- Update to 3.7.0

See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for
  full changelog
  New features:
  - New package promise implementation.
    The syntax is much simpler, to try it out, check out the syntax:
      packages:
        "mypackage"
          policy => "absent/present",
          # Optional, default taken from common control
          package_module => apt_get,
          # Optional, will only match exact version. May be
          # "latest".
          version => "32.0",
          # Optional.
          architecture => "x86_64";
  - Full systemd support for all relevant platforms
  - New classes to determine whether certain features are enabled:
    * feature_yaml
    * feature_xml
    For the official CFEngine packages, these are always enabled, but
    packages from other sources may be built without the support.
  - New readdata() support for generic data input (CSV, YAML, JSON, or auto)
  - YAML support: new readyaml() function and in readdata()
  - CSV support: new readcsv() function and in readdata()
  - New string_mustache() function
  - New data_regextract() function
  - eval() can now be called with "class" as the "mode" argument, which
    will cause it to return true ("any") if the calculated result is
    non-zero, and false ("!any") if it is zero.

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=131
This commit is contained in:
Klaus Kämpf 2015-07-30 10:12:28 +00:00 committed by Git OBS Bridge
parent 38c52a00a9
commit 19b8c826db
8 changed files with 111 additions and 124 deletions

View File

@ -1,27 +0,0 @@
From a814751421422cad22373eb6e568272fd24e1532 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
Date: Mon, 23 Mar 2015 11:12:58 +0100
Subject: [PATCH] Do not use insecure MD5 but rather SHA256
---
libpromises/generic_agent.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
index eaace00..4863230 100644
--- a/libpromises/generic_agent.c
+++ b/libpromises/generic_agent.c
@@ -101,8 +101,8 @@ static void SanitizeEnvironment()
ENTERPRISE_VOID_FUNC_2ARG_DEFINE_STUB(void, GenericAgentSetDefaultDigest, HashMethod *, digest, int *, digest_len)
{
- *digest = HASH_METHOD_MD5;
- *digest_len = CF_MD5_LEN;
+ *digest = HASH_METHOD_SHA256;
+ *digest_len = CF_SHA256_LEN;
}
void MarkAsPolicyServer(EvalContext *ctx)
--
2.3.0

View File

@ -1,7 +1,7 @@
From 7b0a005250c0398b86ea5adf93c16b5c8735a343 Mon Sep 17 00:00:00 2001
From 900148bcea077497d062eccb7a8a5f1ea6f4f9e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Fri, 2 May 2014 12:47:37 +0200
Subject: [PATCH 2/2] Set sys.bindir to /usr/sbin, expect cf-* components there
Date: Thu, 30 Jul 2015 10:48:47 +0200
Subject: [PATCH 1/2] Set sys.bindir to /usr/sbin, expect cf-*components there
That's where the /var/cfengine/bin/* symlinks point to and where
the systemd .service files expect the daemons.
@ -12,37 +12,38 @@ masterfiles/update/update_processes.cf:enable_cfengine_agents
libenv/sysinfo.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-core-3.6.3rc-build1/libenv/sysinfo.c ./libenv/sysinfo.c
--- ../orig-core-3.6.3rc-build1/libenv/sysinfo.c 2014-11-27 20:17:34.000000000 +0100
+++ ./libenv/sysinfo.c 2014-11-28 10:18:49.023646654 +0100
@@ -567,8 +567,7 @@
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
index a75c6aa1d8d6..1c1139aead94 100644
--- a/libenv/sysinfo.c
+++ b/libenv/sysinfo.c
@@ -581,8 +581,7 @@ static void GetNameInfo3(EvalContext *ctx)
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "masterdir", GetMasterDir(), CF_DATA_TYPE_STRING, "source=agent");
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "inputdir", GetInputDir(), CF_DATA_TYPE_STRING, "source=agent");
- snprintf(workbuf, CF_BUFSIZE, "%s%cbin", CFWORKDIR, FILE_SEPARATOR);
- snprintf(workbuf, CF_BUFSIZE, "%s%cbin", workdir, FILE_SEPARATOR);
- EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", workbuf, CF_DATA_TYPE_STRING, "source=agent");
+ EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", "/usr/sbin", CF_DATA_TYPE_STRING, "source=agent");
snprintf(workbuf, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "failsafe_policy_path", workbuf, CF_DATA_TYPE_STRING, "source=agent");
@@ -613,7 +612,7 @@
@@ -627,7 +626,7 @@ static void GetNameInfo3(EvalContext *ctx)
components[i]);
}
#else
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
+ snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[i]);
#endif
have_component[i] = false;
@@ -636,7 +635,7 @@
snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR,
@@ -650,7 +649,7 @@ static void GetNameInfo3(EvalContext *ctx)
snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", workdir, FILE_SEPARATOR, FILE_SEPARATOR,
components[1]);
#else
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
- snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
+ snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[1]);
#endif
if (stat(name, &sb) != -1)
--
1.8.4.5
2.1.4

