- Update to 3.7.0
See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for full changelog New features: - New package promise implementation. The syntax is much simpler, to try it out, check out the syntax: packages: "mypackage" policy => "absent/present", # Optional, default taken from common control package_module => apt_get, # Optional, will only match exact version. May be # "latest". version => "32.0", # Optional. architecture => "x86_64"; - Full systemd support for all relevant platforms - New classes to determine whether certain features are enabled: * feature_yaml * feature_xml For the official CFEngine packages, these are always enabled, but packages from other sources may be built without the support. - New readdata() support for generic data input (CSV, YAML, JSON, or auto) - YAML support: new readyaml() function and in readdata() - CSV support: new readcsv() function and in readdata() - New string_mustache() function - New data_regextract() function - eval() can now be called with "class" as the "mode" argument, which will cause it to return true ("any") if the calculated result is non-zero, and false ("!any") if it is zero. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=131
This commit is contained in:
parent
38c52a00a9
commit
19b8c826db
@ -1,27 +0,0 @@
|
||||
From a814751421422cad22373eb6e568272fd24e1532 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
|
||||
Date: Mon, 23 Mar 2015 11:12:58 +0100
|
||||
Subject: [PATCH] Do not use insecure MD5 but rather SHA256
|
||||
|
||||
---
|
||||
libpromises/generic_agent.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
|
||||
index eaace00..4863230 100644
|
||||
--- a/libpromises/generic_agent.c
|
||||
+++ b/libpromises/generic_agent.c
|
||||
@@ -101,8 +101,8 @@ static void SanitizeEnvironment()
|
||||
|
||||
ENTERPRISE_VOID_FUNC_2ARG_DEFINE_STUB(void, GenericAgentSetDefaultDigest, HashMethod *, digest, int *, digest_len)
|
||||
{
|
||||
- *digest = HASH_METHOD_MD5;
|
||||
- *digest_len = CF_MD5_LEN;
|
||||
+ *digest = HASH_METHOD_SHA256;
|
||||
+ *digest_len = CF_SHA256_LEN;
|
||||
}
|
||||
|
||||
void MarkAsPolicyServer(EvalContext *ctx)
|
||||
--
|
||||
2.3.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 7b0a005250c0398b86ea5adf93c16b5c8735a343 Mon Sep 17 00:00:00 2001
|
||||
From 900148bcea077497d062eccb7a8a5f1ea6f4f9e0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
|
||||
Date: Fri, 2 May 2014 12:47:37 +0200
|
||||
Subject: [PATCH 2/2] Set sys.bindir to /usr/sbin, expect cf-* components there
|
||||
Date: Thu, 30 Jul 2015 10:48:47 +0200
|
||||
Subject: [PATCH 1/2] Set sys.bindir to /usr/sbin, expect cf-*components there
|
||||
|
||||
That's where the /var/cfengine/bin/* symlinks point to and where
|
||||
the systemd .service files expect the daemons.
