From 3afaa5b5c4d5866e9380cd7a6eab7ad5ba68861159a46f411459a12a043069dc Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Thu, 10 Jul 2025 10:24:58 +0000 Subject: [PATCH 1/6] Accepting request 1291648 from home:mslacken:pr - update to 4.6.2 which contains the (preview) support for provisioning to local disk - incoperated from 4.6.1 * rest api which is disabled in the default configuration - removed following files as fixed upstream: * fixup-pdf-build.patch * security-fixes.patch * udev-regression.patch - marked slurm as recommeneded in the warewulf4-overlay-slurm package bsc#124608 OBS-URL: https://build.opensuse.org/request/show/1291648 OBS-URL: https://build.opensuse.org/package/show/network:cluster/warewulf4?expand=0&rev=115 --- .gitattributes | 23 ++ .gitignore | 1 + README.RKE2.md | 43 ++++ README.dnsmasq | 52 +++++ _service | 22 ++ adjust_overlays.sh | 47 ++++ config-ww4.sh | 99 +++++++++ vendor.tar.xz | 3 + warewulf-4.6.2.obscpio | 3 + warewulf.obsinfo | 4 + warewulf4-rpmlintrc | 20 ++ warewulf4.changes | 473 +++++++++++++++++++++++++++++++++++++++++ warewulf4.spec | 338 +++++++++++++++++++++++++++++ 13 files changed, 1128 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 README.RKE2.md create mode 100644 README.dnsmasq create mode 100644 _service create mode 100644 adjust_overlays.sh create mode 100644 config-ww4.sh create mode 100644 vendor.tar.xz create mode 100644 warewulf-4.6.2.obscpio create mode 100644 warewulf.obsinfo create mode 100644 warewulf4-rpmlintrc create mode 100644 warewulf4.changes create mode 100644 warewulf4.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/README.RKE2.md b/README.RKE2.md new file mode 100644 index 0000000..c9f435c --- /dev/null +++ b/README.RKE2.md @@ -0,0 +1,43 @@ +# RKE2 Cluster Configuration HOWTO + +The package warewulf4-overlay-rke2 provides a configuration template +to share a connection token - a shared secret - and the hostname of +the first server endpoint across an RKE2 cluster. +To use it, + +- create a profile `rke2-config-key`: + + ``` + wwctl profile add rke2-config-key + token="$(printf 'K'; \ + for n in {1..20}; do printf %x $RANDOM; done; \ + printf "::server:"; \ + for n in {1..20}; do printf %x $RANDOM; done)" + wwctl profile set --tagadd="connectiontoken=${token}" \ + -O rke2-config rke2-config-key + ``` +- create a profile `rke2-config-first-server`: + + ``` + server= + wwctl profile add rke2-config-first-server + wwctl profile set --tagadd="server=${server}" -O rke2-config rke2-config-first-server + + ``` +- add the `rke2-config-key` profile to the server node: + + ``` + wwctl node set -P default,rke2-config-key $server + + ``` +- finally, add both profiles to the agent nodes: + + ``` + agents="" + wwctl node set -P default,rke2-config-key,rke2-config-first-server $agents + ``` + +In case the RKE2 server node is not deployed by Warewulf, you will +have to grab the connection token (see variable `token` above) from +the file `/var/lib/rancher/rke2/server/node-token` on the running +server. diff --git a/README.dnsmasq b/README.dnsmasq new file mode 100644 index 0000000..ef5f83b --- /dev/null +++ b/README.dnsmasq @@ -0,0 +1,52 @@ +Replace dhcpd and tftp with dnsmasq +=================================== + +The isc `dhcpd` server and `tftp` service can be replaced by `dnsmasq` as +singe service, which has also the benefit that dns entries for the +wwarewulf cluster will then also be provided. + +Installation +----------- + +Before the installation, make sure that `dhcpd` and `tftp` are disabled. +You can do that with the commands: +``` +systemctl disable dhcpd +systemctl stop dhcpd +systemctl disable tftp +systemctl stop tftp +``` + +Now you can install `dnsmasq` with command +``` +zypper install dnsmasq +``` + +After the installation you have to instruct `warewulf` to use `dnsmasq` as +`dhcpd` and `tftp` service, `dnsmasq` has to be specified in the configuration +file `/etc/warewulf/warewulf.conf`. There you have to change the two following +values: +``` +tftp: + systemd name: dnsmasq +dhcp: + systemd name: dnsmasq +``` + +The configuration of `dnsmasq` doesn't need to be changed, as the default configuration +includes all files with following pattern `/etc/dnsmasq.d/*conf` into its configuration. +This configuration is created by the template `overlays/host/etc/dnsmasq.d/ww4-hosts.conf.ww`. +In order to build this template run +``` +wwctl overlay build -H +``` +After that the `dnsmasq` service has to be enabled with either +``` +systemctl enable --now dnsmasq +``` +or by (re)configuring warewulf with +``` +wwctl configure dhcp +wwctl configure tftp +``` + diff --git a/_service b/_service new file mode 100644 index 0000000..21621dc --- /dev/null +++ b/_service @@ -0,0 +1,22 @@ + + + https://github.com/warewulf/warewulf.git + git + v4.6.2 + @PARENT_TAG@ + v(.*) + enable + enable + yes + + + + + yes + + + xz + warewulf*obscpio + + + diff --git a/adjust_overlays.sh b/adjust_overlays.sh new file mode 100644 index 0000000..34bce52 --- /dev/null +++ b/adjust_overlays.sh @@ -0,0 +1,47 @@ +#! /bin/sh +# when updating from an older version of the overlay package +# move added/modified overlay files to the new location. +error=0 + +src=/usr/share/warewulf/overlays +dst=/var/lib/warewulf/overlays + +test -d $src || exit 0 + +for i in $(find -P $src -maxdepth 1 -mindepth 1 -type d) +do + d=$(basename -s "" $i) + if [ ! -d $dst/$d ] + then + mkdir -p /var/lib/warewulf/overlays/$d/rootfs || { error=1; continue; } + elif [ ! -d $dst/$d/rootfs ] + then + mkdir -p $dst/$d/rootfs || { error=1; continue; } + fi + for j in $(find -P $src/$d -not -type d) + do + D=$(dirname $j) + D=${D##$src/$d} + f=$(basename -s ".rpmsave" $j) + if [ ! -d $dst/$d/rootfs/$D ] + then + mkdir -p $dst/$d/rootfs/$D || { error=1; continue; } + fi + if [ ! -e $dst/$d/rootfs/$D/$f ] + then + mv $j $dst/$d/rootfs/$D/$f + elif [ ! -e $dst/$d/rootfs/$D/$f.rpmsave ] + then + mv $j $dst/$d/rootfs/$D/$f.rpmsave + else + error=1 + fi + done +done +if [ $error -gt 0 ] +then + echo "Cannot copy all files - check $src manually" >&2 +else + find -P $src -type d -delete +fi + diff --git a/config-ww4.sh b/config-ww4.sh new file mode 100644 index 0000000..87ad3c9 --- /dev/null +++ b/config-ww4.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# Configure warewulf with the primary network of the host +WW4CONF=/etc/warewulf/warewulf.conf + +# Get the mask from prefix +cdr2mask() +{ + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + +# Get the ip4 address of the netork +network_address() { + declare address prefix_length + IFS=/ read address prefix_length <<< "$1" + + declare -a octets + IFS=. read -a octets <<< "$address" + + declare mask + mask=$( printf "%08x" $(( (1 << 32) - (1 << (32 - prefix_length)) )) ) + + declare -i i + for i in {0..3}; do octets[$i]=$(( octets[i] & 16#${mask:2*i:2} )); done + + echo $( IFS=.; echo "${octets[*]}" ) +} +# Check if last Octed is in range +function is_ip_in_range() { + # split the ip addresses into their octets. + local ip_start_octets=($(echo $DYNSTART | tr "." " ")) + local ip_end_octets=($(echo $DYNEND | tr "." " ")) + local ip_address_octets=($(echo $1 | tr "." " ")) + + # compare the octets one at a time to see if the ip address is within the range. + if [[ ${ip_address_octets[3]} -lt ${ip_start_octets[3]} || ${ip_address_octets[3]} -gt ${ip_end_octets[3]} ]]; then + return 1 + fi + # if we reach this point, the ip address is in the range. + return 0 +} + +echo "-- WW4 CONFIGURAION $* --" + +# Make sure that a ip address was defined for out network so that +# we can configure dhcpd correctly +IP4CIDR=`ip addr | awk '/scope global/ {print $2;exit}'` +IP4=${IP4CIDR%/*} +IP4PREFIX=${IP4CIDR#*/} +IP4MASK=$(cdr2mask $IP4PREFIX) +IP4NET=$(network_address "$IP4/$IP4PREFIX") + +if [ "$IP4PREFIX" -gt 25 ] ; then + echo "ERROR: warewulf does at least a /25 network for dynamic addresses" + cat << EOF +ipaddr: $IP4 +netmask: $IP4MASK +network: $IP4NET + range start: $DYNSTART + range end: $DYNEND +EOF + exit 0 +fi + +DYNSIZE=20 +DYNSTART=${IP4#*.*.*.} +DYNSTART=$(( $DYNSTART + 2)) +DYNPRE=${IP4%.*} +DYNEND=$(( $DYNSTART + $DYNSIZE + 1 )) +if [ $DYNEND -gt 254 ] ; then + DYNEND=$(( $IPNET + 2 + $DYNSIZE )) + DYNSTART=$(( $IPNET + 2 )) +fi +DYNSTART="${DYNPRE}.${DYNSTART}" +DYNEND="${DYNPRE}.${DYNEND}" + +if is_ip_in_range $IP4 ; then + echo "ERROR: ip address is in range for dynamic address, please set this manually" + exit 0 +fi + + +if [ -e $WW4CONF ] ; then + test -n $IP4 && sed -i 's/^ipaddr:.*/ipaddr: '$IP4'/' $WW4CONF + test -n $IP4MASK && sed -i 's/^netmask:.*/netmask: '$IP4MASK'/' $WW4CONF + test -n $IP4NET && sed -i 's/^network:.*/network: '$IP4NET'/' $WW4CONF + test -n $DYNSTART && sed -i 's/^ range start:.*/ range start: '$DYNSTART'/' $WW4CONF + test -n $DYNEND && sed -i 's/^ range end:.*/ range end: '$DYNEND'/' $WW4CONF + cat << EOF +ipaddr: $IP4 +netmask: $IP4MASK +network: $IP4NET + range start: $DYNSTART + range end: $DYNEND +EOF +fi + diff --git a/vendor.tar.xz b/vendor.tar.xz new file mode 100644 index 0000000..9618996 --- /dev/null +++ b/vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb9dcd150f40c388fbea0f33691c33da61f2daeddeecfcb61820340af18d373e +size 6156844 diff --git a/warewulf-4.6.2.obscpio b/warewulf-4.6.2.obscpio new file mode 100644 index 0000000..6169881 --- /dev/null +++ b/warewulf-4.6.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64cfc3c2cfa8c1ef352915726fa55fee85b58f48e583b2acf123d2a09128ee5f +size 4636684 diff --git a/warewulf.obsinfo b/warewulf.obsinfo new file mode 100644 index 0000000..39753f7 --- /dev/null +++ b/warewulf.obsinfo @@ -0,0 +1,4 @@ +name: warewulf +version: 4.6.2 +mtime: 1752075635 +commit: 0cb9354364433a67b610278632cf46e3388f7045 diff --git a/warewulf4-rpmlintrc b/warewulf4-rpmlintrc new file mode 100644 index 0000000..e240abf --- /dev/null +++ b/warewulf4-rpmlintrc @@ -0,0 +1,20 @@ +# ignore hidden files and executable bits in overlay +# directories, as this files are meant to be run on +# compute nodes +addFilter("hidden-file-or-dir /var/lib/warewulf/overlays/,*") +addFilter("non-executable-script /var/lib/warewulf/overlays/.*") +# wwclient is called on a compute node *before* systemd in +# order to provision the system, so it *must* be statically linked +addFilter("statically-linked-binary .*/wwclient") +addFilter("shared-lib-without-dependency-information .*/wwclient") +# go binaries are hard to strip +addFilter("unstripped-binary-or-object.*") +# Intentional - symlinks will be copied to the client +addFilter("dangling-symlink .*/warewulf/overlays") +# LOL. Not every changelog entry marks a version update. +addFilter("no-version-in-last-changelog") +# C'on, really? We have to build for multiple target version with different rpmlint settings. +addFilter("unused-rpmlintrc-filter") +# ignore the binary in /usr/share as this binary will to the nodes and not run on +# the host where the rpm is installed. +# addFilter("arch-dependent-file-in-usr-share") diff --git a/warewulf4.changes b/warewulf4.changes new file mode 100644 index 0000000..68dffc6 --- /dev/null +++ b/warewulf4.changes @@ -0,0 +1,473 @@ + +------------------------------------------------------------------- +Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com + +- update to 4.6.2 which contains the (preview) support for + provisioning to local disk +- incoperated from 4.6.1 + * rest api which is disabled in the default configuration +- removed following files as fixed upstream: + * fixup-pdf-build.patch + * security-fixes.patch + * udev-regression.patch +- marked slurm as recommeneded in the warewulf4-overlay-slurm + package bsc#124608 +------------------------------------------------------------------- +Fri Mar 28 09:59:27 UTC 2025 - Christian Goll + +- SUSEConnect is now correctly mounted into the images + +------------------------------------------------------------------- +Wed Mar 26 12:43:35 UTC 2025 - Egbert Eich + +- Fix typo in %post script. + +------------------------------------------------------------------- +Wed Mar 19 13:04:30 UTC 2025 - Christian Goll + +- added security-fixes.patch which fixes + * CVE-2025-22869 bsc#1239322 + * CVE-2025-22870 bsc#1238611 +- added udev-regression.patch to take care of bsc#1226654 +- renamed package warewulf-reference to warewulf-reference-doc + for better package description + +------------------------------------------------------------------- +Mon Mar 03 09:21:05 UTC 2025 - cgoll@suse.com + +- updated to 4.6.0 which is without any functional changes to 4.6.0rc3 +- removed WWWORKER-overwrites-runtime.NumCPU.patch as upstream +- added fixup-pdf-build.patch to build pdf which is published now + in the warewul4-reference package + +------------------------------------------------------------------- +Wed Feb 26 16:26:11 UTC 2025 - Christian Goll + +- added WWWORKER-overwrites-runtime.NumCPU.patch for reproducible + builds + +------------------------------------------------------------------- +Tue Feb 25 14:13:23 UTC 2025 - Christian Goll + +- Update to version 4.6.0rc3 what is a major upgrade with following + highlights: + * renamed container to images + * "sprig" functions in overlays + * support for yaml and json formatted output + * completely re-designed kernel selection support + * nested profiles + * arbitrary node and profile data in new "resources" structure + * moved NFS mount options to resources / fstab overlay + * split overlays by function + * split overlays, site vs distribution + * replaced defaults.conf with settings on default profile + * improved tabular output + * parallel overlay build + * improved networking functionality (static route, vlans, and bonds) + * kernel arguments as a list + * non-zero exit codes on wwctl errors + * fixed argument parsing for wwctl image exec + * Defined menu for ipxe boot + * Re-order SSH key types to make ed25519 default. +- The configuation files nodes.conf and warewulf.conf will be updated + on upgrade and the unmodified configuration files will be saved + as nodes.conf.4.5.x and warewulf.conf.4.5.x + +------------------------------------------------------------------- +Fri Feb 21 08:17:53 UTC 2025 - Egbert Eich + +- Provide an overlay package for the cluster-wide configuration + of an RKE2 cluster. This allows to share the connection token + across all node and sthe first server endpoint across all agents. + +------------------------------------------------------------------- +Tue Oct 22 06:53:46 UTC 2024 - Christian Goll + +- removing build rules for sle12 and fixing logrotate name + +------------------------------------------------------------------- +Mon Oct 14 13:41:00 UTC 2024 - cgoll@suse.com + +- Update to version 4.5.8: +- Warewulf v4.5.8 simplifies the `wwinit` boot process for SELinux + and configures tmpfs to spread the node image across all + available NUMA nodes. It also improves the detection of kernels + in the container image to more reliably detect the newest + available kernel and to avoid debug / rescue kernels. +- Warewulf v4.5.7 fixes the ability to override overlay files + configured in profiles with overlays configured per-node; fixes + a template processing bug bug in development-time overlay + rendering; and improves the preview dracut-based boot process to + better support a "secure" boot process. +- removed added-cow-option-to-bind.patch as now in upstream + +------------------------------------------------------------------- +Thu Aug 22 12:56:41 UTC 2024 - Christian Goll + +- added option which allows to copy in file on wwctl container exec + and keep them, if they were modified +- added added-cow-option-to-bind.patch + + +------------------------------------------------------------------- +Fri Aug 09 12:39:33 UTC 2024 - cgoll@suse.com + +- Update to version 4.5.6 with following changes: + * Show more information during `wwctl container ` + about when and if the container image will be rebuilt. + * Command-line completion for `wwctl overlay `. + * Display an error during boot if no container is defined. + * `wwctl container list --kernel` shows the kernel detected for + each container. + * `wwctl container list --size` shows the uncompressed size of + each container. `--compressed` shows the compressed size, and + `--chroot` shows the size of the container source on the server. + * Add a logrotate config for `warewulfd.log`. +- removed following patches as accepted upstream: + * empty-container.patch + * enhanced-cont-list.patch + * fix-overlay-built.patch + * issue-motd.patch + * oci-vars.patch + * verbose-exec.patch + +------------------------------------------------------------------- +Tue Jul 9 12:06:49 UTC 2024 - Christian Goll + +- updated to 4.5.5 with following changes: + * mount `/sys` and `/run` on `wwctl container exec` to enabled + SUSEConnect (bsc#1227289) + * don't want on NIS style passwd line (bsc#1227250) + * wwctl import can have `passwd` and `user` argument (bsc#1227340) + * add net.ifnames=1 to default kernel parameters (bsc#1226654) + * be more verbose if container is rebuild (bsc#1227646) + * issue like message in motd (bsc#1227478) +- removed wwctl-configure-all-calls-SSH-keys.patch as included + upstream +- added following not yet accepted upstream patches: + * empty-container.patch + * enhanced-cont-list.patch + * fix-overlay-built.patch + * oci-vars.patch + * issue-motd.patch + * verbose-exec.patch + +------------------------------------------------------------------- +Mon May 27 17:21:53 UTC 2024 - Christian Goll + +- added wwctl-configure-all-calls-SSH-keys.patch to fix + (bsc#1225402) + +------------------------------------------------------------------- +Tue May 14 09:01:13 UTC 2024 - Christian Goll + +- update to 4.5.2 with followin changes: + * Reorder dnsmasq config to put iPXE last + * Update a dependency to fix CVE-2024-3727 (bsc#1224124) + +------------------------------------------------------------------- +Mon May 13 07:59:50 UTC 2024 - Christian Goll + +- updated to version 4.5.1 with following changes + * wwctl [profile|node] list -a handles now slices correclty + * Fix a locking issue with concurrent read/writes for node status +- removed fixed-ShimFind-for-aarch64.patch as incoperated upstreams +- Remove API package as use of this wasn't documented + +------------------------------------------------------------------- +Fri Apr 5 09:09:41 UTC 2024 - Christian Goll + +- use tftp.socket for activation not service (bsc#1216994) + +------------------------------------------------------------------- +Tue Mar 26 16:35:18 UTC 2024 - Egbert Eich + +- %ghost /etc/profile.d/setup-ssh.