires: python-paramiko
BuildRequires: python-passlib
BuildRequires: python-requests
BuildRequires: python-setuptools
BuildRequires: python-six
BuildRequires: python-sphinx
BuildRequires: python2-cryptography
BuildRequires: python2-devel
Requires: PyYAML
Requires: python-jinja2
Requires: python-paramiko
Requires: python-six
Requires: python2-cryptography
Requires: sshpass
%endif # Requires for RHEL 7
%endif # Requires for RHEL 8
# Bundled provides
Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
Provides: bundled(python-distro) = 1.4.0
Provides: bundled(python-ipaddress) = 1.0.22
Provides: bundled(python-selectors2) = 1.1.1
Provides: bundled(python-six) = 1.12.0
%endif
%if %{with python3}
%define __python python3
%define python python3
%else
%define python python
%endif
#
# SUSE/openSUSE # SUSE/openSUSE
# #
%if 0%{?suse_version} %if 0%{?suse_version}
@ -105,7 +146,7 @@ Provides: bundled(python-six) = 1.12.0
# disable building extensive docs per default: # disable building extensive docs per default:
%define with_docs 0 %define with_docs 0
# Distribution version dependend stuff # Distribution version dependend stuff
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
# Enable VMWare support for newer openSUSE distributions here # Enable VMWare support for newer openSUSE distributions here
# otherwise disable this by setting the value below to 0 # otherwise disable this by setting the value below to 0
%define with_vmware 1 %define with_vmware 1
@ -117,6 +158,35 @@ Provides: bundled(python-six) = 1.12.0
%define with_vmware 0 %define with_vmware 0
%define with_tests 0 %define with_tests 0
%endif %endif
%if ! %{with python3}
Requires: %{python}-xml
%endif
%if 0%{?with_amazon}
BuildRequires: %{python}-boto3
BuildRequires: %{python}-botocore
%endif
%if 0%{?with_gitlab}
BuildRequires: %{python}-gitlab
BuildRequires: %{python}-httmock
Recommends: %{python}-gitlab
Recommends: %{python}-httmock
%endif
%if 0%{?with_tests}
BuildRequires: %{python}-pbkdf2
BuildRequires: %{python}-pytest
BuildRequires: %{python}-python-memcached
BuildRequires: %{python}-redis
BuildRequires: %{python}-requests
%endif
%if 0%{?with_vmware}
BuildRequires: %{python}-pyvmomi
Recommends: %{python}-pyvmomi
%endif
%if 0%{?with_winrm}
BuildRequires: %{python}-pexpect
BuildRequires: %{python}-pywinrm
Recommends: %{python}-pywinrm
%endif
BuildRequires: %{python}-Jinja2 BuildRequires: %{python}-Jinja2
BuildRequires: %{python}-PyYAML BuildRequires: %{python}-PyYAML
BuildRequires: %{python}-coverage BuildRequires: %{python}-coverage
@ -135,112 +205,34 @@ Requires: %{python}-paramiko
Requires: %{python}-passlib Requires: %{python}-passlib
Requires: %{python}-pycrypto >= 2.6 Requires: %{python}-pycrypto >= 2.6
Requires: %{python}-setuptools > 0.6 Requires: %{python}-setuptools > 0.6
%if ! %{with python3}
Requires: %{python}-xml
%endif
Recommends: %{python}-boto3 Recommends: %{python}-boto3
Recommends: %{python}-botocore Recommends: %{python}-botocore
Recommends: %{python}-dnspython Recommends: %{python}-dnspython
Recommends: %{python}-dopy Recommends: %{python}-dopy
Recommends: %{python}-httplib2 Recommends: %{python}-httplib2
Recommends: %{python}-keyczar Recommends: %{python}-keyczar
Recommends: %{python}-python-memcached
Recommends: %{python}-pbkdf2 Recommends: %{python}-pbkdf2
Recommends: %{python}-python-memcached
Recommends: %{python}-pywinrm Recommends: %{python}-pywinrm
Recommends: %{python}-redis Recommends: %{python}-redis
Recommends: %{python}-requests Recommends: %{python}-requests
Recommends: %{python}-six Recommends: %{python}-six
Recommends: sshpass Recommends: sshpass
%if 0%{?with_amazon}
BuildRequires: %{python}-boto3
BuildRequires: %{python}-botocore
%endif %endif
%if 0%{?with_gitlab} Name: ansible
BuildRequires: %{python}-gitlab Version: 2.9.9
BuildRequires: %{python}-httmock Release: 0
Recommends: %{python}-gitlab Summary: SSH-based configuration management, deployment, and task execution system
Recommends: %{python}-httmock License: GPL-3.0-or-later
%endif Group: Development/Languages/Python
%if 0%{?with_tests} URL: https://ansible.com/
BuildRequires: %{python}-python-memcached Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
BuildRequires: %{python}-pbkdf2 Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
BuildRequires: %{python}-pytest Source99: ansible-rpmlintrc
BuildRequires: %{python}-redis # PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
BuildRequires: %{python}-requests # gh#ansible/ansible#67791 avoid race condition and insecure directory creation
%endif Patch0: CVE-2020-1733_avoid_mkdir_p.patch
%if 0%{?with_vmware} BuildArch: noarch
BuildRequires: %{python}-pyvmomi
Recommends: %{python}-pyvmomi
%endif
%if 0%{?with_winrm}
BuildRequires: %{python}-pywinrm
BuildRequires: %{python}-pexpect
Recommends: %{python}-pywinrm
%endif
%endif
#
# RHEL
#
%if 0%{?rhel}
# Bundled provides
Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
Provides: bundled(python-distro) = 1.4.0
Provides: bundled(python-ipaddress) = 1.0.22
Provides: bundled(python-selectors2) = 1.1.1
Provides: bundled(python-six) = 1.12.0
%if 0%{?rhel} >= 8
%global with_python2 0
%global with_python3 1
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-docutils
BuildRequires: python3-jinja2
BuildRequires: python3-PyYAML
BuildRequires: python3-cryptography
BuildRequires: python3-six
BuildRequires: python3-pytest
BuildRequires: python3-pytest-xdist
BuildRequires: python3-pytest-mock
BuildRequires: python3-requests
BUildRequires: %{py3_dist coverage}
BuildRequires: python3-mock
BuildRequires: python3-systemd
BuildRequires: git-core
Requires: python3-jinja2
Requires: python3-PyYAML
Requires: python3-cryptography
Requires: python3-six
Requires: sshpass
%else
%if 0%{?rhel} >= 7
%global with_python2 1
%global with_python3 0
BuildRequires: python2-devel
BuildRequires: python-setuptools
BuildRequires: python-sphinx
BuildRequires: python-jinja2
BuildRequires: PyYAML
BuildRequires: python2-cryptography
BuildRequires: python-six
BuildRequires: pytest
BuildRequires: python-requests
BuildRequires: python-coverage
BuildRequires: python-mock
BuildRequires: python-boto3
BuildRequires: git
BuildRequires: python-paramiko
BuildRequires: python-jmespath
BuildRequires: python-passlib
Requires: python-jinja2
Requires: PyYAML
Requires: python2-cryptography
Requires: python-six
Requires: sshpass
Requires: python-paramiko
%endif # Requires for RHEL 7
%endif # Requires for RHEL 8
%endif
# extented documentation # extented documentation
%if 0%{?with_docs} %if 0%{?with_docs}
BuildRequires: asciidoc BuildRequires: asciidoc
@ -256,7 +248,6 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines modules can be written in any language and are transferred to managed machines
automatically. automatically.
%package doc %package doc
Summary: Documentation for Ansible Summary: Documentation for Ansible
Recommends: %{name} = %{version} Recommends: %{name} = %{version}
@ -270,7 +261,6 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines modules can be written in any language and are transferred to managed machines
automatically. automatically.
%package test %package test
Summary: Tool for testing ansible plugin and module code Summary: Tool for testing ansible plugin and module code
Requires: %{name} = %{version} Requires: %{name} = %{version}
@ -278,18 +268,17 @@ Requires: %{name} = %{version}
# RHEL # RHEL
# #
%if 0%{?rhel} >= 7 %if 0%{?rhel} >= 7
Requires: python-virtualenv
BuildRequires: python-virtualenv BuildRequires: python-virtualenv
Requires: python-virtualenv
%endif %endif
# #
# SUSE/openSUSE # SUSE/openSUSE
# #
%if 0%{?suse_version} >= 1500 %if 0%{?suse_version} >= 1500
Requires: %{python}-virtualenv
BuildRequires: %{python}-virtualenv BuildRequires: %{python}-virtualenv
Requires: %{python}-virtualenv
%endif %endif
%description test %description test
This package installs the ansible-test command for testing modules and plugins This package installs the ansible-test command for testing modules and plugins
developed for ansible. developed for ansible.
@ -300,9 +289,10 @@ not require any software or daemons to be installed on remote nodes. Extension
modules can be written in any language and are transferred to managed machines modules can be written in any language and are transferred to managed machines
automatically. automatically.
%prep %prep
%setup -q -n ansible-%{version} %setup -q -n ansible-%{version}
%autopatch -p1
for file in .git_keep .travis.yml ; do for file in .git_keep .travis.yml ; do
find . -name "$file" -delete find . -name "$file" -delete
done done
@ -314,15 +304,15 @@ find ./ -type f -exec \
%build %build
%{__python} setup.py build %{python} setup.py build
%if 0%{?with_docs} %if 0%{?with_docs}
make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs %make_build PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs
%else %else
make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing %make_build PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing
%endif %endif
%install %install
%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot} %{python} setup.py install --prefix=%{_prefix} --root=%{buildroot}
mkdir -p %{buildroot}%{_sysconfdir}/ansible/ mkdir -p %{buildroot}%{_sysconfdir}/ansible/
cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/ cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/
@ -370,7 +360,7 @@ for location in $DATADIR_LOCATIONS ; do
done done
mkdir -p %{buildroot}%{_sysconfdir}/ansible/ mkdir -p %{buildroot}%{_sysconfdir}/ansible/
mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/ mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/
# fix for https://github.com/ansible/ansible/pull/24381 # fix for https://github.com/ansible/ansible/pull/24381
# resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479 # resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479
mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates} mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates}
@ -386,7 +376,7 @@ cp -pr docs/docsite/rst .
%if 0%{?with_tests} && 0%{with python3} %if 0%{?with_tests} && 0%{with python3}
%check %check
%{__python3} bin/ansible-test units -v --python %{python3_version} python3 bin/ansible-test units -v --python %{python3_version}
%endif %endif