- Update to version 3.5.17

- Update etcd configuration file based on etcd.conf.yml.sample - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a bit cleaner to move etcd to use --config-file in the long run. OBS-URL: https://build.opensuse.org/package/show/devel:kubic/etcd?expand=0&rev=30
2024-12-05 19:30:21 +00:00 · 2024-12-05 19:30:21 +00:00 · 7b0bc56119
commit 7b0bc56119
15 changed files with 2631 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/README.security
+++ b/README.security
@ -0,0 +1,10 @@
+By default etcd doesn't require authentication.  If you configure etcd to be reachable
+over the network, have untrustworthy local users on the system where etc runs or store
+data in etcd that needs to be kept confidential please make sure to enable authentication.
+
+You can do that by configuring the settings under [security] in /etc/sysconfig/etcd.
+For additional guidance please read
+https://etcd.io/docs/v3.5/op-guide/configuration/#security
+and
+https://etcd.io/docs/v3.5/op-guide/authentication
+to ensure that you enforce proper access control
--- a/19
+++ b/19
@ -0,0 +1,19 @@
+<services>
+  <service name="tar_scm" mode="disabled">
+    <param name="url">https://github.com/etcd-io/etcd.git</param>
+    <param name="scm">git</param>
+    <param name="exclude">.git</param>
+    <param name="revision">v3.5.17</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+  </service>
+  <service mode="disabled" name="set_version">
+  </service>
+  <service name="recompress" mode="disabled">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+  <service name="go_modules" mode="disabled">
+  </service>
+</services>
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/coreos/etcd.git</param>
+              <param name="changesrevision">94745a4eed0425653b3b4275a208d38babceeaec</param></service><service name="tar_scm">
+                <param name="url">git://github.com/etcd-io/etcd.git</param>
+              <param name="changesrevision">99018a77bea9a9d29962e5169876c64e02739c52</param></service><service name="tar_scm">
+                <param name="url">https://github.com/etcd-io/etcd.git</param>
+              <param name="changesrevision">507c0de87bd5034e3de4ab76ebf96b54dae0cd52</param></service></servicedata>
--- a/etcd-3.5.12.tar.gz
+++ b/etcd-3.5.12.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:de10f81bb463e1e057d3a76eaf252c360e5b2b082f2b646539b1ab6e1509d84e
+size 4138338
--- a/etcd-3.5.17.tar.gz
+++ b/etcd-3.5.17.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:881c1dc2352e5be8dc714fb3dade956919b72f072b99b6609bf376239d7f9dc4
+size 4182218
--- a/etcd.changes
+++ b/etcd.changes
--- a/etcd.conf
+++ b/etcd.conf
@ -0,0 +1,119 @@
+
+# Caution: If you mix-and-match configuration options, then the following rules apply.
+# Command-line flags take precedence over environment variables.
+# If you provide a configuration file all command-line flags and environment variables are ignored.
+
+# Set commandline options example: ETCD_OPTIONS="--enable-v2=true" to enable the v2 API
+#ETCD_OPTIONS=""
+
+# [member]
+# Human-readable name for this member.
+ETCD_NAME="default"
+# Path to the data directory.
+ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
+# Path to the dedicated wal directory.
+#ETCD_WAL_DIR=""
+# Number of committed transactions to trigger a snapshot to disk.
+#ETCD_SNAPSHOT_COUNT="10000"
+# Time (in milliseconds) of a heartbeat interval.
+#ETCD_HEARTBEAT_INTERVAL="100"
+# Time (in milliseconds) for an election to timeout.
+#ETCD_ELECTION_TIMEOUT="1000"
+# Raise alarms when backend size exceeds the given quota. 0 means use the
+# default quota.
+#ETCD_QUOTA_BACKEND_BYTES="0"
+# Before changing this setting allowing etcd to be reachable over the network
+# or if you have untrustworthy local users on the system where etc runs please
+# make sure to enable authentication in the [security] section below.
+# Please also read README.security for this package.
+# List of comma separated URLs to listen on for peer traffic.
+#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
+# List of comma separated URLs to listen on for client traffic.
+ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
+# Maximum number of snapshot files to retain (0 is unlimited).
+#ETCD_MAX_SNAPSHOTS="5"
+# Maximum number of wal files to retain (0 is unlimited).
+#ETCD_MAX_WALS="5"
+# Comma-separated white list of origins for CORS (cross-origin resource sharing).
+#ETCD_CORS=""
+# Enable runtime profiling data via HTTP server
+#ETCD_ENABLE_PPROF="true"
+# Force to create a new one member cluster.
+#ETCD_FORCE_NEW_CLUSTER="false"
+#ETCD_AUTO_COMPACTION_MODE="periodic"
+#ETCD_AUTO_COMPACTION_RETENTION="1"
+#
+# [cluster]
+# List of this member's peer URLs to advertise to the rest of the cluster.
+# The URLs needed to be a comma-separated list.
+#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
+# List of this member's client URLs to advertise to the public.
+# The URLs needed to be a comma-separated list.
+ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
+# Discovery URL used to bootstrap the cluster.
+#ETCD_DISCOVERY=""
+# Valid values include 'exit', 'proxy'
+#ETCD_DISCOVERY_FALLBACK="proxy"
+# HTTP proxy to use for traffic to discovery service.
+#ETCD_DISCOVERY_PROXY=""
+# DNS domain used to bootstrap initial cluster.
+#ETCD_DISCOVERY_SRV=""
+# Initial cluster configuration for bootstrapping.
+#ETCD_INITIAL_CLUSTER=""
+# Initial cluster token for the etcd cluster during bootstrap.
+#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+# Initial cluster state ('new' or 'existing').
+#ETCD_INITIAL_CLUSTER_STATE="new"
+# Reject reconfiguration requests that would cause quorum loss.
+#ETCD_STRICT_RECONFIG_CHECK="false"
+# Accept etcd V2 client requests
+#ETCD_ENABLE_V2="true"
+#
+# [security]
+# Path to the client server TLS cert file.
+#ETCD_CERT_FILE=""
+# Path to the client server TLS key file.
+#ETCD_KEY_FILE=""
+# Enable client cert authentication.
+#ETCD_CLIENT_CERT_AUTH="false"
+# Path to the client server TLS trusted CA cert file.
+#ETCD_TRUSTED_CA_FILE=""
+# Client TLS using generated certificates
+#ETCD_AUTO_TLS="false"
+# Path to the peer server TLS cert file.
+#ETCD_PEER_CERT_FILE=""
+# Path to the peer server TLS key file.
+#ETCD_PEER_KEY_FILE=""
+# Enable peer client cert authentication.
+#ETCD_PEER_CLIENT_CERT_AUTH="false"
+# Path to the peer server TLS trusted CA cert file.
+#ETCD_PEER_TRUSTED_CA_FILE=""
+# Peer TLS using generated certificates.
+#ETCD_PEER_AUTO_TLS="false"
+# Allowed CN for inter peer authentication.
+#ETCD_PEER_ALLOWED_CN=""
+# Allowed TLS hostname for inter peer authentication.
+#ETCD_PEER_ALLOWED_HOSTNAME=""
+# The validity period of the self-signed certificate, the unit is year.
+#ETCD_SELF_SIGNED_CERT_VALIDITY="1"
+#
+# [logging]
+# Enable debug-level logging for etcd.
+#ETCD_LOG_LEVEL="debug"
+#ETCD_LOGGER="zap"
+# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
+#ETCD_LOG_OUTPUTS="stderr"
+#
+# [proxy] Note: flags will be deprecated in v3.6. "proxy" supports v2 API only.
+# Valid values include 'on', 'readonly', 'off'
+#ETCD_PROXY="off"
+# Time (in milliseconds) an endpoint will be held in a failed state.
+#ETCD_PROXY_FAILURE_WAIT="5000"
+# Time (in milliseconds) of the endpoints refresh interval.
+#ETCD_PROXY_REFRESH_INTERVAL="30000"
+# Time (in milliseconds) for a dial to timeout.
+#ETCD_PROXY_DIAL_TIMEOUT="1000"
+# Time (in milliseconds) for a write to timeout.