[c]sh + +------------------------------------------------------------------- +Mon Mar 25 11:34:23 UTC 2024 - Christian Goll + +- updated to 4.5.0 which has no functional changes to rc2 +- added fixed-ShimFind-for-aarch64.patch to fix (bsc#1221133) + +------------------------------------------------------------------- +Fri Mar 22 20:23:04 UTC 2024 - Egbert Eich + +- Allow to install dnsmasq as an alternative to dhcp-server. +- Set minimum UID value for user UIDs to 1000 (boo#1221886). +- Make dependencies warewulf package version dependent. This + helps to keep the resolver to mix different packages from + different versions. +- On upgrade from older versions move files from + `/usr/share/warewulf/overlays/` to + `/var/lib/warewulf/overlays/*/rootfs/` + * Added: adjust_overlays.sh. + +------------------------------------------------------------------- +Thu Feb 22 09:31:15 UTC 2024 - Christian Goll + +- updated to 4.5.0rc2. This fixes: + * `wwctl node list` panics if a node uses a profile with a + network which isn't present on this node (bsc#1220189). + +------------------------------------------------------------------- +Mon Feb 19 15:45:20 UTC 2024 - Christian Goll + +- updated to 4.5.0rc1 from upstream with following change: + * all overlays reside now under a `rootfs` diretory e.g. + the host overlays reside now under + `/var/lib/warewulf/host/rootfs` + This has the advantage that the `rootfs` can be under a version + control, without the effect that the meta files e.g. `.git` will + show up in the rendered overlays. +- removed patches: + * clean-warewulf-conf.patch + * dnsmasq-template-move.patch + * removed vendor.tar.gz + + +------------------------------------------------------------------- +Mon Feb 19 11:43:45 UTC 2024 - Egbert Eich + +- Move example templates for client overlays to example-templates/ + in the package documentation. + +------------------------------------------------------------------- +Wed Feb 7 08:55:00 UTC 2024 - Egbert Eich + +- Rename: warewulf4-doc -> warewulf4-man. +- Rename: warewulf4-slurm -> warewulf4-overlay-slurm +- Set warewulf4-man and warewulf4-overlay-slurm to noarch. +- Use bash for config-warewulf.sh +- Improved rpmlint filters. + +------------------------------------------------------------------- +Wed Jan 24 14:31:17 UTC 2024 - Christian Goll + +- make only overlay dir beeing config files + +------------------------------------------------------------------- +Fri Jan 19 13:45:18 UTC 2024 - Christian Goll + +- moved to git archive hash as source in order to be reproducible +- added vendor.tar.gz as git hash source doesn't have vendoring +- removed grub-boot.patch as incorporated upstreams + +------------------------------------------------------------------- +Wed Jan 17 11:16:59 UTC 2024 - Christian Goll + +- added documentation for replacing dhcpd and tftp with dnsmasq + as README.dnsmasq (jira#HPC-65) +- added following patches: + * clean-warewulf-conf.patch + * dnsmasq-template-move.patch + +------------------------------------------------------------------- +Thu Dec 21 14:48:08 UTC 2023 - Christian Goll + +- updated to v4.5.0rc0 pre release with following new features: + * disks, partitions and file systems can set in the configration + and if ignition is present in the container, changes to the disks will be + made + * grub can be used as alternative boot method instead of iPXE. The + grub binairy is extracted from the container and shim is executed before + the grub. This enables secure boot + * wwctl has now the genconfig subcommand which will print/create + valid configurations + * all paths e.g the overlay dir, can now be configured in warewulf.conf +- notable bug fixes are: + * Fixed a bug where profile tags were erroneously overridden by empty node + values. + * Fixed bug where tags from profiles weren't rendered +- added grub-boot.patch which includes the not merged grub support +- removed make-ipxe-binary-source-configureable.patch + CreateMt-Targets.patch, + Fix-for-CVE-2022-41723.patch as incoperated upstream + + +------------------------------------------------------------------- +Thu Oct 12 07:43:32 UTC 2023 - Christian Goll + +- check if automatic configured ip range doesn'y contain ip address + of ww4 host (bsc#1215583) + + +------------------------------------------------------------------- +Thu Sep 21 09:23:31 UTC 2023 - Christian Goll + +- removed the upstream ipxe binaries + +------------------------------------------------------------------- +Thu Feb 16 10:54:19 UTC 2023 - Christian Goll + +- added Fix-for-CVE-2022-41723.patch in order to fix CVE-2022-41723 + (bsc#1208301) + Note: an updated vendor.tar.gz is also required +- use the static dhpd configuration, which means known nodes will not + only be static configured, but also get their configured ip address + via dhcp + +------------------------------------------------------------------- +Tue Feb 7 15:34:13 UTC 2023 - Christian Goll + +- added CreateMt-Targets.patch + which moonts in resolv.conf and files for SCC registration +- added config-ww4.sh which is used for initial configuration for + simple network setups + +------------------------------------------------------------------- +Tue Jan 31 18:24:50 UTC 2023 - Egbert Eich + +- Add %sysusers_requires macro to account for missing dependencies + (boo#1207802). + +------------------------------------------------------------------- +Tue Jan 24 11:17:32 UTC 2023 - Christian Goll + +- added make-ipxe-binary-source-configureable.patch +- use distro ipxe binaries instead of binaries blobs from the + warewulf github repo + +------------------------------------------------------------------- +Thu Jan 19 11:13:58 UTC 2023 - Christian Goll + +- Update to 4.4.0 with following changes: + * chroots and overlays moved from /var/lib to /usr/share + * all boolean options need now to have the form --option=true|false + e.g. wwctl node set node01 --discoverable=true + * wwctl show --render shows overlay templates as they would be + rendered on a given target node + +------------------------------------------------------------------- +Thu Jan 5 16:08:19 UTC 2023 - Christian Goll + +- updated to version v4.4.0 with following changes: + * Changed internal interacation between the on disk YAML format and the in memory + format. This enables the command line options to be autogenerated from the datastructures. + Also this keeps the options for profiles and node set/add commands in strict sync. + * Added node edit/export/import where the edit command exposes the YAML config for the + given nodes in an editor. Nodes can also be added with this command. The export command + simply drops the YAML config for the given nodes. With the import command nodes can be + imported as YAML or as a CSV file. The CSV file must havr a header in where the first field + must always be the nodename, the rest of the fields are the same as the long commandline + options. Network device must have the form net.$NETNAME.$NETOPTION, which would e.g. be + net.default.ipaddr + * The default value (like kernel args) are no read in from the configuration file + defaults.conf. If this file couldn't be read built in default values will be used. + * Template files for NetworkManager are now present in the wwinit overlay. A interface must + have the type ethernet or infiniband that these will be brought up by NetworkManager + * Listings of container via wwctl container list will now show the creation,modification + date and the size. + * Initial cut of the warewulf API. + +------------------------------------------------------------------- +Tue Jun 21 14:44:06 UTC 2022 - Christian Goll + +- fixed symlink dhcpd.conf collision + +------------------------------------------------------------------- +Mon Jun 20 12:57:09 UTC 2022 - Christian Goll + +- updated to 4.3.0 + * fixed bug which for single node profile set + +------------------------------------------------------------------- +Fri Jun 10 08:43:39 UTC 2022 - Christian Goll + +- update to 4.3.0rc6 what should the final release candidate + * using compressed images again, as PXE else would fail + +------------------------------------------------------------------- +Thu Apr 14 13:18:23 UTC 2022 - Christian Goll + +- update to v4.3.0rc2 with following major changes: + * Provision interface is not tied to 'eth0' any more. The provision interface + must be named 'default' now. The file `nodes.yaml' must be changed accordingly. + * Creating of '/etc/exports' can now be disabled, so that wwctl configure -a + wont overwrite a existing '/etc/exports'. + * All configurations files for the host (/etc/exports, /etc/dhcpd.conf, + /etc/hosts) are now populated from the + (OVERLAYDIR/host/etc/{exports|dhcpd|hosts}.ww . Also other configuration + files like prometheus.yml.ww or slurm.conf.ww which depend on the cluster + nodes can be placed. Also the new templated functions {{ abort }}, + {{ IncludeBlock }} abd {{ no_backup }} are allowed now. + * nodes and profiles can now have multiple system and runtime overlays, as a + comma separated list. + * The overlays of the profile and the nodes are combined. + * Simple ipv6 support is now enabled. In warewulf.conf the option + ipaddr6/Ipv6net must be set to enable ipv6. If enabled on of these options + is set a node will get a derived ipv6 in the scheme ipv6net:ipaddr4. This + address can also be overwritten for every node + * Multiple files can now created from a single template.ww file with the {{ file FILENAME }} + command in the template. The command is expanded to the magic template command + {{ /* file FILENAME */}} which is picked up by wwctl and everything which comes after this + magic comment will be written to the file FILENAME. This mechanism is leveraged in the + configuration files for the network, see ifcfg.xml.ww and ifcgf.ww. + * Networks can now have arbitrary keys value pairs in the profiles and on the node, so that + things like bridges and mtu sizes can be set + * The yaml format for nodes has now sub-keys for ipmi and kernel, old nodes.conf files have to + to be changed accordingly + * uids and gids of a container now get synced at import time, so that at least users with the + same name have the same uid. This is not necessarily needed for warewulf, but services like + munge. + * backward compatibility for nodes.conf + * added file:// uri for importing archived containers +- removed LocalStateDir-is-configureable-to-meet-FHS.patch as implemented upstream + +------------------------------------------------------------------- +Thu Oct 28 07:00:53 UTC 2021 - Christian Goll + +- updated to findal release 4.2.0 with following bugs fix + * kernel modules are imported with the right path + +------------------------------------------------------------------- +Thu Oct 14 12:44:57 UTC 2021 - Christian Goll + +- fixed permissions in overlays + +------------------------------------------------------------------- +Mon Oct 4 09:33:34 UTC 2021 - Christian Goll + +- updated to warewulf-v4.2.0rc1 with following new features: + * bash_completion can add nodes, container and other stuff + * kernels can now have arbitray names + * using syslog instead of logfile + * kernels get uncompresses on import +- Utilize sysuser infrastructure to set user/group warewulf + + +------------------------------------------------------------------- +Tue Aug 31 14:44:51 UTC 2021 - Christian Goll + +- updating to actual HEAD on github, as this version incorporates + some of the patches +- removed patches which are now in upstream: + * bash_completion.patch + * build-position-independent-code.patch + * install-creates-needed-dirs-and-checks-for-systemd.patch + * added-wicked-xml-configuration.patch + * added-configureable-ipmiinterface-used-by-ipmitool.patch + * preserve-ownership-for-overlays.patch +- added patch: + * added-function-CopyUIDGID-for-file-file-ownerships.patch + +------------------------------------------------------------------- +Tue Aug 10 09:13:00 UTC 2021 - Christian Goll + +- updated to warewulf-v4.1.0 prerelease instead of HEAD + +------------------------------------------------------------------- +Wed Jul 21 15:40:15 UTC 2021 - Christian Goll + +- inital commit of warewulf4 which is a rewrite of warewulf in + go thus the new name + * including vector.tar.gz which are the deps + * warewulf.conf is the SUSE specific configuration file +- patches with new functionality, might be included upstream + * bash_completion.patch + * build-position-independent-code.patch + * install-creates-needed-dirs-and-checks-for-systemd.patch + * LocalStateDir-is-configureable-to-meet-FHS.patch + * added-wicked-xml-configuration.patch + * added-configureable-ipmiinterface-used-by-ipmitool.patch + * preserve-ownership-for-overlays.patch diff --git a/warewulf4.spec b/warewulf4.spec new file mode 100644 index 0000000..ffe0010 --- /dev/null +++ b/warewulf4.spec @@ -0,0 +1,338 @@ +# +# spec file for package warewulf4 +# +# Copyright (c) 2025 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global tftpdir /srv/tftpboot +%global srvdir %{_sharedstatedir} +#%%global githash fd49254ac592d325056aa58a564933a008539607 +%if 0%{?githash} +%define srcdir warewulf-%{githash} +%else +%define srcdir warewulf-%{version} +%endif + +ExclusiveArch: x86_64 aarch64 + +Name: warewulf4 +Version: 4.6.2 +Release: 0 +Summary: A suite of tools for clustering +License: BSD-3-Clause +Group: Productivity/Clustering/Computing +URL: https://warewulf.org +Source0: warewulf-%{version}.tar +Source1: vendor.tar.xz +Source5: warewulf4-rpmlintrc +Source10: config-ww4.sh +Source11: adjust_overlays.sh +Source20: README.dnsmasq +Source21: README.RKE2.md + +BuildRequires: %{python_module Sphinx-latex} +BuildRequires: distribution-release +BuildRequires: dracut +BuildRequires: firewalld +BuildRequires: go >= 1.23 +BuildRequires: golang-packaging +BuildRequires: graphviz +BuildRequires: iproute2 +BuildRequires: libgpg-error-devel +BuildRequires: logrotate +BuildRequires: make +BuildRequires: munge +BuildRequires: sysuser-tools +BuildRequires: tftp +BuildRequires: yq +BuildRequires: pkgconfig(gpgme) +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%sysusers_requires +Requires: %{name}-overlay = %{version} +Requires: firewalld +Requires: iproute2 +Requires: ipxe-bootimgs +Requires: logrotate +Requires: pigz +Requires: tftp +Requires: ( dhcp-server or dnsmasq ) +Suggests: dhcp-server +Recommends: bash-completion +Recommends: ipmitool +Recommends: nfs-kernel-server + +%{?go_nostrip} + +%description +Warewulf v4 combines ultra scalability, flexibility, and simplicity with being +light weight, non-intrusive, and a great tool for scientists and seasoned +system administrators alike. Warewulf empowers you to scalably and easily +manage thousands of compute resources. + +%package overlay +# Smells like a circular dependcy, but needed in this case as the +# files belong to the warewulf user +Requires(pre): %{name} = %version +Summary: Default overlay for warewulf +Group: Productivity/Clustering/Computing + +%description overlay +Includes the default overlays so that they can be updated seprately. + +%package man +Supplements: %{name} = %version +Summary: Warewulf4 Man Pages +BuildArch: noarch + +%description man +Man pages for warewulf4. + +%package reference-doc +Supplements: %{name} = %version +Summary: Warewulf4 Reference book +BuildArch: noarch + +%description reference-doc +Reference documentation for warewulf4. + +%package overlay-slurm +Summary: Configuration template for slurm +Requires: %{name} = %{version} +Recommends: slurm +BuildArch: noarch +Obsoletes: warewulf4-slurm <= 4.4.0 +Provides: warewulf4-slurm = %version + +%description overlay-slurm +This package installs the necessary configuration files in order to run a slurm +cluster on the configured warewulf nodes. + +%package overlay-rke2 +Summary: Configuration template for RKE2 +Requires: %{name} = %{version} +Requires: slurm +BuildArch: noarch + +%description overlay-rke2 +This package provides a template that is used to share a connection token +and server endpoint information across an RKE2 cluster. + +%package dracut +Summary: Dracut module for loading a Warewulf container image +BuildArch: noarch + +Requires: dracut + +%description dracut +This subpackage contains a dracut module that can be used to generate +an initramfs that can fetch and boot a Warewulf container image from a +Warewulf server. + +%prep +%autosetup -a1 -p1 -n %{srcdir} +echo %{version} > VERSION + +%build +export OFFLINE_BUILD=1 +export IPXESOURCE=%{_datadir}/ipxe +export GOFLAGS="-buildmode=pie" +make defaults \ + PREFIX=%{_prefix} \ + BINDIR=%{_bindir} \ + SYSCONFDIR=%{_sysconfdir} \ + DATADIR=%{_datadir} \ + LOCALSTATEDIR=%{_sharedstatedir} \ + SHAREDSTATEDIR=%{_sharedstatedir} \ + MANDIR=%{_mandir} \ + INFODIR=%{_infodir} \ + DOCDIR=%{_docdir} \ + SRVDIR=%{srvdir} \ + TFTPDIR=%{tftpdir} \ + SYSTEMDDIR=%{_unitdir} \ + BASHCOMPDIR=/etc/bash_completion.d/ \ + FIREWALLDDIR=/usr/lib/firewalld/services \ + WWCLIENTDIR=/warewulf \ + %{nil} +make %{?_smp_mflags} build +make %{?_smp_mflags} latexpdf + +%install +# we have a broken symlink for wwclient +export NO_BRP_STALE_LINK_ERROR=yes +export IPXESOURCE=%{_datadir}/ipxe +# overlays will end up here +export OFFLINE_BUILD=1 +export LOCALSTATEDIR=%{_localstatedir}/lib +%{makeinstall} + +# cleanup +mkdir -p %{buildroot}%{_sbindir}/ +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcwarewulfd + +mkdir -p %{buildroot}%{_datadir}/bash-completion/completions +mv -v %{buildroot}%{_sysconfdir}/bash_completion.d/wwctl \ + %{buildroot}%{_datadir}/bash-completion/completions/wwctl +# copy the LICESNSE.md via %%doc +rm -f %{buildroot}/usr/share/doc/packages/warewulf/LICENSE.md +cp %{S:20} %{S:21} . + +# use ipxe-bootimgs images from distribution +yq e ' + .tftp.["systemd name"] = "tftp.socket" | + .tftp.ipxe."00:00" = "undionly.kpxe" | + .tftp.ipxe."00:07" = "ipxe-x86_64.efi" | + .tftp.ipxe."00:09" = "ipxe-x86_64.efi" | + .tftp.ipxe."00:0B" = "snp-arm64.efi" | + .