Accepting request 809080 from home:mcepl:branches:systemsmanagement
- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) - Add metadata information to this file to mark which SUSE bugzilla have been already fixed. - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] - update to version 2.9.6 (maintenance release) including OBS-URL: https://build.opensuse.org/request/show/809080 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ansible?expand=0&rev=183
This commit is contained in:
parent
591334f240
commit
256ccae9cf
54
CVE-2020-1733_avoid_mkdir_p.patch
Normal file
54
CVE-2020-1733_avoid_mkdir_p.patch
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Brian Coca <bcoca@users.noreply.github.com>
|
||||||
|
Date: Mon, 13 Apr 2020 17:16:29 -0400
|
||||||
|
Subject: [PATCH 1/4] avoid mkdir -p (#68921)
|
||||||
|
|
||||||
|
* also consolidated temp dir name generation, added pid for more 'uniqness'
|
||||||
|
* generalize error message
|
||||||
|
* added notes about remote expansion
|
||||||
|
|
||||||
|
CVE-2020-1733
|
||||||
|
fixes #67791
|
||||||
|
|
||||||
|
(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
|
||||||
|
---
|
||||||
|
changelogs/fragments/remote_mkdir_fix.yml | 2 ++
|
||||||
|
lib/ansible/plugins/action/__init__.py | 11 ++++++++---
|
||||||
|
lib/ansible/plugins/shell/__init__.py | 14 ++++++++++----
|
||||||
|
lib/ansible/plugins/shell/powershell.py | 2 ++
|
||||||
|
4 files changed, 22 insertions(+), 7 deletions(-)
|
||||||
|
create mode 100644 changelogs/fragments/remote_mkdir_fix.yml
|
||||||
|
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/changelogs/fragments/remote_mkdir_fix.yml
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+bugfixes:
|
||||||
|
+ - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733
|
||||||
|
--- a/lib/ansible/plugins/action/__init__.py
|
||||||
|
+++ b/lib/ansible/plugins/action/__init__.py
|
||||||
|
@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta,
|
||||||
|
else:
|
||||||
|
# NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which
|
||||||
|
# we need for 'non posix' systems like cloud-init and solaris
|
||||||
|
- tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False)
|
||||||
|
+ try:
|
||||||
|
+ tmpdir = self._connection._shell.get_option('remote_tmp')
|
||||||
|
+ except AnsibleError:
|
||||||
|
+ tmpdir = '~/.ansible/tmp'
|
||||||
|
+ tmpdir = self._remote_expand_user(tmpdir, sudoable=False)
|
||||||
|
|
||||||
|
become_unprivileged = self._is_become_unprivileged()
|
||||||
|
basefile = self._connection._shell._generate_temp_dir_name()
|
||||||
|
--- a/lib/ansible/plugins/shell/__init__.py
|
||||||
|
+++ b/lib/ansible/plugins/shell/__init__.py
|
||||||
|
@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin):
|
||||||
|
def _generate_temp_dir_name():
|
||||||
|
return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
|
||||||
|
|
||||||
|
+ @staticmethod
|
||||||
|
+ def _generate_temp_dir_name():
|
||||||
|
+ return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
|
||||||
|
+
|
||||||
|
def env_prefix(self, **kwargs):
|
||||||
|
return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
|
||||||
|
|
@ -4,7 +4,7 @@ addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/module
|
|||||||
addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py");
|
addFilter("non-executable-script.*/usr/lib/python.*/site-packages/ansible/(cli|galaxy|module_utils|plugins/action|runner|utils)/.*.py");
|
||||||
# no really a lib - ignore rpmlint for this package explicitely
|
# no really a lib - ignore rpmlint for this package explicitely
|
||||||
addFilter("explicit-lib-dependency python3-passlib");
|
addFilter("explicit-lib-dependency python3-passlib");
|
||||||
# standard files, needed for python
|
# # standard files, needed for python
|
||||||
addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*");
|
# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible/.*");
|
||||||
# same for the ansible-test sub-package
|
# # same for the ansible-test sub-package
|
||||||
addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*");
|
# addFilter("files-duplicate /usr/lib/python.*/site-packages/ansible_test/.*");
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 26 13:02:10 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
- Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733
|
||||||
|
(bsc#1164140)
|
||||||
|
- Add metadata information to this file to mark which SUSE
|
||||||
|
bugzilla have been already fixed.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue May 12 23:34:59 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
Tue May 12 23:34:59 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
@ -15,16 +23,30 @@ Fri Apr 17 06:49:56 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|||||||
|
|
||||||
- update to version 2.9.7 with many bug fixes,
|
- update to version 2.9.7 with many bug fixes,
|
||||||
especially for these security issues:
|
especially for these security issues:
|
||||||
* CVE-2020-1733 - insecure temporary directory when running become_user from become directive
|
- bsc#1164140 CVE-2020-1733 - insecure temporary directory when
|
||||||
* CVE-2020-1735 - path injection on dest parameter in fetch module
|
running become_user from become directive
|
||||||
* CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path
|
- bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe
|
||||||
* CVE-2020-1739 - svn module leaks password when specified as a parameter
|
lookup plugin subprocess
|
||||||
* CVE-2020-1740 - secrets readable after ansible-vault edit
|
- bsc#1164137 CVE-2020-1735 - path injection on dest parameter
|
||||||
* CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules
|
in fetch module
|
||||||
* CVE-2020-1753 - kubectl connection plugin leaks sensitive information [1]
|
- bsc#1164134 CVE-2020-1736 atomic_move primitive sets
|
||||||
* CVE-2020-10684 - code injection when using ansible_facts as a subkey
|
permissive permissions
|
||||||
* CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up
|
- bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip
|
||||||
* CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
|
module does not check extracted path
|
||||||
|
- bsc#1164136 CVE-2020-1738 module package can be selected by
|
||||||
|
the ansible facts
|
||||||
|
- bsc#1164133 CVE-2020-1739 - svn module leaks password when
|
||||||
|
specified as a parameter
|
||||||
|
- bsc#1164135 CVE-2020-1740 - secrets readable after
|
||||||
|
ansible-vault edit
|
||||||
|
- bsc#1165393 CVE-2020-1746 - information disclosure issue in
|
||||||
|
ldap_attr and ldap_entry modules
|
||||||
|
- bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks
|
||||||
|
sensitive information
|
||||||
|
- CVE-2020-10684 - code injection when using ansible_facts as a subkey
|
||||||
|
- bsc#1167440 CVE-2020-10685 - modules which use files
|
||||||
|
encrypted with vault are not properly cleaned up
|
||||||
|
- CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
|
Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
|
||||||
@ -36,7 +58,10 @@ Mon Apr 6 20:45:04 UTC 2020 - lars@linux-schulserver.de - 2.9.6
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
Thu Mar 5 08:23:57 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
- update to version 2.9.6 (maintenance release)
|
- update to version 2.9.6 (maintenance release) including
|
||||||
|
these security issues:
|
||||||
|
- bsc#1171162 CVE-2020-10729 two random password lookups in
|
||||||
|
same task return same value
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
@ -47,7 +72,12 @@ Thu Feb 13 21:38:06 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
|||||||
Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
Tue Jan 28 12:38:16 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
|
|
||||||
- update to version 2.9.4 (maintenance release)
|
- update to version 2.9.4 (maintenance release)
|
||||||
fix in yum module
|
- fix in yum module
|
||||||
|
- security fixes:
|
||||||
|
- bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone
|
||||||
|
module via crafted solaris zone
|
||||||
|
- bsc#1157969 CVE-2019-14905 malicious code could craft
|
||||||
|
filename in nxos_file_copy module
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
Thu Jan 16 17:34:28 UTC 2020 - Michael Ströder <michael@stroeder.com>
|
||||||
@ -131,6 +161,8 @@ Fri Nov 1 21:11:03 UTC 2019 - Johannes Kastl <kastl@b1-systems.de>
|
|||||||
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
|
Full changelog is packaged at /usr/share/doc/packages/ansible/changelogs/
|
||||||
and also available online at
|
and also available online at
|
||||||
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
|
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst
|
||||||
|
- Fixed among other this security bug:
|
||||||
|
- bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de
|
Sun Oct 27 14:15:53 UTC 2019 - lars@linux-schulserver.de
|
||||||
@ -169,6 +201,8 @@ Wed Aug 7 16:30:47 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
|||||||
- Update to version 2.8.3:
|
- Update to version 2.8.3:
|
||||||
Full changelog is packaged, but also at
|
Full changelog is packaged, but also at
|
||||||
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
|
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst
|
||||||
|
- (bsc#1137528) CVE-2019-10156: ansible: templating causing an
|
||||||
|
unexpected key file to be set on remote node
|
||||||
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
|
- (bsc#1142690) Adds CVE-2019-10206-data-disclosure.patch fixing
|
||||||
CVE-2019-10206: ansible-playbook -k and ansible cli tools
|
CVE-2019-10206: ansible-playbook -k and ansible cli tools
|
||||||
prompt passwords by expanding them from templates as they could
|
prompt passwords by expanding them from templates as they could
|
||||||
@ -607,6 +641,7 @@ Sun Dec 16 00:20:24 UTC 2018 - Matthias Eliasson <matthias.eliasson@gmail.com>
|
|||||||
* dnf module properly load and initialize dnf package manager plugins
|
* dnf module properly load and initialize dnf package manager plugins
|
||||||
* docker_swarm_service: use docker defaults for the user parameter if it is set to null
|
* docker_swarm_service: use docker defaults for the user parameter if it is set to null
|
||||||
Bugfixes:
|
Bugfixes:
|
||||||
|
* bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569)
|
||||||
* ACME modules: improve error messages in some cases (include error returned by server).
|
* ACME modules: improve error messages in some cases (include error returned by server).
|
||||||
* Added unit test for VMware module_utils.
|
* Added unit test for VMware module_utils.
|
||||||
* Also check stdout for interpreter errors for more intelligent messages to user
|
* Also check stdout for interpreter errors for more intelligent messages to user
|
||||||
|
262
ansible.spec
262
ansible.spec
@ -1,9 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package ansible
|
# spec file for package ansible
|
||||||
#
|
#
|
||||||
# Copyright (c) 2019 SUSE LLC
|
# Copyright (c) 2020 SUSE LLC
|
||||||
# Copyright 2013 by Lars Vogdt
|
|
||||||
# Copyright 2014 by Boris Manojlovic
|
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,8 +15,7 @@
|
|||||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
# Disable shebang munging for specific paths. These files are data files.
|
|
||||||
# ansible-test munges the shebangs itself.
|
|
||||||
%global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.*
|
%global __brp_mangle_shebangs_exclude_from %{_prefix}/lib/python[0-9]+\.[0-9]+/site-packages/ansible_test/_data/.*
|
||||||
%if 0%{?rhel} || 0%{?fedora}
|
%if 0%{?rhel} || 0%{?fedora}
|
||||||
# RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I
|
# RHEL and Fedora add -s to the shebang line. We do *not* use -s -E -S or -I
|
||||||
@ -30,42 +27,18 @@
|
|||||||
%define py2_shbang_opts %{nil}
|
%define py2_shbang_opts %{nil}
|
||||||
%define py3_shbang_opts %{nil}
|
%define py3_shbang_opts %{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# While Windows Powershell meanwhile exists, it is not in Factory/Leap for now.