View File

@ -1,7 +1,7 @@
From 68e63ae137d4f829c569ca0af4fcb86c6d4f688f Mon Sep 17 00:00:00 2001
From 5954a3e3c1c8be821e32cfac3ec4161892025c95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Fri, 11 Apr 2014 09:25:05 +0200
Subject: [PATCH 1/2] Simplify and fix parsing of /etc/SuSE-release (fixes
Subject: [PATCH 2/2] Simplify and fix parsing of /etc/SuSE-release (fixes
issue #5423)
This patch is a simplification of sysinfo.c:Linux_Suse_Version()
@ -17,10 +17,10 @@ to achieve the following
1 file changed, 60 insertions(+), 127 deletions(-)
diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
index 2bdfb8fbd2fa..f8ffd67b7a49 100644
index 1c1139aead94..77667b611ad6 100644
--- a/libenv/sysinfo.c
+++ b/libenv/sysinfo.c
@@ -1666,6 +1666,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
@@ -1754,6 +1754,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
#define SUSE_RELEASE_FLAG "linux "
char classbuf[CF_MAXVARSIZE];
@ -28,7 +28,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
Log(LOG_LEVEL_VERBOSE, "This appears to be a SUSE system.");
EvalContextClassPutHard(ctx, "SUSE", "inventory,attribute_name=none,source=agent");
@@ -1685,23 +1686,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
@@ -1773,23 +1774,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
return 1;
}
@ -62,7 +62,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
}
}
if (ferror(fp))
@@ -1715,28 +1719,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
@@ -1803,28 +1807,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
fclose(fp);
@ -117,7 +117,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
{
Item *list, *ip;
@@ -1754,120 +1768,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
@@ -1842,120 +1856,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
}
else
{
@ -262,5 +262,5 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
}
--
1.8.4.5
2.1.4

