From c7f0c849bc75ddb90eb4a1a214df4752ba10003815d343fd5e08e1afe233d2eb Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Thu, 10 Mar 2022 12:02:06 +0000 Subject: [PATCH 1/2] Accepting request 960511 from home:eroca:go - Update to version 3.5.2 OBS-URL: https://build.opensuse.org/request/show/960511 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/etcd?expand=0&rev=18 --- README.security | 8 +++---- _service | 2 +- _servicedata | 2 +- etcd-3.4.16.tar.gz | 3 --- etcd-3.5.2.tar.gz | 3 +++ etcd.changes | 49 +++++++++++++++++++++++++++++++++++++++++++ etcd.conf | 19 +++++++++-------- etcd.spec | 52 ++++++++++++++++++++++++++++++++-------------- vendor-update.sh | 46 ++++++++++++++++++++++++++++++++++++++++ vendor.tar.gz | 4 ++-- 10 files changed, 152 insertions(+), 36 deletions(-) delete mode 100644 etcd-3.4.16.tar.gz create mode 100644 etcd-3.5.2.tar.gz create mode 100644 vendor-update.sh diff --git a/README.security b/README.security index bad04af..c1d4d68 100644 --- a/README.security +++ b/README.security @@ -1,10 +1,10 @@ By default etcd doesn't require authentication. If you configure etcd to be reachable over the network, have untrustworthy local users on the system where etc runs or store -date in etcd that needs to be kept confidential please make sure to enable authentication. +data in etcd that needs to be kept confidential please make sure to enable authentication. You can do that by configuring the settings under [security] in /etc/sysconfig/etcd. -For additional guidance please red -https://coreos.com/etcd/docs/latest/v2/security.html +For additional guidance please read +https://etcd.io/docs/v3.5/op-guide/configuration/#security and -https://coreos.com/etcd/docs/latest/op-guide/authentication.html +https://etcd.io/docs/v3.5/op-guide/authentication to ensure that you enforce proper access control diff --git a/_service b/_service index 4e87190..9403014 100644 --- a/_service +++ b/_service @@ -3,7 +3,7 @@ git://github.com/etcd-io/etcd.git git .git - v3.4.16 + v3.5.2 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index 14311fb..1ab3c13 100644 --- a/_servicedata +++ b/_servicedata @@ -3,4 +3,4 @@ https://github.com/coreos/etcd.git 94745a4eed0425653b3b4275a208d38babceeaec git://github.com/etcd-io/etcd.git - d19fbe541bf9c81e2d69d71d1068bd40c04de200 \ No newline at end of file + 99018a77bea9a9d29962e5169876c64e02739c52 \ No newline at end of file diff --git a/etcd-3.4.16.tar.gz b/etcd-3.4.16.tar.gz deleted file mode 100644 index 37af4e3..0000000 --- a/etcd-3.4.16.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:febaa801cbb80e10a79044250827e7810c417235da25674cb205293ddb0f452a -size 8935573 diff --git a/etcd-3.5.2.tar.gz b/etcd-3.5.2.tar.gz new file mode 100644 index 0000000..41fa8d1 --- /dev/null +++ b/etcd-3.5.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7f4a15f51e2b08f17f64cad8a9b4803e725a416d4b200e9abd8f467c54960c7f +size 4083269 diff --git a/etcd.changes b/etcd.changes index a677505..a6ec8f5 100644 --- a/etcd.changes +++ b/etcd.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Wed Mar 9 14:07:20 UTC 2022 - Elisei Roca + +- Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported +- Update go version to 1.16 +- Update etcd.conf variables +- Add the new etcdutl into separate subpackage +- Update vendor.tar.gz to include vendoring for server, etcdctl and etcdutl + * see ./vendor-update.sh + +------------------------------------------------------------------- +Wed Feb 23 15:54:14 UTC 2022 - Elisei Roca + +- Update to version 3.5.2: + * version: bump up to 3.5.2 + * Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254. + * fix runlock bug + * server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL + * etcdserver,integration: Store remaining TTL on checkpoint + * lease,integration: add checkpoint scheduling after leader change + * set the backend again after recovering v3 backend from snapshot + * *: implement a retry logic for auth old revision in the client + * client/v3: refresh the token when ErrUserEmpty is received while retrying + * server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers + * storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6) + +- Update to version 3.5.1: + * version: 3.5.1 + * Dockerfile: bump debian bullseye-20210927 + * client: Use first endpoint as http2 authority header + * tests: Add grpc authority e2e tests + * client: Add grpc authority header integration tests + * tests: Allow configuring integration tests to use TCP + * test: Use unique number for grpc port + * tests: Cleanup member interface by exposing Bridge directly + * tests: Make using bridge optional + * tests: Rename grpcAddr to grpcURL to imply that it includes schema + * tests: Remove bridge dependency on unix + * Decouple prefixArgs from os.Env dependency + * server: Ensure that adding and removing members handle storev2 and backend out of sync + * Stop using tip golang version in CI + * fix self-signed-cert-validity parameter cannot be specified in the config file + * fix health endpoint not usable when authentication is enabled + * workflows: remove ARM64 job for maintenance + +- Update to version 3.5.0: + * See link below, diff is too big + https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0 + ------------------------------------------------------------------- Tue Sep 14 07:23:37 UTC 2021 - Johannes Segitz diff --git a/etcd.conf b/etcd.conf index 8804e5e..fce46a7 100644 --- a/etcd.conf +++ b/etcd.conf @@ -26,14 +26,7 @@ ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" #ETCD_DISCOVERY_SRV="" #ETCD_DISCOVERY_FALLBACK="proxy" #ETCD_DISCOVERY_PROXY="" -# -#[proxy] -#ETCD_PROXY="off" -#ETCD_PROXY_FAILURE_WAIT="5000" -#ETCD_PROXY_REFRESH_INTERVAL="30000" -#ETCD_PROXY_DIAL_TIMEOUT="1000" -#ETCD_PROXY_WRITE_TIMEOUT="5000" -#ETCD_PROXY_READ_TIMEOUT="0" + # #[security] #ETCD_CERT_FILE="" @@ -46,6 +39,14 @@ ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" #ETCD_PEER_TRUSTED_CA_FILE="" # #[logging] -#ETCD_DEBUG="false" +#ETCD_LOG_LEVEL="debug" # examples for -log-package-levels etcdserver=WARNING,security=DEBUG #ETCD_LOG_PACKAGE_LEVELS="" +# +#[proxy] Note: flags will be deprecated in v3.6. "proxy" supports v2 API only. +#ETCD_PROXY="off" +#ETCD_PROXY_FAILURE_WAIT="5000" +#ETCD_PROXY_REFRESH_INTERVAL="30000" +#ETCD_PROXY_DIAL_TIMEOUT="1000" +#ETCD_PROXY_WRITE_TIMEOUT="5000" +#ETCD_PROXY_READ_TIMEOUT="0" diff --git a/etcd.spec b/etcd.spec index 4bab4b5..bd46b3d 100644 --- a/etcd.spec +++ b/etcd.spec @@ -1,7 +1,7 @@ # # spec file for package etcd # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: etcd -Version: 3.4.16 +Version: 3.5.2 Release: 0 Summary: Highly-available key value store for configuration and service discovery License: Apache-2.0 @@ -34,13 +34,13 @@ Source11: %{name}.conf Source12: %{name}.service Source15: README.security Source16: system-user-etcd.conf -BuildRequires: golang(API) = 1.14 +BuildRequires: golang(API) >= 1.16 BuildRequires: golang-packaging -BuildRequires: sysuser-tools BuildRequires: systemd-rpm-macros +BuildRequires: sysuser-tools BuildRequires: xz Requires(post): %fillup_prereq -ExcludeArch: s390 %ix86 +ExcludeArch: s390 %{ix86} %sysusers_requires %{go_provides} # Make sure that the binary is not getting stripped. @@ -63,26 +63,46 @@ Group: System/Management A command line client for etcd. It can be used in scripts or for administrators to explore an etcd cluster. +%package -n etcdutl +Summary: A simple command line client for etcd +Group: System/Management + +%description -n etcdutl +A command line administration utility for etcd. +It's designed to operate directly on etcd data files. + +For operations over a network, please use `etcdctl`. + %prep %setup -q -a1 cp %{SOURCE15} . +cp -rla vendor/* ./ && rm -r vendor/ %build %{goprep} %{project} mkdir -p ./bin -go build -v -buildmode=pie -mod=vendor -o ./bin/etcd -go build -v -buildmode=pie -mod=vendor -o ./bin/etcdctl ./etcdctl +dir=$(pwd) +for item in server etcdctl etcdutl;do + cd "$dir/$item" + go build -v \ + -buildmode=pie \ + -mod=vendor \ + -ldflags="-s -X main.Version=%{version}" \ + -o ../bin/"$item" +done +cd "$dir" %sysusers_generate_pre %{SOURCE16} %{name} system-user-etcd.conf %install -install -d %{buildroot}/%{_sbindir} -install -D -m 