["image mounts"] += {"source": "/etc/SUSEConnect", "dest": "/etc/SUSEConnect", "readonly": true} | + .["image mounts"] += {"source": "/etc/zypp/credentials.d/SCCcredentials", "dest": "/etc/zypp/credentials.d/SCCcredentials", "readonly": true}' \ + -i %{buildroot}%{_sysconfdir}/warewulf/warewulf.conf +# SUSE starts user UIDs at 1000 +#sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww +# fix dhcp for SUSE +mv %{buildroot}%{_prefix}/share/warewulf/overlays %{buildroot}%{_localstatedir}/lib/warewulf/ +mv %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww +rmdir %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp + +# create systemuser +echo "u warewulf -" > system-user-%{name}.conf +echo "g warewulf -" >> system-user-%{name}.conf +%sysusers_generate_pre system-user-%{name}.conf %{name} system-user-%{name}.conf +install -D -m 644 system-user-%{name}.conf %{buildroot}%{_sysusersdir}/system-user-%{name}.conf +install -D -m 755 %{S:10} %{buildroot}%{_datadir}/warewulf/scripts/config-warewulf.sh +install -D -m 755 %{S:11} %{buildroot}%{_datadir}/warewulf/scripts/%{basename:S:11} + +# get the slurm package ready +mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm +mv %{buildroot}%{_sysconfdir}/warewulf/examples/slurm.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm +mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge +cat > %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww < %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww < %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww < Date: Thu, 10 Jul 2025 15:10:03 +0000 Subject: [PATCH 2/6] Accepting request 1291731 from home:mslacken:pr updated changelog OBS-URL: https://build.opensuse.org/request/show/1291731 OBS-URL: https://build.opensuse.org/package/show/network:cluster/warewulf4?expand=0&rev=116 --- warewulf4.changes | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/warewulf4.changes b/warewulf4.changes index 68dffc6..4cf226c 100644 --- a/warewulf4.changes +++ b/warewulf4.changes @@ -1,7 +1,5 @@ - ------------------------------------------------------------------- Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com - - update to 4.6.2 which contains the (preview) support for provisioning to local disk - incoperated from 4.6.1 @@ -12,6 +10,7 @@ Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com * udev-regression.patch - marked slurm as recommeneded in the warewulf4-overlay-slurm package bsc#124608 + ------------------------------------------------------------------- Fri Mar 28 09:59:27 UTC 2025 - Christian Goll -- 2.51.1 From 0d3fa924cc85b3366279235ac953b67ab38575524817ff3103f78f6d824ca08b Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Fri, 18 Jul 2025 12:49:50 +0000 Subject: [PATCH 3/6] date line OBS-URL: https://build.opensuse.org/package/show/network:cluster/warewulf4?expand=0&rev=117 --- warewulf4.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/warewulf4.changes b/warewulf4.changes index 4cf226c..e85c6a7 100644 --- a/warewulf4.changes +++ b/warewulf4.changes @@ -1,5 +1,6 @@ ------------------------------------------------------------------- Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com + - update to 4.6.2 which contains the (preview) support for provisioning to local disk - incoperated from 4.6.1 -- 2.51.1 From 0e14384bf6eef6e0d411dc2cff8772fcb5c4d19c925529db32e4d571787dc83f Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Mon, 8 Sep 2025 14:27:19 +0000 Subject: [PATCH 4/6] - Update to version 4.6.4: * v4.6.4 release updates * Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768) * Update NetworkManager Overlay * Disable ipv4 in NetworkManager if no address or route is specified * fix(wwctl): Create overlay edit tempfile in tmpdir * Add default for systemd name for warewulf in warewulf.conf * Atomic overlay file application in wwclient * Simpler names for overlay methods * Fix warewulfd api behavior when deleting distribution overlay - renamed siwtched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch to switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch - added fix-CVE-2025-58058.patch (bsc#1248906) - Update to version 4.6.3: * v4.6.3 release * IPv6 iPXE support * Fix a syntax error in the RPM specfile * Fix a race condition in wwctl overlay edit * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays * Move reexec.Init() to beginning of wwctl * Add documentation for using tmpfs to distribute across numa nodes * added warewuld configure option * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465) * Address copilot review from #1945 * Refactor wwapi tests for proper isolation * Bugfix: cloning a site overlay when parent dir does not exist * Clone to a site overlay when adding files in wwapi * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile OBS-URL: https://build.opensuse.org/package/show/network:cluster/warewulf4?expand=0&rev=119 --- _service | 2 +- fix-CVE-2025-58058.patch | 56 ++++++++++ ...asq-as-default-dhcp-and-tftp-service.patch | 102 +++++++++++++++++ vendor.tar.xz | 4 +- warewulf-4.6.2.obscpio | 3 - warewulf-4.6.4.obscpio | 3 + warewulf.obsinfo | 6 +- warewulf4-rpmlintrc | 6 +- warewulf4.changes | 59 +++++++++- warewulf4.spec | 103 +++++++++--------- 10 files changed, 278 insertions(+), 66 deletions(-) create mode 100644 fix-CVE-2025-58058.patch create mode 100644 switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch delete mode 100644 warewulf-4.6.2.obscpio create mode 100644 warewulf-4.6.4.obscpio diff --git a/_service b/_service index 21621dc..b28c4b0 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/warewulf/warewulf.git git - v4.6.2 + v4.6.4 @PARENT_TAG@ v(.*) enable diff --git a/fix-CVE-2025-58058.patch b/fix-CVE-2025-58058.patch new file mode 100644 index 0000000..17ff5c8 --- /dev/null +++ b/fix-CVE-2025-58058.patch @@ -0,0 +1,56 @@ +From 8e6c115089c0cbea4347ed252aba7cfe575c9456 Mon Sep 17 00:00:00 2001 +From: Christian Goll +Date: Mon, 8 Sep 2025 15:33:28 +0200 +Subject: [PATCH] fix CVE-2025-58058 + +--- + CHANGELOG.md | 3 +++ + go.mod | 2 +- + go.sum | 4 ++-- + 3 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/CHANGELOG.md b/CHANGELOG.md +index 26c5994c..41fd92bf 100644 +--- a/CHANGELOG.md ++++ b/CHANGELOG.md +@@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + + ## v4.6.5, unreleased + ++### Fixed ++- updated github.com/ulikunitz/xz to 0.5.14 whiche fixes CVE-2025-58058 ++ + ## v4.6.4, 2025-09-05 + + ### Added +diff --git a/go.mod b/go.mod +index bdd4ef25..55b9642a 100644 +--- a/go.mod ++++ b/go.mod +@@ -135,7 +135,7 @@ require ( + github.com/swaggest/jsonschema-go v0.3.73 // indirect + github.com/swaggest/refl v1.3.0 // indirect + github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect +- github.com/ulikunitz/xz v0.5.12 // indirect ++ github.com/ulikunitz/xz v0.5.14 // indirect + github.com/urfave/cli v1.22.16 // indirect + github.com/vbatts/go-mtree v0.5.0 // indirect + github.com/vbatts/tar-split v0.11.7 // indirect +diff --git a/go.sum b/go.sum +index c5a19894..878b35c5 100644 +--- a/go.sum ++++ b/go.sum +@@ -399,8 +399,8 @@ github.com/tj/assert v0.0.3/go.mod h1:Ne6X72Q+TB1AteidzQncjw9PabbMp4PBMZ1k+vd1Pv + github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= + github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= + github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= +-github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +-github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= ++github.com/ulikunitz/xz v0.5.14 h1:uv/0Bq533iFdnMHZdRBTOlaNMdb1+ZxXIlHDZHIHcvg= ++github.com/ulikunitz/xz v0.5.14/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= + github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= + github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= + github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= +-- +2.51.0 + diff --git a/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch b/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch new file mode 100644 index 0000000..9b4a867 --- /dev/null +++ b/switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch @@ -0,0 +1,102 @@ +From 9e39845bda60e006936c8b6e34a02325d31448b3 Mon Sep 17 00:00:00 2001 +From: Christian Goll +Date: Fri, 18 Jul 2025 16:29:37 +0200 +Subject: [PATCH] switched to dnsmasq as default dhcp and tftp service + +--- + CHANGELOG.md | 1 + + etc/warewulf.conf | 4 ++-- + userdocs/server/dnsmasq.rst | 33 ++------------------------------- + warewulf.spec.in | 2 +- + 4 files changed, 6 insertions(+), 34 deletions(-) + +diff --git a/CHANGELOG.md b/CHANGELOG.md +index 26c5994c..0c6378e9 100644 +--- a/CHANGELOG.md ++++ b/CHANGELOG.md +@@ -61,6 +61,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + - Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays. #1950 + - Fixed a race condition in `wwctl overlay edit`. #1947 + - Fixed a syntax error in the RPM specfile. ++- switched to dnsmasq as default tftp and dhcp service + + ## v4.6.2, 2025-07-09 + +diff --git a/etc/warewulf.conf b/etc/warewulf.conf +index 33cec64c..6e68047c 100644 +--- a/etc/warewulf.conf ++++ b/etc/warewulf.conf +@@ -10,11 +10,11 @@ dhcp: + enabled: true + range start: 10.0.1.1 + range end: 10.0.1.255 +- systemd name: dhcpd ++ systemd name: dnsmasq + template: default + tftp: + enabled: true +- systemd name: tftp ++ systemd name: dnsmasq + ipxe: + 00:09: ipxe-snponly-x86_64.efi + 00:00: undionly.kpxe +diff --git a/userdocs/server/dnsmasq.rst b/userdocs/server/dnsmasq.rst +index b182ee8d..ba6037a0 100644 +--- a/userdocs/server/dnsmasq.rst ++++ b/userdocs/server/dnsmasq.rst +@@ -2,37 +2,8 @@ + Using dnsmasq + ============= + +-As an experimental feature, it is possible to use ``dnsmasq`` instead of the ISC +-``dhcpd`` server and ``TFTP`` server. +- +-In order to keep the file ``/etc/dnsmasq.d/ww4-hosts.conf`` is created and must +-be included in the main ``dnsmasq.conf`` via the ``conf-dir=/etc/dnsmasq.d`` +-option. +- +-Installation +-============ +- +-Before the installation, make sure that ``dhcpd`` and ``tftp`` are disabled. +-You can do that with the commands: +- +-.. code-block:: shell +- +- systemctl disable --now dhcpd +- systemctl disable --now tftp +- +-Now you can install ``dnsmasq``. +- +-.. code-block:: shell +- +- # Rocky Linux +- dnf install dnsmasq +- +- # SUSE +- zypper install dnsmasq +- +-After the installation, instruct ``warewulf`` to use ``dnsmasq`` as its +-``dhcpd`` and ``tftp`` service. This is done in the server configuration file, +-typically at ``/etc/warewulf/warewulf.conf``: ++``dnsmasq`` is the default ``dhcpd`` and ``tftp`` service. This can be configured ++in the server configuration file, typically at ``/etc/warewulf/warewulf.conf``: + + .. code-block:: yaml + +diff --git a/warewulf.spec.in b/warewulf.spec.in +index f32585db..ae5f098c 100644 +--- a/warewulf.spec.in ++++ b/warewulf.spec.in +@@ -69,7 +69,7 @@ Requires: ipxe-bootimgs-aarch64 + Requires: dnsmasq + %else + %if 0%{?rhel} >= 8 || 0%{?suse_version} || 0%{?fedora} +-Requires: dhcp-server ++Requires: dnsmasq + %else + # rhel < 8 and others + Requires: dhcp +-- +2.51.0 + diff --git a/vendor.tar.xz b/vendor.tar.xz index 9618996..9116b80 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cb9dcd150f40c388fbea0f33691c33da61f2daeddeecfcb61820340af18d373e -size 6156844 +oid sha256:629cfae88716e34aa4e99e7b45ab770eee3a44e1bf83bd24ccfaecf8c2d270fd +size 6489812 diff --git a/warewulf-4.6.2.obscpio b/warewulf-4.6.2.obscpio deleted file mode 100644 index 6169881..0000000 --- a/warewulf-4.6.2.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:64cfc3c2cfa8c1ef352915726fa55fee85b58f48e583b2acf123d2a09128ee5f -size 4636684 diff --git a/warewulf-4.6.4.obscpio b/warewulf-4.6.4.obscpio new file mode 100644 index 0000000..ac877a6 --- /dev/null +++ b/warewulf-4.6.4.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b080ebcb0fcdeb3da9cb1e69a0053e7c0ffa0d1bd43d9e6bf8e58908bdda887e +size 4748300 diff --git a/warewulf.obsinfo b/warewulf.obsinfo index 39753f7..094a340 100644 --- a/warewulf.obsinfo +++ b/warewulf.obsinfo @@ -1,4 +1,4 @@ name: warewulf -version: 4.6.2 -mtime: 1752075635 -commit: 0cb9354364433a67b610278632cf46e3388f7045 +version: 4.6.4 +mtime: 1757112751 +commit: 4b9e2f0282ff82c31b20d65507dd02989210aaf2 diff --git a/warewulf4-rpmlintrc b/warewulf4-rpmlintrc index e240abf..9a15886 100644 --- a/warewulf4-rpmlintrc +++ b/warewulf4-rpmlintrc @@ -1,8 +1,8 @@ # ignore hidden files and executable bits in overlay # directories, as this files are meant to be run on # compute nodes -addFilter("hidden-file-or-dir /var/lib/warewulf/overlays/,*") -addFilter("non-executable-script /var/lib/warewulf/overlays/.*") +#addFilter("hidden-file-or-dir /var/lib/warewulf/overlays/,*") +#addFilter("non-executable-script /var/lib/warewulf/overlays/.*") # wwclient is called on a compute node *before* systemd in # order to provision the system, so it *must* be statically linked addFilter("statically-linked-binary .*/wwclient") @@ -17,4 +17,4 @@ addFilter("no-version-in-last-changelog") addFilter("unused-rpmlintrc-filter") # ignore the binary in /usr/share as this binary will to the nodes and not run on # the host where the rpm is installed. -# addFilter("arch-dependent-file-in-usr-share") +addFilter("arch-dependent-file-in-usr-share") diff --git a/warewulf4.changes b/warewulf4.changes index e85c6a7..051bb33 100644 --- a/warewulf4.changes +++ b/warewulf4.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Mon Sep 08 09:45:51 UTC 2025 - Christian Goll +- Update to version 4.6.4: + * v4.6.4 release updates + * Convert disk booleans from wwbool to *bool which allows bools in + disk to be set to false via command line (bsc#1248768) + * Update NetworkManager Overlay + * Disable ipv4 in NetworkManager if no address or route is specified + * fix(wwctl): Create overlay edit tempfile in tmpdir + * Add default for systemd name for warewulf in warewulf.conf + * Atomic overlay file application in wwclient + * Simpler names for overlay methods + * Fix warewulfd api behavior when deleting distribution overlay +- renamed siwtched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch + to switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch +- added fix-CVE-2025-58058.patch (bsc#1248906) + +------------------------------------------------------------------- +Mon Aug 04 07:55:28 UTC 2025 - Christian Goll + +- Update to version 4.6.3: + * v4.6.3 release + * IPv6 iPXE support + * Fix a syntax error in the RPM specfile + * Fix a race condition in wwctl overlay edit + * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays + * Move reexec.Init() to beginning of wwctl + * Add documentation for using tmpfs to distribute across numa nodes + * added warewuld configure option + * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465) + * Address copilot review from #1945 + * Refactor wwapi tests for proper isolation + * Bugfix: cloning a site overlay when parent dir does not exist + * Clone to a site overlay when adding files in wwapi + * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile + * Support for creating and updating overlay file in wwapi + * Only return overlay files that refer to a path within the overlay + * add overlay file deletion support + * DELETE /api/overlays/{id}?force=true can delete overlays in use + * Restore idempotency of PUT /api/nodes/{id} + * Simplify overlay mtime api and add tests + * add node overlay buildtime + * Improved netplan support + * Rebuild overlays for discovered nodes + * Restrict userdocs from building during pr when not modified + * Update to v4.6.2 GitHub release notes + +------------------------------------------------------------------- +Thu Jul 24 15:06:07 UTC 2025 - Christian Goll + +- moved project provided overlays to /usr/share/warewulf/overlays, + user created overlays go to /var/lib/warewulf/overlays +- added switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch + which switches to dnsmasq as default dhcp and tftp provider +- warewulf.conf will now be replaced, as old dhcpd config won't work + any more + ------------------------------------------------------------------- Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com @@ -10,7 +67,7 @@ Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com * security-fixes.patch * udev-regression.patch - marked slurm as recommeneded in the warewulf4-overlay-slurm - package bsc#124608 + package bsc#1246082 ------------------------------------------------------------------- Fri Mar 28 09:59:27 UTC 2025 - Christian Goll diff --git a/warewulf4.spec b/warewulf4.spec index ffe0010..9a9377c 100644 --- a/warewulf4.spec +++ b/warewulf4.spec @@ -16,6 +16,7 @@ # +%global ww4dir %{_localstatedir}/lib %global tftpdir /srv/tftpboot %global srvdir %{_sharedstatedir} #%%global githash fd49254ac592d325056aa58a564933a008539607 @@ -28,7 +29,7 @@ ExclusiveArch: x86_64 aarch64 Name: warewulf4 -Version: 4.6.2 +Version: 4.6.4 Release: 0 Summary: A suite of tools for clustering License: BSD-3-Clause @@ -41,6 +42,10 @@ Source10: config-ww4.sh Source11: adjust_overlays.sh Source20: README.dnsmasq Source21: README.RKE2.md +Patch0: switched-to-dnsmasq-as-default-dhcp-and-tftp-service.patch +Patch1: fix-CVE-2025-58058.patch +#Patch1: overlay.patch +#Patch2: upstream.patch BuildRequires: %{python_module Sphinx-latex} BuildRequires: distribution-release @@ -66,9 +71,9 @@ Requires: iproute2 Requires: ipxe-bootimgs Requires: logrotate Requires: pigz -Requires: tftp Requires: ( dhcp-server or dnsmasq ) -Suggests: dhcp-server +Requires: ( tftp or dnsmasq ) +Suggests: dnsmasq Recommends: bash-completion Recommends: ipmitool Recommends: nfs-kernel-server @@ -152,9 +157,9 @@ make defaults \ PREFIX=%{_prefix} \ BINDIR=%{_bindir} \ SYSCONFDIR=%{_sysconfdir} \ - DATADIR=%{_datadir} \ - LOCALSTATEDIR=%{_sharedstatedir} \ - SHAREDSTATEDIR=%{_sharedstatedir} \ + DATADIR=%{ww4dir} \ + LOCALSTATEDIR=%{_localstatedir}/lib \ + SHAREDSTATEDIR=%{_localstatedir}/lib \ MANDIR=%{_mandir} \ INFODIR=%{_infodir} \ DOCDIR=%{_docdir} \ @@ -164,6 +169,7 @@ make defaults \ BASHCOMPDIR=/etc/bash_completion.d/ \ FIREWALLDDIR=/usr/lib/firewalld/services \ WWCLIENTDIR=/warewulf \ + WWOVERLAYDIR=%{_sysconfdir}/warewulf/overlays/ \ %{nil} make %{?_smp_mflags} build make %{?