Accepting request 838587 from network

- Fix wrong default directories for OVS python utilities (bsc#1176273). - Add upstream patches to fix openvswitch-ipsec service (bsc#1176273). * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch OBS-URL: https://build.opensuse.org/request/show/838587 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=52
2020-09-29 17:05:38 +00:00 · 2020-09-29 17:05:38 +00:00 · f8e0680c4e
commit f8e0680c4e
parent 45fcd6615a 00e85ebde6
3 changed files with 82 additions and 14 deletions
--- a/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+++ b/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
@ -0,0 +1,56 @@
+From 0723a7b85fa446bbe372567f9e06869041982e9b Mon Sep 17 00:00:00 2001
+From: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
+Date: Wed, 8 Apr 2020 11:47:20 +0100
+Subject: [PATCH 1/2] ipsec: Fix Strongswan configuration syntax.
+
+Strongswan seems to have .opt files in the source tree with the dotted
+option syntax. It seems that up until version 5.6, the syntax was also
+accepted by Strongswan.
+
+However, the .opt files are converted to .conf files during Strongswan
+build, and the dotted syntax is no longer accepted by Strongswan (tested
+on 5.8.2).
+
+The effect was that the ovs ipsec monitor fails to start Strongswan,
+since that complains with:
+/etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]
+
+This commit fixes the configuration file provided to Strongswan to .conf
+syntax.
+
+Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
+Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+---
+ ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
+index 37e370324..da8b92b6c 100755
+--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
+@@ -145,10 +145,18 @@ class StrongSwanHelper(object):
+     """This class does StrongSwan specific configurations."""
+ 
+     STRONGSWAN_CONF = """%s
+-charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
+-charon.plugins.kernel-netlink.xfrm_ack_expires = 10
+-charon.load_modular = yes
+-charon.plugins.gcm.load = yes
+charon {
+  plugins {
+    kernel-netlink {
+      set_proto_port_transport_sa = yes
+      xfrm_ack_expires = 10
+    }
+    gcm {
+      load = yes
+    }
+  }
+  load_modular = yes
+}
+ """ % (FILE_HEADER)
+ 
+     CONF_HEADER = """%s
+-- 
+2.26.2
+
--- a/openvswitch.changes
+++ b/openvswitch.changes
@ -1,7 +1,14 @@
+-------------------------------------------------------------------
+Tue Sep 29 10:41:30 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
+
+- Fix wrong default directories for OVS python utilities (bsc#1176273). 
+- Add upstream patches to fix openvswitch-ipsec service (bsc#1176273).
+  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+
 -------------------------------------------------------------------
 Tue Sep  1 13:50:47 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>

- Update openvswitch to 2.13.0. For a list of changes, check
+- Update openvswitch to 2.14.0. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.0/NEWS 
 - Update OVN to 20.06.2. For a list of changes, check
  https://github.com/ovn-org/ovn/blob/v20.06.2/NEWS 
--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -70,6 +70,8 @@ Patch2:         0001-Don-t-change-permissions-of-dev-hugepages.patch
 Patch3:         0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
 # PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
 Patch4:         0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+# PATCH-FIX-UPSTREAM: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+Patch5:         0001-ipsec-Fix-Strongswan-configuration-syntax.patch
 #OVN patches
 # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
 Patch20:        0001-Run-ovn-as-openvswitch-openvswitch.patch
@ -261,6 +263,7 @@ performance and connectivity issues in Open vSwitch setup.
 # OVN preambles from now on, overwrites Version and URL
 %package -n ovn
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network diagnostic utilities
 License:        Apache-2.0
 Group:          Productivity/Networking/System
@ -285,6 +288,7 @@ overlays and security groups.

 %package -n ovn-central
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
@ -293,8 +297,8 @@ Requires:       %{name} = %{ovs_version}
 Requires:       ovn = %{ovn_version}
 # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep}
 Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-northd
-Provides:       %{name}-ovn:%{_bindir}/ovn-northd
 Provides:       %{name}-ovn-central = %{ovn_version}
+Provides:       %{name}-ovn:%{_bindir}/ovn-northd
 Obsoletes:      %{name}-ovn-central < 2.13.0

 %description -n ovn-central
@ -302,6 +306,7 @@ This subpackage contains the OVN database and northbound daemon.

 %package -n ovn-host
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
@ -310,8 +315,8 @@ Requires:       %{name} = %{ovs_version}
 Requires:       ovn = %{ovn_version}
 # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep}
 Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller
-Provides:       %{name}-ovn:%{_bindir}/ovn-controller
 Provides:       %{name}-ovn-host = %{ovn_version}
+Provides:       %{name}-ovn:%{_bindir}/ovn-controller
 Obsoletes:      %{name}-ovn-host < 2.13.0

 %description -n ovn-host
@ -319,6 +324,7 @@ This subpackage contains the OVN host controller.