0755 ./bin/etcd %{buildroot}/%{_sbindir}/etcd +install -d %{buildroot}%{_sbindir} +install -D -m 0755 ./bin/server %{buildroot}%{_sbindir}/etcd install -d %{buildroot}/%{_bindir} -install -D -m 0755 ./bin/etcdctl %{buildroot}/%{_bindir}/etcdctl +install -D -m 0755 ./bin/etcdctl %{buildroot}%{_bindir}/etcdctl +install -D -m 0755 ./bin/etcdutl %{buildroot}%{_bindir}/etcdutl # Service install -D -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}.service @@ -90,14 +110,9 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} # Sysconfig install -D -p -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}/sysconfig.%{name} -%ifarch aarch64 -# arm64 is not yet officially supported -echo -e "\n#Enable arm64\nETCD_UNSUPPORTED_ARCH=arm64\n" >> %{buildroot}%{_fillupdir}/sysconfig.%{name} -%endif # Additional install -d -m 750 %{buildroot}%{_localstatedir}/lib/%{name} - install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf %pre -f %{name}.pre @@ -115,7 +130,7 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf %files %license LICENSE -%doc CONTRIBUTING.md README.md DCO NOTICE README.security +%doc CONTRIBUTING.md README.md DCO README.security %{_sbindir}/%{name} %{_sysusersdir}/system-user-etcd.conf @@ -131,5 +146,10 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf %files -n etcdctl %{_bindir}/etcdctl +%doc etcdctl/README.md etcdctl/READMEv2.md + +%files -n etcdutl +%{_bindir}/etcdutl +%doc etcdutl/README.md %changelog diff --git a/vendor-update.sh b/vendor-update.sh new file mode 100644 index 0000000..ca7b9c3 --- /dev/null +++ b/vendor-update.sh @@ -0,0 +1,46 @@ +#!/usr/bin/bash +# +# Script to update the vendor tarball +# Author: Elisei Roca +#------------------------------------ + +# set -x + +NAME=etcd +STACK=("server" "etcdctl" "etcdutl") +VERSION=$(grep -oP '(?<=Version:)(.*)' etcd.spec | xargs) + +[ ! -f "$NAME-$VERSION".tar.gz ] && echo "$NAME-$VERSION.tar.gz does not exist" && exit 1 + +echo "Updating vendor file..." + +rm -rf /tmp/"$NAME" ||: +mkdir -p /tmp/"$NAME"/vendor + +tar --strip-components=1 -xvf "$NAME-$VERSION".tar.gz -C /tmp/"$NAME" &> /dev/null + +dir=$(pwd) +for item in ${STACK[*]}; do + mkdir /tmp/"$NAME"/vendor/"$item" + cd /tmp/"$NAME/$item" + go mod vendor + mv vendor/ ../vendor/"$item" +done +cd "$dir" + +fdupes -r -1 /tmp/"$NAME"/vendor/ | + while read line; do + target=""; + for file in ${line[*]}; do + if [ "x${target}" == "x" ]; then + target=$file; + else + ln -f "${target}" "${file}"; + fi; + done; + done + +tar -czvf vendor.tar.gz -C /tmp/"$NAME" vendor &> /dev/null +rm -rf /tmp/"$NAME" ||: + +echo "Repacked to vendor.tar.gz" diff --git a/vendor.tar.gz b/vendor.tar.gz index 5442148..b3901dc 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cabd64a16316a618b65396c46f7d3488c9caea30b3ac4ff39afe0117880c4e3e -size 2990865 +oid sha256:c7182a5250b1f74b73ed92b4d2e45349654eb38f11c7fca7c82fb4be3f771011 +size 4785590 From d0e511dd109aceac83694da655fb05f21ac162547ca08d1df5b06d113557be3b Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Thu, 10 Mar 2022 12:18:39 +0000 Subject: [PATCH 2/2] Accepting request 960751 from home:eroca:go - Add vendor-update.sh as a source to pass obs-service-source_validator OBS-URL: https://build.opensuse.org/request/show/960751 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/etcd?expand=0&rev=19 --- etcd.changes | 5 +++++ etcd.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/etcd.changes b/etcd.changes index a6ec8f5..50d47f3 100644 --- a/etcd.changes +++ b/etcd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Mar 10 12:15:44 UTC 2022 - Elisei Roca + +- Add vendor-update.sh as a source to pass obs-service-source_validator + ------------------------------------------------------------------- Wed Mar 9 14:07:20 UTC 2022 - Elisei Roca diff --git a/etcd.spec b/etcd.spec index bd46b3d..25ece63 100644 --- a/etcd.spec +++ b/etcd.spec @@ -34,6 +34,7 @@ Source11: %{name}.conf Source12: %{name}.service Source15: README.security Source16: system-user-etcd.conf +Source17: vendor-update.sh BuildRequires: golang(API) >= 1.16 BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros