From 8bba5e9cf6d9103c07821b2e479ed1865ebe999af22d36db088decdedcfb6d37 Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Thu, 9 Jun 2022 16:46:15 +0000 Subject: [PATCH 1/2] - Update to version 2.14.0: * NEWS: update v2.14.0 * docs/operator-notes: add section on provisioning secrets * Dockerfile.validate: build with Fedora 36 * internal/resource: fix gs:// fetches in GCE without a service account * docs/operator-notes: document supported S3 URL formats * internal/resource: fix S3 access point object ARNs * exec/util: fix infinite loop in Depth() if -root is relative * Add ignition-delete-config.service and ignition-rmcfg symlink * providers/virtualbox: support deleting Ignition configs * providers/virtualbox: add comment referencing VirtualBox source * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP * providers/virtualbox: add helper to set up hypervisor connection * providers/vmware: support deleting Ignition configs * main: add ignition-rmcfg multicall binary * go.mod: add github.com/beevik/etree * providers/vmware: switch to internal copy of OVF parser * internal/resource: fix bucket field in error message * internal/resource: derive AWS region hint from ARN partition field * internal/resource: simplify test * internal/resource: fix minor nits * provider/azure: try to fetch userdata from IMDS * providers/vmware: convert OVF tests to testify * providers/vmware: drop vmw-ovflib docs * providers/vmware: add verbatim copy of vmw-ovflib * providers/vmware: add constants for guestinfo and OVF property names * providers/virtualbox: fix reading properties with flags * internal/resource: support S3 access point URLs - Update fixes CVE from [bsc#1199524]; this introduces a new service "ignition-delete-config.service" - Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment - Use fixed paths in spec file for hardcoded installation paths OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=95 --- README.SUSE | 5 +++++ _service | 6 +++--- _servicedata | 6 +++--- ignition-2.13.0.tar.xz | 3 --- ignition-2.14.0.tar.xz | 3 +++ ignition-rmcfg-suse.conf | 9 +++++++++ ignition.changes | 36 ++++++++++++++++++++++++++++++++++++ ignition.spec | 31 +++++++++++++++++++++++++------ 8 files changed, 84 insertions(+), 15 deletions(-) delete mode 100644 ignition-2.13.0.tar.xz create mode 100644 ignition-2.14.0.tar.xz create mode 100644 ignition-rmcfg-suse.conf diff --git a/README.SUSE b/README.SUSE index d11dd6a..be93d3b 100644 --- a/README.SUSE +++ b/README.SUSE @@ -18,6 +18,11 @@ Changes for openSUSE / SLE: Set timeout for Ignition device so boot will just continue if no physical Ignition configuration device is attached (e.g. when using platform specific configuration). +* ignition-rmcfg-suse.conf: + Adapt systemd service to match our own packaging: We do not support + ConditionFirstBoot, and additionally support auto-detection of the platform + (see ignition-suse-generator), so the detection whether the stage should be + called has to be done via shell script. * ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel after Ignition runs; Ignition would support SELinux itself, however this is a compile time option, so it can't be diff --git a/_service b/_service index 5f2901a..2bf8b8f 100644 --- a/_service +++ b/_service @@ -1,8 +1,8 @@ - 2.13.0 - v2.13.0 - git://github.com/coreos/ignition.git + 2.14.0 + v2.14.0 + https://github.com/coreos/ignition git enable diff --git a/_servicedata b/_servicedata index 272fbb0..82a8130 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ - git://github.com/coreos/ignition.git - 103783f0d74dafc5fbad38c6de6ff983d0b6aef2 + https://github.com/coreos/ignition + d10f7c1ac3576c1010cecaa74b12a502cbfbffce - \ No newline at end of file + diff --git a/ignition-2.13.0.tar.xz b/ignition-2.13.0.tar.xz deleted file mode 100644 index f648948..0000000 --- a/ignition-2.13.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:91ec0315c37237f2edeb8130722c3715884eeb49baf6c6bf2fc0a3383b07645a -size 2291392 diff --git a/ignition-2.14.0.tar.xz b/ignition-2.14.0.tar.xz new file mode 100644 index 0000000..da98531 --- /dev/null +++ b/ignition-2.14.