|
# While Windows Powershell meanwhile exists, it is not in Factory/Leap for now.
|
||||||
# So let's exclude /usr/bin/pwsh from the dependencies
|
# So let's exclude /usr/bin/pwsh from the dependencies
|
||||||
%define __requires_exclude ^%{_bindir}/pwsh$
|
%define __requires_exclude ^%{_bindir}/pwsh$
|
||||||
|
|
||||||
# Python 2 or Python 3?
|
# Python 2 or Python 3?
|
||||||
%if 0%{?suse_version} >= 1315
|
%if 0%{?suse_version} >= 1315
|
||||||
%bcond_without python3
|
%bcond_without python3
|
||||||
%else
|
%else
|
||||||
%bcond_with python3
|
%bcond_with python3
|
||||||
%endif
|
%endif
|
||||||
|
# Disable/Enable tests only on newer distributions, which have the
|
||||||
%if %{with python3}
|
|
||||||
%define __python python3
|
|
||||||
%define python python3
|
|
||||||
%else
|
|
||||||
%define python python
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Disable/Enable tests only on newer distributions, which have the
|
|
||||||
# needed dependencies.
|
# needed dependencies.
|
||||||
%define with_tests 0
|
%define with_tests 0
|
||||||
|
|
||||||
|
|
||||||
Name: ansible
|
|
||||||
Version: 2.9.9
|
|
||||||
Release: 0
|
|
||||||
Summary: SSH-based configuration management, deployment, and task execution system
|
|
||||||
License: GPL-3.0-or-later
|
|
||||||
Group: Development/Languages/Python
|
|
||||||
URL: https://ansible.com/
|
|
||||||
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
|
|
||||||
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
|
|
||||||
Source99: ansible-rpmlintrc
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
|
|
||||||
BuildArch: noarch
|
|
||||||
#
|
#
|
||||||
# Fedora
|
# Fedora
|
||||||
#
|
#
|
||||||
@ -92,6 +65,74 @@ Provides: bundled(python-selectors2) = 1.1.1
|
|||||||
Provides: bundled(python-six) = 1.12.0
|
Provides: bundled(python-six) = 1.12.0
|
||||||
%endif
|
%endif
|
||||||
#
|
#
|
||||||
|
# RHEL
|
||||||
|
#
|
||||||
|
%if 0%{?rhel}
|
||||||
|
%if 0%{?rhel} >= 8
|
||||||
|
%global with_python2 0
|
||||||
|
%global with_python3 1
|
||||||
|
BuildRequires: %{py3_dist coverage}
|
||||||
|
BuildRequires: git-core
|
||||||
|
BuildRequires: python3-PyYAML
|
||||||
|
BuildRequires: python3-cryptography
|
||||||
|
BuildRequires: python3-devel
|
||||||
|
BuildRequires: python3-docutils
|
||||||
|
BuildRequires: python3-jinja2
|
||||||
|
BuildRequires: python3-mock
|
||||||
|
BuildRequires: python3-pytest
|
||||||
|
BuildRequires: python3-pytest-mock
|
||||||
|
BuildRequires: python3-pytest-xdist
|
||||||
|
BuildRequires: python3-requests
|
||||||
|
BuildRequires: python3-setuptools
|
||||||
|
BuildRequires: python3-six
|
||||||
|
BuildRequires: python3-systemd
|
||||||
|
Requires: python3-PyYAML
|
||||||
|
Requires: python3-cryptography
|
||||||
|
Requires: python3-jinja2
|
||||||
|
Requires: python3-six
|
||||||
|
Requires: sshpass
|
||||||
|
%else
|
||||||
|
%if 0%{?rhel} >= 7
|
||||||
|
%global with_python2 1
|
||||||
|
%global with_python3 0
|
||||||
|
BuildRequires: PyYAML
|
||||||
|
BuildRequires: git
|
||||||
|
BuildRequires: pytest
|
||||||
|
BuildRequires: python-boto3
|
||||||
|
BuildRequires: python-coverage
|
||||||
|
BuildRequires: python-jinja2
|
||||||
|
BuildRequires: python-jmespath
|
||||||
|