_smp_mflags} latexpdf @@ -184,13 +190,12 @@ ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcwarewulfd mkdir -p %{buildroot}%{_datadir}/bash-completion/completions mv -v %{buildroot}%{_sysconfdir}/bash_completion.d/wwctl \ %{buildroot}%{_datadir}/bash-completion/completions/wwctl -# copy the LICESNSE.md via %%doc +# copy the LICENSE.md via %%doc rm -f %{buildroot}/usr/share/doc/packages/warewulf/LICENSE.md cp %{S:20} %{S:21} . # use ipxe-bootimgs images from distribution yq e ' - .tftp.["systemd name"] = "tftp.socket" | .tftp.ipxe."00:00" = "undionly.kpxe" | .tftp.ipxe."00:07" = "ipxe-x86_64.efi" | .tftp.ipxe."00:09" = "ipxe-x86_64.efi" | @@ -201,33 +206,32 @@ yq e ' # SUSE starts user UIDs at 1000 #sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww # fix dhcp for SUSE -mv %{buildroot}%{_prefix}/share/warewulf/overlays %{buildroot}%{_localstatedir}/lib/warewulf/ -mv %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww -rmdir %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp +mv %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww +rmdir %{buildroot}%{ww4dir}/warewulf/overlays/host/rootfs/etc/dhcp # create systemuser echo "u warewulf -" > system-user-%{name}.conf echo "g warewulf -" >> system-user-%{name}.conf %sysusers_generate_pre system-user-%{name}.conf %{name} system-user-%{name}.conf install -D -m 644 system-user-%{name}.conf %{buildroot}%{_sysusersdir}/system-user-%{name}.conf -install -D -m 755 %{S:10} %{buildroot}%{_datadir}/warewulf/scripts/config-warewulf.sh -install -D -m 755 %{S:11} %{buildroot}%{_datadir}/warewulf/scripts/%{basename:S:11} +install -D -m 755 %{S:10} %{buildroot}%{ww4dir}/warewulf/scripts/config-warewulf.sh +install -D -m 755 %{S:11} %{buildroot}%{ww4dir}/warewulf/scripts/adjust_overlays.sh # get the slurm package ready -mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm -mv %{buildroot}%{_sysconfdir}/warewulf/examples/slurm.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm -mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge -cat > %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww < %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/munge/munge.key.ww < %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww < %{buildroot}%{ww4dir}/warewulf/overlays/slurm/rootfs/etc/slurm/slurm.conf.ww < %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww < %{buildroot}%{ww4dir}/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww < Date: Mon, 8 Sep 2025 14:58:22 +0000 Subject: [PATCH 5/6] newline OBS-URL: https://build.opensuse.org/package/show/network:cluster/warewulf4?expand=0&rev=120 --- warewulf4.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/warewulf4.changes b/warewulf4.changes index 051bb33..6097752 100644 --- a/warewulf4.changes +++ b/warewulf4.changes @@ -1,5 +1,6 @@ ------------------------------------------------------------------- Mon Sep 08 09:45:51 UTC 2025 - Christian Goll + - Update to version 4.6.4: * v4.6.4 release updates * Convert disk booleans from wwbool to *bool which allows bools in -- 2.51.1 From 38233675a58d79ce4992873089ab5096c12f1064f7437c0379370f49e066884a Mon Sep 17 00:00:00 2001 From: Christian Goll Date: Mon, 29 Sep 2025 15:15:21 +0200 Subject: [PATCH 6/6] Revert "Import openSUSE:Leap:16.0 modifications" This reverts commit 3117857577536815122a8e318a78c8b8e03fc048d8da67cdd938b6e261b9a9de. --- _service | 2 +- fixup-pdf-build.patch | 95 ++++++++++++++++++++ security-fixes.patch | 197 +++++++++++++++++++++++++++++++++++++++++ udev-regression.patch | 53 +++++++++++ vendor.tar.xz | 4 +- warewulf-4.6.0.obscpio | 3 + warewulf-4.6.2.obscpio | 3 - warewulf.obsinfo | 6 +- warewulf4.changes | 14 --- warewulf4.spec | 16 ++-- 10 files changed, 363 insertions(+), 30 deletions(-) create mode 100644 fixup-pdf-build.patch create mode 100644 security-fixes.patch create mode 100644 udev-regression.patch create mode 100644 warewulf-4.6.0.obscpio delete mode 100644 warewulf-4.6.2.obscpio diff --git a/_service b/_service index 21621dc..14a6a1d 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/warewulf/warewulf.git git - v4.6.2 + v4.6.0 @PARENT_TAG@ v(.*) enable diff --git a/fixup-pdf-build.patch b/fixup-pdf-build.patch new file mode 100644 index 0000000..261c680 --- /dev/null +++ b/fixup-pdf-build.patch @@ -0,0 +1,95 @@ +From a342c1b832666caed26337e371854e99d1388031 Mon Sep 17 00:00:00 2001 +From: Christian Goll +Date: Mon, 3 Mar 2025 11:58:43 +0100 +Subject: [PATCH] fixup pdf build + +Signed-off-by: Christian Goll +--- + CHANGELOG.md | 5 +++++ + Makefile | 2 +- + internal/app/wwctl/genconf/reference/main.go | 1 + + userdocs/conf.py | 5 +++-- + userdocs/server/bootloaders.rst | 2 +- + 5 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/CHANGELOG.md b/CHANGELOG.md +index ffc8755d..fb8104b6 100644 +--- a/CHANGELOG.md ++++ b/CHANGELOG.md +@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file. + + The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). + ++## Unreleased ++ ++### Fixed ++- Removed unreadable >= character and not distro sphinx module for pdf doc build ++ + ## v4.6.0, 2025-03-02 + + ### Added +diff --git a/Makefile b/Makefile +index 67147051..28ee3fec 100644 +--- a/Makefile ++++ b/Makefile +@@ -89,7 +89,7 @@ reference: wwctl + ./wwctl --emptyconf genconfig reference userdocs/reference/ + + latexpdf: reference +- make -C userdocs latexpdf ++ SPHINXOPTS='-t pdf -D release=$(VERSION)' make -C userdocs latexpdf + + ##@ Development + +diff --git a/internal/app/wwctl/genconf/reference/main.go b/internal/app/wwctl/genconf/reference/main.go +index c3cdacaa..9dd5b1d6 100644 +--- a/internal/app/wwctl/genconf/reference/main.go ++++ b/internal/app/wwctl/genconf/reference/main.go +@@ -11,6 +11,7 @@ func CobraRunE(cmd *cobra.Command, args []string) (err error) { + linkHandler := func(name, ref string) string { + return fmt.Sprintf(":ref:`%s <%s>`", name, ref) + } ++ cmd.Parent().Parent().DisableAutoGenTag = true + err = doc.GenReSTTreeCustom(cmd.Parent().Parent(), args[0], func(arg string) string { return "" }, linkHandler) + //err = doc.GenReSTTree(cmd.Parent().Parent(), args[0]) + return +diff --git a/userdocs/conf.py b/userdocs/conf.py +index e838c303..d8584a5f 100644 +--- a/userdocs/conf.py ++++ b/userdocs/conf.py +@@ -7,7 +7,7 @@ + # https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information + + project = 'Warewulf User Guide' +-copyright = '2024, Warewulf Project Contributors' ++copyright = '2025, Warewulf Project Contributors' + author = 'Warewulf Project Contributors' + release = 'main' + +@@ -16,8 +16,9 @@ release = 'main' + + extensions = [ + 'sphinx.ext.graphviz', +- 'sphinx_reredirects', + ] ++if not tags.has('pdf'): ++ extensions.append('sphinx_redirects') + + redirects = { + 'contents/background': '../getting-started/introduction.html', +diff --git a/userdocs/server/bootloaders.rst b/userdocs/server/bootloaders.rst +index 0f5bf5a5..9132e1ec 100644 +--- a/userdocs/server/bootloaders.rst ++++ b/userdocs/server/bootloaders.rst +@@ -158,7 +158,7 @@ For example, the ``imgextract`` command can be `explicitly enabled`_. + This is the case in the default state of ``build-ipxe.sh``, which enables + support for ZLIB and GZIP archive image formats. + +-Configuring Warewulf (≥ v4.5.0) ++Configuring Warewulf (>= v4.5.0) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + In Warewulf v4.5.0, Warewulf can be configured to use these files using the +-- +2.43.0 + diff --git a/security-fixes.patch b/security-fixes.patch new file mode 100644 index 0000000..4577b07 --- /dev/null +++ b/security-fixes.patch @@ -0,0 +1,197 @@ +diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml +index 9bb395a2..179202ce 100644 +--- a/.github/workflows/check.yml ++++ b/.github/workflows/check.yml +@@ -20,7 +20,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +@@ -34,7 +34,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +@@ -48,7 +48,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +@@ -62,7 +62,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +@@ -85,7 +85,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +@@ -99,7 +99,7 @@ jobs: + runs-on: ubuntu-latest + strategy: + matrix: +- go-version: ['1.22', '1.23'] ++ go-version: ['1.23', '1.24'] + steps: + - name: Checkout Warewulf + uses: actions/checkout@v4 +diff --git a/LICENSE_DEPENDENCIES.md b/LICENSE_DEPENDENCIES.md +index 67446789..d0a1e5d7 100644 +--- a/LICENSE_DEPENDENCIES.md ++++ b/LICENSE_DEPENDENCIES.md +@@ -495,7 +495,7 @@ The dependencies and their licenses are as follows: + + **License:** BSD-3-Clause + +-**License URL:** ++**License URL:** + + ## golang.org/x/exp/maps + +@@ -507,7 +507,7 @@ The dependencies and their licenses are as follows: + + **License:** BSD-3-Clause + +-**License URL:** ++**License URL:** + + ## golang.org/x/sync + +@@ -519,13 +519,13 @@ The dependencies and their licenses are as follows: + + **License:** BSD-3-Clause + +-**License URL:** ++**License URL:** + + ## golang.org/x/term + + **License:** BSD-3-Clause + +-**License URL:** ++**License URL:** + + ## golang.org/x/text + +diff --git a/Tools.mk b/Tools.mk +index 924bb2f2..16d39158 100644 +--- a/Tools.mk ++++ b/Tools.mk +@@ -5,7 +5,7 @@ GO_TOOLS_BIN := $(addprefix $(TOOLS_BIN)/, $(notdir $(GO_TOOLS))) + GO_TOOLS_VENDOR := $(addprefix vendor/, $(GO_TOOLS)) + + GOLANGCI_LINT := $(TOOLS_BIN)/golangci-lint +-GOLANGCI_LINT_VERSION := v1.63.4 ++GOLANGCI_LINT_VERSION := v1.64.8 + + GOLANG_DEADCODE := $(TOOLS_BIN)/deadcode + +@@ -39,7 +39,7 @@ $(GOLANGCI_LINT): + curl -qq -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(TOOLS_BIN) $(GOLANGCI_LINT_VERSION) + + $(GOLANG_DEADCODE): +- GOBIN="$(PWD)/$(TOOLS_BIN)" go install golang.org/x/tools/cmd/deadcode@v0.24.0 ++ GOBIN="$(PWD)/$(TOOLS_BIN)" go install golang.org/x/tools/cmd/deadcode@v0.31.0 + + $(PROTOC): $(TOOLS_DIR) + cd $(TOOLS_DIR) && curl -LO $(PROTOC_URL) && unzip -o $(notdir $(PROTOC_URL)) +diff --git a/go.mod b/go.mod +index 6206cd42..d9e1bafb 100644 +--- a/go.mod ++++ b/go.mod +@@ -1,8 +1,8 @@ + module github.com/warewulf/warewulf + +-go 1.22.0 ++go 1.23.0 + +-toolchain go1.22.9 ++toolchain go1.24.1 + + require ( + dario.cat/mergo v1.0.1 +@@ -28,8 +28,8 @@ require ( + github.com/spf13/cobra v1.8.1 + github.com/stretchr/testify v1.10.0 + github.com/talos-systems/go-smbios v0.1.1 +- golang.org/x/sys v0.29.0 +- golang.org/x/term v0.28.0 ++ golang.org/x/sys v0.30.0 ++ golang.org/x/term v0.29.0 + google.golang.org/genproto/googleapis/api v0.0.0-20250204164813-702378808489 + google.golang.org/grpc v1.70.0 + google.golang.org/protobuf v1.36.5 +@@ -137,9 +137,9 @@ require ( + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect +- golang.org/x/crypto v0.32.0 // indirect ++ golang.org/x/crypto v0.35.0 // indirect + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect +- golang.org/x/net v0.33.0 // indirect ++ golang.org/x/net v0.36.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/text v0.22.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 // indirect +diff --git a/go.sum b/go.sum +index 4138cb41..feaddc95 100644 +--- a/go.sum ++++ b/go.sum +@@ -418,8 +418,8 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U + golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= + golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= ++golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= ++golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= + golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +@@ -437,8 +437,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn + golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= + golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= + golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= ++golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= ++golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= + golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= + golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= + golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +@@ -465,10 +465,10 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc + golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= + golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= ++golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= ++golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= ++golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= ++golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= + golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= + golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= + golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= diff --git a/udev-regression.patch b/udev-regression.patch new file mode 100644 index 0000000..8854537 --- /dev/null +++ b/udev-regression.patch @@ -0,0 +1,53 @@ +diff --git a/etc/nodes.conf b/etc/nodes.conf +index c5b9487f..94eeb9ee 100644 +--- a/etc/nodes.conf ++++ b/etc/nodes.conf +@@ -23,6 +23,7 @@ nodeprofiles: + args: + - quiet + - crashkernel=no ++ - net.ifnames=1 + init: /sbin/init + root: initramfs + ipxe template: default +diff --git a/internal/pkg/upgrade/node.go b/internal/pkg/upgrade/node.go +index 3e8fa26f..dbe69b5b 100644 +--- a/internal/pkg/upgrade/node.go ++++ b/internal/pkg/upgrade/node.go +@@ -123,7 +123,7 @@ func (legacy *NodesYaml) Upgrade(addDefaults bool, replaceOverlays bool, warewul + defaultProfile.RuntimeOverlay, genericSplitOverlays...) + } + if len(defaultProfile.Kernel.Args) < 1 { +- defaultProfile.Kernel.Args = []string{"quiet", "crashkernel=no"} ++ defaultProfile.Kernel.Args = []string{"quiet", "crashkernel=no", "net.ifnames=1"} + } + if defaultProfile.Init == "" { + defaultProfile.Init = "/sbin/init" +diff --git a/internal/pkg/upgrade/node_test.go b/internal/pkg/upgrade/node_test.go +index 132b109b..d32a5275 100644 +--- a/internal/pkg/upgrade/node_test.go ++++ b/internal/pkg/upgrade/node_test.go +@@ -576,6 +576,7 @@ nodeprofiles: + args: + - quiet + - crashkernel=no ++ - net.ifnames=1 + init: /sbin/init + root: initramfs + resources: +@@ -654,6 +655,7 @@ nodeprofiles: + args: + - quiet + - crashkernel=no ++ - net.ifnames=1 + init: /sbin/init + root: initramfs + resources: +@@ -915,6 +917,7 @@ nodeprofiles: + args: + - quiet + - crashkernel=no ++ - net.ifnames=1 + init: /sbin/init + root: initramfs + resources: diff --git a/vendor.tar.xz b/vendor.tar.xz index 9618996..90d5d94 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:cb9dcd150f40c388fbea0f33691c33da61f2daeddeecfcb61820340af18d373e -size 6156844 +oid sha256:2fc8ab72c7088a3b029345c3a6cea4048c70490587a412854701fdd6b5c8b8cb +size 5651252 diff --git a/warewulf-4.6.0.obscpio b/warewulf-4.6.0.obscpio new file mode 100644 index 0000000..f3f3b39 --- /dev/null +++ b/warewulf-4.6.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3eb2cd8bf87a6e695ca394c39e19cbbfdb307d1ddd8604e89993821906f89c34 +size 4346892 diff --git a/warewulf-4.6.2.obscpio b/warewulf-4.6.2.obscpio deleted file mode 100644 index 6169881..0000000 --- a/warewulf-4.6.2.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:64cfc3c2cfa8c1ef352915726fa55fee85b58f48e583b2acf123d2a09128ee5f -size 4636684 diff --git a/warewulf.obsinfo b/warewulf.obsinfo index 39753f7..a5e2398 100644 --- a/warewulf.obsinfo +++ b/warewulf.obsinfo @@ -1,4 +1,4 @@ name: warewulf -version: 4.6.2 -mtime: 1752075635 -commit: 0cb9354364433a67b610278632cf46e3388f7045 +version: 4.6.0 +mtime: 1740959213 +commit: a98ec09b36392c372bf319b300c8163ab05de95e diff --git a/warewulf4.changes b/warewulf4.changes index e85c6a7..600ec64 100644 --- a/warewulf4.changes +++ b/warewulf4.changes @@ -1,17 +1,3 @@ -------------------------------------------------------------------- -Thu Jul 10 07:00:04 UTC 2025 - cgoll@suse.com - -- update to 4.6.2 which contains the (preview) support for - provisioning to local disk -- incoperated from 4.6.1 - * rest api which is disabled in the default configuration -- removed following files as fixed upstream: - * fixup-pdf-build.patch - * security-fixes.patch - * udev-regression.patch -- marked slurm as recommeneded in the warewulf4-overlay-slurm - package bsc#124608 - ------------------------------------------------------------------- Fri Mar 28 09:59:27 UTC 2025 - Christian Goll diff --git a/warewulf4.spec b/warewulf4.spec index ffe0010..0a5bd9a 100644 --- a/warewulf4.spec +++ b/warewulf4.spec @@ -28,19 +28,23 @@ ExclusiveArch: x86_64 aarch64 Name: warewulf4 -Version: 4.6.2 +Version: 4.6.0 Release: 0 Summary: A suite of tools for clustering License: BSD-3-Clause Group: Productivity/Clustering/Computing URL: https://warewulf.org Source0: warewulf-%{version}.tar +#Source0: https://github.com/mslacken/warewulf/archive/%{githash}.tar.gz#/warewulf-%{version}.tar.gz Source1: vendor.tar.xz Source5: warewulf4-rpmlintrc Source10: config-ww4.sh Source11: adjust_overlays.sh Source20: README.dnsmasq Source21: README.RKE2.md +Patch0: fixup-pdf-build.patch +Patch1: security-fixes.patch +Patch2: udev-regression.patch BuildRequires: %{python_module Sphinx-latex} BuildRequires: distribution-release @@ -110,7 +114,7 @@ Reference documentation for warewulf4. %package overlay-slurm Summary: Configuration template for slurm Requires: %{name} = %{version} -Recommends: slurm +Requires: slurm BuildArch: noarch Obsoletes: warewulf4-slurm <= 4.4.0 Provides: warewulf4-slurm = %version @@ -241,8 +245,6 @@ mkdir -p %{buildroot}/%{_defaultdocdir}/%{name} mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%{name}/example-templates # fix logrotate name mv %{buildroot}/%{_sysconfdir}/logrotate.d/warewulfd.conf %{buildroot}/%{_sysconfdir}/logrotate.d/warewulf4 -# add version tag to documentation -mv ./userdocs/_build/latex/warewulfuserguide.pdf ./userdocs/_build/latex/warewulfuserguide-%{version}.pdf %pre -f %{name}.pre %service_add_pre warewulfd.service @@ -279,7 +281,6 @@ fi %config(noreplace) %{_sysconfdir}/warewulf/warewulf.conf %config(noreplace) %{_sysconfdir}/warewulf/grub %config(noreplace) %{_sysconfdir}/warewulf/ipxe -%config(noreplace) %{_sysconfdir}/warewulf/auth.conf %config %{_sysconfdir}/logrotate.d/warewulf4 %{_defaultdocdir}/%{name}/example-templates %{_prefix}/lib/firewalld/services/warewulf.xml @@ -330,9 +331,10 @@ fi %files dracut %defattr(-, root, root) -%{_prefix}/lib/dracut/modules.d/90wwinit +%dir %{_prefix}/lib/dracut/modules.d/90wwinit +%{_prefix}/lib/dracut/modules.d/90wwinit/*.sh %files reference-doc -%doc ./userdocs/_build/latex/warewulfuserguide-%{version}.pdf +%doc ./userdocs/_build/latex/warewulfuserguide.pdf %changelog -- 2.51.1