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:babaa5bcd775b227ee010a01313d3a6984d6edb4f4146ab067de8eca458fb340 +size 2352848 diff --git a/ignition-rmcfg-suse.conf b/ignition-rmcfg-suse.conf new file mode 100644 index 0000000..c47b4aa --- /dev/null +++ b/ignition-rmcfg-suse.conf @@ -0,0 +1,9 @@ +[Unit] +ConditionFirstBoot= +ConditionKernelCommandLine= +ConditionKernelCommandLine=|ignition.firstboot + +[Service] +ExecStart= +ExecStart=/bin/bash -c 'if [ "${PLATFORM_ID}" = virtualbox -o "${PLATFORM_ID}" = vmware ]; then /usr/libexec/ignition-rmcfg --platform=${PLATFORM_ID}; fi' + diff --git a/ignition.changes b/ignition.changes index 1b518a2..95d5f5f 100644 --- a/ignition.changes +++ b/ignition.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Wed May 18 12:37:46 UTC 2022 - iforster@suse.com + +- Update to version 2.14.0: + * NEWS: update v2.14.0 + * docs/operator-notes: add section on provisioning secrets + * Dockerfile.validate: build with Fedora 36 + * internal/resource: fix gs:// fetches in GCE without a service account + * docs/operator-notes: document supported S3 URL formats + * internal/resource: fix S3 access point object ARNs + * exec/util: fix infinite loop in Depth() if -root is relative + * Add ignition-delete-config.service and ignition-rmcfg symlink + * providers/virtualbox: support deleting Ignition configs + * providers/virtualbox: add comment referencing VirtualBox source + * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP + * providers/virtualbox: add helper to set up hypervisor connection + * providers/vmware: support deleting Ignition configs + * main: add ignition-rmcfg multicall binary + * go.mod: add github.com/beevik/etree + * providers/vmware: switch to internal copy of OVF parser + * internal/resource: fix bucket field in error message + * internal/resource: derive AWS region hint from ARN partition field + * internal/resource: simplify test + * internal/resource: fix minor nits + * provider/azure: try to fetch userdata from IMDS + * providers/vmware: convert OVF tests to testify + * providers/vmware: drop vmw-ovflib docs + * providers/vmware: add verbatim copy of vmw-ovflib + * providers/vmware: add constants for guestinfo and OVF property names + * providers/virtualbox: fix reading properties with flags + * internal/resource: support S3 access point URLs +- Update fixes CVE from [bsc#1199524]; this introduces a new + service "ignition-delete-config.service" +- Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment +- Use fixed paths in spec file for hardcoded installation paths + ------------------------------------------------------------------- Fri Apr 8 13:47:56 UTC 2022 - Ignaz Forster diff --git a/ignition.spec b/ignition.spec index 49c17e2..ba75426 100644 --- a/ignition.spec +++ b/ignition.spec @@ -17,7 +17,7 @@ Name: ignition -Version: 2.13.0 +Version: 2.14.0 Release: 0 Summary: First boot installer and configuration tool License: Apache-2.0 @@ -38,6 +38,7 @@ Source11: ignition-enable-network.sh Source12: ignition-kargs-helper Source13: ignition-remove-reconfig_system.service Source14: ignition-touch-selinux-autorelabel.conf +Source15: ignition-rmcfg-suse.conf Source20: ignition-userconfig-timeout.conf Source21: ignition-userconfig-timeout-arm.conf Patch2: 0002-allow-multiple-mounts-of-same-device.patch @@ -87,7 +88,7 @@ which creates firstboot_happened after the first boot. %prep %autosetup -p1 -mkdir dracut/30ignition-microos grub systemd_suse +mkdir -p dracut/30ignition-microos grub systemd_suse/ignition-delete-config.service.d chmod +x %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE12} cp %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} %{SOURCE13} %{SOURCE14} dracut/30ignition-microos/ %ifarch aarch64 %{arm} @@ -97,6 +98,7 @@ cp %{SOURCE20} dracut/30ignition-microos/ignition-userconfig-timeout.conf %endif cp %{SOURCE5} grub/ cp %{SOURCE6} systemd_suse/ +cp %{SOURCE15} systemd_suse/ignition-delete-config.service.d/ cp %{SOURCE7} . cp %{SOURCE12} dracut/30ignition/ignition-kargs-helper.sh @@ -109,8 +111,13 @@ make -o all install DESTDIR=%{buildroot} install -d %{buildroot}%{_sysconfdir}/grub.d install -d %{buildroot}%{_prefix}/lib/systemd/system +install -d %{buildroot}%{_prefix}/lib/systemd/system/ignition-delete-config.service.d install -p -m 0755 grub/* %{buildroot}%{_sysconfdir}/grub.d/ -install -p -m 0644 systemd_suse/* %{buildroot}%{_prefix}/lib/systemd/system/ +install -p -m 0644 systemd_suse/*.service %{buildroot}%{_prefix}/lib/systemd/system/ +install -p -m 0644 systemd_suse/ignition-delete-config.service.d/* %{buildroot}%{_prefix}/lib/systemd/system/ignition-delete-config.service.d + +%pre +%service_add_pre ignition-delete-config.service %post %{?regenerate_initrd_post} @@ -121,6 +128,13 @@ if [ "$1" -ne 1 ]; then mkdir -p %{_rundir}/ignition-dracut/ touch %{_rundir}/ignition-dracut/isupgrade fi +%service_add_post ignition-delete-config.service + +%preun +%service_del_preun ignition-delete-config.service + +%postun +%service_del_postun_without_restart ignition-delete-config.service %posttrans %{?regenerate_initrd_posttrans} @@ -152,9 +166,14 @@ fi %files %license LICENSE %doc README.md README.SUSE docs/*.md -%{_prefix}/lib/dracut/modules.d/30ignition -%{_prefix}/lib/dracut/modules.d/30ignition-microos -%{_bindir}/ignition-validate +# Paths are hardcoded in the Makefile +/usr/lib/dracut/modules.d/30ignition +/usr/lib/dracut/modules.d/30ignition-microos +/usr/bin/ignition-validate +/usr/libexec/ignition-rmcfg +/usr/lib/systemd/system/ignition-delete-config.service +%dir %{_unitdir}/ignition-delete-config.service.d +%{_unitdir}/ignition-delete-config.service.d/ignition-rmcfg-suse.conf %files dracut-grub2 %license LICENSE From a54e27fc9ca7a31a62fd79a6410384c4b6d1923dd6dea2680aab96ec9954399e Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Fri, 10 Jun 2022 22:25:46 +0000 Subject: [PATCH 2/2] Move ignition-rmcfg to /usr/sbin OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=96 --- ignition-rmcfg-suse.conf | 2 +- ignition.spec | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ignition-rmcfg-suse.conf b/ignition-rmcfg-suse.conf index c47b4aa..77f3aa4 100644 --- a/ignition-rmcfg-suse.conf +++ b/ignition-rmcfg-suse.conf @@ -5,5 +5,5 @@ ConditionKernelCommandLine=|ignition.firstboot [Service] ExecStart= -ExecStart=/bin/bash -c 'if [ "${PLATFORM_ID}" = virtualbox -o "${PLATFORM_ID}" = vmware ]; then /usr/libexec/ignition-rmcfg --platform=${PLATFORM_ID}; fi' +ExecStart=/bin/bash -c 'if [ "${PLATFORM_ID}" = virtualbox -o "${PLATFORM_ID}" = vmware ]; then /usr/sbin/ignition-rmcfg --platform=${PLATFORM_ID}; fi' diff --git a/ignition.spec b/ignition.spec index ba75426..e4cd4bf 100644 --- a/ignition.spec +++ b/ignition.spec @@ -110,11 +110,13 @@ env VERSION=%{version} GLDFLAGS='-X github.com/coreos/ignition/v2/internal/distr make -o all install DESTDIR=%{buildroot} install -d %{buildroot}%{_sysconfdir}/grub.d -install -d %{buildroot}%{_prefix}/lib/systemd/system -install -d %{buildroot}%{_prefix}/lib/systemd/system/ignition-delete-config.service.d +install -d %{buildroot}%{_unitdir}/ignition-delete-config.service.d install -p -m 0755 grub/* %{buildroot}%{_sysconfdir}/grub.d/ install -p -m 0644 systemd_suse/*.service %{buildroot}%{_prefix}/lib/systemd/system/ install -p -m 0644 systemd_suse/ignition-delete-config.service.d/* %{buildroot}%{_prefix}/lib/systemd/system/ignition-delete-config.service.d +install -d %{buildroot}%{_sbindir}/ +mv %{buildroot}/usr/libexec/ignition-rmcfg %{buildroot}/%{_sbindir}/ +rmdir %{buildroot}/usr/libexec %pre %service_add_pre ignition-delete-config.service @@ -170,8 +172,8 @@ fi /usr/lib/dracut/modules.d/30ignition /usr/lib/dracut/modules.d/30ignition-microos /usr/bin/ignition-validate -/usr/libexec/ignition-rmcfg /usr/lib/systemd/system/ignition-delete-config.service +%{_sbindir}/ignition-rmcfg %dir %{_unitdir}/ignition-delete-config.service.d %{_unitdir}/ignition-delete-config.service.d/ignition-rmcfg-suse.conf