View File

@ -1,66 +0,0 @@
Index: core-3.6.5/cf-key/cf-key-functions.c
===================================================================
--- core-3.6.5.orig/cf-key/cf-key-functions.c
+++ core-3.6.5/cf-key/cf-key-functions.c
@@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_
printf("Making a key pair for cfengine, please wait, this could take a minute...\n");
#ifdef OPENSSL_NO_DEPRECATED
- BN_set_word(rsa_bignum, 35);
+ BN_set_word(rsa_bignum, RSA_F4);
if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL))
#else
- pair = RSA_generate_key(2048, 35, NULL, NULL);
+ pair = RSA_generate_key(2048, 65537, NULL, NULL);
if (pair == NULL)
#endif
Index: core-3.6.5/tests/unit/hash_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/hash_test.c
+++ core-3.6.5/tests/unit/hash_test.c
@@ -52,7 +52,7 @@ void tests_setup()
initialized = 0;
return;
}
- BN_set_word(bn, 3);
+ BN_set_word(bn, RSA_F4);
RSA_generate_key_ex(rsa, 1024, bn, NULL);
BN_free(bn);
}
Index: core-3.6.5/tests/unit/key_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/key_test.c
+++ core-3.6.5/tests/unit/key_test.c
@@ -25,7 +25,7 @@ void test_setup()
initialized = 0;
return;
}
- BN_set_word(bn, 3);
+ BN_set_word(bn, RSA_F4);
RSA_generate_key_ex(rsa, 1024, bn, NULL);
BN_free(bn);
}
Index: core-3.6.5/tests/unit/tls_generic_test.c
===================================================================
--- core-3.6.5.orig/tests/unit/tls_generic_test.c
+++ core-3.6.5/tests/unit/tls_generic_test.c
@@ -54,7 +54,7 @@ static bool init_test_server()
int ret;
RSA *key = RSA_new();
BIGNUM *bignum = BN_new();
- BN_set_word(bignum, 17);
+ BN_set_word(bignum, RSA_F4);
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
if (!ret)
{
@@ -450,7 +450,7 @@ static bool init_test_client()
int ret;
RSA *key = RSA_new();
BIGNUM *bignum = BN_new();
- BN_set_word(bignum, 17);
+ BN_set_word(bignum, RSA_F4);
ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
if (!ret)
{

View File

@ -1,3 +1,86 @@
-------------------------------------------------------------------
Mon Jul 20 09:04:00 UTC 2015 - kkaempf@suse.com
- Update to 3.7.0
See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for
full changelog
New features:
- New package promise implementation.
The syntax is much simpler, to try it out, check out the syntax:
packages:
"mypackage"
policy => "absent/present",
# Optional, default taken from common control
package_module => apt_get,
# Optional, will only match exact version. May be
# "latest".
version => "32.0",
# Optional.
architecture => "x86_64";
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
* feature_yaml
* feature_xml
For the official CFEngine packages, these are always enabled, but
packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" argument, which
will cause it to return true ("any") if the calculated result is
non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
attributes.
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
alias.
- Ability to expand JSON variables directory in Mustache templates:
Prefix the name with '%' for multiline expansion, '$' for compact
expansion.
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
improvements from versions that don't understand them.
- compile time option (--with-statedir) to
override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
simplify the bootstrap process for clients that have different
sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
it defaults to the promiser string (canonified) with "service_" as a
prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
connections ("bwlimit" attribute in "body common control") . To
enforce it in both directions, make sure the attribute is set on both
sides of the connection.
- Secure bootstrap has been facilitated by use of
"cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
- body common control: tls_min_version
- body server control: allowtlsversion
- body common control: tls_ciphers
- body server control: allowciphers (preexisting)
- Drop patches, both upstream
0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
cfengine-fips.patch
-------------------------------------------------------------------
Wed Jun 17 13:09:09 UTC 2015 - kkaempf@suse.com

View File

@ -33,7 +33,7 @@
%bcond_with postgresql
%bcond_with libvirt
Name: cfengine
Version: 3.6.5
Version: 3.7.0
Release: 0
# This is the place where workdir should be
#define basedir /var/lib/%{name}
@ -64,9 +64,7 @@ Patch5: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
# set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin
# kkaempf@suse.de
Patch6: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
Patch7: cfengine-fips.patch
Patch8: 0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
BuildRequires: bison
BuildRequires: db-devel
BuildRequires: flex
@ -176,8 +174,6 @@ Lots of examples promises for CFEngine.
%endif
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
##### rpmlint
#### wrong-file-end-of-line-encoding

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:62a308a954a70d6854aa182e0612731618d08ab364a5fdf5359585a02ae32d8c
size 1549020

3
core-3.7.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f64dccbde4651e0bcf1ece8c756bd6ba42fe7f76c6fe23ba3a0a653dadb5e87c
size 1638407