BuildRequires: python-mock
|
||||||
|
BuildRequires: python-paramiko
|
||||||
|
BuildRequires: python-passlib
|
||||||
|
BuildRequires: python-requests
|
||||||
|
BuildRequires: python-setuptools
|
||||||
|
BuildRequires: python-six
|
||||||
|
BuildRequires: python-sphinx
|
||||||
|
BuildRequires: python2-cryptography
|
||||||
|
BuildRequires: python2-devel
|
||||||
|
Requires: PyYAML
|
||||||
|
Requires: python-jinja2
|
||||||
|
Requires: python-paramiko
|
||||||
|
Requires: python-six
|
||||||
|
Requires: python2-cryptography
|
||||||
|
Requires: sshpass
|
||||||
|
%endif # Requires for RHEL 7
|
||||||
|
%endif # Requires for RHEL 8
|
||||||
|
# Bundled provides
|
||||||
|
Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
|
||||||
|
Provides: bundled(python-distro) = 1.4.0
|
||||||
|
Provides: bundled(python-ipaddress) = 1.0.22
|
||||||
|
Provides: bundled(python-selectors2) = 1.1.1
|
||||||
|
Provides: bundled(python-six) = 1.12.0
|
||||||
|
%endif
|
||||||
|
%if %{with python3}
|
||||||
|
%define __python python3
|
||||||
|
%define python python3
|
||||||
|
%else
|
||||||
|
%define python python
|
||||||
|
%endif
|
||||||
|
#
|
||||||
# SUSE/openSUSE
|
# SUSE/openSUSE
|
||||||
#
|
#
|
||||||
%if 0%{?suse_version}
|
%if 0%{?suse_version}
|
||||||
@ -105,7 +146,7 @@ Provides: bundled(python-six) = 1.12.0
|
|||||||
# disable building extensive docs per default:
|
# disable building extensive docs per default:
|
||||||
%define with_docs 0
|
%define with_docs 0
|
||||||
# Distribution version dependend stuff
|
# Distribution version dependend stuff
|
||||||
%if 0%{?suse_version} >= 1500
|
%if 0%{?suse_version} >= 1500
|
||||||
# Enable VMWare support for newer openSUSE distributions here
|
# Enable VMWare support for newer openSUSE distributions here
|
||||||
# otherwise disable this by setting the value below to 0
|
# otherwise disable this by setting the value below to 0
|
||||||
%define with_vmware 1
|
%define with_vmware 1
|
||||||
@ -117,6 +158,35 @@ Provides: bundled(python-six) = 1.12.0
|
|||||||
%define with_vmware 0
|
%define with_vmware 0
|
||||||
%define with_tests 0
|
%define with_tests 0
|
||||||
%endif
|
%endif
|
||||||
|
%if ! %{with python3}
|
||||||
|
Requires: %{python}-xml
|
||||||
|
%endif
|
||||||
|
%if 0%{?with_amazon}
|
||||||
|
BuildRequires: %{python}-boto3
|
||||||
|
BuildRequires: %{python}-botocore
|
||||||
|
%endif
|
||||||
|
%if 0%{?with_gitlab}
|
||||||
|
BuildRequires: %{python}-gitlab
|
||||||
|
BuildRequires: %{python}-httmock
|
||||||
|
Recommends: %{python}-gitlab
|
||||||
|
Recommends: %{python}-httmock
|
||||||
|
%endif
|
||||||
|
%if 0%{?with_tests}
|
||||||
|
BuildRequires: %{python}-pbkdf2
|
||||||
|
BuildRequires: %{python}-pytest
|
||||||
|
BuildRequires: %{python}-python-memcached
|
||||||
|
BuildRequires: %{python}-redis
|
||||||
|
BuildRequires: %{python}-requests
|
||||||
|
%endif
|
||||||
|
%if 0%{?with_vmware}
|
||||||
|
BuildRequires: %{python}-pyvmomi
|
||||||
|
Recommends: %{python}-pyvmomi
|
||||||
|
%endif
|
||||||
|
%if 0%{?with_winrm}
|
||||||
|
BuildRequires: %{python}-pexpect
|
||||||
|
BuildRequires: %{python}-pywinrm
|
||||||
|
Recommends: %{python}-pywinrm
|
||||||
|
%endif
|
||||||
BuildRequires: %{python}-Jinja2
|
BuildRequires: %{python}-Jinja2
|
||||||
BuildRequires: %{python}-PyYAML
|
BuildRequires: %{python}-PyYAML
|
||||||
BuildRequires: %{python}-coverage
|
BuildRequires: %{python}-coverage
|
||||||
@ -135,112 +205,34 @@ Requires: %{python}-paramiko
|
|||||||
Requires: %{python}-passlib
|
Requires: %{python}-passlib
|
||||||
Requires: %{python}-pycrypto >= 2.6
|
Requires: %{python}-pycrypto >= 2.6
|
||||||
Requires: %{python}-setuptools > 0.6
|
Requires: %{python}-setuptools > 0.6
|
||||||
%if ! %{with python3}
|
|
||||||
Requires: %{python}-xml
|
|
||||||
%endif
|
|
||||||
Recommends: %{python}-boto3
|
Recommends: %{python}-boto3
|
||||||
Recommends: %{python}-botocore
|
Recommends: %{python}-botocore
|
||||||
Recommends: %{python}-dnspython
|
Recommends: %{python}-dnspython
|
||||||
Recommends: %{python}-dopy
|
Recommends: %{python}-dopy
|
||||||
Recommends: %{python}-httplib2
|
Recommends: %{python}-httplib2
|
||||||
Recommends: %{python}-keyczar
|
Recommends: %{python}-keyczar
|
||||||
Recommends: %{python}-python-memcached
|
|
||||||
Recommends: %{python}-pbkdf2
|
Recommends: %{python}-pbkdf2
|
||||||
|
Recommends: %{python}-python-memcached
|
||||||
Recommends: %{python}-pywinrm
|
Recommends: %{python}-pywinrm
|
||||||
Recommends: %{python}-redis
|
Recommends: %{python}-redis
|
||||||
Recommends: %{python}-requests
|
Recommends: %{python}-requests
|
||||||
Recommends: %{python}-six
|
Recommends: %{python}-six
|
||||||
Recommends: sshpass
|
Recommends: sshpass
|
||||||
%if 0%{?with_amazon}
|
|
||||||
BuildRequires: %{python}-boto3
|
|
||||||
BuildRequires: %{python}-botocore
|
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?with_gitlab}
|
Name: ansible
|
||||||
BuildRequires: %{python}-gitlab
|
Version: 2.9.9
|
||||||
BuildRequires: %{python}-httmock
|
Release: 0
|
||||||
Recommends: %{python}-gitlab
|
Summary: SSH-based configuration management, deployment, and task execution system
|
||||||
Recommends: %{python}-httmock
|
License: GPL-3.0-or-later
|
||||||
%endif
|
Group: Development/Languages/Python
|
||||||
%if 0%{?with_tests}
|
URL: https://ansible.com/
|
||||||
BuildRequires: %{python}-python-memcached
|
Source: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz
|
||||||
BuildRequires: %{python}-pbkdf2
|
Source1: https://releases.ansible.com/ansible/ansible-%{version}.tar.gz.sha
|
||||||
BuildRequires: %{python}-pytest
|
Source99: ansible-rpmlintrc
|
||||||
BuildRequires: %{python}-redis
|
# PATCH-FIX-UPSTREAM CVE-2020-1733_avoid_mkdir_p.patch bsc#1171823 mcepl@suse.com
|
||||||
BuildRequires: %{python}-requests
|
# gh#ansible/ansible#67791 avoid race condition and insecure directory creation
|
||||||
%endif
|
Patch0: CVE-2020-1733_avoid_mkdir_p.patch
|
||||||
%if 0%{?with_vmware}
|
BuildArch: noarch
|
||||||
BuildRequires: %{python}-pyvmomi
|
|
||||||
Recommends: %{python}-pyvmomi
|
|
||||||
%endif
|
|
||||||
%if 0%{?with_winrm}
|
|
||||||
BuildRequires: %{python}-pywinrm
|
|
||||||
BuildRequires: %{python}-pexpect
|
|
||||||
Recommends: %{python}-pywinrm
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
#
|
|
||||||
# RHEL
|
|
||||||
#
|
|
||||||
%if 0%{?rhel}
|
|
||||||
# Bundled provides
|
|
||||||
Provides: bundled(python-backports-ssl_match_hostname) = 3.7.0.1