+#ETCD_PROXY_WRITE_TIMEOUT="5000"
+# Time (in milliseconds) for a read to timeout.
+#ETCD_PROXY_READ_TIMEOUT="0"
--- a/etcd.service
+++ b/etcd.service
@ -0,0 +1,35 @@
+[Unit]
+Description=Etcd Server
+After=network.target
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+Type=notify
+WorkingDirectory=/var/lib/etcd/
+EnvironmentFile=-/etc/sysconfig/etcd
+EnvironmentFile=-/etc/default/etcd
+User=etcd
+# set GOMAXPROCS to number of processors
+ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/sbin/etcd $ETCD_OPTIONS"
+Restart=on-failure
+LimitNOFILE=65536
+Nice=-10
+IOSchedulingClass=best-effort
+IOSchedulingPriority=2
+
+[Install]
+WantedBy=multi-user.target
--- a/etcd.spec
+++ b/etcd.spec
@ -0,0 +1,164 @@
+#
+# spec file for package etcd
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+%global etcd_default_file /etc/default/etcd
+
+%define project go.etcd.io/etcd
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
+%endif
+Name:           etcd
+Version:        3.5.17
+Release:        0
+Summary:        Highly-available key value store for configuration and service discovery
+License:        Apache-2.0
+Group:          System/Management
+URL:            https://github.com/etcd-io/etcd
+Source:         %{name}-%{version}.tar.gz
+Source1:        vendor.tar.gz
+Source11:       %{name}.conf
+Source12:       %{name}.service
+Source13:       %{name}.sysconfig
+Source15:       README.security
+Source16:       system-user-etcd.conf
+Source17:       vendor-update.sh
+BuildRequires:  golang(API) >= 1.22
+BuildRequires:  golang-packaging
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  sysuser-tools
+BuildRequires:  xz
+Requires(post): %fillup_prereq
+ExcludeArch:    s390 %{ix86}
+%sysusers_requires
+
+%description
+etcd is a distributed, consistent key-value store for shared configuration and
+service discovery, with a focus on being:
+
+- Simple: well-defined, user-facing API (gRPC)
+- Secure: automatic TLS with optional client cert authentication
+- Fast: benchmarked 10,000 writes/sec
+- Reliable: properly distributed using Raft
+
+%package -n etcdctl
+Summary:        A simple command line client for etcd
+Group:          System/Management
+
+%description -n etcdctl
+A command line client for etcd. It can be used in scripts or for administrators
+to explore an etcd cluster.
+
+%package -n etcdutl
+Summary:        A simple command line client for etcd
+Group:          System/Management
+
+%description -n etcdutl
+A command line administration utility for etcd.
+It's designed to operate directly on etcd data files.
+
+For operations over a network, please use `etcdctl`.
+
+%prep
+%setup -q -a1
+cp %{SOURCE15} .
+cp -rla vendor/* ./ && rm -r vendor/
+
+%build
+%{goprep} %{project}
+
+mkdir -p ./bin
+
+dir=$(pwd)
+for item in server etcdctl etcdutl;do
+  cd "$dir/$item"
+  go build -v \
+    -buildmode=pie \
+    -mod=vendor \
+    -trimpath \
+    -ldflags="-s -w -X main.Version=%{version}" \
+    -o ../bin/"$item"
+done
+cd "$dir"
+
+%sysusers_generate_pre %{SOURCE16} %{name} system-user-etcd.conf
+
+%install
+install -d %{buildroot}%{_sbindir}
+install -D -m 0755 ./bin/server %{buildroot}%{_sbindir}/etcd
+
+install -d %{buildroot}/%{_bindir}
+install -D -m 0755 ./bin/etcdctl %{buildroot}%{_bindir}/etcdctl
+install -D -m 0755 ./bin/etcdutl %{buildroot}%{_bindir}/etcdutl
+
+# Service
+install -D -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}.service
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+
+# Sysconfig
+install -D -p -m 0644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.%{name}
+install -D -p -m 0644 %{SOURCE11} %{buildroot}%{etcd_default_file}
+
+# Additional
+install -d -m 750 %{buildroot}%{_localstatedir}/lib/%{name}
+install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
+
+%pre -f %{name}.pre
+if [ ! -e %{etcd_default_file} -a /etc/sysconfig/etcd ] ; then
+echo "Migrating existing /etc/sysconfig/etcd to %{etcd_default_file}."