|
||||
@ -12,37 +12,38 @@ masterfiles/update/update_processes.cf:enable_cfengine_agents
|
||||
libenv/sysinfo.c | 7 +++----
|
||||
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||
|
||||
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-core-3.6.3rc-build1/libenv/sysinfo.c ./libenv/sysinfo.c
|
||||
--- ../orig-core-3.6.3rc-build1/libenv/sysinfo.c 2014-11-27 20:17:34.000000000 +0100
|
||||
+++ ./libenv/sysinfo.c 2014-11-28 10:18:49.023646654 +0100
|
||||
@@ -567,8 +567,7 @@
|
||||
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
|
||||
index a75c6aa1d8d6..1c1139aead94 100644
|
||||
--- a/libenv/sysinfo.c
|
||||
+++ b/libenv/sysinfo.c
|
||||
@@ -581,8 +581,7 @@ static void GetNameInfo3(EvalContext *ctx)
|
||||
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "masterdir", GetMasterDir(), CF_DATA_TYPE_STRING, "source=agent");
|
||||
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "inputdir", GetInputDir(), CF_DATA_TYPE_STRING, "source=agent");
|
||||
|
||||
- snprintf(workbuf, CF_BUFSIZE, "%s%cbin", CFWORKDIR, FILE_SEPARATOR);
|
||||
- snprintf(workbuf, CF_BUFSIZE, "%s%cbin", workdir, FILE_SEPARATOR);
|
||||
- EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", workbuf, CF_DATA_TYPE_STRING, "source=agent");
|
||||
+ EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", "/usr/sbin", CF_DATA_TYPE_STRING, "source=agent");
|
||||
|
||||
snprintf(workbuf, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
|
||||
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "failsafe_policy_path", workbuf, CF_DATA_TYPE_STRING, "source=agent");
|
||||
@@ -613,7 +612,7 @@
|
||||
@@ -627,7 +626,7 @@ static void GetNameInfo3(EvalContext *ctx)
|
||||
components[i]);
|
||||
}
|
||||
#else
|
||||
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
|
||||
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
|
||||
+ snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[i]);
|
||||
#endif
|
||||
|
||||
have_component[i] = false;
|
||||
@@ -636,7 +635,7 @@
|
||||
snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR,
|
||||
@@ -650,7 +649,7 @@ static void GetNameInfo3(EvalContext *ctx)
|
||||
snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", workdir, FILE_SEPARATOR, FILE_SEPARATOR,
|
||||
components[1]);
|
||||
#else
|
||||
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
|
||||
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
|
||||
+ snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[1]);
|
||||
#endif
|
||||
|
||||
if (stat(name, &sb) != -1)
|
||||
--
|
||||
1.8.4.5
|
||||
2.1.4
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 68e63ae137d4f829c569ca0af4fcb86c6d4f688f Mon Sep 17 00:00:00 2001
|
||||
From 5954a3e3c1c8be821e32cfac3ec4161892025c95 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
|
||||
Date: Fri, 11 Apr 2014 09:25:05 +0200
|
||||
Subject: [PATCH 1/2] Simplify and fix parsing of /etc/SuSE-release (fixes
|
||||
Subject: [PATCH 2/2] Simplify and fix parsing of /etc/SuSE-release (fixes
|
||||
issue #5423)
|
||||
|
||||
This patch is a simplification of sysinfo.c:Linux_Suse_Version()
|
||||
@ -17,10 +17,10 @@ to achieve the following
|
||||
1 file changed, 60 insertions(+), 127 deletions(-)
|
||||
|
||||
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
|
||||
index 2bdfb8fbd2fa..f8ffd67b7a49 100644
|
||||
index 1c1139aead94..77667b611ad6 100644
|
||||
--- a/libenv/sysinfo.c
|
||||
+++ b/libenv/sysinfo.c
|
||||
@@ -1666,6 +1666,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
@@ -1754,6 +1754,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
#define SUSE_RELEASE_FLAG "linux "
|
||||
|
||||
char classbuf[CF_MAXVARSIZE];
|
||||
@ -28,7 +28,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
|
||||
|
||||
Log(LOG_LEVEL_VERBOSE, "This appears to be a SUSE system.");
|
||||
EvalContextClassPutHard(ctx, "SUSE", "inventory,attribute_name=none,source=agent");
|
||||
@@ -1685,23 +1686,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
@@ -1773,23 +1774,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -62,7 +62,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
|
||||
}
|
||||
}
|
||||
if (ferror(fp))
|
||||
@@ -1715,28 +1719,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
@@ -1803,28 +1807,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
|
||||
fclose(fp);
|
||||
|
||||
@ -117,7 +117,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
|
||||
{
|
||||
Item *list, *ip;
|
||||
|
||||
@@ -1754,120 +1768,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
@@ -1842,120 +1856,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -262,5 +262,5 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
|
||||
}
|
||||
|
||||
--
|
||||
1.8.4.5
|
||||
2.1.4
|
||||
|
||||
|
@ -1,66 +0,0 @@
|
||||
Index: core-3.6.5/cf-key/cf-key-functions.c
|
||||
===================================================================
|
||||
--- core-3.6.5.orig/cf-key/cf-key-functions.c
|
||||
+++ core-3.6.5/cf-key/cf-key-functions.c
|
||||
@@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_
|
||||
printf("Making a key pair for cfengine, please wait, this could take a minute...\n");
|
||||
|
||||
#ifdef OPENSSL_NO_DEPRECATED
|
||||
- BN_set_word(rsa_bignum, 35);
|
||||
+ BN_set_word(rsa_bignum, RSA_F4);
|
||||
|
||||
if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL))
|
||||
#else
|
||||
- pair = RSA_generate_key(2048, 35, NULL, NULL);
|
||||
+ pair = RSA_generate_key(2048, 65537, NULL, NULL);
|
||||
|
||||
if (pair == NULL)
|
||||
#endif
|
||||
Index: core-3.6.5/tests/unit/hash_test.c
|
||||
===================================================================
|
||||
--- core-3.6.5.orig/tests/unit/hash_test.c
|
||||
+++ core-3.6.5/tests/unit/hash_test.c
|
||||
@@ -52,7 +52,7 @@ void tests_setup()
|
||||
initialized = 0;
|
||||
return;
|
||||
}
|
||||
- BN_set_word(bn, 3);
|
||||
+ BN_set_word(bn, RSA_F4);
|
||||
RSA_generate_key_ex(rsa, 1024, bn, NULL);
|
||||
BN_free(bn);
|
||||
}
|
||||
Index: core-3.6.5/tests/unit/key_test.c
|
||||
===================================================================
|
||||
--- core-3.6.5.orig/tests/unit/key_test.c
|
||||
+++ core-3.6.5/tests/unit/key_test.c
|
||||
@@ -25,7 +25,7 @@ void test_setup()
|
||||
initialized = 0;
|
||||
return;
|
||||
}
|
||||
- BN_set_word(bn, 3);
|
||||
+ BN_set_word(bn, RSA_F4);
|
||||
RSA_generate_key_ex(rsa, 1024, bn, NULL);
|
||||
BN_free(bn);
|
||||
}
|
||||
Index: core-3.6.5/tests/unit/tls_generic_test.c
|
||||
===================================================================
|
||||
--- core-3.6.5.orig/tests/unit/tls_generic_test.c
|
||||
+++ core-3.6.5/tests/unit/tls_generic_test.c
|
||||
@@ -54,7 +54,7 @@ static bool init_test_server()
|
||||
int ret;
|
||||
RSA *key = RSA_new();
|
||||
BIGNUM *bignum = BN_new();
|
||||
- BN_set_word(bignum, 17);
|
||||
+ BN_set_word(bignum, RSA_F4);
|
||||
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
|
||||
if (!ret)
|
||||
{
|
||||
@@ -450,7 +450,7 @@ static bool init_test_client()
|
||||
int ret;
|
||||
RSA *key = RSA_new();
|
||||
BIGNUM *bignum = BN_new();
|
||||
- BN_set_word(bignum, 17);
|
||||
+ BN_set_word(bignum, RSA_F4);
|
||||
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
|
||||
if (!ret)
|
||||
{
|
@ -1,3 +1,86 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 20 09:04:00 UTC 2015 - kkaempf@suse.com
|
||||
|
||||
- Update to 3.7.0
|
||||
See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for
|
||||
full changelog
|
||||
|
||||
New features:
|
||||
- New package promise implementation.
|
||||
The syntax is much simpler, to try it out, check out the syntax:
|
||||
packages:
|
||||
"mypackage"
|
||||
policy => "absent/present",
|
||||
|
||||
# Optional, default taken from common control
|
||||
package_module => apt_get,
|
||||
|
||||
# Optional, will only match exact version. May be
|
||||
# "latest".
|
||||
version => "32.0",
|
||||
|
||||
# Optional.
|
||||
architecture => "x86_64";
|
||||
|
||||
- Full systemd support for all relevant platforms
|
||||
- New classes to determine whether certain features are enabled:
|
||||
* feature_yaml
|
||||
* feature_xml
|
||||
For the official CFEngine packages, these are always enabled, but
|
||||
packages from other sources may be built without the support.
|
||||
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
|
||||
- YAML support: new readyaml() function and in readdata()
|
||||
- CSV support: new readcsv() function and in readdata()
|
||||
- New string_mustache() function
|
||||
- New data_regextract() function
|
||||
- eval() can now be called with "class" as the "mode" argument, which
|
||||
will cause it to return true ("any") if the calculated result is
|
||||
non-zero, and false ("!any") if it is zero.
|
||||
- New list_ifelse() function
|
||||
- New mapjson() function as well as JSON support in maparray().
|
||||
- filestat() function now supports "xattr" argument for extended
|
||||
attributes.
|
||||
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
|
||||
alias.
|
||||
- Ability to expand JSON variables directory in Mustache templates:
|
||||
Prefix the name with '%' for multiline expansion, '$' for compact
|
||||
expansion.
|
||||
- Ability to expand the iteration *key* in Mustache templates with @
|
||||
- Canonical JSON output: JSON output has reliably sorted keys so the
|
||||
same data structure will produce the same JSON every time.
|
||||
- New "@if minimum_version(x.x)" syntax in order to hide future language
|
||||
improvements from versions that don't understand them.
|
||||
- compile time option (--with-statedir) to
|
||||
override the default state/ directory path.
|
||||
- Fix error messages/ handling in process signalling which no longer
|
||||
allowed any signals to fail silently
|
||||
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
|
||||
simplify the bootstrap process for clients that have different
|
||||
sys.masterdir settings (Redmine #3697)
|
||||
- methods promises now accepts the bundle name in the promiser string,
|
||||
as long as it doesn't have any parameters.
|
||||
- In a services promise, if the service_method bundle is not specified,
|
||||
it defaults to the promiser string (canonified) with "service_" as a
|
||||
prefix. The bundle must be in the same namespace as the promise.
|
||||
- inline JSON in policy files: surrounding with parsejson() is now
|
||||
optional *when creating a new data container*.
|
||||
- New data_expand() function to interpolate variables in a data container.
|
||||
- Add configurable network bandwidth limit for all outgoing
|
||||
connections ("bwlimit" attribute in "body common control") . To
|
||||
enforce it in both directions, make sure the attribute is set on both
|
||||
sides of the connection.
|
||||
- Secure bootstrap has been facilitated by use of
|
||||
"cf-agent --boostrap HUB_ADDRESS --trust-server=no"
|
||||
- Implement new TLS-relevant options (Redmine #6883):
|
||||
- body common control: tls_min_version
|
||||
- body server control: allowtlsversion
|
||||
- body common control: tls_ciphers
|
||||
- body server control: allowciphers (preexisting)
|
||||
|
||||
- Drop patches, both upstream
|
||||
0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
|
||||
cfengine-fips.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 17 13:09:09 UTC 2015 - kkaempf@suse.com
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
%bcond_with postgresql
|
||||
%bcond_with libvirt
|
||||
Name: cfengine
|
||||
Version: 3.6.5
|
||||
Version: 3.7.0
|
||||
Release: 0
|
||||
# This is the place where workdir should be
|
||||
#define basedir /var/lib/%{name}
|
||||
@ -64,9 +64,7 @@ Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
|
||||
# set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin
|
||||
# kkaempf@suse.de
|
||||
Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
|
||||
# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
|
||||
Patch7: cfengine-fips.patch
|
||||
Patch8: 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
|
||||
|
||||
BuildRequires: bison
|
||||
BuildRequires: db-devel
|
||||
BuildRequires: flex
|
||||
@ -176,8 +174,6 @@ Lots of examples promises for CFEngine.
|
||||
%endif
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
##### rpmlint
|
||||
#### wrong-file-end-of-line-encoding
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:62a308a954a70d6854aa182e0612731618d08ab364a5fdf5359585a02ae32d8c
|
||||
size 1549020
|
3
core-3.7.0.tar.gz
Normal file
3
core-3.7.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f64dccbde4651e0bcf1ece8c756bd6ba42fe7f76c6fe23ba3a0a653dadb5e87c
|
||||
size 1638407
|
Loading…
Reference in New Issue
Block a user