salt/0002-Run-salt-master-as-dedicated-salt-user.patch

From cd60b85c9e6bfd8ebf3505e5ff05e7fdec6211d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 20 Jan 2016 11:01:06 +0100
Subject: [PATCH 02/22] Run salt master as dedicated salt user

---
 conf/master               | 3 ++-
 pkg/salt-common.logrotate | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/conf/master b/conf/master
index 643b5f4..36657e8 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,8 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+user: salt
+syndic_user: salt
 
 # The port used by the communication interface. The ret (return) port is the
 # interface used for the file server, authentication, job returns, etc.
diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate
index 3cd0023..8d970c0 100644
--- a/pkg/salt-common.logrotate
+++ b/pkg/salt-common.logrotate
@@ -1,4 +1,5 @@
 /var/log/salt/master {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
@@ -7,6 +8,7 @@
 }
 
 /var/log/salt/minion {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
@@ -15,6 +17,7 @@
 }
 
 /var/log/salt/key {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
-- 
2.1.4
Accepting request 361294 from systemsmanagement:saltstack - fix argument handling of pkg.download Add: 0022-fix-argument-handling-for-pkg.download.patch - unify behavior of zypper refresh in salt Add: 0018-unify-behavior-of-refresh.patch 0019-add-refresh-option-to-more-functions.patch 0020-simplify-checking-the-refresh-paramater.patch 0021-do-not-change-kwargs-in-refresh-while-checking-a-val.patch - Fix crash with scheduler and runners Add: 0017-Fix-crash-with-scheduler-and-runners-31106.patch - Call zypper always with --non-interactive Add: * 0015-call-zypper-with-option-non-interactive-everywhere.patch * 0016-write-a-zypper-command-builder-function.patch - require rpm-python on SUSE for zypper support - fix state return code Add: 0009-The-functions-in-the-state-module-that-return-a-retc.patch - add handling of OEM products to pkg.list_products Add: 0010-add-handling-for-OEM-products.patch - improve doc for list_pkgs Add: 0011-improve-doc-for-list_pkgs.patch - implement pkg.version_cmp in zypper.py Add: * 0012-implement-version_cmp-for-zypper.patch * 0013-pylint-changes.patch * 0014-Check-if-rpm-python-can-be-imported.patch - Update to 2015.8.7 this is a small update to fix some regressions see https://docs.saltstack.com/en/latest/topics/releases/2015.8.7.html - Booleans should not be strings from XML, add Unix ticks time and format result in a list of maps. Add: * 0008-Fix-types-in-the-output-data-and-return-just-a-list-.patch - Stop salt-api daemon faster (bsc#963322) Add: * 0007-Force-kill-websocket-s-child-processes-faster-than-d.patch - Do not crash on salt-key reject/delete consecutive calls. Add: * 0006-add_key-reject_key-do-not-crash-w-Permission-denied-.patch - Update to 2015.8.5 See https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html Dropped patches (all upstream): * 0003-List-products-consistently-across-all-SLES-systems.patch * 0004-Add-missing-return-data-to-scheduled-jobs.patch * 0005-Fix-RPM-issues-with-the-date-time-and-add-package-at.patch * 0006-Bugfix-info_available-does-not-work-correctly-on-SLE.patch Renamed patches: * 0007-Check-if-byte-strings-are-properly-encoded-in-UTF-8.patch -> 0003-Check-if-byte-strings-are-properly-encoded-in-UTF-8.patch * 0008-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch -> 0004-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch * 0009-Fix-package-status-filtering-on-latest-version-and-i.patch -> 0005-Fix-package-status-filtering-on-latest-version-and-i.patch - Update to 2015.8.4 See https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html - Fix latest version available comparison and implement epoch support in Zypper module. Add: * 0009-Fix-package-status-filtering-on-latest-version-and-i.patch - Update patch from opensuse to upstream version. Update: * 0008-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch - Fix dependencies to Salt subpackages requiring release along the version. - Fix pkg.latest crash. - Fix pkg.latest SLS ID bug, when pkgs empty list is passed, but SLS ID still treated as a package name. Add: * 0008-Fix-pkg.latest-prevent-crash-on-multiple-package-ins.patch - Drop: * -0004-zypper-check-package-header-content-for-valid-utf-8.patch - Rename: * -0004-zypper-check-package-header-content-for-valid-utf-8.patch +0004-Add-missing-return-data-to-scheduled-jobs.patch * -0005-Add-missing-return-data-to-scheduled-jobs.patch +0004-Add-missing-return-data-to-scheduled-jobs.patch * -0006-Fix-RPM-issues-with-the-date-time-and-add-package-at.patch +0005-Fix-RPM-issues-with-the-date-time-and-add-package-at.patch * -0007-Bugfix-info_available-does-not-work-correctly-on-SLE.patch +0006-Bugfix-info_available-does-not-work-correctly-on-SLE.patch - Add: * 0007-Check-if-byte-strings-are-properly-encoded-in-UTF-8.patch - Rename use-forking-daemon.patch to 0001-tserong-suse.com-We-don-t-have-python-systemd-so-not.patch - Rename use-salt-user-for-master.patch to 0002-Run-salt-master-as-dedicated-salt-user.patch - Rename 1efe484309a5c776974e723f3da0f5181f4bdb86.patch to 0003-List-products-consistently-across-all-SLES-systems.patch - Rename zypper-utf-8.patch to 0004-zypper-check-package-header-content-for-valid-utf-8.patch - Rename salt-2015.8-schedule-ret.patch to 0005-Add-missing-return-data-to-scheduled-jobs.patch - Rename salt-2015.8-pkg-zypper-attr-filtering.patch to 0006-Fix-RPM-issues-with-the-date-time-and-add-package-at.patch - Rename salt-2015.8-zypper-info.patch to 0007-Bugfix-info_available-does-not-work-correctly-on-SLE.patch OBS-URL: https://build.opensuse.org/request/show/361294 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=55 2016-02-24 18:43:06 +01:00			`From cd60b85c9e6bfd8ebf3505e5ff05e7fdec6211d6 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>`
			`Date: Wed, 20 Jan 2016 11:01:06 +0100`
			`Subject: [PATCH 02/22] Run salt master as dedicated salt user`