 %package -n ovn-vtep
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network VTEP controller for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
@ -327,8 +333,8 @@ Requires:       %{name} = %{ovs_version}
 Requires:       ovn = %{ovn_version}
 # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep}
 Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller-vtep
-Provides:       %{name}-ovn:%{_bindir}/ovn-controller-vtep
 Provides:       %{name}-ovn-vtep = %{ovn_version}
+Provides:       %{name}-ovn:%{_bindir}/ovn-controller-vtep
 Obsoletes:      %{name}-ovn-vtep < 2.13.0

 %description -n ovn-vtep
@ -336,6 +342,7 @@ This subpackage contains the OVN VTEP (VXLAN Tunnel Endpoint) controller.

 %package -n ovn-docker
 Version:        %{ovn_version}
+Release:        0
 Summary:        Docker network plugins for OVN
 License:        Apache-2.0
 Group:          Productivity/Networking/System
@ -345,8 +352,8 @@ Requires:       ovn = %{ovn_version}
 Requires:       python3-openvswitch = %{ovs_version}
 # openvswitch-ovn has been split into openvswitch-ovn-{central,common,docker,host,vtep}
 Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-docker-overlay-driver
-Provides:       %{name}-ovn:%{_bindir}/ovn-docker-overlay-driver
 Provides:       %{name}-ovn-docker = %{ovn_version}
+Provides:       %{name}-ovn:%{_bindir}/ovn-docker-overlay-driver
 Obsoletes:      %{name}-ovn-docker < 2.13.0

 %description -n ovn-docker
@ -354,6 +361,7 @@ This subpackage contains the OVN Docker network plugins.

 %package -n ovn-doc
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network Documentation
 License:        Apache-2.0
 Group:          System/Libraries
@ -364,6 +372,7 @@ Contains additional documentation for OVN.

 %package -n %{ovn_lname}
 Version:        %{ovn_version}
+Release:        0
 Summary:        Open Virtual Network core libraries
 License:        Apache-2.0
 Group:          System/Libraries
@ -373,6 +382,7 @@ iThis subpackage contains the OVN shared libraries.

 %package -n ovn-devel
 Version:        %{ovn_version}
+Release:        0
 Summary:        Development files for Open Virtual Network
 License:        Apache-2.0
 Group:          Development/Libraries/C and C++
@ -390,6 +400,7 @@ Devel libraries and headers for Open Virtual Network.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cd %{ovn_dir}
 %patch20 -p1

@ -514,7 +525,6 @@ for flavor in %{flavors_to_build}; do
 done
 %endif

-
 # Install OVS dist files on temp buildroot.
 mkdir -p buildroot/ovs
 pushd %ovs_dir
@ -525,7 +535,6 @@ popd
 rm -f buildroot/ovs%{_libdir}/*.a
 rm -f buildroot/ovs%{_libdir}/*.la

-
 # Install OVN dist files on temp build root.
 mkdir -p buildroot/ovn
 pushd %ovn_dir
@ -548,7 +557,6 @@ dupes=$(find buildroot -mindepth 2 -type f -printf '%p\n' | cut -d'/' -f3- | sor
 cp -an buildroot/ovn/* %{buildroot}/
 cp -an buildroot/ovs/* %{buildroot}/

-
 # Install OVS additional files
 pushd %ovs_dir

@ -630,12 +638,10 @@ cp -a %{buildroot}%{_datadir}/openvswitch/python/ovstest \
 # Python subpackage
 # Build on a temporary directory.
 mkdir python3-ovs && pushd $_
-cp -a ../%{ovs_dir}/python/* $(pwd)/
-
 # Some build files are in sources while others are generated directly on
-# buildroot as part of make_install (dirs.py), so update the former with the
-# latter.
-cp -an %{buildroot}%{_datadir}/openvswitch/python/* $(pwd)/
+# buildroot as part of make_install (dirs.py). Copy them first. 
+cp -an ../buildroot/ovs%{_datadir}/openvswitch/python/* $(pwd)/
+cp -an ../%{ovs_dir}/python/* $(pwd)/
 rm -rf %{buildroot}%{_datadir}/openvswitch/python

 export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}"
@ -655,7 +661,6 @@ export CPPFLAGS="-I ../../include"
 # Done with OVS additional files.
 popd

-
 # Install OVN aditional files.
 pushd %ovn_dir