+echo "From now on only ETCD_OPTIONS should be in /etc/sysconfig/etcd"
+mv -i /etc/sysconfig/etcd %{etcd_default_file}
+fi
+%service_add_pre %{name}.service
+
+%post
+%service_add_post %{name}.service
+%{fillup_only -n %{name}}
+
+%preun
+%service_del_preun %{name}.service
+
+%postun
+%service_del_postun %{name}.service
+
+%files
+%license LICENSE
+%doc CONTRIBUTING.md README.md DCO README.security
+%{_sbindir}/%{name}
+%{_sysusersdir}/system-user-etcd.conf
+
+# Service
+%{_unitdir}/%{name}.service
+%{_sbindir}/rc%{name}
+
+# Sysconfig
+%{_fillupdir}/sysconfig.%{name}
+
+%config(noreplace) %{etcd_default_file}
+
+# Additional
+%dir %attr(0750,%{name},%{name}) %{_localstatedir}/lib/%{name}
+
+%files -n etcdctl
+%{_bindir}/etcdctl
+%doc etcdctl/README.md etcdctl/READMEv2.md
+
+%files -n etcdutl
+%{_bindir}/etcdutl
+%doc etcdutl/README.md
+
+%changelog
--- a/etcd.sysconfig
+++ b/etcd.sysconfig
@ -0,0 +1,9 @@
+## Path:     Applications/etcd
+## Description:    etcd key value store
+## Type:     string()
+## Default:    ""
+## ServiceRestart: etcd
+#
+# additional options to pass to etcd. e.g. --enable-v2=true
+#
+ETCD_OPTIONS=""
--- a/system-user-etcd.conf
+++ b/system-user-etcd.conf
@ -0,0 +1,2 @@
+#Type Name ID GECOS         Home directory Shell
+u     etcd -  "etcd daemon" /var/lib/etcd  -
--- a/vendor-update.sh
+++ b/vendor-update.sh
@ -0,0 +1,51 @@
+#!/usr/bin/bash
+#
+# Script to update the vendor tarball
+# Author: Elisei Roca
+#------------------------------------
+
+set -eo pipefail
+# set -x
+
+NAME=etcd
+STACK=("server" "etcdctl" "etcdutl")
+VERSION=$(grep -oP '(?<=Version:)(.*)' etcd.spec | xargs)
+
+[ ! -f "$NAME-$VERSION".tar.gz ] && echo "$NAME-$VERSION.tar.gz does not exist" && exit 1 
+
+echo "Updating vendor file..."
+
+tempdir="$(mktemp -d --suffix=.etcd)"
+function cleanup() {
+  rm -rf "${tempdir}"
+}
+trap cleanup EXIT
+
+mkdir -p "${tempdir}/vendor"
+
+tar --strip-components=1 -xvf "$NAME-$VERSION".tar.gz -C "${tempdir}" &> /dev/null
+
+dir=$(pwd)
+for item in ${STACK[*]}; do
+	mkdir "${tempdir}/vendor/${item}"
+	cd "${tempdir}/${item}"
+	go mod vendor
+	mv vendor/ ../vendor/"$item"
+done
+cd "$dir"
+
+fdupes -r -1 "${tempdir}/vendor/" |
+  while read line; do 
+    target="";
+    for file in ${line[*]}; do
+      if [ "x${target}" == "x" ]; then
+        target=$file;
+      else
+        ln -f "${target}" "${file}";
+      fi; 
+    done;
+  done
+
+tar -czvf vendor.tar.gz -C "${tempdir}" vendor &> /dev/null
+
+echo "Repacked to vendor.tar.gz"
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4fc63292a8b51a65e602c5b765125b2aab26d5ff4d2ff0ad61ea18777410d9e3
+size 5421959