|
|
||||||
Provides: bundled(python-distro) = 1.4.0
|
|
||||||
Provides: bundled(python-ipaddress) = 1.0.22
|
|
||||||
Provides: bundled(python-selectors2) = 1.1.1
|
|
||||||
Provides: bundled(python-six) = 1.12.0
|
|
||||||
%if 0%{?rhel} >= 8
|
|
||||||
%global with_python2 0
|
|
||||||
%global with_python3 1
|
|
||||||
BuildRequires: python3-devel
|
|
||||||
BuildRequires: python3-setuptools
|
|
||||||
BuildRequires: python3-docutils
|
|
||||||
BuildRequires: python3-jinja2
|
|
||||||
BuildRequires: python3-PyYAML
|
|
||||||
BuildRequires: python3-cryptography
|
|
||||||
BuildRequires: python3-six
|
|
||||||
BuildRequires: python3-pytest
|
|
||||||
BuildRequires: python3-pytest-xdist
|
|
||||||
BuildRequires: python3-pytest-mock
|
|
||||||
BuildRequires: python3-requests
|
|
||||||
BUildRequires: %{py3_dist coverage}
|
|
||||||
BuildRequires: python3-mock
|
|
||||||
BuildRequires: python3-systemd
|
|
||||||
BuildRequires: git-core
|
|
||||||
Requires: python3-jinja2
|
|
||||||
Requires: python3-PyYAML
|
|
||||||
Requires: python3-cryptography
|
|
||||||
Requires: python3-six
|
|
||||||
Requires: sshpass
|
|
||||||
%else
|
|
||||||
%if 0%{?rhel} >= 7
|
|
||||||
%global with_python2 1
|
|
||||||
%global with_python3 0
|
|
||||||
BuildRequires: python2-devel
|
|
||||||
BuildRequires: python-setuptools
|
|
||||||
BuildRequires: python-sphinx
|
|
||||||
BuildRequires: python-jinja2
|
|
||||||
BuildRequires: PyYAML
|
|
||||||
BuildRequires: python2-cryptography
|
|
||||||
BuildRequires: python-six
|
|
||||||
BuildRequires: pytest
|
|
||||||
BuildRequires: python-requests
|
|
||||||
BuildRequires: python-coverage
|
|
||||||
BuildRequires: python-mock
|
|
||||||
BuildRequires: python-boto3
|
|
||||||
BuildRequires: git
|
|
||||||
BuildRequires: python-paramiko
|
|
||||||
BuildRequires: python-jmespath
|
|
||||||
BuildRequires: python-passlib
|
|
||||||
Requires: python-jinja2
|
|
||||||
Requires: PyYAML
|
|
||||||
Requires: python2-cryptography
|
|
||||||
Requires: python-six
|
|
||||||
Requires: sshpass
|
|
||||||
Requires: python-paramiko
|
|
||||||
%endif # Requires for RHEL 7
|
|
||||||
%endif # Requires for RHEL 8
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# extented documentation
|
# extented documentation
|
||||||
%if 0%{?with_docs}
|
%if 0%{?with_docs}
|
||||||
BuildRequires: asciidoc
|
BuildRequires: asciidoc
|
||||||
@ -256,7 +248,6 @@ not require any software or daemons to be installed on remote nodes. Extension
|
|||||||
modules can be written in any language and are transferred to managed machines
|
modules can be written in any language and are transferred to managed machines
|
||||||
automatically.
|
automatically.
|
||||||
|
|
||||||
|
|
||||||
%package doc
|
%package doc
|
||||||
Summary: Documentation for Ansible
|
Summary: Documentation for Ansible
|
||||||
Recommends: %{name} = %{version}
|
Recommends: %{name} = %{version}
|
||||||
@ -270,7 +261,6 @@ not require any software or daemons to be installed on remote nodes. Extension
|
|||||||
modules can be written in any language and are transferred to managed machines
|
modules can be written in any language and are transferred to managed machines
|
||||||
automatically.
|
automatically.
|
||||||
|
|
||||||
|
|
||||||
%package test
|
%package test
|
||||||
Summary: Tool for testing ansible plugin and module code
|
Summary: Tool for testing ansible plugin and module code
|
||||||
Requires: %{name} = %{version}
|
Requires: %{name} = %{version}
|
||||||
@ -278,18 +268,17 @@ Requires: %{name} = %{version}
|
|||||||
# RHEL
|
# RHEL
|
||||||
#
|
#
|
||||||
%if 0%{?rhel} >= 7
|
%if 0%{?rhel} >= 7
|
||||||
Requires: python-virtualenv
|
|
||||||
BuildRequires: python-virtualenv
|
BuildRequires: python-virtualenv
|
||||||
|
Requires: python-virtualenv
|
||||||
%endif
|
%endif
|
||||||
#
|
#
|
||||||
# SUSE/openSUSE
|
# SUSE/openSUSE
|
||||||
#
|
#
|
||||||
%if 0%{?suse_version} >= 1500
|
%if 0%{?suse_version} >= 1500
|
||||||
Requires: %{python}-virtualenv
|
|
||||||
BuildRequires: %{python}-virtualenv
|
BuildRequires: %{python}-virtualenv
|
||||||
|
Requires: %{python}-virtualenv
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%description test
|
%description test
|
||||||
This package installs the ansible-test command for testing modules and plugins
|
This package installs the ansible-test command for testing modules and plugins
|
||||||
developed for ansible.
|
developed for ansible.
|
||||||
@ -300,9 +289,10 @@ not require any software or daemons to be installed on remote nodes. Extension
|
|||||||
modules can be written in any language and are transferred to managed machines
|
modules can be written in any language and are transferred to managed machines
|
||||||
automatically.
|
automatically.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n ansible-%{version}
|
%setup -q -n ansible-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
for file in .git_keep .travis.yml ; do
|
for file in .git_keep .travis.yml ; do
|
||||||
find . -name "$file" -delete
|
find . -name "$file" -delete
|
||||||
done
|
done
|
||||||
@ -314,15 +304,15 @@ find ./ -type f -exec \
|
|||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%{__python} setup.py build
|
%{python} setup.py build
|
||||||
%if 0%{?with_docs}
|
%if 0%{?with_docs}
|
||||||
make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs
|
%make_build PYTHON=%{_bindir}/%{python} SPHINXBUILD=sphinx-build webdocs
|
||||||
%else
|
%else
|
||||||
make %{?_smp_mflags} PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing
|
%make_build PYTHON=%{_bindir}/%{python} -Cdocs/docsite config cli keywords modules plugins testing
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%{__python} setup.py install --prefix=%{_prefix} --root=%{buildroot}
|
%{python} setup.py install --prefix=%{_prefix} --root=%{buildroot}
|
||||||
|
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
|
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
|
||||||
cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/
|
cp examples/hosts %{buildroot}%{_sysconfdir}/ansible/
|
||||||
@ -370,7 +360,7 @@ for location in $DATADIR_LOCATIONS ; do
|
|||||||
done
|
done
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
|
mkdir -p %{buildroot}%{_sysconfdir}/ansible/
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/
|
mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/
|
||||||
# fix for https://github.com/ansible/ansible/pull/24381
|
# fix for https://github.com/ansible/ansible/pull/24381
|
||||||
# resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479
|
# resp. https://bugzilla.opensuse.org/show_bug.cgi?id=1137479
|
||||||
mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates}
|
mkdir -p %{buildroot}%{python3_sitelib}/ansible/galaxy/data/default/role/{files,templates}
|
||||||
|
|
||||||
@ -386,7 +376,7 @@ cp -pr docs/docsite/rst .
|
|||||||
|
|
||||||
%if 0%{?with_tests} && 0%{with python3}
|
%if 0%{?with_tests} && 0%{with python3}
|
||||||
%check
|
%check
|
||||||
%{__python3} bin/ansible-test units -v --python %{python3_version}
|
python3 bin/ansible-test units -v --python %{python3_version}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user