			`---`
			`conf/master \| 3 ++-`
			`pkg/salt-common.logrotate \| 3 +++`
			`2 files changed, 5 insertions(+), 1 deletion(-)`

			`diff --git a/conf/master b/conf/master`
			`index 643b5f4..36657e8 100644`
			`--- a/conf/master`
			`+++ b/conf/master`
			`@@ -25,7 +25,8 @@`
			`# permissions to allow the specified user to run the master. The exception is`
			`# the job cache, which must be deleted if this user is changed. If the`
			`# modified files cause conflicts, set verify_env to False.`
			`-#user: root`
			`+user: salt`
			`+syndic_user: salt`

			`# The port used by the communication interface. The ret (return) port is the`
			`# interface used for the file server, authentication, job returns, etc.`
			`diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate`
			`index 3cd0023..8d970c0 100644`
			`--- a/pkg/salt-common.logrotate`
			`+++ b/pkg/salt-common.logrotate`
			`@@ -1,4 +1,5 @@`
			`/var/log/salt/master {`
			`+ su salt salt`
			`weekly`
			`missingok`
			`rotate 7`
			`@@ -7,6 +8,7 @@`
			`}`

			`/var/log/salt/minion {`
			`+ su salt salt`
			`weekly`
			`missingok`
			`rotate 7`
			`@@ -15,6 +17,7 @@`
			`}`

			`/var/log/salt/key {`
			`+ su salt salt`
			`weekly`
			`missingok`
			`rotate 7`
			`--`
			`2.1.4`